Privacy policy

Curoflow values your privacy. In this privacy policy, we inform you about how we handle the personal information we collect or hold via our website and in other ways. Curoflow Technology AB, org. no. 559123-3654, ('Curoflow') is responsible as personal data controller.

We always process your personal data in accordance with current data protection legislation, including the general data protection regulation 2016/679 ('GDPR'). For information about which cookies we use on our website, see our Cookie policy

Whose and what personal data do we process?

We process your personal data in the following cases:

  • When you are the contact person for a customer or other stakeholder in connection with us performing, preparing or administrating assignments within our business. This also includes contact persons at potential customers, other advisors or persons we wish to communicate with to inform about our services.
  • When you, as the contact person for a potential customer, or for other reasons, contact us via the contact forms on our website or directly to a Curoflow email addresses. This also includes other advisors or people we wish to communicate with to inform about our services.
  • When you are a supplier, partner or other party that performs, or may perform, services for us.
  • When you register and / or participate in one of our events, seminars or similar.
  • When you visit our website and, where applicable, contact us via our contact forms or sign up for our newsletter.

The personal data usually includes name, contact information, title and, where relevant, bank information. We process this personal data to perform and administer the contact with you, to safeguard your or our interests, to manage supplier relationships and for accounting and invoicing purposes. In addition, the personal data can form the basis for internal market and client analysis and statistics, risk management and for method and business development. The personal data may also be used for marketing measures.

In connection with events and seminars, we may process information about allergies and food preferences as well as, in some cases, images and recorded material on site. We process personal data in order to be able to organize events and seminars, answer your request for contact and / or for marketing purposes. On our website, we also use cookies to optimize Website visitors' experience, see our Cookie Policy for more information. However, we do not process any personal data via cookies. 

The personal data originates from yourself or your employer, while other information may arise within the framework of us providing you our services. Where applicable, we collect and store personal data from external sources such as public records of companies and address registers, searchable and public websites and / or from credit information companies.

Legal basis for processing information

The processing of personal data from contact persons, suppliers, partners and other types of stakeholders takes place when it is necessary for us to be able to fulfill our agreement with you or to be able to take measures before entering into an agreement.

Event and seminar participants’ and website visitors’ personal data is processed to fulfill a legitimate interest, such as inviting to events or sending out newsletters, where we have assessed that the legitimate interest outweighs the data subject's interests or fundamental rights and freedoms (balancing of interests). When we communicate with you in order to inform about our services, balancing of interests is applicable as legal basis. 

Storage of personal data

We store the personal data for as long as necessary for the fulfillment of the purpose for which the data was collected. When processing personal data within our business assignments, we store the personal data for 30 days upon terminated assignment. Suppliers’ and partners’ personal data is stored for 30 days upon terminated collaboration. If you unsubscribe from our newsletter or other types of communication, the data, to the extent that it has been saved for such purposes, will be deleted. After participating in events or seminars, we retain the personal data that was processed for the stated purposes personal data for one (1) year before we delete them. 

However, we would like to draw your attention to the fact that when deleting your personal data for certain processing, we may retain the personal data for other purposes, e.g., if you are still a customer or supplier.

Disclosure and transfer to countries outside the EU / EEA

Curoflow may engage external partners and suppliers to perform tasks on our behalf, for example to provide IT services, analytics or statistics. The performance of these services may mean that our partners, both within and outside the EU / EEA, gain access to your personal data.

Partners who handle personal data on behalf of Curoflow always sign agreements with us to ensure a high level of protection for your personal data. In relation to partners outside the EU / EEA, specific safeguards are also put in place in necessary cases, e.g., by entering into agreements that include standard contractual clauses for data transfer in accordance with the European Commission's decision and which are available on the European Commission's website.

Clarification: This privacy policy is only intended to describe the way we handle personal data from our existing or potential customers, mainly visitors on our website. The personal data that is handled and managed within Curoflow's medical device software and video service (from individuals, companies, healthcare professionals, administrators and patients) is handled within the EU / EEA and without the risk of transfer outside the EU / EEA.

Your rights

Below is a list containing rights you have regarding our processing of your personal data. The rights are not absolute and a request for exercising the rights does therefore not always result in any action.

Your rights in the GDPR include:

  • Right to access - According to Article 15 GDPR, you have the right to access your personal data and certain information regarding the processing of them. Such information is provided in this document.
  • Right to rectification - According to Article 16 GDPR, you have the right to have incorrect personal data corrected and to supplement incomplete personal data.
  • Right to deletion - In certain circumstances, according to Article 17 GDPR, you have the right to have your personal data deleted. This is the so-called 'right to be forgotten'.
  • Right to restriction - In certain circumstances, you have the right under Article 18 GDPR to limit our processing of personal data.
  • Right to data portability - According to Article 20 GDPR, you have the right to obtain the personal data (or have it transferred to another personal data controller) in a structured, commonly used and machine-readable format.
  • Right to object - Under Article 21 GDPR, you have the right to object to specific processing of personal data.

Contact information

Contact us at integritet@curoflow.se  if you have any questions regarding our personal data processing or wish to exercise your rights as described above. If you are dissatisfied with our personal data processing, it is possible to file a complaint with the Swedish Authority for Privacy Protection via www.imy.se. You can also contact the supervisory authority of the country where you live or work.

Last updated 2023-01-20