What is the GDPR
- What is the GDPR and what does this mean for me?
GDPR stands for the General Data Protection Regulation, which is a new, European-wide law that regulates how companies and organisations are allowed to handle the personal data of EU-residents. The GDPR comes into effect on 25 May 2018.
Don’t you worry, this will not affect your use of KRYs services - your account with KRY will work just as usual! However, you are given the right to influence how your personal data is used. Your rights are described in detail in our integrity policy.
- What is meant by “personal data”?
Personal data is any information relating to an identifiable individual. It can identify you as an individual directly or indirectly (i.e. in combination with other information) and can include name, identification number, location data, or other factors specific to the physical, genetic, mental, economic, cultural or social identity of the person.
- How does KRY handle my personal data? What type of security do you have?
Our goal is to always provide you with high quality healthcare and in order for us to do so, we collect personal data from you, as described above. Access to your data is restricted to the people providing you with the healthcare, or as part of our ongoing quality assurance and product development. We safeguard your personal data and here at KRY wee constantly work with assuring the security of our systems. We do this by utilizing a combination of in-house experts, automatic and manual testing and regular audits by independent third parties.
- What kind of personal data does KRY handle about me?
We handle basic contact details, such as name, address, personal identification number and phone number. We also process medical data, submitted by you, and retrieved from other caregivers with your consent.
- So, where do you store my personal data?
KRY store the majority of the personal data in our purpose built secure system. This system is hosted on servers provided by a third party that acts as data processor to us, located within the EU (primarily on Ireland).
- Does this mean you send my data outside of Sweden or / the EU?
We do not store any of your sensitive personal data (such as data relating to your health) outside of the EU. Occasionally, some of your personal data might be processed by our partners outside of EU. If personal data is transferred to our partners outside of the EU, such transfer will only be conducted on the condition that the transfer is legal under applicable data protection laws.
- For how long do you store my personal data?
When it comes to medical personal data, there are patient safety legislations that requires us to keep medical records for a certain period of time.
Non-medical personal data will only be kept as long as necessary in order for us to provide the services in a satisfactory manner to you, in accordance with the GDPR, and other applicable legislation.
- I would like to be “forgotten” and that you remove all my personal data from your systems. How do I go about it, how is this done and how long will it actually take?
When you are a patient, then most of your personal data processed by us is of medical character. In accordance with patient safety legislation medical records must be kept for a certain period of time, in accordance with applicable national legislation, and the right to be forgotten is not covered by that legislation.
However, when it comes to other personal data such as data provided when you signed into the KRY app (excluding any personal data that we are under an obligation to store under mandatory law, relating to your health), you are always free to contact our support function at email@example.com and we will assist you with your requests.
If you request to be forgotten, non-medical data will be removed from our systems as quickly as possible but no later than within thirty (30) days as of your request. We will notify you in writing and confirm which personal data has been erased and as per which date.
- If I have further questions regarding personal data processing by KRY, who should I contact?
You are always welcome to contact us at firstname.lastname@example.org. We will do our best to contact and assist you with your query within short.
Who can see my responses from the symptom check before consultation?
It is only the doctor who treats you who has access to your answers. Before the meeting the doctor want to go through your answers to prepare for the meeting.
Is that safe?
All data traffic on KRY, including video feed traffic, is protected by encryption.
The doctors who work for KRY log in with their own ID card, which ensures their identity.
How is my information stored?
Who should I contact for possible complaints?
If you are not satisfied with the services or you are dissatisfied with the way you were met, then we would like you to share your views with us. Contact us directly at KRY, email@example.com, with as thorough explanation as possible about why you are dissatisfied so that we can help you in the best way. Our healthcare professionals are subject to Norwegian regulations. You can therefore contact the Patient Ombudsman or County Governor in your county.