1. iCoat Medical safeguards your personal integrity
iCoat Medical AB, corp. reg. no. 559172-8208 and iCoat Medical Operations AB, corp. reg. no. 559366-5069, (together the “Group”), respect your privacy and are committed to maintaining a high level of security and integrity regarding your personal data. The Group is also committed to ensuring that processing is carried out in accordance with the general data protection regulation.
This Privacy Policy describes how the Group processes your personal data in your role as a representative for a company that is a partner/supplier or a potential partner/supplier to the Group. Furthermore, this privacy policy describes how the Group processes your personal data when you visit our website www.icoatmedical.com, when you apply for employment with us, and when you are participating in a clinical study that we are conducting.
If you have any questions regarding the Group’s privacy protection, please don’t hesitate to contact us by sending an email to privacy@icoatmedial.com.
2. Controller and data protection officer
Each Group company is the controller of your personal data and is therefore responsible for ensuring that your personal data is handled in a correct and secure way in accordance with applicable legislation.
The Group has appointed Ingrid Guldbrand as Data Protection Officer (the “DPO”). The DPO is responsible for, among other things, to monitor and ensure that the Group’s processing of personal data is compliant with applicable legislation. For further information, please contact the DPO at privacy@icoatmedical.com.
3. WHAT kind of personal data does the Group process?
Personal data means any information that directly or indirectly relates to a natural, living person. Accordingly, personal data is information about you and your person, e.g., name, contact information, pictures of you and personal identification number.
Processing means any operation which is performed on personal data, such as collection, storage, use, adaption, or disclosure.
3.1 Company representatives for e.g., suppliers and partners |
The Group collects and stores the following information about you that the Group needs to be able to contact you in your role as a representative for a company or organisation. |
|
|
|
Your personal data is usually collected from the company or organisation that you represent, but also, where appropriate, directly from you, through email correspondence or by way of other communication in connection with your attendance at company events or meetings. The Group may also obtain personal data about you from other partners of the Group. The Group also uses external information services to supplement existing data with, e.g., your position and contact information. |
Potential partners/suppliers and company representatives for potential partners/suppliers |
The Group collects and stores the following information about you in your role as a potential partner/supplier to the Group, or in your role as a representative for a company that is a potential partner/supplier to the Group. |
|
|
Your personal data is usually collected from the company or organisation that you represent, but also, where appropriate, directly from you, through email correspondence or by way of other communication in connection with your attendance at company events or meetings. The Group may also obtain personal data about you from other partners of the Group. The Group also uses external information services to supplement existing data with, e.g., your position and contact information. |
Visitors of the Group’s website |
In connection with visits to the Group’s website, the Group collects the following information about you that the Group needs to be able to improve, streamline, simplify, and develop our website. |
|
Personal data is provided to the Group directly from you when you visit our website. |
Recruitment (job applicants at the Group) |
The Group collects and stores the following information about you that the Group needs to be able to recruit the right persons for positions with the Group. |
|
|
|
|
Personal data is provided to the Group directly from you or from a staffing agency, recruitment company or hiring company through which you apply for work. |
Participants in clinical trials |
The Group collects and processes the following personal data about you, when you are participating in a clinical study conducted by the Group. |
|
|
|
|
|
|
Personal data is provided to the Group directly from you or from a partner involved in the same clinical trial. Full identity of the participants enrolling in the trial is kept by the clinical site in a coded list (pseudonymization). |
4. The Group’s processing of your personal data
The purposes for which we intend to process your personal data and the legal basis for the respective processing activities are stated in the tables below.
Company representatives for e.g., suppliers and partners
Purpose |
Legal basis |
To be able to manage the relationship with a representative of the supplier or partner. |
The processing is necessary for the Group’s legitimate interest to keep in touch with you in order to fulfil its obligations under the agreement with its supplier or partner, i.e., the company that you represent (legitimate interest). |
To fulfil legal requirements, e.g., security requirements and accounting requirements. |
The processing is necessary for compliance with the Group’s legal obligations. |
To enable marketing and communication (e.g., mailing of newsletters and other marketing materials, invitations to the Group’s events, meetings, and other gatherings etc.). |
The processing is necessary for the Group’s legitimate interest to market itself to the company that you represent (legitimate interest). |
Potential future suppliers or partners
Purpose |
Legal basis |
To enable marketing and communication about the Group’s brand and the Group’s products (e.g., mailing of newsletters and other marketing materials, invitations to the Group’s events, meetings, and other gatherings etc.). |
The processing is necessary for the Group’s legitimate interest to market its brand, its products, and other similar products to you or to the company that you represent (legitimate interest). |
Visitors of the Group’s website
Purpose |
Legal basis |
To ensure the operation of the Group’s website and application. To be able to develop the Group’s website and to better adapt the website based on how it is used. |
The processing is necessary for the Group’s legitimate interest to improve, streamline, simplify and develop its website and to market the Group and its business (legitimate interest). |
Recruitment (job applicants at the Group)
Purpose |
Legal basis |
To, in connection with recruitment, be able to decide who is best suited for a position with the Group and to ensure that the relevant person has the necessary skills. |
The processing is necessary for the Group’s legitimate interest to recruit the right employees and ensure that skilled people work for the Group (legitimate interest). |
Participants in clinical trials
Purpose |
Legal basis |
To conduct a clinical trial and collect relevant data. |
The Group’s processing is necessary for the performance of research, which is a task carried out in the public interest. |
Any of the above (when applicable in connection with legal proceedings)
Purpose |
Legal basis |
To establish, exercise or defend legal claims. |
The processing is necessary for the Group’s legitimate interest to establish, exercise or defend legal claims (legitimate interest). |
5. FOR How long does the Group Keep your personal data?
Your personal data is kept for as long as there is a need to preserve them in order to fulfil the purposes for which the personal data was collected in accordance with this Privacy Policy. Thereafter, your personal data will be deleted.
