Personal Data Policy

Personal data policy for users of Joint Academy and web site visitors

1. Scope of the Personal Data Policy

1.1 The following describes how Arthro Therapeutics AB, corporate ID no. 556941-9210, with address c/o A Invest & Consulting AB, Västergatan 22, 211 21 Malmö (Arthro, usor we), process personal data about you as a user of the Joint Academy, and you who visit our website www.jointacademy.com, (the Website).

1.2 We believe that personal privacy is important and we take your privacy extremely seriously. It is therefore important for us to protect your personal data and ensure that our data processing is carried out in a correct and legal manner.

1.3 This personal data policy explains what types of personal data we may process and the manner in which we process the data. We also describe our processing of personal data and which choices and rights you have in relation to it. We ask you to read our personal data policy carefully and familiarize yourself with its content.

1.4 Note that this personal data policy only concerns the processing of personal data for which Arthro is the data controller. This means that we are responsible for the handling and processing of your personal data. It also means that it is us you should contact with any questions or comments, or if you want to use any of the rights you have in relation to our handling of your personal data.

1.5 For users of Joint Academy, your personal data is also processed by the healthcare provider who provides you with care through Joint Academy. For the care provider’s processing of personal data that takes place in order to offer you care, it is the care provider who is the data controller. For more information about the care provider’s processing of your personal data, therefore, we refer you to the healthcare provider’s personal data policy.

1.6 If you have been referred through your insurance company to a doctor or physiotherapist, who offers care through Joint Academy, your insurance company is the data controller for the processing of your personal data that takes place in connection with the insurance case. For more information about the insurance company’s processing of your personal data, therefore, we refer you to your insurance company’s personal data policy.

2. Personal Data that is Processed – Users

2.1 Personal data refers to data that can be attributed to you. We may handle the following personal data that may be attributed to you as a user of Joint Academy:

(a) Contact information (name, e-mail address, address and telephone number);

(b) information about your health;

(c) cookies;

(d) IP address; and

(e) token for authentication.

2.2 Note that your provision of your personal data is a prerequisite for entering into an agreement with us concerning the Joint Academy service.

3. Purposes of the Processing and Legal Basis – Users

3.1 We process your contact details (article 2.1 (a)) in order to attend to our communication with you as a user of Joint Academy.

3.2 We process your contact details (article 2.1 (a)) and information about your health (article 2.1 (b)) in order to be able, through analysis of results and behaviour based on our osteoarthritis treatment, to conduct research and education concerning how the treatment of osteoarthritis can be improved and further streamlined. Beneficial results from studies performed on user data may have beneficial economic implications for Arthro.

3.3 We process cookies and your IP address (articles 2.1 (c) – 2.1 (d)) in order to develop Joint Academy and improve the user experience.

3.4 We process your token for authentication (article 2.1 (e)) in order to ensure that only authorized users can log in to Joint Academy.

3.5 Since Joint Academy is a healthcare service, all the personal data listed in article 2.1 are derived from your health. This means that this personal data is considered sensitive and is therefore only processed on the basis of your prior consent.

3.6 You have the right to withdraw your consent to our processing of your personal data at any time. You can only withdraw your consent in relation to a certain part of our processing, such as the processing carried out for research. Note, however, that your consent to the purposes in articles 3.1 and 3.4 is a prerequisite for us to be able to offer you the Joint Academy service.

4. Personal Data Processed – Website Visitors

4.1 We may handle the following personal data that can be attributed to you as a visitor to the Website:

(a) cookies;

(b) name;

(c) company;

(d) e-mail address;

(e) telephone number; and

(f) IP address.

4.2 Note that the data in articles 4.1 (b) – 4.1 (f) above is only processed in relation to such visitors to the Website, who register on the Website for more information.

5. Purposes of the Processing and Legal Basis – visitors to the Website

5.1 We process information about cookies (article 4.1 (a)) in order to develop and improve the Website and the user experience.

5.2 We process the information in articles 4.1 (b) – 4.1 (f) in order to develop our services and the Website, and to promote our services to you.

