Privacy Policy
(Please note that this Privacy Policy does not apply in the United States of America)
Kaiku Health and the use of personal data
On this page you will find Elekta Solutions AB’s Privacy Policy that defines how Kaiku Health processes your personal data.
Data Controller
A customer of Elekta Solutions AB (“Elekta”), typically a healthcare institution, will act as the data controller (“Data Controller”). Elekta is the data processor and will process personal information only on behalf of the Data Controller. The contact information of the Data Controller is provided in the Data Controller’s privacy policy.
Purpose and legal basis of personal data processing
The lawfulness of the processing of personal data is based on your client- or patient relationship with the Data Controller, and the laws and regulations imposed on the Data Controller as the administrator of the client- or patient register. For more information, please read the Data Controller’s privacy policy.
What personal information is processed?
Kaiku Health processes the following information:
Personal information
- Full name, if available
- Birth date
- Sex
- Email address
- Phone number
- Password
- Social security number (or other comparable national identification code), where applicable (e.g. in Finland)
Personal data generated and stored during use of Kaiku Health (“Patient Information”)
- Messages sent to- and received from the medical staff
- Forms filled by the user, such as symptom and quality of life questionnaires, and the values and parameters derived from processing of these forms
- Device-generated data, such as activity data, when the user has given their separate, explicit consent in Kaiku Health
- Other information that is either communicated through Kaiku Health or fetched by Kaiku Health from other patient records, such as the user’s appointment schedule, treatment plan, or medical background, to facilitate communication between healthcare professionals and patient
Log information
- Technical logs (including IP-address) stored on a separate log server
- Audit logs stored in the application database and on a separate log server, to enable forensic analysis when necessary
- Operational data necessary for the functioning of the service, such as for example login attempts, type and amount of notifications sent to users, type and amount of tasks given to users
Sources of personal data
The personal data is collected from the following sources:
- Information entered by the user
- User-specific information entered by the medical staff
- Information imported from other records by the Data Controller
Receivers of personal data
Only authenticated and authorized persons are able to access the user’s personal data. Access to the personal data of a user is only permitted to a person, such as a nurse or physician, whose duties require accessing such personal data as defined by the Data Controller according to a legal basis. The exchange of information between end user devices and the Kaiku Health server is encrypted.
Access to the user's personal data is limited to the user and appropriate medical and administrative staff. The Data Controller may decide to restrict certain administrative staff to the user's personal data, excluding patient information.
No personal data or information will be shared with any international organisation or with any party outside of the EEA.
Retention and erasure of personal information
The duration for which personal data will be retained and the basis for retention, where not specified in this Privacy Policy, will be set out in the Data Controller's privacy policy.
Rights of the data subject (user)
Right of access to personal information
The data subject has the right to see all their personal information. The data subject can access and view their personal information once logged into Kaiku Health.
Right to rectification
The data subject
- can edit their personal and contact information via the Kaiku Health user interface
- has the right to demand the rectification of any incorrect personal information
- can review patient information before it is submitted. Once the patient information is submitted, it can no longer be edited directly via Kaiku Health. The purpose of this is to prevent changes to patient information. A request for rectification of patient information must be made to the Data Controller as set out in the Data Controller's privacy policy.
Right to erasure
If the Data Controller requires Elekta to retain Personal Data, Elekta will delete such Personal Data upon first request or within the time period agreed upon in the contract with the Data Controller, unless Elekta is permitted or required by applicable law to retain such Personal Data.
Right to restriction of processing
The data subject has the right to request the restricted processing of their data. The request should be addressed to the Data Controller directly. The data subject’s user account is set as „inactive“ for the duration of the restriction if the data subject does not consent to the processing of information during the restriction period.
Right to data portability
The Data Controller is not obliged to provide the information in a particular structured or commonly used format as the use of the service is not based on the consent of the data subject.
Right to file a complaint to a supervisory authority
The data subject has the right to file a complaint to a supervisory authority, especially in the member state in which the data subject resides, works or where the claimed infringement took place, if the data subject suspects that the terms outlined in this document are violated, without imposing restrictions on other due processes.
Post-processing of data
Elekta generates anonymous data from the use of Kaiku Health. In particular, we use data:
- To provide our product to our users, which includes updating, securing, and troubleshooting, as well as providing support.
- To analyze the performance, improve, and develop our product to give you a more seamless, consistent, and personalized experience.
- For other legitimate purposes, or to meet the legal obligations as a medical device manufacturer.
Our processing of data for these purposes includes both automated and manual (human) methods of processing. Elekta uses its utmost best efforts to make sure that individual users cannot be identified from the anonymous data generated by Elekta. The legal basis for the processing of data for product improvement purposes is Art. 6 para. 1 f) GDPR. We have a legitimate interest in providing our users with a state-of-the-art technology and user centric Kaiku Health experience.
Data protection
Kaiku Health user data is stored in the database in an encrypted form (encryption at rest). No data besides the user's session are stored on end-users’ devices. Kaiku Health enforces use of an encrypted connection (encryption in transit), unsecure connections are not possible. All connections to the Kaiku Health -service are encrypted using TLS.
Cookies Policy
Kaiku Health uses a Cookie for identifying a user’s logged in session time to detect the need for session expiration, when the user is no longer active. Due to the sensitivity of data in Kaiku Health, this Cookie is considered as strictly necessary for information security purposes.
Kaiku Health also uses load-balancing Communication Cookies to route the information over the network by identifying the communication endpoints. By accepting the User Terms, you accept the use of all strictly necessary and communication cookies used by Kaiku Health.
E069253-01 | (c) 2023 The Elekta Group. All rights reserved.