Logo
Denna sida på svenska

Privacy policy

Latest update January 13, 2025

1. Background

Feelgood helps companies and organizations to work systematically and preventively with work environment, sustainable health, leadership, training and education, harmful use, rehabilitation and crisis management. The customers can be found in a variety of industries, in both the private and public sectors. Feelgood also offers services to private individuals.

In Sweden the processing of personal data is regulated by the EU's General Data Protection Regulation ("GDPR") and the supplementing Swedish Data Protection Act (2018:218). For healthcare providers, additional supplementary regulation can be found in the Swedish Patient Data Act (2008:355). Feelgood is subject to all three regulations.

This privacy policy contains information on how Feelgood processes personal data in relation to its patients, customers, suppliers, partners and people seeking employment at Feelgood as well as information on how Feelgood uses so-called cookies. This personal data policy does not cover Feelgood's own employees.

2. Information security

In order to be able to offer healthcare services, occupational healthcare or any of our other services, Feelgood uses various IT solutions. This is, for example, an electronic medical records system, an application for video visits or our platform for digital training.

Feelgood maintains a high level of technical and organizational measures to ensure confidentiality (protecting data so that unauthorized persons do not gain access to it), accuracy (protecting data from being improperly changed) and availability (the information must be available when it is needed). Feelgood works continuously and systematically with information security in accordance with ISO/IEC 27001, an international standard for information security.

Feelgood uses data processors, i.e. other companies that process personal data on behalf of Feelgood and in accordance with Feelgood's instructions. This could be, for example, a system used to send referrals to other health care providers, a supplier who sends SMS reminders before your appointment with Feelgood or a contract management system that we use for our customer agreements. When a data processor is engaged, a data processing agreement is always entered into. That data processing agreement regulates what the data processor may do with the personal data and which security measures must be taken to protect the personal data. The agreement ensures that when Feelgood uses another company for the processing of personal data, the personal data is treated as securely as when Feelgood handles it itself.

All personnel at Feelgood are bound by statutory confidentiality in relation to patient information. This means that all information relating to the patient's personal circumstances is protected by a statutory confidentiality and may only be disclosed after consent by the patient or when mandated by law. Confidentiality in healthcare is regulated for private healthcare providers by the rules in the Swedish Patient Safety Act (chapter 6, sections 12 – 16).

The personal data is processed and stored within the EU/EEA or a country recognized by the European Commission to provide an equivalent level of protection for personal data as the EU does. Your electronic patient records is always processed and stored within Sweden.

3. What personal data do we process, for what purpose, and with what legal basis?

As a healthcare provider, we need to process data about our patients to meet the requirements of the Swedish Patient Data Act. Some personal data is also needed in order for us to be able to conduct our business in an effective manner, such as to fulfill agreements that we have entered into with our corporate customers or directly with various people. If we do not get access to this information, it may lead to us not being able to enter into agreements or fulfill our obligations according to existing agreements.

The following section describes why, how and on which legal grounds Feelgood processes personal data.

3.1 Patient at the Occupational Health Care or Student Health Care

This section applies when Feelgood provides medical services within Occupational Health Care or Student Health Care in relation to the patient's personal data.

3.1.1 What personal data is processed? 

Name, social security number, contact details, employer/university, bookings/appointments or other contacts with Feelgood and information about your health and other information that you or your employer provide to Feelgood.

3.1.2 How is the personal data collected by Feelgood?

Name, social security number and contact details are obtained from you or your employer/university and can be updated via public registers. Information about your health is collected from you or your employer. Subject to your consent, information about your health can also be collected from other healthcare providers.

3.1.3 For what purpose is the personal data processed? 

The overall purpose is to provide good and safe care to patients. The personal data is used for the following purposes (in accordance with the Swedish Patient Data Act):

  • to keep patient records and establish other patient-related documentation.
  • for patient administration (for example handling appointments).
  • to prepare other documentation that is mandated by law or regulation.
  • to systematically and continuously develop and secure the quality of our own operations (in accordance with, inter alia, the Swedish National Board of Health and Welfare's regulations).
  • for the administration, planning, follow-up, evaluation and supervision of our own operations.
  • to produce statistics about healthcare and Feelgood's operations. 
  • to provide information in accordance with law or regulation (for example, providing information to government agencies or patients in the manner specified by law).

