Privacy Policy

1. Personal data responsibility and basis for processing

1.1 This privacy policy applies when 19Plus AB ("19Plus", "we", "our", "our", "us", "Testmottagningen", "") processes personal data regarding persons ("you", "you", "your", "your", "user", "the user", "customer") who use services. All processing of personal data complies with current legislation, the General Data Protection Regulation (GDPR). 19Plus AB is a registered healthcare provider with IVO. This privacy policy applies to all persons who visit our website or use any of our services.

1.2 19Plus AB is the data controller and is responsible for all information you provide in contact with, which can be on our website via e-mail, chat, telephone or when visiting our physical receptions or offices. 19Plus AB is a registered care provider with IVO and is subject to the inspection for care and care.

1.3 19Plus AB with the brand can be contacted via the contact details below:

E-mail: [email protected]

Telephone number for customer service: +46 8 14 24 49

Mail: 19Plus AB, Själagårdsgatan 9, SE-111 31 Stockholm

Organization number: 556983-2750

2. Purpose

2.1 We want you as a user to feel safe when you entrust us with your personal data. Therefore, we have drawn up this privacy policy, which is based on current data protection legislation and clarifies how we work to safeguard your rights and your privacy.

3. Background

3.1 We process your personal data to fulfill our obligations to you as a user and in order to fulfill the legislation and the requirements that 19Plus has as a registered healthcare provider. We can also collect information about you who are not yet a User/Customer but who want to be contacted by

3.2 19Plus acts as the personal data controller for the personal data processing that processes in order to be able to deliver our services to you as a user. As a personal data controller, 19Plus is responsible for ensuring that your personal data is processed securely and that the Data Protection Regulation (GDPR) is followed. We process certain sensitive personal data about you, such as health data, in accordance with the law. Sensitive personal data is only available to personnel who need and must have access to it according to law. No personal data is transferred or disclosed to third parties unless this is required by law.

4. The purposes of the personal data processing

4.1 Processing of personal data is done when this is necessary and a prerequisite for us to be able to fulfill the requirements placed on us in connection with the possible agreement that is the basis for processing your personal data.

4.2 Personal data processing includes communication to you about our services or your order, your test answers or other services where we need to communicate with you as a customer. Personal data processing also takes place when your test answers are made available via "My pages" in the 19Plus technical platform for Zample. Your personal data is also needed for possible invoicing.

4.2 We process your personal data for customer and market analyzes in order to improve our services. We process your personal data when communicating to you about our business and our offer as well as current offers/campaigns that we think you may be interested in. This includes sending emails to your email address. You can always choose to unsubscribe from newsletters and other information that we communicate via e-mail by contacting our customer service.

4.3 Your personal data is processed in accordance with current legislation and authority decisions in which 19Plus is obliged to comply with the obligations incumbent on 19Plus. Examples of laws 19Plus is obliged to comply with are the Health Care Act (2017:30) and the Patient Data Act (2008:355).

5. What personal data do you process?

5.1 Personal data is data that can be linked to a physical person. We process personal data that you provide to us in order to gain access to the service you have purchased from us or are interested in. The processing of your personal data takes place in part to fulfill legal obligations and contractual obligations, as well as through consent to provide you with offers, advice and other services.

5.2 Depending on which of our services you use or have used (such as the website, booking form, payment service through Klarna or "My pages" in Zample's app/webapp) we have collected certain personal data for processing through consent to the processing which takes place through acceptance of our terms of purchase and terms of use for the app/web app. We collect this personal data when you use services:

  • Contact details: e-mail address, phone number, invoice address.
  • Identity information: first and last name and possibly middle name, social security number and gender.
  • For issuing travel certificates, we also collect your passport number and when issuing recovery certificates and possible infection tracing obligations, we also process your national registration address through the E-health authority and Sminet.
  • Purchase/order details: information about the health tests or health checks you buy, order and book.
  • Payment info: your information required to create an invoice, make a card purchase, etc. is processed through Klarna Checkout.
  • Health information: information that you provide through a health declaration as well as the health information about you that comes out via your test results (e.g. your blood values), your medical record data and the doctor's comment on your/your results.
  • Technical data: information containing your IP address, device such as tablet, computer or mobile, is needed for us to be able to provide a secure service and fulfill our commitments to you.

5.3 When contacting our customer service/support via phone or e-mail, personal data processing takes place with the personal data necessary for the purpose. Examples of treatment are the following.

  • Identity data: name and social security number may be needed in cases where you contact our support.
  • Information about your case: the information you provide regarding your case will be processed as long as it is necessary to be able to fulfill the requests or answer your questions. If your matter concerns, for example, a refund, we may need information about your account number, for example.
  • Contact details: e-mail address, telephone number or address details.

5.4 Any personal data received by us in writing will only be saved in cases where it is needed for your case or where we must process it in accordance with the law. We will not save and thus process personal data that 19Plus has no reason to save.

6. How do you get access to my personal data?

6.1 We try to obtain your consent as much as possible before we start processing your personal data. When you agree to our purchase conditions when booking an appointment, ordering a service or when contacting, you also agree to us processing your personal data in accordance with our privacy policy.

6.2 You have the right to withdraw your consent at any time by contacting us at [email protected] and you can also delete cookies stored in your browser. If you withdraw your consent, we will no longer process your personal data or collect new ones, provided that it is not necessary to fulfill our obligations under agreements or current legislation that 19Plus is obliged to follow. Keep in mind that withdrawal of consent may mean that we cannot fulfill the obligations we have towards you in any purchase agreement we have with you.