Some personal data will, for the purpose of complying with applicable accounting legislation, be stored for seven years, counting from the end of the calendar year during which the financial year, to which the information pertained, was terminated.
Contact information regarding company representatives is stored during such time the Group considers that the information is necessary to maintain the relationship with the company/organisation. Deletion shall take place when the Group becomes aware that the information is no longer adequate or relevant for the purpose, or at the request of the contact person.
For more information about how long the Group stores specific personal data, please contact the Group. Contact information is provided under section ”Contact” below.
6. With whom does the Group share your personal data?
The Group does not disclose personal data to third parties, except when necessary to fulfil a legal obligation or to fulfil the Group’s obligations to you, suppliers, and partners. Your personal data will not be sold to third parties for marketing purposes. Situations when your personal data may be disclosed to third parties are listed in the table below.
Third party |
Reason for third-party disclosure |
Suppliers of cloud solutions |
Personal data may be transferred to suppliers of cloud solutions since the Group stores certain information in cloud solutions. |
Suppliers and partners |
The Group may disclose your personal data to suppliers and/or partners, if the suppliers and/or partners need your personal data to fulfil their undertakings toward the Group. |
Authorities |
Personal data may be disclosed to authorities when necessary for compliance with the Group’s legal obligations. |
Acquirers and investors |
If the Group intends to transfer all or part of its business, personal data may be disclosed to a potential buyer, and if a third party wants to invest in the Group, personal data may be transferred to such potential investor. |
In connection with legal proceedings |
If the Group is involved in legal proceedings, personal data may be transferred to third parties involved in such proceeding, including third parties in third countries (in which case such transfer is necessary for the establishment, exercise, or defence of legal claims). |
7. Transfer of personal data to third countries
The Group may transfer your personal data to countries outside the EU/EEA. If personal data is transferred to a country outside the EU/EEA, the Group will take measures to ensure that the personal data continues to be protected and will also take the necessary measures to ensure a legal transfer of the personal data to countries outside the EU/EEA.
The Group uses the services of IT suppliers, whereby your personal data may be transferred to the United States. The Group has ensured that your rights are guaranteed when transferring personal data to the United States by signing the European Commission’s standard contractual clauses with the relevant IT suppliers. More information regarding the European Commission’s standard contractual clauses is available at the Swedish Authority for Privacy Protection’s website.
8. Social media
Regarding personal data that occurs and is processed on social media, such as LinkedIn, we refer users to the policy provided by the respective service providers for information on how each service provider processes personal data. In the Group’s view, the purpose of the processing is that representatives of existing and potential partners to the Group shall be able to interact and maintain contact with the Group via social media, and in order to contribute to good relationships with partners and potential partners. The processing is necessary for the purposes of the Group’s legitimate interest to market its brand and its business to existing and potential partners or investors (legitimate interest).
9. Your rights
As the controller, the Group is responsible for ensuring that your personal data is processed in accordance with applicable legislation.
The Group will, at your request or on its own initiative, rectify, erase, or complete any information found to be inaccurate, incomplete, or misleading.
You have the right to request access to and rectification or erasure of your personal data (e.g., if such erasure is required by applicable law), request restriction of the processing of your personal data and object to the processing, as permitted by applicable personal data legislation (e.g. if you contest the accuracy of the personal data or if the processing is unlawful but you oppose the erasure of the personal data and request restriction of its use instead). The Group will notify each recipient to whom the personal data has been disclosed in accordance with section 6 above regarding any rectifications or erasures of personal data as well as of restriction of processing of data according to this section 9.
Under certain conditions, you have the right to data portability, i.e., a right to receive your personal data in a structured, commonly used and machine‑readable format and the right to transmit those data to another controller.
If you do not want the Group to process your personal data for direct marketing purposes, you have the right to object to such processing at any time. When the Group has received your objection, the Group will cease the processing of your personal data for such marketing purposes.
You have the right, through a written and signed application, to obtain free of charge a register extract from the Group regarding which personal data are stored about you, the purposes of the processing and to which recipients the data has been or shall be transferred. You also have the right to obtain information about the envisaged period for which the personal data will be stored or the criteria used to determine this period. You also have the right to receive information about your other rights as specified in this paragraph 9.
We look forward to hearing from you if you have any complaints regarding the Group’s processing of your personal data, in order to correct our processing if necessary. You also have the right to file complaints regarding the Group’s processing of your personal data with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten).
10. Security of your personal data
You should always be able to feel safe when you provide us with your personal data. Therefore, the Group has implemented the security measures necessary to protect your personal data against unauthorised access, alteration, and destruction. The Group will not disclose your personal data, other than as expressly provided by this Privacy Policy.
11. Changes
The Group reserves the right to change this Privacy Policy at any time. In the event of changes to this Privacy Policy, the Group will publish the amended Privacy Policy on the Group’s website with information on when the changes will come into effect and notify relevant parties in an appropriate manner.
12. Contact information
Do not hesitate to contact the Group if you have any questions about this Privacy Policy, the processing of your personal data or if you wish to exercise your rights under this Privacy Policy or applicable legislation.
The Group’s contact information:
iCoat Medical AB
Corporate registration number: 559172-8208
Postal address: c/o WeWork, Malmskillnadsgatan 32, 6th Floor, 111 53 Stockholm, Sweden
Email address: privacy@icoatmedical.com
iCoat Medical Operations AB
Corporate registration number: 559366-5096
Postal address: c/o iCoat Medical AB, Malmskillnadsgatan 32, 111 51 Stockholm, Sweden
Email address: privacy@icoatmedical.com