Privacy Policy

(Please note that this Privacy Policy does not apply in the United States of America)

Kaiku Health and the use of personal data

On this page you will find Elekta Solutions AB’s Privacy Policy that defines how Kaiku Health processes your personal data.

Data Controller

A customer of Elekta Solutions AB (“Elekta”), typically a healthcare institution, will act as the data controller (“Data Controller”). Elekta is the data processor and will process personal information only on behalf of the Data Controller. The contact information of the Data Controller is provided in the Data Controller’s privacy policy.

Purpose and legal basis of personal data processing

The lawfulness of the processing of personal data is based on your client- or patient relationship with the Data Controller, and the laws and regulations imposed on the Data Controller as the administrator of the client- or patient register. For more information, please read the Data Controller’s privacy policy.

What personal information is processed?

Kaiku Health processes the following information:

Personal information

Full name, if available
Birth date
Sex
Email address
Phone number
Password
Social security number (or other comparable national identification code), where applicable (e.g. in Finland)

Personal data generated and stored during use of Kaiku Health (“Patient Information”)

Messages sent to- and received from the medical staff
Forms filled by the user, such as symptom and quality of life questionnaires, and the values and parameters derived from processing of these forms
Device-generated data, such as activity data, when the user has given their separate, explicit consent in Kaiku Health
Other information that is either communicated through Kaiku Health or fetched by Kaiku Health from other patient records, such as the user’s appointment schedule, treatment plan, or medical background, to facilitate communication between healthcare professionals and patient

Log information

Technical logs (including IP-address) stored on a separate log server
Audit logs stored in the application database and on a separate log server, to enable forensic analysis when necessary
Operational data necessary for the functioning of the service, such as for example login attempts, type and amount of notifications sent to users, type and amount of tasks given to users

Sources of personal data

The personal data is collected from the following sources:

Information entered by the user
User-specific information entered by the medical staff
Information imported from other records by the Data Controller

Receivers of personal data

Only authenticated and authorized persons are able to access the user’s personal data. Access to the personal data of a user is only permitted to a person, such as a nurse or physician, whose duties require accessing such personal data as defined by the Data Controller according to a legal basis. The exchange of information between end user devices and the Kaiku Health server is encrypted.

Access to the user's personal data is limited to the user and appropriate medical and administrative staff. The Data Controller may decide to restrict certain administrative staff to the user's personal data, excluding patient information.

No personal data or information will be shared with any international organisation or with any party outside of the EEA.

Retention and erasure of personal information

The duration for which personal data will be retained and the basis for retention, where not specified in this Privacy Policy, will be set out in the Data Controller's privacy policy.

Rights of the data subject (user)

Right of access to personal information

The data subject has the right to see all their personal information. The data subject can access and view their personal information once logged into Kaiku Health.

Right to rectification

The data subject

can edit their personal and contact information via the Kaiku Health user interface
has the right to demand the rectification of any incorrect personal information
can review patient information before it is submitted. Once the patient information is submitted, it can no longer be edited directly via Kaiku Health. The purpose of this is to prevent changes to patient information. A request for rectification of patient information must be made to the Data Controller as set out in the Data Controller's privacy policy.

Right to erasure

If the Data Controller requires Elekta to retain Personal Data, Elekta will delete such Personal Data upon first request or within the time period agreed upon in the contract with the Data Controller, unless Elekta is permitted or required by applicable law to retain such Personal Data.

Right to restriction of processing

The data subject has the right to request the restricted processing of their data. The request should be addressed to the Data Controller directly. The data subject’s user account is set as „inactive“ for the duration of the restriction if the data subject does not consent to the processing of information during the restriction period.

Right to data portability

The Data Controller is not obliged to provide the information in a particular structured or commonly used format as the use of the service is not based on the consent of the data subject.

Right to file a complaint to a supervisory authority

The data subject has the right to file a complaint to a supervisory authority, especially in the member state in which the data subject resides, works or where the claimed infringement took place, if the data subject suspects that the terms outlined in this document are violated, without imposing restrictions on other due processes.

Post-processing of data

Elekta generates anonymous data from the use of Kaiku Health. In particular, we use data:

To provide our product to our users, which includes updating, securing, and troubleshooting, as well as providing support.
To analyze the performance, improve, and develop our product to give you a more seamless, consistent, and personalized experience.
For other legitimate purposes, or to meet the legal obligations as a medical device manufacturer.

Our processing of data for these purposes includes both automated and manual (human) methods of processing. Elekta uses its utmost best efforts to make sure that individual users cannot be identified from the anonymous data generated by Elekta. The legal basis for the processing of data for product improvement purposes is Art. 6 para. 1 f) GDPR. We have a legitimate interest in providing our users with a state-of-the-art technology and user centric Kaiku Health experience.

Data protection

Kaiku Health user data is stored in the database in an encrypted form (encryption at rest). No data besides the user's session are stored on end-users’ devices. Kaiku Health enforces use of an encrypted connection (encryption in transit), unsecure connections are not possible. All connections to the Kaiku Health -service are encrypted using TLS.

Cookies Policy

Kaiku Health uses a Cookie for identifying a user’s logged in session time to detect the need for session expiration, when the user is no longer active. Due to the sensitivity of data in Kaiku Health, this Cookie is considered as strictly necessary for information security purposes.

Kaiku Health also uses load-balancing Communication Cookies to route the information over the network by identifying the communication endpoints. By accepting the User Terms, you accept the use of all strictly necessary and communication cookies used by Kaiku Health.