Back

Privacy Policy

We prioritize your personal integrity and work actively to ensure the protection of your personal data when you use our services. Our privacy policy below clearly describes how we process, use and protect your personal data and what rights you have as a registered user.

1. General

This privacy policy describes how we, 19Plus AB, corporate no. 556983-2750 (“19Plus”), process your personal data when you use our services (“the Services”). 19Plus is the company that provides Testmottagningen.se and the web application app.zample.com (“zample™”) which is a digital test answer service, medically responsible for the Services is 19Plus AB. 19Plus is a registered healthcare provider with IVO, the Swedish Health and Social Care Inspectorate.

Testmottagningen.se is an e-commerce that offers services in sampling and biomedical blood analysis as well as issuing test results (via zample™) with medical assessment and, if necessary, follow-up calls.

The test response service zample™ reports test results from connected laboratories and enables you as a user to follow your health data over time. Furthermore, the service handles communication between connected healthcare providers, companies and customers.

2. Personal data manager and data protection officer

19Plus is the data controller and is responsible for the processing of your personal data.

Our privacy policy provides an overview of how we handle personal data. It covers various aspects, including which personal data and which categories of personal data we process, the purpose of the processing, the legal basis, who has access to the data and how long the personal data is kept. We also explain principles for thinning, possible sharing with third parties, where the processing of personal data takes place and what rights you have as a registered person, such as the right to information, correction and deletion.

If necessary, we reserve the right to update or change the privacy policy. To keep you informed of material changes, we will communicate this in an appropriate manner and invite you to review the updated terms. The latest version of the privacy policy is always available on our website.

Our goal is that this privacy policy should clearly explain how we process and protect your personal data. We value transparency and openness when it comes to handling your data. If you have any questions regarding this privacy policy or wonder how your personal data is processed, you are welcome to contact us and our data protection officer via [email protected] or via mail 19Plus AB, Attn: Data protection officer, Själagårdsgatan 9, SE-111 31 Stockholm. You can also call our customer service on phone number: +46 8 14 24 49.

3. The purposes of the processing, storage period and legal basis

We collect information directly from you when you make a purchase with us, contact our customer service via phone, e-mail and chat and indirectly when you visit our website. When you make a purchase with us, you agree to our purchase conditions and to the processing of your personal data in accordance with this privacy policy so that we can offer you the following:

To complete a purchase:

In order for you to make a purchase with us, we need to process personal data that contains information about your purchase history, such as, for example, which product you have purchased from us. We also need to have access to the following personal data ("User data"): name, social security number or coordination number, contact information such as e-mail address and telephone number.

The legal basis for the processing of personal data for the purpose is that it is necessary for us to fulfill our obligations under our contract with you.

The personal data is processed as long as you are a customer with us.

Provide you with a user account:

In order for you to be able to take part in parts of the service you have purchased from us, you need to create a user account in zample™. Your personal data is used to ensure your identity, provide you with a user account and communicate with you about the cases you create with us. In order to do this, we need to have access to the following personal data ("User data"): name, social security number or coordination number, contact information such as e-mail address and telephone number.

The legal basis for the processing of personal data for the purpose is that it is necessary for us to fulfill our obligations under our contract with you.

The personal data is processed as long as you have a user account in zample™.

Provide our services:

We, 19Plus, offer services that, among other things, give you access to your health data in the form of test results from the samples you have submitted to affiliated healthcare providers, which are analyzed by affiliated laboratories. Furthermore, you can be offered a statement free of charge. In order to be able to take part in the service, information that you provide yourself is processed, such as information in your health declaration and laboratory results that arrive in your user account after you have activated your referral yourself and then submitted your blood samples. These are so-called patient data. Your laboratory results (test results) are reviewed by the medical officer and saved in your medical record with us.

We process the data as long as you have a user account with us. When you close your user account, we, as healthcare providers, are obliged by law to save medical records for at least ten years from when the last medical record was entered in your medical record.

