Privacy Policy - Vaccina AB

1. Introduction

For Vaccina AB, you as an individual and patient are always our top priority. This privacy policy (the “Privacy Policy”) describes our processing of your personal data and patient data in connection when you are using our Services (the “Service/Services”) at our, or any of our partners’ clinics.

This privacy policy explains how Vaccina is to you as a patient and who is responsible for the personal data processing that takes place in connection with the Services you use. We will describe which personal data about you is processed when you use the Services, how we process the data and why. We will describe which legal support that justifies the processing in question and which external parties that may handle data about you so we can provide you with our Services. You will also receive information about your data, and what rights you have, and how you can exercise these rights.

You can always contact our support if you have any questions about this Privacy Policy via our chat at, via email at [email protected], our call our support telephone number: 010-750 09 45.

2. Who is responsible for the processing of the personal data?

Vaccina AB, company reg. No. 559256-9478 (”Vaccina”), is the personal data controller and owns and provides the technical platform (the “Website”) and who is responsible for the processing of personal data that you register on the Website, or otherwise provides to us or that appears in connection with the use of the Services. Vaccina is the responsible care provider for the care provided in connection with our Services, and processes any personal data related to such care as a data controller.

3. Where is the personal data stored about you when you use the Services?

3.1 User data registered when using the Service

Vaccina is processing the personal data about you that you register in connection with the registration for our Services on the Website. We also automatically collect and process technical information including IP-address, login information, type and version of your operative system and unit, time settings, chosen language and information from cookies and which pages and features you have used when visiting the Website.

Together this processing of personal data is named "User Data" in this privacy policy.

3.2 Personal data linked to your state of health when using the Service

When you are using a Service from us, we will request you to share information regarding your health. You do this by filling in the relevant health form in connection with registering. This information may include, but is not limited to, information about allergies and symptom history, and information that you give us for other Services such as lifestyle, diet, underlying diseases, symptoms of different diseases or disease state, alcohol and tobacco habits and stress when you are filling in the health declaration before a Health Check. (this information is referred to in the Privacy Policy as (“Patient data'). This health data is stored in Vaccina’s medical records for at least 10 years in accordance with Swedish legislation.

3.3 Patient data based on the result of sampling, vaccination, or health checks

Even the result of the Services includes patient data. The outcome consists of positive, negative, or invalid analysis, alternatively the result of vaccination or results of health checks. This personal data is stored and processed by Vaccina and/or its personal data processor.

In connection with testing for travel certificates, you will be notified of the outcome of the test if it is positive, negative, or invalid (i.e., that the analysis of the test could not be read). In the event of a negative result, the travel certificate/health certificate (medical certificate) is issued, which includes the personal information you have provided in the registration prior to the sampling. 

4. Where is your personal data processed?

The Website is a self-developed technical platform that is owned and controlled by Vaccina. The Website is continuously developed and quality assured. The personal data is handled and stored within the EU/EEA and no sensitive personal data, such as data related to your health, is stored outside the EU/EEA in connection with the use of the Service.

In order to fulfill Vaccina’s legal obligations under Swedish legislation, patient data is stored in a medical records system in the form of patient medical records. The records are stored in a medical records system outside the Website of a third party on behalf of Vaccina and in accordance with Vaccina’s instructions. Patient data is handled and stored within the EU/EEA. Vaccina is responsible for the Patient Data that is stored in the medical records.

5. Why is your User data processed and on what legal basis?

Vaccina is processing your Used data to be able to:

(l) register your booking in an internal booking system and send confirmations and notifications of your booking, and to completion of contract (the General Terms and Conditions) with you for the Service you bought (completion of contract Art. 6.1 (b) GDPR)

(ll) ensuring your identity, in accordance with our General Terms and Conditions (completion of contract Art. 6.1 (b) GDPR)

(lll) establish correct and updated information about you that you have provided when booking a Service (in accordance with our legitimate interest, Art. 6.1 (f) GDPR)

(lV) offer you support and communicate with you when you use the Service (in accordance with our legitimate interest, Art. 6.1 (f) GDPR). This includes giving you information and reaching back to you during the time you use the Service. We can also come to process inquiries and investigate complaints and support errands (inclusive technical support) through our support.. Depending on your case you can come to share further user data that we will use to process in the purpose to help you use the Service in the best way possible.

(V) perform analysis and troubleshoot the Website and the Services, analyze statistics and product develop our Services and Website. User data is used for product development, analysis and troubleshooting is processed based on our legitimate interest (Art. 6.1 (f) GDPR) to continuously develop and improve the Services and the Website.

(VI) Offer direct marketing from Vaccina and its group companies to you via email and text message or other similar electronic channels for communication, for example in connection with campaigns and offers. In the selection of what promotions that will be sent to you, contains for example information of your home district. Sensitive information as patient data is not used for marketing purposes.

You can at any given time take back your consent for mailings by clicking on the unregister button in a marketing mailing or by contacting our support via email at  [email protected]

(Vll) User data can be processed to initiate, establish or defend legal claims (according to Art. 6.1 (f) GDPR), and to comply with legal obligations that Vaccina has under law, judgments or government decisions (Art. 6.1 (c) GDPR).

6. Why is your patient data processed and on what legal basis?

Vaccina processes patient data for the purpose of being able to provide the Services legally based on our legal obligations under national law.The processing of patient data regarding you also takes place to fulfill other of Vaccina’s obligations under law and to fulfill legal obligations (Art. 6.1 (c) and Art. 9.2 (h) GDPR).

The processing of your patient data is also necessary for reasons connected to pre-emptive health and medical care and administration health and medical Services (Art. 6.1 (c) och Art. 9.2 (h) GDPR).