3.1.4 What is the legal basis for the processing?

As a healthcare provider, Feelgood has an obligation according to law to keep patient records and certain other documentation. Feelgood is also mandated by law to provide information to government agencies. The legal basis in these cases is "legal obligation". For other processing according to above, the legal basis is "public interest".

3.1.5 How long do Feelgood keep the personal data?

Patient records must be kept for at least ten years from the last entry in the record. Logs linked to patient records must be kept for at least five years to enable control of access to information about a patient.

3.2 Occupational Health – not a patient

This section applies when Feelgood provides services within the framework of Occupational Health but which do not constitute health care, for example work environment projects and surveys.

3.2.1 What personal data is processed? 

Name, social security number, contact details and employer as well as other information that you provide to us (including information about perceived health) or that your employer provides to us.

3.2.2 How is the personal data collected by Feelgood?

Name, social security number and contact details are collected from you or your employer and can be updated via public registers. Other information is collected from you or your employer.

3.2.3 For what purpose is the personal data processed?

The data is processed in order to be able to provide the services that have been agreed with your employer within the framework of Occupational Health but which do not constitute health care.

3.2.4 What is the legal basis for the processing?

Feelgood has a "legitimate interest" in being able to fulfill agreements with its customers and provide such services that are needed in Occupational Health. In the case of certain services, personal data is processed after "explicit consent" for sensitive personal data - the consent is then obtained from you in connection with the service in question.

3.2.5 How long do Feelgood keep the personal data?

The data is processed during the time the service is provided and for a reasonable time thereafter, usually one year (however, this may vary between different services). If you withdraw consent for a certain service, we will delete the data processed based on consent.

3.3 Patient (not Occupational Health Care)

This section applies when Feelgood provides healthcare that is not related to Occupational Health.

3.3.1 What personal data is processed? 

Name, social security number, contact details, bookings/appointment or other contacts with Feelgood and information about your health and other information that you provide to Feelgood.

3.3.2 How is the personal data collected by Feelgood?

Name, social security number and contact details are obtained from you or, where applicable, your insurance company and can be updated via public records. Information about your health is collected from you or your insurance company (if applicable). After your consent, information about your health can also be obtained from other healthcare providers.

3.3.3 For what purpose is the personal data processed? 

The overall purpose is to provide good and safe care to patients. The personal data is used for the following purposes (in accordance with the Swedish Patient Data Act):

  • to keep patient records and establish other patient-related documentation.
  • for patient administration (for example handling appointments and payments).
  • to prepare other documentation that is mandated by law or regulation.
  • to systematically and continuously develop and secure the quality of our own operations (in accordance with, inter alia, the Swedish National Board of Health and Welfare's regulations).
  • for the administration, planning, follow-up, evaluation and supervision of our own operations.
  • to produce statistics about healthcare and Feelgood's operations. 
  • to provide information in accordance with law or regulation (for example, providing information to government agencies or patients in the manner specified by law).

3.3.4 What is the legal basis for the processing?

As a healthcare provider, Feelgood has an obligation according to law to keep patient records and certain other documentation. Feelgood is also mandated by law to provide information to government agencies. The legal basis in these cases is "legal obligation". For other processing according to above, the legal basis is "public interest".

3.3.5 How long do Feelgood keep the personal data?

Patient records must be kept for at least ten years from the last entry in the record. Logs linked to patient records must be kept for at least five years to enable control of access to information about a patient. Accounting information is saved for at least seven years, in accordance with the Swedish Book-keeping Act. 

3.4 Contact persons at existing and potential customers

This section applies to people at various organizations who are either customers of Feelgood or who could be customers of Feelgood.

3.4.1 What personal data is processed? 

Name, contact details, employer and position as well as correspondence.

3.4.2 How is the personal data collected by Feelgood?

Name, contact details, employer and position are collected from you, your employer or public or private registers. Correspondence is collected from you. 

3.4.3 For what purpose is the personal data processed?

The data is processed to be able to communicate in the usual way for the current type of business relationship and for marketing purposes. It can for example be newsletters, invitations to customer events and webinars, handling purchase orders, answering questions and providing customer service as well as for customer surveys.