6.3 We get access to your personal data in the following way:

  • Data that you provide us directly (such as via a purchase and other possible consents).
  • Data recorded when you visit our website (such as technical information about browser and IP address).
  • Data that we receive from public registers (such as the E-health authority).
  • Data that we receive when you sign up for newsletters and other mailings.
  • Data that we receive when you respond to surveys and surveys.
  • Data that we receive when you contact us, apply for employment with us, visit us or are in contact with our customer service.

7. When will you release my personal data?

7.1 Our starting point is not to disclose your personal data to third parties if you have not consented to it (which is required for us to be able to fulfill our obligations to you) or if it is not necessary to fulfill our obligations, t .ex. services administered by authorities (the Public Health Agency, the E-health Agency, the National Board of Health and Welfare or IVO) in the case of statutory infection tracing, or other statutory reporting obligations.

7.2 In order to be able to fulfill our commitments to you, we cooperate with external local laboratories in order to offer you to provide samples and have your samples analyzed. The results (your test results for each test in your order) are shared with you in your medical record and with our doctor.

7.3 collaborates with partners such as local laboratories, hired doctors, technical services for communication with you and other external suppliers in order to be able to provide the services that you purchase or access the information on our website. undertakes to have personal data processing agreements with partners with whom we need to share your personal data when it is necessary to be able to fulfill our agreement with you and when it is incumbent upon us according to law and authority decisions to do so. We have the following personal data assistants:

  • Receptions and local laboratory: we collaborate with Unilabs for sampling and analysis of your samples.
  • Physician (hired): in cases where we need to hire a doctor to give you a medical assessment on your test results, we will need to share your personal and health information.
  • Communication services: In order to send out test answers and notification before your visit, etc., we need to share your personal data with these companies that provide these services to us.
  • Consultants: our aim is to always be at the forefront and offer you a high technical standard and user experience, sometimes we use external consultants for e.g. development of our app, journal system and website and may then need to share certain personal data with them.
  • Authority: we are obliged by law to disclose information at the request of an authority.

7.4 Sensitive personal data such as your health information is only shared with authorized personnel and as permitted by law.

7.5 We use a CDN from Cloudflare which stores a cookie in order to protect the servers against various forms of attacks and malicious intent such as DDoS attacks. You can read more about Cloudflare's cookie policy here.

8. How long do you keep personal data?

8.1 We process personal data as long as it is necessary for us to be able to fulfill our agreement with you and as long as it is required of us by law.

8.2 According to the Accounting Act (1999:1078) we need to save certain personal data for seven years, these include e.g. such as are found on invoice documents. The data will only be used for this purpose.

8.3 According to the Patient Data Act (2008:355), we as healthcare providers have an obligation to save medical records for at least ten years from the time the last information was entered into the record.

8.4 Your user account contains your personal data, these will be processed as long as you have an account with us. You choose when you want to end the processing of your personal data by notifying us that you want to end your account. Your personal data will then be deleted by us as long as they no longer need to be preserved according to the points above.

8.5 Personal data is removed or depersonalized when it no longer needs to be kept and cannot be used to identify a person. Before use for statistics and product development, the data is aggregated and depersonalized so that it can no longer be linked to a person. When personal data is deleted, it cannot be recreated and no person can any longer be associated with the remaining information.

9. Information security

9.1 19Plus complies with the provisions of the Data Protection Regulation (Gdpr) on personal data processing and has technical and organizational measures to ensure that the processing of personal data at takes place in a correct manner. 19Plus has internal policies for handling personal data to prevent it from being processed in the wrong way in e.g. internal communication.

10. Cookies

By using services and website, you agree as a "User" to use of cookies. Read our cookie policy here.

11. Changes to this privacy policy

11.1 We may change this privacy policy from time to time. This may be necessary, for example, if the law changes, or if we change our operations in a way that affects privacy protection. Any changes will be immediately posted on our website and or mobile application. We recommend that you regularly check this page in order to stay up to date.

12. Your rights

12.1 As a customer or User of services, you have the following rights:

  • You have the right to receive information about which personal data processing is carried out.
  • You have the right, free of charge, to request a register extract once a year where you can see what personal data processing we have about you.
  • You have the right to request correction if we have inaccuracies registered about you.
  • You have the right to data portability (the right to have your personal data moved) provided that the legal basis is consent or agreement and what you can get out is personal data that concerns you, that you yourself provided or that was generated by your actions/activities .
  • You have the right to request a limitation in the processing, but not have the request fulfilled if it is a requirement that the processing takes place in order for the product/service to function.
  • You have the right to object to the processing of personal data and will then cease the processing while the matter is investigated.

You have the right to be deleted under these conditions:

  • The data is no longer needed for the purpose for which it was collected.
  • If the data is saved with your consent and you revoke the consent.
  • If the processing is based on a balancing of interests and there are no legitimate reasons that outweigh your interest.
  • If the personal data has been processed illegally.
  • If you object to processing for direct marketing purposes.
  • The right to be deleted does not apply if we are obliged by law (e.g. the Accounting Act) to keep the data.

12.2 You have the right to make a complaint to the Swedish Data Protection Authority about processing carried out by us.

12.3 If you want to invoke any of your rights, please contact our customer service via e-mail [email protected]

Last updated Mars 23, 2023.