The legal basis for the processing of personal data and for the purpose is that it is necessary for us to be able to fulfill our obligations according to our agreement with you and what is incumbent on us as a healthcare provider by law.

Communication with you:

We use your data for the purpose of informing you about our Services. This includes, among other things, sending you text messages and e-mails when you have received new test answers, or when relevant, that you have received a statement. We also want to communicate important information to you regarding the Service, new functions and improvements to the user experience or if we see that there is other information that is important that we can communicate to you.

The legal basis for the processing of personal data and for the purpose is that it is necessary for us to be able to fulfill our obligations according to our agreement with you and what is incumbent on us as a healthcare provider by law.

Offer support:

Your personal data is used in order to be able to offer you support regarding your user account or relevant questions regarding our Services. The personal data is used to be able to communicate with you about your case, identify you, handle support cases and to investigate any complaints from you.

The legal basis for the processing of personal data and for the purpose is that it is necessary for us to fulfill both our and your legitimate interest in providing you with support.

Your personal data is processed for as long as it is necessary to provide you with support in an ongoing support matter and is then deleted.

Provide you with a website:

When you visit our website, you will receive information about our tests and the constituent markers available for you to test. Furthermore, we also offer information about health and lifestyle related to the health tests and health checks that we sell. Information containing your IP address, device such as tablet, computer or mobile, is needed for us to be able to provide a secure service and fulfill our commitments to you.

The legal basis for the processing of personal data and for the purpose is that it is necessary for us to fulfill both our and your legitimate interest in providing you with a secure and functional website.

Your personal data is processed as long as it is necessary to provide you with the website.

Improve our services:

We use your information to improve the quality of our services. When we process your data for this purpose, we analyze it in an overall way by using de-identified data to identify patterns and trends. By generating statistics about how you interact with our services, we can perform user satisfaction and market research and analyze your user behavior. In addition, we continuously optimize the user experience by solving problems, fixing bugs and adapting the interface so that you can easily navigate and find the information you want. In order to identify and highlight the functions that our users frequently use, we can also process your IP number.

The legal basis for the processing of personal data and for this purpose is that it is necessary for us to fulfill our legitimate interest in providing high quality services to you.

Your personal data is processed for this purpose as long as you are a customer with us and a user of our Services. The processing of personal data for this purpose is thinned according to an internal thinning plan.

To fulfill legal obligations:

We also engage in the processing of your personal data to fulfill our legal obligations according to laws, judgments and decisions from authorities. These requirements may cover various aspects including laws related to patient data as well as regulations in the health care sector.

The legal basis for the processing of personal data and for this purpose is the necessity to fulfill our legal obligations and to provide healthcare services.

In the case of patient data, we retain this personal data for at least 10 years. Other personal data is processed and stored in accordance with our internal thinning plan, ensuring that we meet current legal requirements while protecting your privacy.

4. Who will have access to my data?

The data you provide, such as User Data and Patient Data, are not shared with third parties beyond what is described below. Furthermore, only persons with special authorization have access to your patient data. 19Plus has technical and organizational security measures that regulate the authorization of your personal data.

Collaborative partners and suppliers:

In order to provide our service to you, we sometimes work with third parties. These may include communications services such as SMS and email distribution, IT services, data storage, medical consultancy, healthcare services and technology development.

When we as the person in charge of personal data cooperate with third parties, this is regulated by a personal data assistant agreement. The agreement ensures that the processing of your personal data is in accordance with the principles and provisions of this privacy policy.

Transfer of business

In the event of any transfer of our business, including the transfer of assets, your personal data may be transferred as part of the transaction. We will take all necessary measures to ensure that the transfer takes place in accordance with applicable data protection legislation and that your privacy is maintained. In the event of such a transfer, you will be informed by appropriate notices and given the opportunity to exercise your rights under this Privacy Policy.