3.4.4 What is the legal basis for the processing?

Feelgood has a "legitimate interest" in being able to fulfill and evaluate its agreements with its customers and in marketing its services.

3.4.5 How long do Feelgood keep the personal data?

Data processed in connection with customer assignments can be used to adapt tenders in connection with subsequent procurement and for marketing. Contact information for representatives of potential customers is removed when the dialogue has ended, if no customer relationship has been initiated.

In the event of an objection to marketing, information that such an objection has been made is saved by Feelgood.

3.5 Contact persons at suppliers and partners

This section applies to contact persons at Feelgood's suppliers and partners.

3.5.1. What personal data is processed? 

Name, contact details, employer and position as well as correspondence.

3.5.2 How is the personal data collected by Feelgood?

Name, contact details, employer and position are collected from you or your employer. Correspondence is collected from you. 

3.5.3 For what purpose is the personal data processed?

Feelgood processes the personal data to administer agreements with suppliers and partners as well as to communicate in the usual way for the current type of business relationship. It can, for example, be contacts regarding how the service is performed or invoice requests.

3.5.4 What is the legal basis for the processing?

Feelgood has a "legitimate interest" in being able to conduct its business, including managing its agreements with suppliers and partners.

3.5.5 How long do Feelgood keep the personal data?

The data is saved as long as it is relevant for the purpose.

3.6 Recruitment

This section applies when you apply for work at Feelgood or otherwise show interest in working at Feelgood.

3.6.1 What personal data is processed? 

The categories of personal data processed by Feelgood are name, contact information, gender, social security number/date of birth, information about education, experience and skills and, where applicable, information about reference persons and test results as well as other relevant information that you provide to us.

If you subscribe to vacancies at Feelgood via our website, we process your e-mail and the types of vacancies you are interested in.

3.6.2 How is the personal data collected by Feelgood?

The data is collected from you and, where applicable, via statements from reference persons and, in the case of registered healthcare personnel, from relevant government agency.

3.6.3 For what purpose is the personal data processed?

The personal data is processed so that Feelgood can administer the current recruitment procedure.

If you subscribe to vacancies at Feelgood via our website, the purpose is to provide you with that service.

3.6.4 What is the legal basis for the processing?

Feelgood has a "legitimate interest" in implementing, simplifying and streamlining its recruitment process and/or in taking "measures prior to or in accordance with the agreement" with you.

3.6.5 How long do Feelgood keep the personal data?

The data is processed during the time that the recruitment procedure is ongoing and for 24 months thereafter. In the event of a dispute, the data is saved as stated below in Section 4.

Information about your subscription to vacancies is saved as long as you use that service.

3.7 Feelgoods mobile app

This section applies for your use of the Feelgood mobile app. 

3.7.1 What personal data is processed? 

Feelgood processes information about name, social security number and contact information when you use the mobile app. When you use the mobile app, data that you enter yourself as well as data about the services and functions that are available to you are also processed. Feelgood also collects information about how the mobile app is used. The mobile app also processes information connected to occupational health care (e.g. appointments with Feelgood) and private health services. With your consent, healthcare data can also be obtained from Feelgood and displayed in the mobile app. You may also register your own information about your health in the app (e.g. vaccinations).

Where applicable (depending on your employer's service offering), information on sickness absence can be registered via the mobile app. For such information, your employer is the personal data controller and this data is processed according to your employer's instructions.

3.7.2 How is the personal data collected by Feelgood?

The data is collected from you, your employer, from Feelgood's system or another healthcare provider.

3.7.3 For what purpose is the personal data processed?

The data is processed to provide occupational health care and the private health services offered via the mobile app as well as the other services and functions available when you use the mobile app. The data is also used to ensure that the mobile app can be used securely.

3.7.4 What is the legal basis for the processing?

Feelgood uses the data to "fulfill a contract" with you. In relation to certain services, personal data is processed after "explicit consent" for sensitive personal data - the consent is then obtained from you in connection with the service in question.

3.7.5 How long do Feelgood keep the personal data?

Data collected via the mobile app is saved as long as the user maintains their app account with Feelgood, alternatively until their consent is withdrawn (if the processing is based on consent).

