Ayd cares about privacy and the protection of the personal data we process. All personal data is handled in accordance with applicable law. This policy describes how and for what purposes we use your personal data, the legal bases for processing, and the measures we take to protect your personal data. We also provide information on how you can exercise your rights related to our processing of your personal data.
At Ayd AB, company registration number 559338-1766 (“Ayd”, “we”, “us”, “our”), we care about personal integrity. This means we respect and safeguard your privacy, as well as your right to control and understand how your personal data is processed.
This Privacy Policy (“Policy”) applies to data processing activities for which Ayd is the data controller. The Policy outlines the purposes for which we process your personal data, the legal bases we rely on, and the measures we take to protect the data. It also explains how you can exercise your rights in relation to our processing of your data.
The Policy applies to our handling of personal data when you communicate with us, use our service, or visit our website at www.ayd.se (collectively referred to as “Features”).
"Processing" refers to any operation performed on personal data, such as storage, modification, access, transmission, etc.
"Applicable law" means legislation relevant to the processing of personal data, including the General Data Protection Regulation (GDPR), complementary national laws, as well as interpretations, guidance, and recommendations issued by national or EU supervisory authorities.
"Personal data" refers to any information that can be linked to a living, identifiable individual.
"Data controller" is the entity that determines the purposes and means of the processing of personal data and is responsible for ensuring compliance with applicable law.
"Data processor" is the entity that processes personal data on behalf of the Data Controller and may only do so in accordance with the Data Controller’s instructions and applicable law.
"Data subject" refers to the living individual whose personal data is being processed.
"Special categories of personal data" or "sensitive personal data" include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for uniquely identifying a person, health data, or data concerning a person’s sex life or sexual orientation.
"The service" refers to a platform that connects customers with healthcare providers, and, when applicable, facilitates the purchase of medicines (prescription and over-the-counter) via partnered remote pharmacies.
This Policy covers personal data processing for which Ayd is the data controller—that is, processing where we determine the purpose (why the processing is done) and the means (how it is done, what data, for how long, etc.). The Policy does not describe how we process data as a data processor—that is, on behalf of our customers.
Ayd provides a platform that connects users with specific health conditions to clinics offering relevant support, and also facilitates the purchase of medications via partnered remote pharmacies. When you register as a user with Ayd, we process your personal data to create a user account, match you with appropriate clinics on the platform, and enable these clinics to provide optimal care. Upon registration, we process the following personal data: your name, personal identification number, phone number, email address, and physical address. This data is processed so you can use our service. The legal basis for this processing is the performance of our contract with you.
We are responsible for demonstrating how we comply with legal requirements when processing your personal data. This section aims to help you understand the types of personal data we process and for what purposes.
Personal data of visitors to our website is processed in accordance with our Cookie Policy. Ayd uses cookies and similar tracking technologies to analyze how our Features are used and to provide you with the best possible user experience. More details are available in our Cookie Policy (ayd.se/cookie-policy).
The primary purpose of our data processing is to deliver, operate, and improve our services. There are several reasons why we may need to collect, manage, and retain your data.
We primarily process personal data for the following purposes:
We obtain the data subject’s explicit consent before processing any sensitive personal data.
We collect personal data through various methods. Primarily, we receive your data when you log in using BankID and when you actively share information (e.g., email or phone number).
We must have a legal basis to process your personal data. In our operations, we primarily rely on the following:
Consent – Ayd processes your personal data after obtaining your explicit consent. Information about the specific processing is provided when we request your consent.
Contract – Processing is necessary to fulfill our obligations under a contract with you or to prepare for entering into such a contract.
You may always request more detailed information about the legal basis for the processing of your personal data by requesting a copy of your personal data record. See “How to Exercise Your Rights” below.
You are in control of your personal data. We strive to make it as easy and efficient as possible for you to exercise your rights.
Access - You have the right to request a copy of your personal data (“data subject access request”). This includes information about what data we store, the purposes for processing, and the legal basis. We only provide access once we have verified your identity.
Correction - If any of the data we hold is incorrect, let us know and we’ll correct it.
Erasure - Want us to erase your data completely? You have the right to request deletion of your personal data when it is no longer needed for the purpose it was collected. If we are legally required to retain the data, we will ensure it is only processed for that specific legal purpose, and then deleted as soon as possible.
Objection- Do you disagree with our legal basis for processing your data? Let us know—if you object, we will review the balance of interests to determine whether we can continue processing. If your objection concerns direct marketing, we will stop processing your data for that purpose immediately, without further review.
Restriction - You may also request that we restrict the Processing of your data:
Data portability - We can provide you with the data that you have submitted to us or that we have collected from you in connection with entering into an agreement. You will receive your data in a commonly used and machine-readable format, which you may then transfer to another Data Controller.
Withdraw consent - If you have given consent for one or more specific processing activities involving your Personal Data, you have the right to withdraw your consent at any time, thereby requesting that we immediately cease the Processing. Please note that consent can only be withdrawn for future Processing and not for any Processing that has already taken place.
Contact us at info@ayd.se if you need assistance with requesting a data extract, obtaining information on your given consents, or deleting your personal data.
In order to operate our business, we engage third parties who process Personal Data on our behalf, referred to as Data Processors. We always strive to process personal data within the EU/EEA, but we also use Data Processors located in the following countries outside the EU/EEA:
We have entered into Data Processing Agreements (DPAs) with all of our Data Processors. These agreements regulate how the Data Processor may process the Personal Data and outline the required security measures for such processing.
We may also be required to disclose your Personal Data to designated authorities in order to comply with legal obligations or regulatory decisions.
Below are the categories of recipients with whom we may share your personal data.
Ayd has implemented both technical and organizational measures to ensure that your personal data is processed securely and is protected from loss, misuse, unauthorized access, or unlawful processing.
Organizational security measures are implemented through work methods and internal procedures. Our organizational security measures include:
Technical security measures are implemented through technological solutions. Our technical security measures include:
If you believe we are processing your Personal Data inappropriately, even after you have brought it to our attention, you always have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).
We reserve the right to make changes to this Policy. In cases where a change affects our obligations or your rights, we will inform you in advance to allow you the opportunity to review and consider the updated policy.
More information about our obligations and your rights can be found on the website of the Swedish Authority for Privacy Protection (https://www.imy.se/). You may also contact the authority at imy@imy.se.
Contact us at info@ayd.se if you need assistance with requesting a data extract, obtaining information about your consents, or deleting your personal data.
Details
About us
