Data privacy

Why does privacy matter to Capio?

Data privacy refers to laws and regulations imposed to ensure that personal data is collected, made available, and otherwise processed in a fair and lawful may. We believe that data privacy is the foundation of trustworthy patient relationships and the reputation of Capio as an attractive employer.

Capio privacy principles

Our privacy position can be summarized as follows:

• Fairness and lawfulness: When processing personal data, we protect the individual rights of the data subjects. Personal data is collected and processed legally and fairly.

• Restriction to a specific purpose: Personal data is processed only for explicit and legitimate purposes.

• Transparency: The data subject is informed of how his/her personal data is being handled.

• Data reduction: Personal data must be adequate, relevant and not excessive in relation to the purposes for which it is collected and/or processed.

• Deletion: Personal data that is no longer needed after the expiration of legal or business process related periods is deleted.

• Accuracy of data: We undertake suitable steps to ensure that inaccurate or incomplete data are deleted, corrected, supplemented or updated. We ensure that data subjects can rectify, remove or block incorrect data about themselves, unless a law of regulation specifically requires or allows otherwise.

• Confidentiality and data security: Personal data is subject to data secrecy. It is treated as confidential on a personal level and secured with appropriate organizational and technical measures to prevent unauthorized access, illegal processing or distribution, as well as accidental loss, modification or destruction.

Who is responsible for your personal data?

Capio is responsible for your personal data. Capio refers to Capio AB (incorporated in Sweden under the company number 556706-4448) and its subsidiary companies. For the purposes of data protection laws and regulations, the controller of your data will be the Capio affiliate/care giver which is providing health care services or communication to you.

What is Capio doing?

We secure personal data through the use of our data privacy and information security strategy:

• We align our information security governance with our data privacy governance to provide a consistent, cohesive vision around the protection of our information assets and personal data.

• We subject our applications to both data privacy impact assessments and security reviews/audits, which support a consistent approach in deployment and operation.

• We protect personal data using appropriate physical, technical and organizational security measures.

• We provide assurance that our contracts with third-party processors contain provisions that are commensurate with our own policies, practices and controls to confirm your data is managed properly and securely.

Stakeholders and individuals rightfully demand accountability from any organisation handling their personal and confidential data. We understand the importance of taking appropriate steps to safeguard personal data and are committed to protect personal data.

Your data, your rights

You have certain rights in relation to the personal information that we hold about you. You will always have the right to find out exactly what data we store on your behalf, and to ask us to correct or delete data.

We have processes in place to enable you to exercise your rights and ensure that we can fulfil your requests concerning the personal information that we hold about you.

How to contact us about your privacy

If you have any questions about your privacy or consider that your rights have been infringed when we process data relating to you, please contact your care giver.

For information about our care givers, the personal data processing conducted within a specific care giver and information about how to exercise your rights, please visit our country web sites where you can find the websites of the care givers.

If you have any questions or a complaint pertaining your personal data you can also contact the Group Data Protection Officer by post mail at Capio AB, Group Data Protection Officer, Box 1064, 405 22 Gothenburg, Sweden.