At Tandem Health AB ("Tandem" / "We"), we value your privacy. The purpose of this personal data policy is to inform you as a user or prospect how Tandem Health collects, uses, protects, and manages your personal data. This personal data policy relates to the processing that Tandem carries out as a data controller. It does not govern the data processing operations that we perform as a data processor within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), which are covered by a separate document.
Tandem Health AB is registered with the Swedish Companies Registration Office with org. no. 559444-6857 and has its head office at Kungsklippan 12, 112 25 Stockholm, Sweden. Tandem is the data controller in accordance with the GDPR for the personal data processing described in this information. At Tandem, we have appointed a Data Protection Officer (DPO) who you can contact if you have any questions about how we process your personal data and/or if you wish to exercise the rights you have over your personal data. You can contact our DPO at dpo@tandemhealth.ai.
In accordance with the principle of ‘data minimization’, we endeavour to collect and use only personal data that is relevant and strictly necessary for the purposes for which it is to be processed.
If you are a prospect, Tandem collects the following categories of personal data:
- Identification data: name, surname, position, etc.
- Contact details: postal address, email address, phone number, etc.
If you are a client, Tandem collects the following categories of personal data:
- Identification data: name, surname, company name, internal number,
- Contact details: postal address (billing and delivery address), email address, phone number, etc.
- Professional data: personal identification number, HSA ID, VAT identification number, etc.
- Financial information: payment and billing details such as IBAN number, credit card number, etc.
- Other data that you are likely to communicate to us spontaneously, in particular when requesting support.
In the course of our relationship, Tandem may process your personal data for the following purposes and on the following legal bases:
Your personal data will be kept in a form that enables you to be identified for no longer than is necessary for the purposes for which it is to be processed. Subject to the existence of legal or regulatory obligations requiring storage for a longer period, your personal data is retained for the periods indicated below:
Within Tandem, only persons authorized by virtue of their duties or functions may access the personal data processed, and this strictly within the limits of their respective attributions and the performance of these duties and functions.
Your personal data may be communicated to our data processors (for example, our technical service providers), in strict consideration of the purposes sought and only in the event that it proves necessary for the latter to fulfil their missions. These third-party companies are not authorised to share the information that may be communicated to them or to use it for any other purpose.
Tandem has ensured that its relationship with these third-party companies is set out in each contract so as to ensure an adequate level of security for your data.
Lastly, your personal data may be communicated to authorised third parties, i.e. the legally authorised public authorities.
Your personal data may be transferred to third countries located outside the European Union. In such cases, we systematically take all appropriate measures to verify and, if necessary, guarantee that the recipients of the data comply with an adequate level of protection equivalent to the European regulations, in particular by signing standard contractual clauses adopted by the European Commission.
In accordance with the GDPR, you have the following rights with regard to your personal data:
- Right to Information - You, as the data subject, have the right to receive information about how we process your personal data. We inform you through this policy and by answering your questions.
- Right to Access - You, as the data subject, have the right to receive confirmation from us if we process your personal data, access the personal data, and certain information about the processing itself (e.g., the purpose of the processing).
- Right to Rectification - You, as the data subject, have the right to have incorrect personal data about you corrected by us without undue delay, as well as the right to supplement incomplete data.
- Right to Erasure (Right to be forgotten)- You, as the data subject, have the right to have your personal data erased under certain circumstances. The right to erasure does not apply if the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation that requires processing under Union or Member State law that we are subject to, or for the establishment, exercise, or defense of legal claims. The right to erasure may, depending on the basis for your request, also be limited if the data is still necessary for the purpose or if there are compelling legitimate grounds for the processing that override your right to erasure under Article 21.1 GDPR. However, the right to erasure always exists in the case of processing for direct marketing purposes upon objection under Article 21.2 GDPR.
- Right to Restriction of Processing - You, as the data subject, have the right to require the restriction of processing of your personal data. The right to restriction of processing applies if you contest the accuracy of the data if the processing is unlawful, if the data is no longer needed for the purposes but you need them to establish, exercise, or defend legal claims. The right also applies while awaiting verification of which party's reasons outweigh if you have objected to processing in accordance with Article 21.1 GDPR.
- Right to Object - You, as the data subject, have the right to object to processing based on public interest, the exercise of official authority, or legitimate interest. In such a situation, the processing ceases unless there are compelling legitimate grounds that override your interests or if the purpose of the processing is to establish, exercise, or defend legal claims. Processing for direct marketing ceases if you object to such processing.
- Right to Data Portability - You, as the data subject, have the right, in certain cases, to receive the data you have provided us and have the data transferred to another data controller. The right exists when we process personal data automatically and based on your consent or on a contract.
- Rights in Relation to Automated Decision-Making - You, as the data subject, have the right not to be subject to automated decision-making that has legal effects or similarly significantly affects you. The right does not exist if it is necessary for the performance of a contract, is permitted by Union or Member State law that applies to us, or is based on your consent.
- Right to Lodge a Complaint - You, as the data subject, have the right, according to Article 77 GDPR, to lodge a complaint with a supervisory authority if you believe that the processing is in violation of the regulation. You can find more information and complaint forms on the website of the National Data Protection Authorities.
As mentioned above, should you wish to exercise your rights over your personal data, please contact us:
- By e-mail, at dpo@tandemhealth.ai ;
- By post, to the following address: Tandem Health AB – Attn.: Data Protection Officer - Kungsklippan 12, 112 25 Stockholm, Sweden.
Your personal data will not be subject to automated decision-making that has legal effects or similarly significantly affects your situation.
We are committed to ensuring the confidentiality, integrity, availability and security of your personal data. In accordance with the GDPR, we endeavour to implement the appropriate technical and organisational measures to guarantee the level of security that is most appropriate to the risks incurred when processing your personal data. We also take steps to prevent, as far as possible, any loss, accidental destruction, alteration or unauthorised access to your personal data.
Tandem Health continually works to improve our services. Therefore, we may update this information. When we make changes to the policy, we will publish the updated version on our website and indicate the date of the latest update. For updates of significant importance to the processing of your personal data, we provide information about this through email or a notice on our website in accordance with applicable legislation. Please visit this page regularly to stay informed about how we process your personal data. The information was last updated on September 1st, 2024.
If you do not find answers to your questions in the information in the previous sections, you are warmly welcome to contact our Data Protection Officer at dpo@tandemhealth.ai.