Privacy policy

Valid from 2024.08.01

This privacy policy contains information about how we handle your personal data. We encourage you to read our privacy policy carefully before consenting to us processing your personal data.

EU MEDSTAFF Privacy Policy

This Privacy Policy applies to the processing of personal data that takes place within the framework of EU MEDSTAFF, a service offered under the domain eumedstaff.com and eumedstaff.se and in related mobile applications (the “Service”) under the brand name EU MEDSTAFF (“we” or “us”).

We are part of the Sicarius Group and your privacy is important to us. This privacy policy describes the processing of personal data that takes place within the framework of the Service, the purposes of the processing, who we may share your personal data with and your rights in relation to your personal data. We encourage you to read this Privacy Policy carefully before using the Service.

About EU MEDSTAFF

Our services include digital solutions for doctors and nurses in the EU to manage and assist in the process of submitting professional qualification documents to the competent authorities, first and foremost in Sweden and then through Sweden to Norway, Denmark and/or Finland depending on where the customer chooses to apply for a license. We act as intermediaries and administrators by collecting and managing documents, paying the application fee and submitting the application documents to the appropriate authority on behalf of the client.

What is personal data and what is processing of personal data?

Personal data is any kind of information that can be directly or indirectly attributed to a natural person who is alive.  For example, images and sound recordings processed on a computer may be personal data even if no names are mentioned. Encrypted data and various types of electronic identities (e.g. IP numbers) are personal data if they can be linked to natural persons.

Processing of personal data is everything that happens with the personal data. Any action taken with personal data constitutes processing, regardless of whether it is carried out by automated means or not. Examples of common processing are collection, registration, organisation, structuring, storage, processing, transfer and deletion.

Data Controller

Sicarius Invest AB, corporate identity number 559021-5348, is the data controller for the company’s processing of personal data. 

What personal data do we collect about you as a natural person and for what purpose (why)?

When you use our services, register via a form, or visit our website, you may be asked to provide information. Depending on the situation or service, we may ask for the following personal data:

Purpose	Treatments performed	Categories of personal data
To be able to handle orders/purchases.	Provide payment solution Delivery (including notification and contacts regarding the delivery). Identification check. Payment processing (including analysis of possible payment solutions, which may include checking against payment history and obtaining credit information). Handling of complaints and warranty matters.	The payment solution’s checkout requested personal data to complete the purchase Technical data: the URL through which you access our web pages, your IP address and user behavior, browser type, language, and identification and operating system information.
Legal basis: Performance of the purchase contract. This collection of your personal data is necessary for us to be able to fulfil our obligations under the purchase agreement. If the information is not provided, our obligations cannot be fulfilled and we are therefore forced to deny you the purchase.
Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 24 months thereafter in order to be able to handle any complaints and warranty matters.

Services	Purpose	Treatments performed	Categories of personal data
Authentication	To be able to fulfill the user agreement and deliver the service	Handling of attached documents Administration of the application to the relevant authorities Payment to the relevant authorities Share personal data incl. all requested documents to the National Board of Health and Welfare in Sweden for handling the identification. If you are also able to do so, the personal data, including all requested documents, will also be sent to the relevant authorities in the respective country to which identification is to be applied: Norwegian Directorate of Health, Norway Danish Patient Safety Authority, Denmark Valvira, Finland Handling of complaints and warranty matters. Management of (including notification and contacts regarding the management) of the service credentials with the customer	First name and last name Social security number Gender (Male, Female, Other) Passport copy Contact details (e.g. address, email and telephone number). Appendices requested by authorities (these appendices are not static and it is updated based on the authorities’ requirements) Degree (professional qualification, and language validation/degree) Other information that you provide yourself within the framework of the Service (e.g. attached attachments). Other personal data requested by the authorities. User information for My pages.
Language courses	To be able to fulfill the user agreement and deliver language training	Handling of the application to attend our third party language education (Swedish C1 level + healthcare Swedish) Processing payment through PayPal Management of the distribution of access to the language course. Management of (including notification and contacts regarding the management) of the Language Course service Handling of complaints and warranty matters.	First name and last name Social security number E-mail address Case number at the authority Passport copy Occupation Background Citizenship Other information that you provide yourself within the framework of the Service (e.g. attached attachments). User information for My Pages
Legal basis:	Fulfillment of the User Agreement.  This collection of your personal data is necessary for us to be able to fulfil our obligations under the user agreement. If the data is not provided, our obligations cannot be fulfilled and we are therefore forced to deny your service needs request.
Storage period:	Up to a maximum of 24 months after the service has been completed in order to be able to handle any complaints and warranty matters.

