Muntra AB is careful to protect and respect your privacy. This privacy policy explains how we collect and use your personal information when you use our platform to manage subscription services, at https://about.muntra.se and through our applications (the "Service"). It also describes your rights to us and how you can assert your rights.
1. Your personal information is in safe hands
Muntra AB, org.nr 556935-2726 (“Muntra”, “we”, “us”, “our”) are responsible for personal data for the processing of your personal data described here.
Muntra might also been hired as a processor for a healthcare provider. In these cases, it is the healthcare provider who is responsible for personal data for the processing of your personal data described here.
You can contact us at any time if you have any questions or comments regarding your personal information. You may use the chat provided in the Service, but you can also email us at support@muntra.se or contact us at:
Muntra AB
Mäster samuelsgatan 36
111 57 Stockholm
2. Data Protection Officer
Muntra has appointed a Data Protection Officer (“DPO”) to help us ensure that your personal information is processed correctly and legally.
You can contact the DPO for any questions concerning Muntra's processing of your personal data and the exercise of your rights, by emailing support@muntra.se.
NOTE! If you are a patient using Muntra's services, our Privacy Policy does not replace the healthcare provider's processes for processing personal data. For more information, contact or see the caregiver's own website and policies.
3. Personal information collected about you
Muntra may process the following types of personal information about you:
User Information
To use the Service you need to register a user account. When registering, you will need to provide information about yourself, such as your social security number and your email address. Using your social security number, we will automatically obtain your name and address. You also have the option of adding other information or account settings, such as your mobile number.
Sensitive personal data
(Note! - This is only applicable for patients using Muntra’s services, such as booking an appointment with a caregiver.) Messages and invoices may contain sensitive personal information, such as your health status. Like all other information, your sensitive personal data is collected and processed with the greatest regard for your privacy. We save as little data as possible from your use of our Service.
Correspondence
We will collect personal information when you contact us regarding the Service. Correspondence may contain user information and other relevant information that you share with us about yourself. For example, we collect relevant information about your contacts with our customer support, such as date, time, contact method and topic of conversation. Since email is not always completely secure, you may want to avoid including sensitive personal information in your messages to us.
Customer surveys
We can contact you to offer you the opportunity to participate in digital customer surveys. If you choose to participate, you may be asked to provide certain information that may contain personal information.
Technical data
We collect technical information from your computer (or mobile device) when you use the Service, such as IP address, browser type and version, screen resolution, language settings, geographic location, operating system and computer platform. Technical data may also contain information on how to use the Service and identify technical problems. Although we do not normally use technical data to identify specific individuals, individuals can sometimes be identified using it.
Payment and financial information
Your financial data may contain several types of personal information about you, such as subscription information, credit or payment information, bank account numbers and other bank account information, credit card details, purchases, purchase amount, date of purchase and means of payment, etc.
4. How your personal data is collected
Information you provide to us
Most of all information that Muntra collects about you is left to us by yourself. You may directly or indirectly provide us with information about yourself in various ways, for example, when you register your user account in the Service. You can always choose not to submit information to us. However, some information is needed for us to provide you with the Service. Failure to provide us with this personal information may mean that you may not register your user account, or may not use all features of the Service.
Information collected in other ways
We may also collect information about you in other ways. It always happens responsibly with your integrity in mind. For example, we use your social security number to collect your name and address, so you do not have to fill in this information yourself.
Caregivers using Muntra’s Patient Management System are required by law to keep a patient record for all patients. Therefore, we have the right to register your personal data in our patient record even if you have not given your consent. Patient records should always contain the following personal information:
- the background to the care,
- reason for more significant measures, and
- essential information about the measures taken and planned.
For your safety, all calls that go through the Dental Clinic's Patient Management System are recorded. This is called logs. Systems are logged with timestamps, users, care units,
caregiver and patient and can be used for monitoring the caregiver. That means you can always see who, when and what someone did with your personal information.
Chapter 3 of the Patient Data Act (“PDL”) contains provisions on the obligation to document and keep patient records. The basic rules outlining what a patient record should contain are available in chapter 3, sections 5-8 and 11 of the PDL. A patient record must include, among other things, the information needed for good and safe care of the patient (Chapter 3, Section 6 PDL).
5. How your data will be processed
Muntra processes your personal information for the following purposes and based on the following legal bases:
To provide the Service to you
We process your personal information in order to administer your user account and provide you with the Service (ie. to fulfill the agreement between us) and for other legitimate interests. For example, your social security number is used to confirm your identity when you log in with BankID in the Service and technical data to ensure that the Service is presented in the best way for you and your unit.
