We use cookies

We use cookies to enhance your experience and enable appointment booking features.

Privacy Policy
VIDACURE

Privacy Policy

Last updated: March 2026

Albafides Care AB, reg. no. 551929-4888, with address Stora Varvsgatan 15E, 211 77 Malmö, is responsible for the processing of personal data within the scope of our operations and digital services under the brand Vidacure. We comply with the EU General Data Protection Regulation (GDPR), the Swedish Patient Data Act, and other relevant legislation.

Data Protection Officer: Our Data Protection Officer helps ensure that we handle personal data correctly and securely. You can contact the DPO via email: dpo@vidacure.se or by mail to Albafides Care AB, attn: Data Protection Officer, Stora Varvsgatan 15E, 211 77 Malmö.

1. What personal data we process

Personal data is information that can be directly or indirectly linked to you as an individual. This may include:

  • Name, personal identity number, and contact details
  • Information about health, lifestyle, and medical history
  • Technical data from our digital services
  • Communication with our staff
  • Payment and subscription details

Processing of personal data includes all actions relating to the data, such as collection, storage, structuring, analysis, transfer, and deletion.

To process personal data, we must have a legal basis under GDPR. For our operations, the following are primarily used:

  • Contract – when you use our services
  • Legal obligation – e.g., record-keeping under the Patient Data Act
  • Legitimate interest – e.g., to improve our services
  • Consent – when required for specific purposes

When processing sensitive personal data, such as health data, we rely on GDPR Article 9, specifically 9.2(h) (healthcare) and 9.2(a) (explicit consent).

2. How we process personal data in different situations

2.1 When you create an account and we assess if the service is suitable for you

Examples of data: Name, personal identity number, age, contact details, health information, lifestyle data, photos, technical data, user data.

Processing:

  • Collection of data via forms, calls, and digital services
  • Assessment of whether Vidacure is suitable for you
  • Account creation and identification
  • Communication with you
  • Storage of data for documentation

Purpose: To offer an account, carry out medical assessments, and provide our digital services.

Legal basis: Contract and legitimate interest.

Recipients: IT providers, identification services (e.g., BankID).

2.2 When you subscribe and pay for a membership

Examples of data: Personal identity number, name, contact details, payment information, credit assessment.

Processing:

  • Payment processing
  • Identification
  • Subscription administration
  • Communication and documentation

Legal basis: Contract.

Recipients: Payment providers, IT providers, BankID, credit reference agencies.

2.3 When we provide care and treatment

Examples of data: Health data, test results, medical records, lifestyle data, communication with healthcare staff, photos, user data.

Processing:

  • Booking and conducting care meetings
  • Medical record-keeping and archiving
  • Development of care plans
  • Prescription management
  • Referrals and certificates
  • Communication between you, healthcare staff, and other patients (e.g., community features)

Legal basis: Contract and legal obligation under the Patient Data Act.

Recipients: Laboratories, pharmacies, other healthcare providers, IT providers, prescription services, authorities when required.

2.4 When we work on patient safety and quality improvement

Examples of data: Health data, user data, incident management, injury investigations.

Processing:

  • Investigation of medical matters
  • Quality assurance
  • Handling of IVO (Health and Social Care Inspectorate) cases
  • Documentation of side effects

Legal basis: Legitimate interest and legal obligations in healthcare.

2.5 When you contact customer service

Examples of data: Contact details, personal identity number, technical data, information you provide in the matter.

Processing:

  • Communication
  • Troubleshooting
  • Documentation and follow-up

Legal basis: Legitimate interest.

2.6 When we market our services

Examples of data: Contact details, user behavior, reviews, information you provide in recommendations or "refer a friend".

Processing:

  • Sending information and offers
  • Analysis of user behavior
  • Publishing stories or reviews (with consent)
  • Targeted advertising

Legal basis: Legitimate interest and consent where required.

2.7 When we develop and improve our services

Examples of data: Technical data, user behavior, comments, health data (which is anonymized).

Processing:

  • System development
  • Troubleshooting
  • Statistics and research
  • Anonymization of patient data

Legal basis: Legitimate interest.

3. Sharing of personal data

3.1 Employees and consultants

Only individuals who need the data for their work are given access.

3.2 Data processors

We engage providers for IT operations, customer service, marketing, laboratory services, etc. With all of these, we have agreements on data protection, confidentiality, and security, ensuring they only process data according to our instructions and with a high level of protection.

3.3 Independent data controllers

In some cases, data is shared with entities that are independently responsible for their own processing, such as authorities (Swedish Tax Agency, IVO, Swedish Social Insurance Agency, Police), pharmacies, laboratories, payment providers, and other healthcare providers. When data is shared with these parties, their own privacy policies apply.

4. How long we retain data

  • Medical records: 10 years under the Patient Data Act.
  • Contract and subscription data: during the contract period + 6 months.
  • Accounting records: 7 years.
  • Marketing data: up to 6 months after the activity ends.
  • Data based on consent: deleted upon withdrawal or after 2 years at the latest.
  • Data for development and research: anonymized.

5. Where data is processed

We strive to process all personal data within the EU/EEA. If data is transferred to countries outside the EU/EEA, we ensure the level of protection through EU Commission adequacy decisions, or standard contractual clauses and other appropriate safeguards.

6. Your rights

You have the right to:

  • Receive information about how we process your data
  • Request access to your data (subject access request)
  • Request correction of inaccurate data
  • Object to processing based on legitimate interest
  • Withdraw consent
  • Request restriction of processing
  • Request deletion in certain cases
  • Receive your data for data portability

You can contact us or our Data Protection Officer to exercise your rights.

You may also file a complaint with the Swedish Authority for Privacy Protection (IMY).

© 2026 Albafides Care AB (Vidacure)