Services	Purpose	Treatments performed	Categories of personal data
Job	To be able to fulfill the user agreement and deliver job offers	Handling with the customer’s consent to obtain various job offers from both authorities and private actors. We will share censored data with the various partners to match jobs. We do not share personal data and contact details for our partners, so that it is fair to treat them only on the basis of, for example, experience, skills and profession. We will email all job offers to the customer’s email address Handling of complaints and warranty matters.	CV Degree basis Profession Background E-mail address Profile picture Other information that you provide yourself within the framework of the Service (e.g. attached attachments).
Legal basis:	Performance of the service agreement. This collection of your personal data is necessary for us to be able to fulfil our obligations under the service agreement. If the information is not provided, our obligations cannot be fulfilled and we are therefore forced to deny you the service.
Storage period:	Until the service is completed.

Purpose	Treatments performed	Categories of personal data
To be able to comply with the company’s legal obligations.	Necessary processing for the fulfilment of the company’s legal obligations under legal requirements, court rulings or decisions by authorities (e.g. the Accounting Act, the Money Laundering Act or the rules on product liability and product safety, which may require the production of communication and information to the public and customers).	Name Social security number Contact details (e.g. address, email and telephone number) Payment history Payment information Your correspondence Information about the time of purchase. Details of the demand request creation and process. User information for My pages. Other information that you have submitted yourself within the framework of the Service (e.g. attached attachments).
Legal basis: Legal obligation. This collection of your personal data is required by law. If the information is not provided, our legal obligation cannot be fulfilled and we are therefore forced to deny you the purchase.
Retention period: Until the purchase has been completed (including delivery and payment) and for a period of 24 months thereafter.

Purpose	Treatments performed	Categories of personal data
To be able to handle customer service issues.	Communication and answering any questions to customer service (by phone or in digital channels, including social media). Identification. Investigation of any complaints and support matters (including technical support).	Name Contact details (e.g. address, email and telephone number). Your correspondence. Details of your case. Other information that you submit yourself orally or in writing.
Legal basis: Legitimate interest. The processing is necessary to satisfy our and your legitimate interest in handling customer service matters.
Retention period: Until the customer service case is closed.
Information: We aim to help you with your customer service cases as soon as possible, your case will be processed if you have been given a case number. Each case is assigned an individual case number. If you have not received a case number, it means that we have not stored your information and thus we have closed your case.

Purpose	Treatments performed	Categories of personal data
To be able to conduct and manage participation in competitions and/or events.	Communication before and after participation in a contest or event (e.g., confirmation of entries, questions, or evaluations). Identification and verification of age. Selection of winners and dissemination of any prizes (e.g. payouts or products).	Name Age Contact details (e.g. address, email and telephone number) Information provided in competition entries Data provided in event evaluations.
Legal basis: Legitimate interest. The processing is necessary to satisfy our and your legitimate interest in managing your participation in competitions and/or events.
Storage period: During the duration of the competition/event (including any evaluation).

Purpose	Treatments performed	Categories of personal data
To be able to prevent misuse of a service or to prevent, prevent and investigate crimes against the company.	Prevention and investigation of possible fraud or other violations of the law (e.g. forgery of documents). Preventing spam, phishing, harassment, attempted unauthorized login to user accounts, or other actions prohibited by law or our Terms of Use or Terms of Service. Protection and improvement of our IT environment against attacks and intrusions.	Name Contact details (e.g. address, email and telephone number) Social security number Purchase and user-generated data (e.g. click and visit history) Information about how our services are used  Technical data relating to devices used and their settings (e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform). Information about how you have interacted with us, i.e. how you have used the Service, login method, where and for how long different pages were visited, response times, download errors, how you access and leave the Service, etc.
Legal basis: Performance of a legal obligation (if any) or legitimate interest. In the absence of a legal obligation, the processing is necessary to satisfy our legitimate interest in preventing misuse of a service or for the prevention, prevention and investigation of crimes against the company.
Storage period: From collection and for a period of 24 months thereafter.