To register your user account
We process your personal information in order to register your user account. This is necessary for us to be able to enter into an agreement with you. We also automatically collect your name and address, so that you do not have to fill in this information yourself. This is necessary for legitimate interests, including our interest in simplifying the registration process for our users. It is hopefully also in your interest.
To identify and present your subscription services
Your financial data is automatically analyzed and processed to identify and present your active subscription services to you in the Service, ie. to provide you with the Service. Ev. sensitive personal data is processed by us with the express consent you provided when registering your user account.
To communicate with you
Your name, phone number, address and email will be used to send reminders, confirmations, service announcements and other relevant information about the Service to you. Caregivers might use the information to send reminders of booked appointments. This treatment is necessary for legitimate interests, including our interest in promoting and maximizing your use of the Service. You can freely control and turn notifications on and off in your account settings, or follow the instructions for unsubscribing as stated in the mail from us. However, we may continue to send you important administrative notices, which are required for us to provide you with the Service.
To provide customer support
Your personal information (eg. user data, technical data, subscription data, etc.) can be used to investigate, respond to and resolve complaints and problems with the Service (eg. bugs). This treatment is necessary for us to provide you with the Service as promised and for legitimate interests, including our interest in ensuring the functionality of the Service.
To conduct customer surveys
Your name and email address can be used to invite you to respond to inquiries. By continuously gathering qualitative feedback from you and other users, we can gain a deeper understanding of your and other users' problems and needs. This treatment is necessary to achieve legitimate interests, including our interest in developing and improving the Service.
To develop and improve the Service
We may use technical data, customer surveys and other aggregated and anonymized data (such as subscription data not specifically related to you, and without sensitive personal information) to develop and improve the Service. This may include, for example, troubleshooting, information analysis, investigative measures, statistical purposes and tests (eg. beta testing and evaluation of new features, which are in line with the basic nature of the Service). For example, we may collect and evaluate technical data about your use of the Service to analyze and understand how the Service is used to make it more intuitive. This treatment is partly necessary for us to be able to provide you with the Service, but primarily to achieve legitimate interests, including our interest in developing and improving the Service and its functions.
To follow laws
We are obliged to comply with Swedish (and sometimes other) laws. This means that your personal data may sometimes need to be processed to the extent required by law or other legal obligations, for example for reporting to authorities.
To protect Muntra, you and others
We may need to process your personal information in order to defend or assert our, your or others' legal rights. For example, it may be necessary if you or someone else makes claims against us, or to investigate abuse or fraud. It is necessary to protect you and others as well as other legitimate interests, among other things.
6. How your personal information is shared
We will never sell your personal information, but may sometimes need to share it with other trusted people and companies. For example, your personal information may be shared with:
People who work with us
Your personal data will be shared with people who work with us, but only people who are authorized to process your personal data. This means that your personal information is only shared with people who need access to them in order to do their job, for example to provide you with customer support or to help you manage terminations, negotiations or switches between subscription services. Of course, everyone who works with us is covered by privacy.
Your existing and potential suppliers
Your personal information will be shared with recipients that you have approved yourself, for example when you book an appointment with a caregiver. These recipients themselves are responsible for personal data on how your personal data is processed by them.
Service providers
Your personal information may be shared with providers who help us provide you with the Service, or who provide us with other services that require your personal information to be processed. For example, we store and provide the Service using Amazon Web Service and use Zendesk as a support tool. There may also be other service providers who help us with things like marketing, email and the like. These companies may only process your personal data in accordance with instructions from us, or to fulfill their legal obligations.
Authorities and legal contexts
Sometimes we may need to share your personal information with others due to legal obligations. For example, when required to respond to a request from the Police, the supervisory authority or other public authorities. We may also share your personal information if it is necessary to defend or prevent fraud or in connection with a legal process, for example, to assert our general terms or to defend Muntra, our affiliates, your or others' rights.
Transfer
We may share your personal information with a prospective buyer in connection with a sale of all or part of our business or assets. Of course, on the other hand, we will never sell your personal information separately to a third party, unless you have approved it.
7. Where we process your personal information
Muntra always strives to process and store your personal data within the EU / EEA. However, your personal data will in some cases need to be transferred and stored outside the EU / EEA. For example, Zendesk can process your data in the United States.
You should be aware that other rules may apply to your personal data outside the EU / EEA, which can sometimes mean less protection than offered in Sweden. However, we choose all our suppliers with great care and with due regard to your integrity. We will also take the necessary steps to ensure that your personal information is handled securely and with an adequate level of protection. You can always contact us if you have any questions about applicable safeguards.