3.8 Feelgood Plus

This section applies to your use of the Feelgood Plus services.

3.8.1. What personal data is processed?

Name, social security number, contact details and your use of the services within the framework of Feelgood Plus. In healthcare, data about your health and other information that you provide to us are processed. Note that certain care services within Feelgood Plus are offered in cooperation with Doktor24, who is then the healthcare provider and data controller for that personal data.

3.8.2 How is the personal data collected by Feelgood?

The data is collected from you or your employer. 

3.8.3 For what purpose is the personal data processed?

The data is processed so that Feelgood can provide the services that have been agreed upon and to communicate with you. In the case of healthcare, data is processed for the purposes that apply to patients (see Section 3.3).

3.8.4 What is the legal basis for the processing?

Feelgood uses the data to "fulfill an agreement" with you. When healthcare data is processed, the legal basis is "public interest" (e.g. patient administration) and to fulfill "legal obligations" (e.g. keeping patient records).

3.8.5 How long do Feelgood keep the personal data?

Data is saved until the user terminates the Feelgood Plus service. Data that is processed in support of a legal obligation is saved in accordance with legal requirements (patient records for at least 10 years and payment information for at least 7 years).

3.9 Training, webinars and other education services 

This section applies to you who register for or complete a training or webinar via Feelgood.

3.9.1 What personal data is processed?

Name, contact details, which training/webinar the registration relates to and whether the training has been completed. If the training contains questions, we will also process your answers to these questions.

3.9.2 How is the personal data collected by Feelgood?

The data is collected from you or your employer.

3.9.3 For what purpose is the personal data processed?

The data is processed to be able to administer and provide the training/webinar procured by your employer, to report on completed training to you and your employer, and to produce statistics. 

3.9.4 What is the legal basis for the processing?

Feelgood has a "legitimate interest" in being able to administer and provide training to its customers and their employees.

3.9.5 How long do Feelgood keep the personal data?

The data is saved for 12 months after the training/webinar has been completed. 

3.10 Customer Web Portal

This section applies to your use of Feelgood's Customer Web Portal.

3.10.1 What personal data is processed? 

Name, social security number, contact details, login method and your use of the Customer Web Portal (e.g. ordered services and appointments).

3.10.2 How is the personal data collected by Feelgood?

The data is collected from you and your employer. Some collection of data also takes place with so-called Cookies. More information about Cookies can be found under "Your profile" in the Customer Web Portal.

3.10.3 For what purpose is the personal data processed?

The data is processed to administer and provide the services available in the Customer Web Portal. The data is also used to ensure that the Customer Web Portal can be used safely.

3.10.4 What is the legal basis for the processing?

The Customer Web Portal is part of the administration of the Occupational Health Care and Student Health Care and is therefore covered by the legal basis "public interest".

3.10.5 How long do Feelgood keep the personal data?

Information about you is saved as long as you are a registered user of the Customer Web Portal.

3.11 Cookies

Feelgood uses so-called Cookies on its websites. Here you can get more information about how Cookies are used and control your choices.

Feelgood’s website: https://feelgood.se/cookies 
Feelgood Fysioterapi's website: https://feelgoodfysio.se/cookies
Nämndemansgården’s website: https://namndemansgarden.se/cookies 
Quality Care’s website: https://quality-care.se/cookies 

Feelgood’s Customer Web Portal uses Cookies in logged-in mode. Here you can find information on the Cookies: https://kund.feelgood.se/anvandarvillkor In logged-in mode you can select if non-essential Cookies is used or not. 

4 How long do Feelgood keep the personal data?

he personal data is processed for specified purposes during the times described above. Furthermore, information included in accounting information is processed for seven years after the calendar year in which the accounting year ended, which is a requirement according to the Swedish Book-keeping Act.

In individual cases, data may be saved for a longer period of time in order to establish, exercise or defend legal claims. 

