Privacy Policy

We at easygap.se protect your personal privacy and constantly work to ensure that your personal information is protected when using our services. Below you will find our privacy policy which describes how we process, use and protect your personal data and the rights you as a registrant have.

1. Generally

This privacy policy (the "Privacy Policy") describes how XFort Digital Solutions AB, org. No. 559263-1138 ("Easygap.se"), processes your personal data.

XFort Digital Solutions AB is the company that provides the Application, Portal and Website EazeMed.se and the company that is responsible for personal data concerning your user account. This means that XFort Digital Solutions AB is not responsible for personal data when personal data is processed in connection with health and therapy practice via The Easygap.se app, but is to be considered only a personal data assistant that provides the technical platform. XFort Digital Solutions AB has entered into a personal data assistant agreement that regulates this relationship with the care providers who are connected to Easygap.se.

In order to more easily illustrate how your personal data is processed, we describe in this Privacy Policy both the personal data processing that concerns your account and the personal data processing that concerns you as a patient (Customer) and care provider (Consultant).

In the Privacy Policy, e.g. for which categories of personal data we process, for what purposes we process them and on what legal basis we support the processing. We also account for who may have access to and process the data, the principles for thinning, which third parties we may share the personal data with, where the personal data is processed and your rights as registered in the form of right to information, correction and deletion etc.

We may need to update or change the Privacy Policy from time to time. If the changes are significant, we will inform you in an appropriate manner and ask you to take note of the changes that have been made. The latest version of the Privacy Policy can always be found on our website (Easygap.se).

We hope that in this Privacy Policy you will find answers to any questions you may have regarding our processing of your personal data. If you have questions or concerns that you will not find answers to here, then you are always welcome to contact us by sending an e-mail to privacy@easygap.se.

2. How do we process your personal data?

Collection of your data

We collect your information, such as name, e-mail address and social security number, directly from you when you create an account in agreement with your healthcare provider (Consultant) or otherwise use our digital healthcare services in the Easygap.se app, Easygap.se- the portal or on the Easygap.se website (the "Services").

We can also collect your personal information from our partners if you register through the care provider's Easygap.se portal. When you register, we can also collect your information via the electronic identification service you use or the population register.

3. Purposes of treatment, legal basis and storage period

Your personal data will not be used in a way that is incompatible with the purposes for which the data was collected. We process your data for the purposes set out below.

Provide you with your user account To be able to provide you with our Services, you need to create a user account via your healthcare provider (Consultant). We use your information to secure your user identity, provide you with your user account. In order to do this, we may need the following personal information that belongs to you ("User Information").

name, social security number, address and other contact details, including e-mail address and telephone number; your use of our application, including personal settings and preferences.

The legal basis for the processing of personal data for this purpose is that it is necessary for us to be able to fulfill our obligations under our agreement with you in order to be able to provide the Services, including enabling the care provider to provide good care in connection with you using the Services.

We process your personal data for this purpose as long as you have an account with us or with your healthcare provider (Consultant).

The caregiver's (Consultant)'s ability to provide care and fulfill legal obligations as a care provider We also use your personal information, including your User Information, to ensure that you can take part in the health and therapy treatments that your healthcare provider (Consultant) recommends you do and to create statistics for feedback with your healthcare provider (Consultant). Once you have initiated a case with us via your care provider (Consultant), you will receive an account where you can register with your e-mail address and get access to your therapy exercises. For these purposes, you can give status to your state of health through questionnaires via the Easygap.se app, where you give status on mood and pain levels as well as other information about your health, on your ailments ("Patient information").

The legal basis for the personal data processing of your Patient Data for this purpose is that it is necessary to be able to provide you with health care and for the care provider to be able to fulfill legal obligations as a care provider (Consultant). After your case has been closed, information about you is transferred to your medical record through your healthcare provider (Consultant). By law, your healthcare provider (Consultant) is obliged to keep medical records for at least ten years from the last note.

Provide support We also use your User Information to be able to help you if you contact us in support matters, e.g. if you have questions regarding our Services or your account. We use your personal information to be able to identify you, communicate with you regarding your questions and investigate any complaints or support matters.

The legal basis for the processing of personal data for this purpose is that it is necessary to fulfill our and your legitimate interest in providing you with support. We process your personal data for this purpose for as long as the support case runs and we delete the data accordingly.

Improve our Services We process your User Information to improve our Services. When we use your data for this purpose, we use them in aggregate form (ie study overall user patterns using deidentified data) to the extent possible. We process the data by producing statistics on how you use our Services.

We can do this, for example, by conducting user satisfaction and market research or by analyzing your use of the Services. We also use your information to be able to make the Services more user-friendly, e.g. to troubleshoot, fix bugs, change the interface so that you can easily access the information you are looking for or highlight features in our Services that are frequently used by our users. For this purpose, we may also process your IP number The legal basis for the processing of personal data for this purpose is that it is necessary for our legitimate interest to continuously improve the Services. We process your personal data for this purpose for two years from the time the data is collected.

