IN BRIEF

Your personal privacy and the information you share are important to us at Cambio. Whether you represent a customer, partner, or employee, we believe in an honest and transparent partnership. We therefore want you to know and understand how we use and protect the data we collect on you.

  • We do not collect more data than necessary
  • We do not use your personal data for purposes other than those specified
  • We do not keep your data longer than necessary
  • We do not sell your data to third parties

INTRODUCTION

This policy is based on current data protection legislation and sets out how we work to protect your personal data, rights, and privacy.

The purpose of this policy is to let you know how we process your personal data, what we use it for, who has access to it and on what conditions, and how you can exercise your rights.

WE ARE THE DATA CONTROLLER

Sanolium Group Holding AB is the parent company of a group that includes Cambio Healthcare Systems AB, Cambio Healthcare Systems A/S, Cambio Welfare AB, MittVaccin Sverige AB and Cambio CDS AB. Each company in the group is the data controller for the personal data it processes.

WHY DO WE PROCESS PERSONAL DATA ABOUT YOU

We use the personal data we collect to communicate with you, to answer your inquiries and to improve our services, but also to provide information and other offers that may be of interest to you. 

We will always give you relevant and useful information. When you hand over personal data to us and allow cookies, it helps us to customise your experience, as well as to provide you with the right sort of content and the right offers. It also enables us to be at the cutting edge and constantly evolve so that we can create value for you as a visitor. We strive to process as little personal data about you as possible.

Agreements

In order to enter into and fulfil agreements with the organisation you represent, we need personal data on you in the form of first name, surname, email address, address and title. We do not access your personal data in any other way than through the information you give us. The legal basis for our processing of your personal data regarding agreements is to fulfil a legal obligation with you or your employer.

Marketing

When it comes to marketing, the personal data we collect about you is limited to what is normally found on a business card, such as name, title, company, address, email and telephone number. In some cases, we may also ask you for further information relating to your job, such as industry and size of business. If you take part in one of our events, you may be asked about dietary preferences and the like. The legal basis for our processing of your personal data for marketing purposes is our legitimate interest to conduct our business or in some cases your consent as a visitor of our website. If consent is required, we will ask you for it.

Websites

The personal data we collect when you visit one of our websites will not be sold, transferred, or divulged to any other company without your consent – unless necessary in order to deliver the product or service you have requested. The legal basis for our processing of your personal data when visiting our websites is our legitimate interest to conduct our business or in some cases your consent. If consent is required, we will ask you for it.

Cookies

We use cookies to understand your preferences better so that we can improve your user experience on future visits to our website. We also use cookies to collect data on traffic and interaction for statistical purposes. More information can be found in our cookie policy [insert link].

You can withdraw your consent at any time and also delete saved cookies. If you wish to do this, you can search for how to delete cookies in your web browser and follow the instructions given. The legal basis for our processing of your personal data is your consent as a visitor of our website.

Contact form on our website

We also collect data when you fill in a form in order, for example, to download a document, subscribe to our newsletters or submit other personal data on our website, such as when signing up for events or seminars via the contact form.

If you choose to contact us, personal data is saved in our marketing automation and CRM tools. The personal data you enter in a form is managed and saved so that we can contact you and answer your questions. If you have chosen to contact us, we track and save your behaviour on the website in order to optimise your experience. The legal basis for our processing of your personal data is our legitimate interest to conduct our business and your consent as a visitor of our website. If consent is required, we will ask you for it.

Customer portal

If you visit one of our customer portals, your personal data will be processed and saved in the form of first name, surname, company or customer name and email address so that we can manage authorisation control and use pattern registration. The legal basis for our processing of your personal data is to fulfil a legal obligation with your employer.

Training portal

If you use our training portal, your personal data will be processed in the form of name, username, job role, email address, HSA-ID, course history, courses completed and test results so that we can manage authorisation control and use pattern registration. The legal basis for our processing of your personal data is to fulfil a legal obligation with you or your employer.