We may share your personal data with authorities when we are required by law to do so.

5. How do you protect my personal data?

We protect the security and integrity of your personal data and take a number of measures to ensure its protection. Our information security policy, in line with the GDPR regulation and the Patient Data Act and regulations, includes clear information to customers/collaboration partners, strict access control for authorized personnel, and encryption of personal data during transmission and storage. Technical security measures include, among other things, secure login procedures, firewalls and anti-virus software to protect against unauthorized access and malware. We use authorization restrictions for access to your personal data based, among other things, on the staff's duties, develop internal routines and guidelines and carry out regular audits to ensure that our employees and partners comply with the security principles. These measures, together with training and confidentiality agreements with staff, constitute our overall strategy to guarantee a high level of security and integrity for your personal data at 19Plus AB.

6. Where is my personal data processed?

As a starting point, we always process your personal data within the EU/EEA as far as possible. We may share personal data with our personal data processors, as previously described. Some of these personal data processors may be established outside the EU and the European Economic Area (EEA). To ensure that our partners and suppliers maintain an adequate security standard, we apply the necessary methods.

We ensure that our personal data assistants, regardless of where they are established, follow security standards. These measures include the application of the EU standard clauses for the transfer of data or, if the transfer is to the United States, we ensure that the personal data processor is connected to the Privacy Shield Framework. By using such established mechanisms, we ensure that your personal data is treated with equal care and integrity, regardless of where the processing takes place. Our priority is always to maintain high standards of protection for your personal data regardless of where it is shared with our data processors.

For questions about transfer to third countries and protective measures, you are welcome to contact our data protection officer at [email protected].

7. Your rights

Your rights as a registered user are described below. If you want to invoke any of your rights, please contact our data protection officer via [email protected].

As a User of our Services, you have the following rights:

You have the right to receive information about which personal data processing is carried out.

  • You have the right, free of charge, to request a register extract once a year where you can see what personal data processing we have about you.
  • You have the right to request correction if we have inaccuracies registered about you.
  • You have the right to data portability (the right to have your personal data moved) provided that the legal basis is consent or agreement and what you can obtain is personal data that concerns you, that you yourself provided or that was generated by your actions/activities.
  • You have the right to request a limitation in the processing, but not have the request fulfilled if it is a requirement that the processing takes place in order for the product/service to function.
  • You have the right to object to the processing of personal data and 19Plus will then cease the processing while the matter is investigated.
  • You have the right to be deleted under these conditions:
    • The data is no longer needed for the purpose for which it was collected.
    • If the data is saved with your consent and you withdraw the consent.
    • If the processing is based on a balancing of interests and there are no legitimate reasons that outweigh your interest.
    • If the personal data has been processed illegally.
    • If you object to processing for direct marketing purposes.
    • The right to be deleted does not apply if we are obliged by law (for example the Patient Data Act) to retain the data.
  • If you want to make a complaint to us, you are welcome to contact us via [email protected] with your complaint. If you are not satisfied with how we have handled it or the feedback you have received from us, you can also forward the complaint to our Data Protection Officer via [email protected]. You also have the right to lodge a complaint with the Swedish Data Protection Authority (Imy.se) about processing carried out by us.

    8. Cookies

    By using Testmottagningen.se's services and Testmottagningen.se's website, you as a "User" agree to Testmottagningen.se's use of cookies. Read our cookie policy here.

    9. Information security

    19Plus follows the Data Protection Regulation (GDPR) regulations on personal data processing and has technical and organizational measures to ensure that the processing of personal data at Testmottagningen.se and zample™ takes place in a correct manner.

    10. Changes to this Privacy Policy

    We may change this privacy policy from time to time. This may be necessary, for example, if the law changes, or if we change our operations in a way that affects privacy protection. Any changes will be immediately posted on our website. We recommend that you regularly check this privacy policy in order to stay up-to-date.

    Updated 2024-01-02