Vaccina can also make data about our Services available to authorities and regions to fulfill legal obligations and obligations under agreements. Examples when such data are transferred are vaccination data to the National Vaccination Register (NVR), or according to the Swedish Communicable Diseases Act (2004:168) (2004:168) (Art. 6.1 (c) och Art. 9.2 (h) GDPR).

Patient data can also be processed based on your separate consent (Art. 6.1 (c) and Art. 9.2 (a) GDPR) for treatment and for Services that do not fall under the health care legislation. In such cases, we will obtain your consent separately. Beyond the basis of the processing of patient data specified above, we also process your personal data according to the following purposes:


(l) Keep medical records based on the Services you have used (ll) Give you access to log in and see your medical records

(lll) If applicable, to send a valid travel certificate/health certificate (medical certificate), results of sampling or tests that you have done through our Services.

(lV) Process Patient data in accordance with our legislative obligations, as Swedish Health and Medical Care legislation, Patient Safety and Patient Data legislation.

7. How long is your User data and Patient Data processed?

We are processing your personal data if it is motivated necessary for the purposes the data is processed according to sector 5 and 6 above, i.e., if necessary to be able to deliver current Services or to fulfill the legal obligations incumbent on us. Personal data stored for marketing purposes is deleted if you decide to Opt-out of information and marketing mailings.

Personal data outside the medical records, for example in our booking system or chat history after contact with our support, is saved based on the need to retain this information to fulfill legal and administrative obligations or follow-up of support cases to establish or defend against legal claims. Personal data that we store based on your consent will be deleted when you revoke your consent.

Vaccina has an obligation according to Swedish legislation to save your medical records for at least 10 years. We ask you to consider that revocation of consent does not affect our role and obligations as a care provider to keep record or retain Patient Data in accordance with applicable laws. 

8. Third parties with whom your personal data may be shared when you use the Services.

8.1 Suppliers to Vaccina

In order for us to be able to offer you the Services, we use external suppliers who process personal data linked to our Services. Our IT service providers, such as operating and hosting providers, only work on behalf of Vaccina’s instructions as Personal Data Processors.

Vaccina ensures that medical records are kept in connection with the provision of care within the framework of the Service in accordance with current legislation. The medical records are stored outside the Website at a third party, assigned by Vaccina and by Vaccinas instructions. Vaccina is responsible for the patient data that is stored in the medical records.

8.2 Group companies

As part of our Services, we may need to share personal data about you with our Group companies to communicate the results of sampling, results, and other similar communication with you. Such group companies typically act as our Personal Data Processor and does only process Patient data on our behalf. 

8.3 Other healthcare providers

If you book a follow-up meeting for results, sampling or similar analysis results from our Services, or otherwise wish to receive care or treatment from another care provider, we may share Patient Data with such a care provider through so-called direct access in a system for unified record keeping, but only if you give consent for your medical records to be shared with such a care provider. The purpose of coherent medical record keeping is to provide you with good and safe health care, and so that you don’t have to repeat your health and care history for other care providers. You have the right to oppose coherent medical record keeping and to restrain your medical records data from being part of a coherent medical record keeping. This means that the other care provider no longer has direct access to your patient data in the medical records. Please contact our support at [email protected] for questions.

8.4 Authorities

Vaccina may make data available to authorities upon request in order to fulfill legal obligations incumbent on us.

9. Transfers to third party countries (outside of the EU/EEA)

Vaccina is using IT-suppliers for hosting and operational Services with operations outside the EU/EEA. However, the server's Vaccina uses and has signed agreements for are within the EU/EEA. 

Vaccina does not transfer your Patient Data or your records outside the EU / EEA when using the Services. 

Transfers of Personal Data to third party platforms can occur outside of the EU/EEA, but will only happen in exceptional cases and only provided that the transfer Is legal in accordance with applicable data protection legislation to protect your privacy in the receiving country with reference to either:

(l) The European Commission's decision regarding adequate level of protection

(ll) The application of the EU Commission's standard contractual clauses for third party countries

(lll) Other suitable safeguards to comply with applicable data protection laws, for example supplementary protection measures for transfers to third countries.

10. Your rights as a user of the Services

10.1 Your rights according to the Data Protection Ordinance (2016/678)

You have the right to receive information about, but not limited to, what personal information about you we are processing, for what purpose it is being processed, whether such personal data has been transferred to a third country, and which parties have received your personal data.

In order to clarify this and your other rights as a data subject, you may at any time contact us in order to:

(I) request access to, and information about, the personal data which is being processed when you use the Services. (Art. 15 GDPR)

(II) ask us to correct any incorrect or incomplete information about you. (Art. 16 GDPR)

(III) request your personal data to be erased (however, note that Healthcare Providers have certain obligations to store certain personal data, particularly related to Patient Data, including keeping medical records in relation to your use of the Services). At your request, all personal data which we do not have a legal obligation to retain will be erased. (Art. 17 GDPR)

(IV) ask us to restrict the processing of your personal data. (Art. 18 GDPR)

(V) object to the processing of your personal data and thereby also request in writing that the data cease to be used for direct marketing purposes. (Art. 21 GDPR)

(VI) request your personal data to be moved to another controller of personal data by receiving your personal data, to the extent it has been provided by you, in an electronic format which is generally used in order to be able to transfer it to another party (the right to data portability). (Art. 20 GDPR)

If you wish to contact us regarding any of these points above, we encourage you to contact us via our mail on [email protected]

11. Right to file a complaint to a supervisory authority

With this Privacy Policy we truly hope that we have made it clear to you how we handle your personal data. However, should you still have any questions, please feel free to contact us. We would also like to inform you that you have the right to file a complaint to the Swedish Authority for Privacy Protection (, or any other relevant supervisory authority, if you believe that the processing of your personal data is incorrect or not in compliance with legal requirements.