' d='M0 0h21v15H0z'/%3E%3Cpath fill='url(%23b)' d='M-.002 0h21v15h-21z'/%3E%3Cpath d='M5.003 10H-.002V5h5.005L-2.082.22l1.118-1.657 8.962 6.045V-1h5v5.608l8.962-6.045L23.078.22 15.993 5h5.005v5h-5.005l7.085 4.78-1.118 1.657-8.962-6.045V16h-5v-5.608l-8.962 6.045-1.118-1.658L5.003 10z' fill='url(%23a)'/%3E%3Cpath d='M14.136 4.958l9.5-6.25a.25.25 0 00-.275-.417l-9.5 6.25a.25.25 0 10.275.417zm.732 5.522l8.515 5.74a.25.25 0 10.28-.415l-8.516-5.74a.25.25 0 00-.279.415zM6.142 4.526L-2.74-1.461a.25.25 0 00-.28.415L5.863 4.94a.25.25 0 00.279-.414zm.685 5.469l-9.845 6.53a.25.25 0 10.276.416l9.846-6.529a.25.25 0 00-.277-.417z' fill='%23DB1F35' fill-rule='nonzero'/%3E%3Cpath fill='url(%23c)' d='M-.002 9h9v6h3V9h9V6h-9V0h-3v6h-9z'/%3E%3C/g%3E%3C/svg%3E)
' d='M0 0h21v15H0z'/%3E%3Cpath fill='url(%23b)' d='M0 0h21v15H0z'/%3E%3Cpath fill='url(%23c)' d='M0 9h6v6h3V9h12V6H9V0H6v6H0z'/%3E%3C/g%3E%3C/svg%3E)
Privacy Policy
Privacy Policy – Järnavik Akupunktur / Bright View AB
This privacy policy explains how Bright View AB processes your personal data when you visit our website https://jarnavikakupunktur.se or when you are in contact with Järnavik Akupunktur as a patient or prospective patient.
We process your data in accordance with the EU General Data Protection Regulation (GDPR), the Swedish Data Protection Act (2018:218), and relevant Swedish rules for healthcare, such as the Swedish Patient Data Act (2008:355) where medical record-keeping applies.
Data Controller
Bright View AB
Organisation number: 559519-6683
Business name: Järnavik Akupunktur
Address:
Järnaviksvägen 25
37263 Bräkne-Hoby
Sweden
Contact person: Igor Corbeau
E-mail:
Bright View AB is the controller of the personal data processed within the scope of Järnavik Akupunktur.
Personal Data We Collect
We may process the following categories of personal data:
1. Contact and customer data
- Name
- Postal address
- Telephone number
- E-mail address
- Booking information (appointments, rebookings, cancellations, booking history)
- Payment-related information (e.g. that a payment was made, amount, time, and reference – card or account details are normally handled directly by your payment provider)
2. Health-related data (special categories of personal data)
In connection with acupuncture treatments, we may need to process information about your health, for example:
- Current and previous health conditions, symptoms, illnesses or injuries
- Medication or ongoing treatments
- Notes from consultations and treatment history related to acupuncture
These data are handled with strict confidentiality and in accordance with the Swedish Patient Data Act where medical record-keeping obligations apply.
3. Data when you contact us by e-mail or forms
- The information you provide yourself in e-mails or any contact forms on the website (e.g. name, contact details and description of your matter).
4. Website and technical data
When you visit our website, the following may be processed:
- IP address
- Information about browser, device type and operating system
- Logs of visits (e.g. date and time, pages visited)
- Cookies and similar technologies (see section on cookies below)
Purposes and Legal Bases for Processing
1. To receive and manage bookings and to provide treatments
We process your personal data in order to:
- Receive and confirm bookings via our booking system (currently Kaddio)
- Communicate with you before or after treatment (e.g. rebookings, reminders, follow-ups)
- Provide acupuncture treatments in a safe and appropriate manner
Legal bases:
- Performance of a contract and steps taken prior to entering into a contract (Article 6.1(b) GDPR) – when you book an appointment and enter into a treatment agreement with us.
- For special categories of data (health data), we process these where necessary for healthcare purposes in line with the Patient Data Act and Article 9.2(h) GDPR (healthcare), and where required, based on your explicit consent.
2. Medical record-keeping and legal obligations
Where the activity is covered by medical record-keeping obligations, we are required by law to keep patient records.
Legal bases:
- Legal obligation (Article 6.1(c) GDPR).
- For special categories of personal data: public interest in the area of public health and healthcare obligations under the Patient Data Act (Article 9.2(h) GDPR).
3. Administration, accounting and finance
We process personal data for the administration of the business, such as:
- Invoicing and payment follow-up
- Accounting and bookkeeping
- Handling payments and any refunds
When you pay by Swish, the payment is processed by your bank and the Swish system. We receive information needed to confirm and account for the payment (for example sender name, phone number, time, amount and reference).
Legal bases:
- Legal obligation (Article 6.1(c) GDPR) based on Swedish bookkeeping legislation.
- Legitimate interest (Article 6.1(f) GDPR) in administering and operating our business.
4. Communication and customer service
To provide you with service, we respond to enquiries via e-mail or other contact channels.
Legal bases:
- Legitimate interest (Article 6.1(f) GDPR) in providing support and information.
- In some cases, performance of a contract.
5. Marketing (only with your consent where required)
We may use your contact details for basic marketing activities, such as newsletters or information about new services and offers.
