Privacy policy

At Simsen Diagnostics AB, we prioritise the safety and security of your personal data. We are transparent about how we collect, use and store your information. Your personal data is always protected, and our processing practices comply with the General Data Protection Regulation (GDPR), internal policies and other relevant legal requirements. Given that we handle sensitive personal data on behalf of our customers, we have appointed a Data Protection Officer (DPO) to ensure compliance with applicable rules.

Simsen Diagnostics AB is responsible for processing your personal data. If you have any questions or would like to exercise your rights under the GDPR, you can reach us through the following contact details:

Postal address: Pepparedsleden 1, AZ BioVentureHub, 431 83 Mölndal, Sweden
Email: inbox@simsendiagnostics.com
Our DPO's email: dpo@simsendiagnostics.com

"Personal data" includes any information that can directly or indirectly identify an individual. This can range from name and contact details to genomics data and other identifying information linked to a person.

"Personal data processing" refers to any operation performed on personal data, whether automated or manual. This includes, but is not limited to, collection, storage, modification and sharing.

For a detailed description of the types of personal data we collect, the purposes for which they are used and the legal basis for processing, please refer to section 9. That section also outlines the recipients of the data and the storage duration for different categories of personal data.

We take appropriate technical and organisational measures to safeguard your personal data from unauthorised access or misuse. Our security practices include regular system updates, encryption and data backups. Access to personal data is limited to employees who need it for their job duties, and all staff are trained to maintain the confidentiality and security of the data.

We only share your personal data with the following third parties:

• Service providers. In certain cases, we work with partners, suppliers or service providers to process your personal data, such as IT and financial-systems providers. We ensure that these processors have adequate technical and organisational security measures in place, and that they process the data strictly according to our instructions.
• Authorities. We may be legally obligated to disclose personal data to public authorities. Additionally, we may share data to establish, exercise or defend against legal claims.

We strive to process your personal data within the EU/EEA, and where possible the data will be stored within the EU/EEA. However, some of our service providers may operate outside this region, particularly in the United States. This could involve access to personal data from there even though the data is stored within the EU/EEA. In such cases, we ensure your data is handled securely in accordance with the GDPR, with protection equivalent to EU standards. You may contact us for more information about the countries in which our processors operate and the safeguards in place. Contact information can be found in section 2.

We are committed to ensuring that your personal data is processed lawfully. The following is a summary of your rights under the GDPR. If you have questions or wish to exercise any of these rights, please contact us using the details provided in section 2. We will respond to your request within one month, and we may need to verify your identity before proceeding.

• Right of access. You have the right to request information on the data we hold about you, including the purposes of processing, the type of data, recipients, retention periods and sources.
• Right to rectification. If your data is incorrect or incomplete, you can request that we correct or update it.
• Right to erasure. You have the right to request the deletion of your data. However, exceptions may apply, such as when we are legally required to retain certain data for purposes like accounting, tax compliance or labour law, or if the data is necessary for defending legal claims.
• Right to data portability. You can request that we transfer your data to another data controller, where technically feasible. This applies to personal data you have provided to us, and only if the processing is based on your consent or is necessary to fulfil a contract.
• Right to restriction of processing. You can request that we restrict the processing of your data if you think the data is incorrect, or if you have objected to our processing on the basis of legitimate interest. In these cases, processing will be restricted while we assess your request.
• Right to object. You have the right to object to certain types of processing, including processing based on legitimate interest and direct marketing. You can unsubscribe from marketing emails at any time. For other processing activities, we will assess whether our legitimate interest outweighs your rights and freedoms.
• Rights related to automated decision-making and profiling. You have the right to know if any automated decision-making processes are applied to your data, and to receive information on the logic and consequences. We do not currently engage in automated decision-making, but will inform you if this changes.
• Right to lodge a complaint. If you have concerns about how we process your data, you can file a complaint with the Swedish Authority for Privacy Protection (IMY).

We update this privacy policy regularly to reflect changes in our personal-data-handling practices. Any significant changes will be communicated to you directly when they affect you. The most up-to-date version of this policy can always be found on our website.

If you visit our website

When you visit our website, we process limited personal data through cookies and similar technologies. For details of what we collect and why, please see our cookie policy.

If you are a patient or research participant of our customers

When we process personal data for genomic analysis, we act as a data processor on behalf of our customers, such as healthcare providers, biopharmaceutical companies and research institutes. Our customers are the data controllers, and they enter into data-processing agreements with us, providing instructions on how to handle your personal data. Therefore, if you have questions about how your personal data is processed when using our products and services, please contact the relevant healthcare provider or research organisation.

If you are an employee of our customers or potential customers