5 When and with whom do we share personal data?

We may share personal data as stated here: 

  • with other healthcare providers, e.g. in the case of referrals or prescriptions of medicine;
  • with government agencies as mandated by law or regulation; 
  • within our corporate group for the purposes stated in section 3 above;
  • with suppliers who process personal data on our behalf (that is, as a personal data processor);
  • with suppliers and partners in order to be able to deliver our services and fulfill other commitments or exercise our rights in relation to our customers and patients;
  • with your employer, e.g. in the context of a case or inquiry (this item only applies to Occupational Health Care and information subject to statutory confidentiality is shared with your employer only after your consent or if it is mandated by law or regulation);
  • with insurance companies, e.g. in the context of a case or inquiry (this item only applies to healthcare via insurance companies and information subject to statutory confidentiality is shared with your insurance company only after your consent);
  • with a third party in case of a contemplated or actual reorganization, merger, acquisition, sale, joint venture, engagement or other disposition of whole or parts of our business, assets or stocks;
  • to defend or exercise our rights or fulfill our obligations according to law, data can then be shared with, for example, the police, a law firm or a trade union.

6 Your rights under GDPR

Below are your rights under the GDPR. You can read more information about your rights according to the GDPR on Swedish Authority for Privacy Protection’s (IMY’s) website: https://www.imy.se/privatperson/dataskydd/dina-rattigheter (in Swedish only)

You can exercise your rights by contacting Feelgood. The easiest way is to contact our data protection officer via email: dataskyddsombud@feelgood.se.  

6.1 Right of access

You have the right to request access to the personal data that Feelgood processes about you and to receive information about, among other things, the purposes of the processing and with whom the personal data has been shared. You also have the right to receive a free copy or a compilation of the personal data that Feelgood processes. For any extra copies, Feelgood may charge an administration fee.

6.2 Right to erasure (right to be forgotten) 

You have the right under certain conditions to request that Feelgood delete your personal data, e.g. if the data is no longer needed or if you withdraw consent. Please note that information that is needed in healthcare services is not covered by the right to erasure.

If you request to have the data deleted, it is the practice of Feelgood to use reasonable efforts to notify each recipient of the personal data that you have requested the data to be deleted.

6.3 Right to rectification

If you believe that any information about you at Feelgood is incorrect, you have the right to have such information corrected. You can also complete information that you consider to be incomplete.

When it comes to correcting information in patient records, there are restrictions due to the Swedish Patient Data Act. But if you think any information is incorrect, you can always contact Feelgood and point it out.

6.4 Right to object

You have the right to object at any time to the processing of your personal data if the legal basis for the processing is a public interest or balance of interests.

This means, among other things, that you have the right to object to processing if your personal data is used for direct marketing.

If you object to the processing, Feelgood may only continue to process the data if it can be shown that there are legitimate reasons for the processing that outweigh your objection or if it is justified to process the data in order to establish, exercise or defend legal claims.

6.5 Right to restriction of processing    

You have the right to request that Feelgood restrict the use of your personal data. This can be done under certain conditions, e.g. if you notified Feelgood that certain information is incorrect or if you objected to Feelgood's processing of personal data.

6.6 Right to data portability 

You have the right to obtain the personal data that you provided to Feelgood and you have the right to transfer this data to another data controller. However, this applies on the condition that it is technically possible and the legal basis for the processing is consent or that the processing was necessary for the fulfilment of an agreement with you.

6.7 Right to withdraw consent

If Feelgood's processing of personal data is based on your consent, you have the right to withdraw this consent at any time. Feelgood will then stop processing the relevant personal data.

7 Your rights as a patient

Below are your rights according to the Swedish Patient Data Act and other healthcare legislation. This legislation applies before rules and regulations in GDPR.

7.1 Patient records 

The Swedish Patient Data Act applies to posts in patient records. These posts are locked (signed) and cannot be changed or deleted. As a patient, you generally have the right to request extracts from the patient records and access logs. If you as a patient believe that information in the patient records is incorrect, the healthcare provider can make a correction in the patient records. A correction is a post that refers to the incorrect information and provides the correct information. Both the original post and the correction remain in the patient records. This is provided that the patient and the healthcare provider agree that the post must be corrected. In cases where the healthcare provider and the patient disagree about the accuracy of a post, or where the patient requests that the post is to be deleted, the patient can apply for this to the supervisory authority Swedish Health and Social Care Inspectorate (Sw: Inspektionen för vård och omsorg). After examination by the supervisory authority, the record is corrected or deleted in accordance with the authority's decision.