Legal basis:
- Consent (Article 6.1(a) GDPR) where required under marketing legislation.
You may withdraw your consent at any time by contacting us or using an unsubscribe link where available.
6. Website operation and improvement
Technical data are used in order to:
- Operate and secure the website
- Improve the user experience
- Produce aggregated visitor statistics
Legal basis:
- Legitimate interest (Article 6.1(f) GDPR) in providing a secure and functioning website and understanding how it is used.
Processing of Sensitive and Health Data
As an acupuncture practice, we may need to process sensitive personal data about your health. Such processing takes place only when necessary to:
- Assess whether a treatment is suitable or unsuitable for you
- Adapt treatment to your individual conditions
- Follow up on treatment results
The processing is subject to strict access controls and is carried out in accordance with the Patient Data Act and other applicable healthcare regulations.
How We Use Kaddio (Booking System)
We use Kaddio as our booking system. When you book, rebook or cancel an appointment, your personal data (such as name, contact details, booking history and, where applicable, treatment-related information) are processed in Kaddio.
Kaddio acts as our data processor and processes data only on our instructions and for our purposes. We have a data processing agreement in place with Kaddio to ensure that your data are handled securely and in accordance with GDPR.
How We Use Swish (Payment Solution)
We accept payments via Swish. When you pay with Swish:
- Your bank and the Swish system process your payment as independent controllers.
- We receive certain information related to the payment (such as your name, phone number, date and time of payment, amount and message/reference) in order to confirm the payment and fulfil our accounting and legal obligations.
For more information on how Swish and your bank process personal data, please refer to their respective privacy information.
How Long We Keep Your Data
We only keep your personal data for as long as necessary for the purposes described above, or for as long as we are required by law.
-
Patient records within healthcare:
Retained in accordance with the Swedish Patient Data Act. As a general rule, this means at least 10 years from the date of the last entry, unless other mandatory rules apply. -
Bookkeeping and invoice data (including Swish payment information needed for accounting):
Normally retained for 7 years pursuant to Swedish bookkeeping legislation, counted from the end of the calendar year in which the financial year ended. -
Contact details for marketing:
Retained until you withdraw your consent or object to the processing. After that, the data are deleted or anonymised, unless we are required to retain certain data for other legal reasons. -
Data in e-mails and ongoing communication:
Retained for as long as necessary to handle your matter and thereafter in accordance with our internal retention and deletion routines.
Recipients of Personal Data (Third Parties)
We do not share your personal data with unauthorised parties. Where necessary, personal data may be shared with:
-
IT and system providers, including:
- Kaddio (booking and, where applicable, patient documentation system)
- E-mail and web hosting providers
These parties act as data processors and process personal data on our behalf. We have data processing agreements in place with them.
-
Payment service providers and banks, including Swish and the bank that provides your Swish service, in connection with payments.
-
Authorities where we are legally obliged to disclose information (e.g. the Swedish Tax Agency, the Swedish Health and Social Care Inspectorate, or other supervisory authorities).
We strive to process personal data within the EU/EEA. If data are transferred to a country outside the EU/EEA through the use of certain IT tools or services, we ensure that such transfers are carried out lawfully in accordance with GDPR (for example by using the European Commission’s standard contractual clauses or equivalent safeguards).
Your Rights
Under GDPR, you have the following rights in relation to your personal data:
- Right to information – to receive clear information on how your data are processed.
- Right of access – to request information about which personal data we process about you and receive a copy.
- Right to rectification – to have inaccurate or incomplete data corrected.
- Right to erasure – to request deletion of your data in certain cases. We cannot delete data that we are legally required to keep (e.g. patient records, bookkeeping data).
- Right to restriction – to request restricted processing in certain situations.
- Right to data portability – to, in some cases, receive data in a structured, commonly used and machine-readable format.
- Right to object – to object to processing based on our legitimate interests, and always to object to direct marketing.
- Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.
To exercise any of your rights, please contact us at:
Complaints to Supervisory Authority
If you believe that your personal data are being processed in violation of applicable data protection rules, you have the right to lodge a complaint with the supervisory authority:
Integritetsskyddsmyndigheten (IMY) – Swedish Authority for Privacy Protection
Website: https://www.imy.se
Phone: +46 (0)8 657 61 00
We would, however, appreciate the opportunity to address your concerns first, so please feel free to contact us directly.
Cookies and Tracking Technologies
Our website jarnavikakupunktur.se may use cookies or similar technologies in order to:
- Remember your settings and choices
- Improve the functionality of the website
- Produce aggregated visitor statistics
You can choose to block or delete cookies in your browser settings. Certain functions of the website may not work properly if you block cookies.
If we use cookies for analytics or marketing that require your consent, we will ask for your consent via a cookie banner when you visit the website.
Security
We take appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction or unauthorised disclosure. Such measures include, for example:
- Restricted access to systems where personal data are stored
- Password protection, encryption and firewalls where appropriate
- Procedures for backup and deletion
Changes to This Privacy Policy
We may update this privacy policy from time to time, for example if legislation or our internal routines change. The latest version is always available on our website jarnavikakupunktur.se.
Significant changes will be communicated via the website or directly to you where appropriate.
Contact
If you have any questions regarding this privacy policy or our processing of personal data, please contact:
Bright View AB / Järnavik Akupunktur
Address: Järnaviksvägen 25
37263 Bräkne-Hoby
Sweden