Purpose	Treatments performed	Categories of personal data
To be able to evaluate, develop and improve our services, products and systems for the customer and user community at large.	Adapting services to become more user-friendly (e.g. changing the user interface to simplify the flow of information or to highlight features that are frequently used by customers and users). Preparation of documentation for the purpose of improving the marketplace and our services and products.  Preparation of data for developing and improving our range and market segments. Preparation of documentation for the purpose of planning new and possible establishments. Development of documentation for improving IT systems in order to generally increase security for the company and our users/customers. Analysis of the data we collect for the purpose. Based on the data we collect (e.g. usage, needs, region, purpose), you are sorted into a customer group (so-called customer segments) for which analysis is then carried out on an aggregated level using de-identified or pseudonymized data, without any connection to you as an individual. The insights from the analysis form the basis for how we develop My Pages but also the platform as a whole on the domain *eumedstaff	User information on My pages Correspondence and feedback regarding our services Purchase and user-generated data.   (e.g., click and visit history) Technical data relating to devices used and their settings (e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform). Information about how you have interacted with us, i.e. how you have used the Service, login method, where and for how long different pages were visited, response times, download errors, how you access and leave the Service, etc.
Legal basis: Legitimate interest. The processing is necessary to satisfy our and our customers’ legitimate interest in evaluating, developing and improving our services, products and systems.
Storage period: From collection and for a period of 24 months thereafter.

Purpose	Treatments performed	Categories of personal data
To be able to create and administer an account on My Pages.	The creation of the login function. Account is created automatically when using Finance Needs or Services Needs. Maintaining accurate and up-to-date data. Management of your customer choices (e.g. your profile and preferences). The ability for you to save favorites and similar facilitation actions. The ability to provide reviews to the companies you have chosen to hire. The possibility of being able to accept and decline offers from My Pages. The ability to send new demand requests and follow up on them.	Name Sex Contact information (email address and address) About you
Legal basis: Performance of the user agreement and legitimate interest. The first three personal data are required to be collected in order for us to be able to fulfil our obligations under the user agreement, the remaining personal data is the processing necessary to satisfy our legitimate interest and eliminate trolls and forged accounts. If the information is not provided, our obligations cannot be fulfilled and we are therefore forced to deny you the use of the service.
Retention period: Until account closure (can be done manually by contacting customer service or automatically due to a lack of accountability). inactivity for a period of 24 months).

From what sources do we obtain your personal data?

When you consent to us processing your personal data, you also agree that we may register other information about you that you have previously provided to us in other contexts. Based on publicly available information, we may also supplement your registered information with hobby, industry, additional contact information to satisfy our legitimate interest.

Overview of the purposes of the processing of your personal data

Summary from the above heading what the purpose of processing your personal data:

We will process the information above for the following purposes:

• To provide the Service
• To ensure user and customer knowledge
• To personalize and improve your experience of the Service
• To send you system notifications and notices by telephone, electronic communication (such as text message or email), or otherwise.
• To inform you about our updates to the Service and the Terms of Use
• To improve and develop the Service and new services and products, and to analyze your use of the Service
• To ensure the technical functionality of the Service
• To prevent the use of the Service in violation of the terms of use of the Service and to prevent and investigate misuse of the Service
• and to comply with legal obligations.

Handling of personal identity numbers/coordination numbers

The only time we process your personal identity number/coordination number is when you purchase the service Legitimation och språkkurs, where a Swedish personal identity number/coordination number can be requested. We will then only process your personal identity number when it is clearly justified with regard to the purpose, necessary for secure identification or if there is some other noteworthy reason.  We always minimize the use of your social security number as much as possible by, where it is sufficient, using your national identity number instead.