7.2 Obligation to provide data in accordance to law

As a healthcare provider, Feelgood is in some cases obliged to provide information to the authorities. Whether information must be provided depends on the care you received. As an example when there is an obligation to provide information, the following can be stated:

All vaccinations given within the general vaccination program for children, the special vaccination program for risk groups against pneumococci and vaccinations against covid-19 must be reported by Feelgood as a healthcare provider to the NVR (national vaccination register).

If health care is provided on behalf of the Region of Stockholm, information about the healthcare can be transferred to Region Stockholm's quality register in accordance with chapter 7 of the Swedish Patient Data Act. You can object to information being transferred to the quality register and you can request that information about you be deleted from the quality register. The Region of Stockholm is data controller for personal data in the quality register.

7.3 Confidentiality and Security Provisions

All personnel at Feelgood are subject to statutory confidentiality (chapter 6 sections 12-16 of the Swedish Patient Safety Act). This means that all information relating to the patient's health or personal circumstances is protected by statutory confidentiality and may only be disclosed if there is legal provision allowing the disclosure or if you, as a patient, have consented to the disclosure of the information.

In the National Board of Health and Welfare's regulation on the processing of personal data in healthcare, there are provisions on security measures that apply when we process your personal data as a health care provider. More high-level provisions on security measures are also applicable based on the Swedish Patient Data Act and the GDPR.

Se also Section 2 above on Feelgood’s information security measures. 

7.4 Right to object to certain electronic access to healthcare records

In accordance with chapter 4 Section 4 of the Swedish Patient Data Act, as a patient you have the right to object to personal data documented for healthcare purposes (e.g. data in patient records) at a care unit or within a care process being made available through electronic access to those who work at another care unit or within another care process with the same healthcare provider.

7.5 Information about access

All access to patient information is logged by Feelgood in the electronic medical records system. You have the right to receive information which access is logged regarding your patient records.

7.6 Right to compensation

If we process your personal data in violation of the Swedish Patient Data Act, you may be entitled to compensation in accordance with Article 82 of the GDPR.

7.7 Search terms, direct access and electronic disclosure of information

In the Feelgoods electronic medical records system, name or social security number is used as a search term. Regarding direct access, see Section 7.8 (National patient overview). Data will be transferred electronically to other actors in health care, e.g. in the case of referrals and prescriptions of medicine.

7.8 National patient overview

As a general rule, Feelgood does not use the National patient overview. However, if you visit our physiotherapists who provide healthcare in accordance with an agreement with the Region of Stockholm, the National patient overview is used. Then the following applies:

Our health care professionals that participate in your care may, after your approval, access information in medical records you have at other healthcare providers within the Stockholm Region. More information about National patient overview is available on the Stockholm Region website.

The National patient overview is a way for different healthcare providers to access each other's patient records under certain conditions. It makes it possible for a healthcare provider to give or get direct access to data of another healthcare provider via an electronic medical records system. This is done in accordance with the Swedish Act (2022:913) on Consolidated Health and Care Documentation. You have the right to object to the use of the National patient overview and to block your patient records from being included in the National patient overview. More information on National patient overview is available at the Region of Stockholm’s web site. 

8 Contact information

For occupational healthcare and related services, the Feelgood company which provides the services to your employer is the controller. If you have used Feelgood's services in your capacity as a private individual, the controller is the Feelgood company that you have purchased the service from.

In both situations, one of the following companies is the controller:

  • Feelgood Svenska AB
  • Feelgood Företagshälsovård AB
  • Feelgood Företagshälsa Dalarna AB
  • Feelgood Hälsoforum AB
  • Feelgood Länshälsan AB
  • Feelgood Sjukvård AB (including Quality Care)

If you have any questions about the Policy or other questions about how Feelgood processes personal data, please contact our Data Protection Officer at dataskyddsombud@feelgood.se

Data subjects also have the right to file a complaint with the competent supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Sw: Integritetsskyddsmyndigheten) with contact details below.

E-mail: imy@imy.se 
Telephone: 08-657 61 00
Address: Integritetsskyddsmyndigheten, box 8114, 104 20 Stockholm

9 Changes to this policy

Feelgood reserves its right to change and update this policy. We encourage you to read the policy now and then. The date of the latest changes to this policy is always published on this webpage.