5.3 We process your personal data listed in article 4.1 on the basis of your prior consent.

5.4 You have the right to withdraw your consent to our processing of your personal data at any time. You can only withdraw your consent in relation to a certain part of our processing, such as the processing carried out for marketing purposes.

6. Personal Data Storage

6.1 We store your personal data for as long as it is necessary to fulfil the purpose of the processing.

6.2 If you cease to be a user of Joint Academy, we will thin out the personal data in articles 2.1 (a) – 2.1 (e) within three months after you stop being a user. We may, however, process your contact details (article 2.1 (a)) and data about your health (article 2.1 (b)) during the time that the research we are conducting is in progress.

6.3 Cookies (articles 2.1 (c) and 4.1 (a)) are deleted no more than one year after the cookie was created.

6.4 We retain data about visitors who have registered for more information (article 4.1 (b) – 4.1 (f)) for a maximum of two years after registration.

6.5 If you withdraw your consent to certain processing that is based on consent, your personal information is no longer necessary to fulfil the purpose of the processing, or if the processing is no longer permitted for other reasons, the data will be anonymized or deleted.

7. Cookies

7.1 The Website uses cookies. Cookies are small text files that are stored on our visitors’ computers and which can be used to follow what a visitor does on the Website.

7.2 We use so-called tracking cookies, which are intended to share information between websites in order to gather information and provide you with customized information and marketing. You can see who we share your cookies with in article 8.3 below.

7.3 We only use cookies if you have given your consent. If you do not consent to the use of cookies, you can block cookies in your browser’s security settings. You can also configure the browser so that you receive a question every time the Website tries to place a cookie on your computer. Previously stored cookies can also be deleted through the browser. Refer to the browser’s help pages for more information. You can also delete cookies manually from your hard drive at any time.

7.4 Note that if you choose not to accept cookies, the functionality may be restricted on certain websites.

8. Recipients

8.1 We may disclose your personal information to our data processor, e.g. companies that work with IT and cloud services or services for payment administration. We may also share your data with the healthcare provider, who offers you care through Joint Academy or the insurance company that referred you to us.

8.2 In case of a suspected violation of the law or our general terms and conditions, we may disclose your personal data to law enforcement authorities, as well as to our legal advisers.

8.3 Provided that you have given your consent to the use of cookies, we will also share information about cookies with Facebook and Google for behavioural analysis and targeted marketing.

9. Your rights

9.1 You are entitled to receive confirmation of whether we process personal data concerning you, and in that case obtain access to the personal data in question, as well as information about the personal data and our processing of the data.

9.2 You have the right to have incorrect personal data relating to you corrected by us without undue delay. You also have the right in certain cases to supplement incomplete personal data, having regard to the purpose of the processing.

9.3 You have the right to withdraw your consent to our processing of your personal data at any time. Note, however, that this affects the possibilities for us to offer you our Joint Academy service.

9.4 You have the right to object to our processing of your personal data intended for direct marketing purposes. If you make such an objection, we will no longer process your personal data for that purpose.

9.5 You have the right, under certain circumstances, to have your personal data deleted by us, for example if the personal data is no longer necessary in order to fulfill the purposes for which it was collected, or if the personal data was processed illegally.

9.6 You have the right to demand that we limit the processing of your personal data in some cases. For example, if you dispute the correctness of your personal data, you may require us to restrict their processing during the time it takes us to verify that the data is correct.

9.7 You have the right to obtain the personal data you provided to us and which concern you in an electronic format that is generally used. You have the right to transfer such data to another data controller (data portability).

9.8 You are welcome to contact us with any comments you may have about our processing of your personal data. You also have the right to lodge complaints about the processing of your personal data with the Swedish Data Protection Authority.

10. Supplements and Changes

We may make updates or changes to this personal data policy. If we do, we will notify you in an appropriate manner, for example by e-mail. If we do so, we ask that you carefully read the updated personal data policy.

11. Contact Us

In order to update, correct or delete data that we have about you or in order to exercise your rights as set out above, you are welcome to contact us at [email protected].