Disclosure of personal data

By using the service to get a license in Scandinavia, you need to submit the application on eumedstaff.com. In order for us to be able to provide the service, you consent to EU MEDSTAFF passing on your contact details, all the supporting documents that you have filled in and attached to the relevant licensing authorities in each country.

By using the service to get a language course, you need to submit the application on your pages eumedstaff.com. In order for us to be able to provide the service, you agree that EU MEDSTAFF forwards your contact information to our partner in order to be able to register for the course and to be able to give you a degree in the language in order to be able to supplement your application for the license. If you already have a language course exam and attach the grade, we will not share that information with our partners, but will share it with the relevant authority that handles the credentials.

Who can access your personal data at EU MEDSTAFF?

Our service is automated, your personal data is processed automatically based on our parameters. Our automation creates reports based on the authorities’ requirements. That report will be shared with our administrators who handle your administration with the authorities. There, the case officer will go through your application and see if anything needs to be supplemented or interpreted before it is sent. In addition, there are limited people within the company who work in the department/division finance and customer service who can access your information. Technical data and user behavior data will be able to be shared by our IT division in order to improve the service you use.

Who may we share your personal data with?

Data processors. In cases where it is necessary for us to be able to offer our services, we share your personal data with companies that are so-called personal data processors for us. A data processor is a company that processes the information on our behalf and in accordance with our instructions. We have data processors who help us with:

1. IT services (companies that handle the necessary operation, technical support and maintenance of our IT solutions).
2. Company (Language course partner company).

When your personal data is shared with data processors, it is only for purposes that are compatible with the purposes for which we have collected the information (e.g. to be able to fulfil our obligations under the User Agreement or the Service Agreement). We screen all data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data.

Companies that are independent data controllers.
We also share your personal data with certain companies that are independent data controllers. The fact that the company is an independent personal data controller means that it is not we who control how the information provided to the company is to be processed. Independent data controllers with whom we share your personal data are:

1. Government authorities (the police, the Swedish Tax Agency or other authorities) if we are obliged to do so by law or in the event of suspicion of a crime.
2. State authority (Legitimationsmyndigheten, to handle licence applications and grants)
3. IT services (companies that handle the necessary operation, technical support and maintenance of our IT solutions).
4. Company (Language course partner company).
5. Companies that offer payment solutions (card acquiring companies, banks and other payment service providers).

When your personal data is shared with a company that is an independent data controller, that company’s privacy policy and personal data management apply.

Where do we process your personal data?

We always strive to ensure that your personal data is processed within the EU/EEA and all our own IT systems are located within the EU/EEA. However, in the case of system support and maintenance, we may be required to transfer the information to a country outside the EU/EEA, e.g. if we share your personal data with a data processor who, either itself or through a subcontractor, is established or stores information in a country outside the EU/EEA. In these cases, the processor may only access the information that is relevant for the purpose (e.g. log files).

Regardless of the country in which your personal data is processed, we take all reasonable legal, technical and organisational measures to ensure that the level of protection is the same as within the EU/EEA.

In cases where personal data is processed outside the EU/EEA, the level of protection is guaranteed either by a decision from the European Commission that the country in question ensures an adequate level of protection or by the use of so-called appropriate safeguards. Examples of appropriate safeguards include an approved code of conduct in the recipient country, standard contractual clauses, binding corporate rules or Privacy Shield.

Thinning

Your personal data will not be stored for longer than is necessary to fulfil the purpose of the processing. Your personal data is deleted on an ongoing basis when it is no longer relevant for the purposes for which it has been collected, but with maximum storage periods specified under the respective purpose.

Deletion information not previously mentioned in the policy. If you have an active dialogue with us, your data will be stored for a maximum of 24 months from the last interaction; after that, we will delete the data we have registered about you. An active dialogue is defined as having interacted with us or representatives of EU MEDSTAFF over the past 24 months by telephone, by replying to emails, downloading material on the website or registering via a form.

If you have consented to the processing of your personal data in connection with accepting regular emails, we will continue to process your personal data until you cancel your subscription. After that, we store your personal data for 24 months before we delete your data.