8. How long will your data is saved
For patients
Personal data in a medical record is kept in accordance with the Patient Data Act for at least ten years.
For other
Muntra saves your personal data as long as the information is needed to fulfill the purpose for which the data was collected. How long this is depends on the type of information involved. We regularly check our need to save your information, taking into account applicable legal requirements.
Until you delete your user account or revoke your consent
Normally, we need to save most of your information as long as you have an active user account.
But sometimes longer
Your personal information can sometimes be saved even after you delete your user account or revoke your consent. This applies, for example, if and to the extent we deem it necessary to defend our legal rights, legitimate interests and the interests of others. For example, your information may need to be saved during applicable complaint deadlines or liability periods, which apply to the subscription or cancellation of a subscription. Your personal data can also be stored longer if required by law, such as accounting and tax law.
9. Cookies
Like many companies, we use "cookies" and similar technologies in the Service. Cookies and the like are used to store your account settings and account information (such as name, email, address, phone number or affiliated bank accounts) and to track your use of the Service, in order to provide you with customer support and to get a better picture on how we can improve the Service. We may also place a “Facebook Pixel” on your computer or device for marketing purposes. You can read more about how we use cookies, pixels and similar technologies in our Cookie Policy.
10. Your rights
It is your personal information. You therefore have the right to influence how your personal data is processed by us. Here is a brief summary of your rights.
Right to object to treatment
You have the right to object to your personal data being processed for legitimate interests. This means that we must either prove that there are compelling justifiable reasons for the treatment, which outweigh your interests, or end the treatment. You can always contact us for more information on the balance of interests that has been made.
You also have the right to object to your personal data being used for direct marketing (eg. newsletters). You do this by turning off notifications in the instructions for unsubscribing as stated in our email.
Right to access and move your data
You have the right to request a copy of your personal data as well as information on how they have been collected, used, shared etc. You also sometimes have the right to transfer your personal data to another personal data controller.
Right to delete data ('the right to be forgotten')
You have the right to request that your personal data be deleted, for example if a data is no longer necessary for the purpose for which it was collected or otherwise processed, or if we have no legal basis for processing the data.
NOTE! Removal of electronic health records must be approved by the Swedish Health and Social Care Inspectorate (“Inspektionen för vård och omsorg”, "IVO") at www.ivo.se. IVO decides if the health records can be deleted, after which the data are deleted by us.
Right to correct information
You have the right to request that incorrect personal data be corrected. You also have the right to supplement incomplete personal information. You can change and supplement your information by contacting us.
Right of restriction
You have the right to request that the processing of your personal data be restricted until incorrect or incomplete information about you has been corrected or until an objection from you has been investigated.
NOTE! The patient’s consent is required for other healthcare providers to process your information. You should always be informed of what "coherent journaling" means before a second healthcare provider gains access to your information.
If you do not want your medical records to be available electronically for other healthcare providers, you can request that the data be blocked in whole or in part for electronic access. You should then be informed of the consequences following the blocked information for your health care, for example, you must tell your health care provider yourself what they need to know to give you good and safe care. You should also be aware that blocks can only be put in electronic journals, not in journals that are only in paper form.
Right to revoke your consent
You have the right to withdraw any consent you have given us at any time. Note, however, that it does not affect the treatment performed prior to the recall. Unfortunately, Muntra currently does not have a technical option to provide you with the Service without processing personal information. Normally, therefore, you need to revoke your consent by deleting your user account.
NOTE! If a patient withdraws his/her consent to the processing of personal data, no additional information is processed. You can revoke your consent at any time. You do so by contacting us.
You can read more about your rights at www.datainspektionen.se. You can contact us in the chat located in the Service or at support@muntra.se to exercise your rights.
You should be aware that limiting or deleting your personal data may affect or hinder your use of the Service. There may also be legal regulations (such as privacy, accounting and tax law) that sometimes limit, or extend, your rights. For example, legal obligations may prevent us from disclosing, deleting or moving parts of your information.
11. Complaints
You have the right to contact and complain to the Swedish Data Protection Authority if you believe that your personal data has been handled incorrectly by us. You can read more about this at www.datainspektionen.se. You can also inquire with the regulator in the country where you live or work.
12. Changes in the privacy policy
This Privacy Policy may occasionally need to be updated to reflect changes in the Service or our collection and use of your personal information. You will be informed of any significant changes being made (eg. via email), but we also recommend that you read this policy periodically to ensure that you are aware of any changes that have been made. We will state at the bottom of this privacy policy when it was last updated.
This Privacy Policy was last updated December 10, 2019. 