Privacy policy

Privacy policy for Falck Sverige AB (former AB Previa)

Our privacy policy clarifies, among other things, the following:

  • What personal data Falck collects;
  • Why Falck collects the personal data in question;
  • How Falck intends to use the collected personal data and how storage and deletion takes place;
  • What rights you have as a data subject, for example regarding access to and correction of personal data

Content

Data controller
What personal data does Falck collect from the employer?
What personal data does Falck collect from you as an employee?
How does Falck use your personal data?
Automated, individual decision-making
E-mail communication from Falck
What rights do you have?
Who has access to your personal data?
How long do we keep your personal data?
How do we protect your personal data?
Cookies
Compliance and cooperation with regulators
Changes to our privacy policy
Contact us
Contact the Swedish Authority for Privacy Protection

Data controller

Falck Sverige AB 556235-1907 (former AB Previa)

As a private healthcare provider, Falck is the data controller for most of the processing of personal data in the business. As a data controller, Falck determines the purpose and means of the processing of personal data in accordance with applicable laws and regulations.

In some cases, the employer has entered into an agreement with Falck and provided detailed instructions on how contact details and personal data are to be processed. In such cases, a personal data processing agreement is drawn up between Falck and the employer that regulates the processing of personal data.

What personal data does Falck collect from the employer? 

Falck decides what basic information Falck needs in order to be able to provide occupational health services. Falck obtains information about organisational structure and affiliation, as well as the immediate manager responsible for the work environment, from the employer. The information is necessary for the employer to comply with labour law requirements. Falck collects the data in order to provide occupational health care in its capacity as a healthcare provider or otherwise in its capacity as an external independent expert.

The personal data collected is:

  • Name
  • Title
  • Contact
  • Social security number
  • Organizational affiliation

What personal data does Falck collect from you as an employee?

When you come into contact with Falck, we process information about your health in order to prevent and alleviate signs of ill health. As a private healthcare provider, we are subject to health and medical care legislation, such as the Patient Data Act (2008:355), which entails a duty to keep records in order to contribute to good and safe care. For this purpose, we have a medical record system.

Health information is sensitive personal data and is heavily regulated by a duty of confidentiality, and we never disclose personal data to unauthorized persons. The personal data processed are:

  • Name
  • Contact
  • Social security number
  • Health information or
  • Information you choose to provide for reasons related to preventive health care and occupational medicine

Falck keeps a record of your visits. From this register, invoices are received to the employer, insurance company or other payer as well as statistics on services rendered. The statistics are anonymized and cannot be traced to an individual.

How does Falck use your personal data?

Falck collects personal data in order to ensure the connection to your employer when advice is given about your work environment and workplace based on the responsibility the employer has for safety, work adaptation and occupational rehabilitation according to the Work Environment Act (1977:1160) and the Social Insurance Code (2010:110). In addition, contractual requirements may make it necessary for Falck to collect personal data in order to provide its services. Falck is not in a position to perform its duties as a care provider or otherwise as an external independent expert vis-à-vis the employer without those duties.

When we process personal data about you that has been transferred from your employer, it is done on a legal basis in the Patient Data Act (2008:355), for reasons related to preventive health and medical care and occupational medicine, and so that we can fulfil agreements with your employer. In our function as Occupational Health Care and role as advisor, we can carry out factual investigations at your workplace.

In our role as healthcare providers, we handle sensitive personal data about you when you are in contact with us, we do so on a legal basis in the Patient Data Act (2008:355) and the Patient Safety Act (2010:659), for reasons related to preventive health and medical care as well as occupational medicine and informed consent. It may also be as part of the function of occupational health when we provide health-related services where we act as independent experts.

We also handle fully anonymized and aggregated health information with the lawful basis of public interest.

We use your contact information to send out information via e-mail and text message, for example for booking confirmation via text message, certificate by e-mail or other information related to your ordered services.

Automated, individual decision-making

Your personal data will not be subject to decisions based on automated, individual decision-making, including profiling. This means that we will not use technical methods to make decisions about you without personal contact.

E-mail communication from Falck

Falck sends out various e-mail mailings, such as newsletters, information about open training courses and invitations to local activities, and you can register on our website to receive these mailings. By registering as a recipient, you agree that Falck saves and processes your contact information in order to provide relevant information within our areas of knowledge, services, training or marketing activities.

As a contract manager or customer of our services, you will receive the above mailings as well as customer information, customer surveys and evaluations sent to you. Our legal basis is that there is a legitimate interest in keeping you as a customer informed on an ongoing basis. In customer surveys, you can choose to remain anonymous.

You can unsubscribe from our mailings at any time by clicking on the link in the email or by contacting us here.
 