Recruitment tool

If you apply for a job at Cambio, we will save and manage the personal data for recruitment purposes, such as contacting you regarding a relevant position. If you send us a letter of interest, your personal data will be saved in our recruitment system. If you consent to receive information on future job opportunities, we may also save the personal data a while for the purpose of possibly contacting you regarding another job. The legal basis for our processing of your personal data is your consent.

HOW DO WE PROTECT YOUR PERSONAL DATA

Your security is important to us. We have therefore implemented appropriate technical, organisational, and administrative security measures in order to protect your personal data from unauthorised access and other unlawful processing operations. We analyse and assess these measures regularly to ensure that your data is given the best possible protection.

WHO DO WE PASS YOUR DATA TO?

We do not pass your data on to other companies or organisations unless required by law or necessary in order to fulfil our legal or contractual obligations to you.

We may pass your personal data on to partners, suppliers, or subcontractors, but only if necessary, in order for us to fulfil our obligations to you as a customer. We never pass on more personal data than necessary.

When required by legislation, we may be obliged to pass your data on to the authorities or other organisations. We may also be forced to pass your data on, if necessary, for the establishment, exercise, or defence of legal claims.

We will never pass your personal data on to other companies or organisations for marketing purposes.

HOW LONG DO WE PROCESS YOUR PERSONAL DATA?

We store personal data on you as a customer for the duration of the agreement and for a reasonable period afterwards. In by far the majority of cases, we do not store your personal data for more than a year from the end of the agreement, but in certain circumstances we may store your data for longer. This is the case if there is a statutory requirement for us to do so, for example, or if the data is necessary for the establishment, exercise or defence of legal claims.

YOUR RIGHTS

When we process personal data about you, you have certain rights as a registered person. You have the right to contact us regarding your data at any time, and if you wish to exercise any of the rights described below, the easiest way to contact us is by emailing us at dpo@cambio.se.

We reserve the right to implement appropriate protection and security measures in order to ensure that you are who you claim to be when you contact us. If you are unable to verify your identity in a credible manner, we may not be able to comply with your request.

ACCESS TO PERSONAL DATA

You have the right to be informed on what personal data we process about you. If you wish to know this, we can provide you with a full register extract containing the personal data we process about you.

RECTIFICATION AND DELETION

If we process your personal data unlawfully, or if we no longer need the personal data, you are entitled to have it deleted. If the data is incomplete, you are entitled to have the gaps filled. Please note that we may not be able to supply our services to you if you ask to have your personal data deleted.

DATA PORTABILITY

In certain circumstances, you have the right to be given the personal data we process about you in a structured, commonly used, machine-readable and interoperable format. You have this right in respect of the personal data that you yourself have given us and that we process based on your consent, or if the personal data is necessary in order to enter into or fulfil a contract with you.

RESTRICTION OF PROCESSING

Under certain circumstances, you have the right to ask us to restrict our processing of your data. This means that we will mark the data to ensure that we only process it for specific purposes in future. We may not be able to supply our services to you if we restrict the processing of your personal data.

RIGHT TO OBJECT

You have the right to object to processing of your personal data that is carried out with the purpose of performing a task in the public interest, as part of the exercise of official authority or after a weighing of interests. We do not process your personal data for any of these purposes or any of these reasons. Therefore, you cannot object to our processing on this basis.

RIGHT TO LODGE A COMPLIANT

You have the right to lodge a complaint with Integritetsskyddsmyndigheten (IMY) (Swe. Swedish Authority for Privacy Protection) if you think we are processing your data unlawfully. You can read more about this, and find contact information, on the website: https://www.imy.se/.

CONTACT

You can contact us at any time by writing to dpo@cambio.se or phoning us at +46 8 691 49 00 to find out more about how we process your personal data. You can also read more about us on our website: www.cambio.se.