Prevent abuse Your personal information may also be used to prevent misuse of our services or to prevent, deter or investigate crimes against us. Abuse refers to, among other things, fraud, sending spam, harassment, attempted illegal login to user accounts and other measures that are prohibited by our terms or by law.

The legal basis for the processing of personal data for this purpose is that it is necessary for our legitimate interest to avoid our services being misused or to prevent, prevent and investigate crimes against us.

Fulfill legal obligations We may also process your personal data so that we can fulfill our legal obligations in accordance with law, judgments or government decisions. The requirements may include requirements regarding accounting, patient data, and health and medical care legislation.

The legal basis for the processing of personal data for this purpose is that it is necessary for us to be able to fulfill our legal obligations.

4. How do we share your information?

We do not share your information with any third party except in the manner described below.

Our suppliers We may use third parties to manage one or more aspects of our business, including our personal data processing. We may share personal information with these third parties in order for them to perform services on our behalf, such as sending messages and marketing communications to you, storing our data and providing other IT services to us. When we use suppliers in accordance with this section, we establish personal data assistant agreements and perform other appropriate measures to ensure that your personal data is processed in a manner that complies with this Privacy Policy.

Sale or transfer We may transfer or transfer your personal information to a buyer or potential buyer in connection with the sale, transfer or other transfer of all or part of our business or our assets. In the event of such a transfer, we will take reasonable steps, such as using confidentiality and assistance agreements, to ensure that the receiving party processes your information in a manner that complies with this Privacy Policy.

Agencies We can also share your personal information to e.g. to the police, the Swedish Tax Agency or other authorities when we are obliged to do so by law.

5. How we protect your information

We take appropriate protection measures and maintain security standards to protect your personal data against unauthorized access, unauthorized disclosure and misuse by, among other things, using restrictions on access to your data. Your personal information is stored on files that are only available to your healthcare provider, our employees, agents and service providers who need the information for the performance of their services.

We use technical tools such as firewalls and passwords, and we ensure that our employees are trained in the importance of maintaining security and confidentiality in relation to the personal data we process and ensure that confidentiality agreements are in place.

6. Where we process your personal data

Your Patient Data will always be processed within the EU / EEA.

We aim to always process your other personal data such as your User Data within the EU / EEA where all our own IT systems are located. However, there may be such personal data shared with suppliers to us who are either themselves or through subcontractors established or store information in a country outside the EU / EEA. In such a case, we will take all reasonable legal, organizational and technical measures required to ensure that the level of protection for the treatment corresponds to that within the EU / EEA. Such a level of protection exists, among other things, if the country in question already ensures an adequate level of protection in accordance with a decision by the European Commission or by using other appropriate protection measures such as standard contract clauses or approved codes of conduct in our agreements with such suppliers.

You can read more about which third countries the European Commission has assessed to ensure an adequate level of data protection at https://ec.europa.eu/info/law/law-topic/data-protection_en.

7. Your rights

This section describes your rights as a registrant.

The right to access and information about access to your personal data


If you want information about what personal data we process about you, you can request access to the data. The information will then be provided in the form of a register extract stating which personal data we process, for what purposes we process them, where the data has been obtained from, which third parties the data has been transferred to and how long the data will be stored.

As a general rule, you also have the right to view your medical records from your Caregiver, for more information about your medical records and their treatment - contact your healthcare provider.

The right to rectification
You have the right to receive incorrect information about you corrected without delay. You also have the right to complete incomplete information.

The right to deletion
You have the right to have your personal data deleted by us in certain circumstances, if the personal data is no longer necessary to fulfill the purposes for which they were collected or processed, if the personal data processing is based on your consent and you revoke this, if you have objected to processing of personal data and we do not have a legitimate interest that outweighs your interest, if the personal data has been processed illegally or if the personal data must be deleted in order to fulfill a legal obligation. However, in some cases we have the right to oppose the deletion of your personal data and we will inform you if it would be applicable.

The right to limit treatment
You have the right to demand that we restrict the processing of your personal data in certain cases if you dispute the accuracy of the personal data during the time it takes us to check whether the data is correct, if the processing is illegal and you object to the data being deleted and instead request a restriction. , if we no longer need the personal data but you do need them in order to establish, assert or defend legal claims or if you have objected to a processing based on our legitimate interest during the time we check whether our interest outweighs your interests .

The right to object
You have the right to object to the processing of your personal data that takes place on the basis of our legitimate interest. If this happens, in order to continue the treatment, we must be able to show compelling legitimate reasons that outweigh your interests, rights and freedoms.

The right to data portability
If we process your personal data on the basis of an agreement with you or your consent, you have the right to obtain the personal data that you have provided to us and that concerns you in an electronic format that is generally used when this is technically possible and this can be done on automated road. You have the right, where applicable, to transfer such information to another personal data controller (data portability).

The right to lodge a complaint and the right to damages
The Privacy Protection Authority ("IMY") is the authority responsible for monitoring the application of the legislation among companies that process personal data. If you believe that we are processing your personal data incorrectly, you can, in addition to contacting us, file a complaint with IMY.

Last modified on July 29, 2021