1. Introduction

This privacy policy applies when Arkus AI AB ("Arkus", "we", "our", "us"), corporate identity number 559239-8811, Östermalmsgatan 26A, 114 26 Stockholm, performs processing of personal data of persons who use Arkus' services ("you", "your") or visit our websites(www.arkus.ai and www.eiira.se), (the "Website"). Arkus' processing of personal data complies with the General Data Protection Regulation (EU) 2016/679, (the "GDPR").

Processing of personal data when using Arkus services is based on an agreement with you.

2. Purpose of processing

Arkus processes your personal information when necessary to perform according to the contract with you. Arkus must process personal data in order to provide the services that Arkus offers and therefore you cannot be a customer of Arkus without us processing your personal data.

Your personal information is used, among other things, for completions of purchase transactions, delivery of products, performance of services and contact with you as a customer. The personal data is also used to make your analysis results available to you.

Arkus processes your personal data in the ways required to comply with obligations imposed by Arkus under government decisions and laws, such as the Public and Secrecy Act (2009: 400), the Health Care Act (2017: 30) and the Patient Data Act (2008: 355).

3. Personal data being processed

Personal data is all information that can be associated with a living person. Arkus collects and processes different types of personal data in the context of its business. Some information about you will also be created through the tests you can order, such as the test results produced by the laboratories that assist us.

Arkus may collect the following personal information from you for the following purposes when using Arkus services:

• Information about your identity to allow you to register your user account and to allow you to login and use your user account – first name, last name, social security number and gender.
• Your contact details – delivery address, e-mail address, telephone number.
• Payment information – information for making payments to Arkus and to handle your choice of settings and information about payment.
• Health information – information about your health according to questions at the time of ordering.
• Service/sample information – information about what product (sample or analysis) you have ordered.
• Genetic information – genetic sequence data obtained in order to provide the ordered service.
• to otherwise be able to provide the Services to you according to our General Terms and Conditions.

4. Recipients of personal data

Arkus service is complicated and requires that we collaborate with and interact with other healthcare providers and that we take help of developers and other suppliers. Arkus will therefore transfer your personal information and take the help of other operators to process your personal data when necessary to (i) fulfill the agreement with you, (ii) comply with law, regulation or decision. The following types of recipients may be relevant:

• Clinics, health centers and laboratories – Arkus collaborates with various clinics and health centers needed for the analysis. Arkus may also collaborate with specialized labs that analyze samples submitted.
• Consulting physicians / Genetic professionals – Arkus sometimes has collaborations with selected physicians and other healthcare professionals who help analyze and comment on the results.
• Authorities – Arkus may need to disclose information to authorities if we are required to do so by law or if you have requested that we do so. In some cases, Arkus may be prevented by law from telling you that your personal information has been requested by the authority.
• Notification Services – Arkus may use services to automatically communicate to you, eg. with confirmations or reminders. These companies will only have access to your contact information and have undertaken not to share your personal information beyond what is necessary to carry out the service.
• Developers and consultants – Arkus takes the help of developers and consultants from other companies to build Arkus IT infrastructure and further develop the service. Such developers may need to access simpler personal information about you when needed for development or troubleshooting.

Sensitive information about you, including your health information, is processed in accordance with law. Such information will therefore only be available to such personnel who shall have access to it by law. The information will not be disclosed or transmitted to any recipient other than when permitted by law.

• Arkus processes as much of its data as possible within the EU/EES. If data is transmitted to be processed by a supplier or subcontractor outside the EU/EES, the recipient has always entered into contract terms with Arkus which ensures that the recipient maintains a level of protection comparable to the EU/EES.

No health data processed by Arkus is kept outside the EU/EES by Arkus or Arkus subcontractors

Our Website or other parts of our Services may contain links to third-party websites and services. If you decide to visit third-party websites and services, this Privacy Policy will no longer apply and you should consult the privacy policy of that third-party instead. 

5. Retention of personal data

Personal data is retained for as long as necessary to fulfill the purposes described above.

Information about you that is linked to your user account on the Website will be retained as long as your account is open. You can choose to close your account and Arkus will then delete your information when it does not need to be retained for other purposes, as described above.

6. Information security

Arkus, as the data controller, takes appropriate technical and organizational measures to protect the personal data processed in accordance with section 2 of the Data Protection Regulation. Arkus has specific internal guidelines and processes for dealing with information security issues.

If your personal data is covered by a security incident (so-called “personal data incident”), Arkus will contact you in accordance with the Data Protection Regulation.

7. Cookies

Cookies are used on Arkus website. Cookies are small text files that are stored on the visitor’s computer and make it possible to follow what the visitor does on the website.

There are two types of cookies:

1. A permanent cookie that remains on the visitor’s computer for a specified period of time.
2. A session cookie that is temporarily stored in the computer’s memory while a visitor is on a website. Session cookies disappear when you close your browser.

Arkus uses cookies to make Website work, for statistics and to enable advertising. Website may also contain third-party cookies that record your visit to the website to enable advertising on other websites.

No identification information, such as e-mail or name, is saved about visitors through cookies.

The visitor can choose not to accept cookies by turning off cookies in their own browser’s security settings. The visitor can also set the browser so that he or she gets a query every time the site tries to place a cookie on the visitor’s computer. The browser can also delete previously stored cookies. See your browser’s help pages for more information.

The Swedish Post and Telecom Agency, which is the supervisory authority in the area, provides additional information about cookies on its website (http://www.pts.se/).

8. Your rights

Arkus has a data protection representative. The Data Protection representative is the contact person for the exercise of rights vis-à-vis Arkus with the contact details given below.

You have the right to withdraw consent to a certain request free of charge without this affecting the legality of the treatment before the withdrawal. For example, you may have chosen to consent to Arkus contacting you with newsletters and other mailings. You can then choose to unregister by following a link in these mailings.

You also have the right to request a register extract, in electronic format or on paper. Arkus will compile information about how your personal data is processed and send it to you, usually within a month.

You have the right to request that Arkus correct personal data that you believe is incorrect and to submit supplementary personal data (in special cases) if you believe that the personal data processed by Arkus has given you an incorrect picture.

You have the right to request that Arkus delete your personal information. Arkus will then delete personal data that Arkus does not have to retain in order to fulfill legal obligations. Arkus will also continue to process personal data in certain other cases, including when personal data must be processed to fulfill an agreement with you.

We would also like to inform you that you have the right to file a complaint with the Swedish Authority for Privacy Protection, should you believe that the processing of your personal data is incorrect or not in compliance with legal requirements.

If you want to request a register extract, withdraw a consent or correct / delete a task, please contact Arkus Data Protection Officer via info@arkus.ai, subject: Data Protection Officer.

9. Changes to the privacy policy

This policy may occasionally need to be changed or updated. Minor changes to our Privacy Policy will be communicated through our Website. Major changes regarding how your data is processed will be communicated through the Website and email (if you have provided it to us). We will not make substantial changes to this Privacy Policy or reduce your rights under this Privacy Policy without providing you with a notice.

This policy was last updated on 2022-08-01