Privacy Notice for MyHealthEnabler

Dear User,
MyHealthEnabler is a cloud-based platform that enables the secure storage of your health data and digital health assessments between you, your relatives, and one or more healthcare providers (the "Service"). The platform is developed and provided by Nordic Health Innovation AB, organization number 556878–3921, with an address at Norrberg Hjalmarslund, 923 98 Storuman, Sweden ("we" or "us").

Your privacy is important to us. Under the General Data Protection Regulation 2016/679 ("GDPR"), we are responsible for processing your personal data when we determine the purpose and means of such processing. Personal data includes information that directly or indirectly relates to an identifiable living individual, such as name, address, contact details, and health data. This document ("Privacy Notice") aims to explain when we act as the data controller of your personal data, how we process your personal data, and what rights you can exercise regarding our processing of your personal data. To use our Service, you must first read and accept this Privacy Notice.

PERSONAL DATA YOU REGISTER AND STORE IN OUR SERVICE AND PERSONAL DATA YOU SHARE WITH A HEALTHCARE PROVIDER THROUGH OUR SERVICE

We are not responsible for the personal data you register and store in our Service. If you choose to share your personal data with a healthcare provider through our Service, the healthcare provider is the data controller under the law for any processing of personal data between you and the healthcare provider in the Service. In such cases, we act as a data processor on behalf of the healthcare provider. If you have any questions or concerns regarding the registration and storage of personal data, or how a healthcare provider processes your personal data, this Privacy Notice does not apply. Instead, we recommend that you contact the healthcare provider with whom you have established a relationship through our Service.

PERSONAL DATA WE PROCESS AS A DATA CONTROLLER

We collect and process the following personal data as a data controller when you use our Service:

• Name
• Personal identification number
• Email address
• Phone number
• Address
• Company
• Job title
• Department
• IP address

Please note that we cannot provide our Service to you unless you provide us with the above-mentioned personal data.

When you use our Service, certain information about you is automatically collected:

• Information about your use of our Service
• Technical data, which may include the URL through which you access our Service, your IP address, unique device ID, information about network and computer performance, browser type, language, and identification information, as well as operating system details
• Location data

PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA AS A DATA CONTROLLER

We process your personal data for the following purposes:

a) To manage your account, ensure the provision of our Service, enable integration with third-party services, and provide, personalize, and improve your experience of our Service. Additionally, to provide our Service in accordance with this Privacy Notice and the Terms of Use, as well as to inform you about updates to our Service, this Privacy Notice, or the Terms of Use. The processing of your personal data under this section is based on your consent.

b) To improve and develop our Service and create new services and products by analyzing your use of our Service. The processing of your personal data under this section is based on your consent.

c) To ensure the technical functionality of our Service, prevent misuse of our Service in violation of this Privacy Notice and the Terms of Use, fulfill our agreement with you, protect our security, property, and rights, and, if necessary, safeguard your and third parties' interests as well as fundamental freedoms and rights. The processing of your personal data under this section is partially based on our performance of the agreement we have entered with you regarding the use of our Service and partially based on your consent.

STORAGE OF PERSONAL DATA

We store your personal data for as long as necessary to provide you with our Service unless there is a legal obligation requiring us to retain your personal data for a different period.

TRANSFER OF PERSONAL DATA

We may share your personal data with our partners and suppliers to provide our Service to you. You understand that if any of our partners or suppliers independently determine the purpose and means of processing your personal data, such a partner or supplier will be the data controller for its processing of your personal data.

An example of such a situation is when you authenticate using BankID to use our Service. In such a case, we process your personal data by sending a request to BankID to authenticate you, and the issuer of BankID will then independently process your personal data to perform an authentication action and subsequently confirm your identity to us.

Our processing of your personal data may take place in countries outside the EU/EEA where a lower level of data protection applies. If we transfer your personal data to a country outside the EU/EEA, we will implement relevant safeguards to ensure that such a transfer complies with GDPR. For example, our cloud service provider may need to provide support from personnel in the U.S. if we request such support during hours that correspond to nighttime in the EU/EEA. If U.S. personnel provide support for our Service, we will ensure that your personal data is encrypted and unreadable to such personnel and that their employer has committed to processing your personal data in accordance with an appropriate safeguard approved under GDPR.

LEGAL OBLIGATION AND PREVENTION OF HARM

In addition to the legal bases previously mentioned in this Privacy Notice, we may process your personal data based on legal obligations (e.g., in response to a search warrant, court order, subpoena, or similar) or when necessary to detect, prevent, and address fraud and other criminal activities. We may also process your personal data to protect fundamental interests for us, you, and other users.

YOUR RIGHTS REGARDING THE PROCESSING OF YOUR PERSONAL DATA AS A DATA CONTROLLER

You may object to our processing of your personal data or withdraw your consent at any time. If you object to our processing or withdraw your consent, this does not affect the legality of prior processing, and based on other legal grounds, we may continue to process your personal data.

You have the right to request access to and additional information about our processing of your personal data or request corrections, rectifications, additions, deletions, or restrictions on the processing of your personal data. You have the right to receive a copy of the personal data we process about you free of charge. If you request additional copies, we may charge a reasonable fee based on the administrative costs incurred. For processing based on your consent, you have the right to data portability. Data portability means that you can obtain the personal data we process about you in a structured, commonly used, and machine-readable format and have the right to transfer such personal data to another data controller.

To exercise your rights or if you have questions about our processing of your personal data, please contact us at bjorn.sundqvist@nhiab.com .

CONTACT DETAILS

Nordic Health Innovation AB

556878-3921

Norrberg Hjalmarslund, 923 98 Storuman, Sweden

info@nhiab.com