What rights do you have?

You have the right to access your personal data if you so wish. If you would like to receive a copy of parts or all of the information we provide about you, please contact Falck (see contact details below). If you believe that the personal data we hold about you is inaccurate and needs to be corrected or deleted, this can be done, provided it does not meet any legal impediment. You also have the right to object or request restriction of personal data processing concerning you.

If you wish to receive your personal data and transfer it to another party, Falck can help you do this (the right to data portability) if the personal data processing is based on consent or on us being able to fulfil contractual obligations; This right can be exercised when technically feasible. Please note that this does not automatically mean that the personal data is deleted from Falck's system and that it does not affect the original storage period of the data that has been transferred.

If the processing is based on your consent, you have the right to withdraw your consent at any time. It is as easy to give consent as it is to withdraw it.
Regarding a medical record document, you have, according to the Patient Data Act (2008:355), Chapter 8. Section 2 of the Patient Safety Act (2010:659), Chapter 6 of the Patient Safety Act (2010:659). Section 12 or Section 13, first paragraph.

Who has access to your personal data?

Only those who absolutely must have access to your personal data have access (principle of least privilege), for example, only the:

  • who participates in the care of a patient, i.e. the healthcare professional you meet in your contacts with Falck,
  • who need the data for their work in health care, such as medical secretaries who write out the dictations of health care professionals.

For certain services, Falck assesses that it is necessary to obtain your consent before the personal data is shared with your employer.

With your consent, we may also refer to other healthcare providers or transfer your personal data to competent authorities.

Other employees at Falck are subject to the same principle – access is limited to only those who need it to perform their tasks.

We also use specialized data processors within the EU/EEA who are categorized as:

  • IT Services: Software, Operations, Support and Infrastructure

Data processors who process personal data for Falck's purposes do so in accordance with Falck's instructions. This also includes those who work under the direction of the data processor. None of these may access personal data that is not required for them to be able to provide their services in accordance with agreements. Special data processing agreements are drawn up that regulate the processing of personal data in its entirety, including organisational and technical security measures.   

How long do we keep your personal data?

Falck strives not to store more information than is necessary for the purposes and in accordance with provisions of national law, for example. The Accounting Act (1999:1078). Information in patient records is archived for at least 10 years in accordance with the Patient Data Act (2008:355).

How do we protect your personal data?

Collecting and processing (sensitive) personal data that is particularly worthy of protection is a crucial part of Falck's operations. Falck maintains a high level of protection by protecting the personal data processed against unauthorized access, alteration, disclosure or destruction of the information Falck processes.

Access to the personal data that Falck processes is strictly permission-based and the "principle of least privilege" is applied. This means that only the person involved in a personal matter has access to the personal data. Authorisation is strictly regulated, and no one should have more access than is necessary to carry out their duties and duties.

Our data centers are located in Sweden with our operations provider, which is certified according to ISO 27001, Management System for Information Security.

Cookies

Cookies are text files that are sent to your computer when you visit a website and are used to help the website remember certain information about your visit. Falck does this to make it easier for you to visit our website in the future. This means that information about user settings and other information may be stored in cookies. The information can also be used to count how many visitors our website has.

You can make settings in your browser where you refuse the website to use cookies.

See our Cookie Policy for kund.falcksverige.se

Compliance and cooperation with regulators

Falck will cooperate with the relevant supervisory authorities, including the Swedish Data Protection Authority, in accordance with applicable data protection regulations. The Swedish Data Protection Authority will be consulted if necessary. In the event of written complaints, the person concerned will be contacted and the matter will be followed up. If the case cannot be resolved within a reasonable time, Falck will take help and support from the relevant authority.

Changes to our privacy policy

Falck's privacy policy will be revised regularly. All changes and updates will be announced on this page. The last update was implemented on 2019-12-12. Traceability to previous versions will be maintained.

Contact us

If you have any questions or concerns regarding our processing of your personal data, you are welcome to contact us through:

Postal address: Falck, Box 6047, 102 31 Stockholm
E-mail: Use our Contact form
Visiting address: S:t Eriksgatan 113 43, Stockholm
Phone: 077-123 00 00

You can also send an e-mail to Falck's data protection coordinator through gdpr@falcksverige.se

Contact the Swedish Authority for Privacy Protection

If you believe that Falck does not comply with the current requirements of the General Data Protection Regulation, the complaint can be submitted to the Swedish Authority for Privacy Protection (formerly the Swedish Data Protection Authority). 

E-mail: imy@imy.se
Phone: 08-657 61 00
Postal address: Swedish Authority for Privacy Protection, Box 8114, SE-104 20 Stockholm