Privacy and policy for user information
What is personal data and what is personal data processing?
Personal information is any kind of information that can be directly or indirectly attributed to a physical person who is alive. For example, images and sound recordings that are processed on a computer can be personal data even if no names are mentioned. Encrypted data and various types of electronic identities (eg IP numbers) are personal data if they can be linked to natural persons. Processing of personal data is everything that happens with the personal data. Every measure taken with personal data constitutes a processing, regardless of whether it is performed automatically or not. Examples of common treatments are collection, registration, organization, structuring, storage, processing, transfer and deletion.
Who is responsible for the personal data we collect?
Get Tested International AB, corporate identity number 559296-6773, Mörtnäs hagväg 3, room 11, 134 44 Gustavsberg, is responsible for personal data for the company’s processing of personal data.
By approving the policy on our website in connection with the purchase or submission of information, you agree to the processing of your personal information as below.
This is how we process your personal data
We process the personal information that you provide when ordering, register for tests and via so-called cookies approved by you. The personal data we process is your name, gender, age, e-mail address, purchase, payment and order history, payment method, delivery address, IP address and telephone number.
How is your personal data protected?
We follow all applicable directives and laws to protect your information. To keep the personal data we process in safe custody, we have taken several security measures: We have implemented security routines and technical and organizational measures to protect your personal data such as SSL (Secure Socket Layer) certification technology for browsers. In addition, we have advanced firewalls and antivirus software to protect and prevent unauthorized access to our servers and networks. Access to the spaces where personal data is stored is strictly protected by our data service provider in Germany.
Get Tested uses SSL (Secure Socket Layer) which is a secure protocol for secure data transfer over the Internet (or other networks). You as a customer need to check that SSL is not turned off in the browser settings. We use one-way encryption, all for your safety.
How long is the personal data stored?
When you have agreed to be a customer (made a purchase) at Get Tested via one of our websites, your information is saved until you actively ask us to remove you from our customer register. You can unsubscribe as a customer at any time.
Note that your data is never stored longer than is permitted under current personal data legislation. We follow all directives.
Can I change the information you save?
You always have, according to current personal data legislation, the right to once a calendar year receive an extract about which personal data we have registered and how it has been used, regardless of how this data has been collected. If you want to receive this information, you must submit a written request to us. According to current personal data legislation, the request must be sent in signed by you by post to the address stated on one of our websites. You send the request by registered letter where your sender information is clearly stated and that you want an extract. It can therefore not be sent by e-mail. Our ambition is always to ensure that your personal information is correct and up to date. If any of the information you provide to us changes, e.g. if you change your e-mail address, name or payment details – please inform us of correct information by sending an e-mail to our customer service, [email protected]. You have the right to request that your personal data be corrected, blocked or deleted at any time.
It is important to note that personal data is not processed for purposes of direct marketing if you object to such processing. You always have the right to revoke a given consent to the processing of personal data at any time, we respect your privacy.
Links that point to other websites may appear on our website. We take no responsibility for the content of these websites.
Our policy for personal data management – GDPR
Introduction and purpose
The purpose of our policy is to ensure that Get Tested handles personal data in accordance with the EU’s latest Data Protection Regulation (GDPR). The policy covers all processing where personal data is handled and includes both structured and unstructured data.
This policy is rooted in all our employees.
Application and revision
The Board is responsible for ensuring that the processing of personal data complies with this policy.
The policy must be established by the board at least once a year and updated as necessary.
The CEO is responsible for directing the process regarding the annual update of the policy as a result of new and changed regulations.
This policy applies to the company’s CEO, employees and contractors who are affected by Get Tested’s operations.
Organization and responsibility
The CEO has the overall responsibility for the content of this policy and that it is implemented and complied with by the business. The CEO may delegate responsibility and implementations to a suitable person at the company.
All employees are responsible for acting in accordance with this policy and what it wants to ensure.
Personal data processing
Each personal data processing shall take place according to the following principles:
- Purpose limitation
- Task minimization
- Storage minimization
- Integrity and confidentiality
For payment services, Stripe Inc is ultimately responsible for the processing of personal data and other data that is compatible with their business.
Our data processing must be documented on an ongoing basis in the Processing Register.
Follow-up and evaluation of our handling of personal data must take place at least annually.
Any incidents concerning personal data that we process must be reported to the CEO without delay and without undue delay and no later than within 72 hours report the incident to the Data Inspectorate and otherwise take the necessary measures in connection with the incident.
Our requirements for personal data to be handled in accordance with the GDPR must always be ensured in the procurement and development of IT solutions, 3rd party integrations and services, and must be part of the requirements specification for any agreements.
We use Klarna as the provider of our checkout. This means that we might transfer your personal data in the form of contact and order details to Klarna when the checkout is loaded, in order for Klarna to manage your purchase. Your personal data transferred is processed in line with Klarna’s own privacy notice.
Functional cookies consist of cookies that make this site work. These are cookies that allow your goods to follow from the product page to the shopping cart. If you should close your browser and want to resume your purchase at a later time, etc.
These cookies are always allowed, and must do so for the site to work for you as a visitor.
In addition to this, we also use non-functional cookies which you have the right to refuse. These are used to improve and develop our website and for analysis.
Last updated: April 20, 2022