Privacy Notice – Hand Scan
This privacy notice (the “Privacy Notice”) describes how Mölnlycke Health Care AB, reg. no 556547-5489, and the local Mölnlycke entity (“Mölnlycke”, “we”, “us” and “our”), process your personal data when you as a health care practitioner (“User” or “you”) complete a hand scan in our mobile application (“Hand Scan”), and thereby orders a Personalized Hand Performance Report from us. It also explains the rights you have over your personal data.
We are responsible for the processing of your personal data as described in the Privacy Notice in the capacity of data controller. If you would like to know more about our processing of your personal data, you are welcome to contact us through our data protection officer by e-mail at firstname.lastname@example.org or by using the contact information at the end of this document.
It is important to us that you feel comfortable with how we process your personal data, and we therefore ask you to read through this Privacy Notice, which we may update from time to time. If we make changes to the Privacy Notice, the latest version will apply from the time it is published on our website www.molnlycke.com.
2. The scope of this Privacy Notice
The Privacy Notice covers our processing of personal data in relation to the Hand Scan. It describes the processing activities which will be conducted by Mölnlycke as well as your rights in relation to the processing of your personal data and how you may exercise them.
3. How we collect your personal data
We will obtain your personal data as described herein directly from you when you use the Hand Scan or when you engage with one of our sales representatives and such representative assists you to complete a Hand Scan. Completing a Hand Scan will involve a step where you or the sales representative will scan your hand (i.e., take a picture of your hand), and from this image we will be able to measure your hand size, including palm width and finger length. This is described in more detail under section 4 below.
4. How we process your personal data
We only process your personal data to the extent permitted in accordance with applicable data protection legislation. This means inter alia that we need to have a legal basis for the purposes for processing your personal data, which in the Hand Scan context means the following legal basis:
Legitimate interests – the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that they are not overridden by your interests or fundamental rights or freedoms (in which case the processing would not be allowed).
Below, we explain more about the categories of personal data we process, for what purposes we process them and for how long we store your personal data.
To provide you with the Personalized Hand Performance Report and relevant product recommendations
What we do and why:
We will process your personal data for the purpose of generating and providing you with your requested Personalized Hand Performance Report, which is done by sending it to your email address.
The Personalized Hand Performance Report will include tailored product recommendations, which are provided on the basis of your personal data used to complete the Hand Scan.
The personal data that we process:
- Diversity data; including gender, age, professional role, speciality and location.
- Preference data; including information regarding preferred glove materials, glove thickness and grip requirements.
- Measured hand image; derived from the hand scanning.
- Contact information; including email address.
Our legal basis for processing:
Legitimate interest, wherein our legitimate interest is to generate and provide you with the Personalized Hand Performance Report (including product recommen-dations), which you have requested from us.
How we share and transfer your data:
We will share your personal data with the following recipients;
- Suppliers of IT-services; and
- Our Mölnlycke affiliates
Mölnlycke will not transfer your personal data to countries outside the EU/EEA within the scope of this processing activity.
How long we keep your data:
We will process and keep your personal data for the period of time you are using the mobile application and the time required to send you the Personalized Hand Scan Report. The collected data will be transformed into anonymised data after sending the Personalized Hand Scan Report. Such anonymous data cannot directly identify you as a person and may be processed by us for an indefinite period of time. For the sake of clarity, this anonymised data is not personal data.
5. Security measures
We have taken measures to ensure that your personal data is handled in a safe way. For example, access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities.
6. Third country transfers
We strive to always process your personal data within the EU/EEA. However, if a third country transfer is described in the tables under section 4 above, we will transfer your personal data to Mölnlycke’s affiliates that are located or have business activities in a country outside the EU/EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g., by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.
You may access a list of the countries that the European Commission has decided provide an adequate level of data protection here.
You may access the European Commission’s standard contractual clauses at here.
You have rights in relation to us and our processing of your personal data. Below, you will find information about your rights and how you can exercise them.
Please note that your rights apply to the extent that follows from applicable data protection legislation and that there may be exceptions to the rights where applicable. We also ask you to note that we may need more information from you in order to e.g., confirm your identity before proceeding with your request to exercise your rights.
To exercise your rights or request information, we ask you to contact us, via email: email@example.com or via the contact information you find under Questions or complaints.
Right of access
You have the right to obtain a confirmation as to whether or not we process your personal data. If that is the case, you also have the right to receive copies of the personal data concerning you that we process as well as additional information about the processing, such as for what purposes the processing occurs, relevant categories of personal data and the recipients of such personal data.
Right to rectification
You have the right to, without undue delay, have incorrect personal data about you rectified. You may also have the right to have incomplete personal data completed.
Right to erasure
You have the right to request that we erase your personal data without undue delay in the following circumstances: (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing; (iii) you object to our processing of personal data, and we do not have any overriding legitimate grounds for the processing; (iv) the processed personal data is unlawfully processed; or (v) the processed personal data has to be erased for compliance with legal obligations.
Right to restriction
You have the right to restrict the processing of your personal data in the following circumstances: (i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data; (ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead; (iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
Right to object
You have a right to object to our processing of your personal data when it is based on our or another party’s legitimate interest. If you object, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms in order to be allowed to continue with our processing.
Complaints with the supervisory authority
The data protection authority in Sweden is ‘Integritetsskyddsmyndigheten’. If you believe that our processing is performed in breach of applicable data protection legislation, we encourage you in first-hand to contact us in order for us to oversee your complaints. You may at any time also file a complaint with the supervisory authority in Sweden, or with your local supervisory authority in the EU member state where you are located. You can find contact details to each local supervisory authority by visiting this link.
If you have any questions about the processing of your personal data or want to exercise any of your rights, please contact us at:
Post: Mölnlycke Health Care AB
Attn: Chief Privacy Officer
P.O. Box 13080, SE-402 52 Gothenburg, Sweden
For residents of Germany,
Mölnlycke Health Care GmbH
Grafenberger Allee 297
40237 Düsseldorf, Germany
Phone: +49 (0)211 920 88 0
You can contact the external data protection officer of the controller at:
Phone: +49 (0)89 91 92 94 - 900