In the event that you are employed by a company that is a customer of ours, we process your data within the framework of customer care. For active customer relationships, we process your data until (1) you have terminated your employment with the company, or (2) the company no longer has an active customer relationship with us. When a customer relationship is terminated, our storage and processing of your data will be subject to the same terms and conditions as described in the two previous paragraphs. If you terminate your employment with the company, you are responsible for notifying us using the contact details provided so that we can delete your information.

Legal Requests and Harm Prevention

We may use, store, and share your information in response to lawful requests (such as searches, court orders, subpoenas, etc.), or when necessary to detect and prevent criminal activity. We do this so that we can protect ourselves, you and other users. This may mean that the storage takes place as part of an investigation if we believe that this is required by applicable law. Information that we obtain about you when you use the Service may be used and stored for a longer period of time than is required for other purposes when the information is subject to a legal request, obligation under law, government investigation, or investigations regarding possible violations of our Terms of Use or policies, or otherwise to prevent harm.

SPAM

Personal data is not shared with partners or third parties for any other purpose than for us or them to be able to manage the service you use.

EU MEDSTAFF also does not participate in sending e-mail advertising, so-called spam. E-mails regarding goods or services that are not directly related to our business do not occur. If you send out automatically sent out, you can easily unsubscribe from these from a link in the email.

Consent to e-mails, direct marketing and continued contact

When you consent to us processing your personal data for the purposes set out above, you agree that:

• We process your personal data in accordance with this privacy policy
• That we have the right to continuously send out newsletters to the specified email address with information about new services, changed regulations or offers from EU MEDSTAFF. (If you no longer wish to receive such newsletters, you can unsubscribe from this service at any time by clicking on the appropriate link provided in each newsletter)

Your rights

Right of access (so-called register extract). We are always open and transparent about how we process your personal data, and if you want to gain a deeper insight into what personal data we process about you, you can request access to the data (the information is provided in the form of a register extract stating the purpose, categories of personal data, categories of recipients, storage periods, information about where the information has been collected from and the existence of automated decision-making).

Please be aware that if we receive a request for access, we may ask for additional information to ensure the efficient handling of your request and that the information is provided to the right person.

Right to rectification. You can request that your personal data be corrected if the information is incorrect. Within the scope of the stated purpose, you also have the right to complete any incomplete personal data. Keep in mind that you can change certain information directly via My Pages.

Right to erasure. You can request the deletion of the personal data we process about you if:

• The data is no longer necessary for the purposes for which it was collected or processed.
• You object to a balancing of interests we have made based on legitimate interest and your reason for objection outweighs our legitimate interest.
• You object to processing for direct marketing purposes.
• The personal data is processed in an unlawful manner.
• The personal data must be deleted in order to comply with a legal obligation to which we are subject.
• Personal data has been collected about a child (under the age of 18) for whom you have parental responsibility and the collection has taken place in connection with the provision of information society services (e.g. social media).

Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations come from, the Patient Safety Act (2010:659), accounting and tax legislation, banking and money laundering legislation, but also from consumer rights legislation. It may also be necessary for us to establish, exercise or defend legal claims. Should we be prevented from complying with a request for deletion, we will instead block the personal data from being used for purposes other than the purpose that prevents the requested deletion.

Right to restriction. You have the right to request that our processing of your personal data be restricted. If you contest the accuracy of the personal data we process, you can request a restriction of processing for the time we need to verify the accuracy of the personal data. If we no longer need the personal data for the defined purposes, but you do need it to be able to establish, exercise or defend legal claims, you can request that the processing of the data by us be restricted. This means that you can request that we do not delete your data.

If you have objected to a balancing of interests that we have made as a legal basis for a purpose, you can request limited processing for the time we need to check whether our legitimate interests outweigh your interests in having the data deleted.

If the processing has been restricted in accordance with any of the situations above, we may only process the data for the establishment, exercise or defence of legal claims, to protect the rights of another person or if you have given your consent.

The right to object to certain types of processing. You always have the right to avoid direct marketing and to object to all processing of personal data based on a balancing of interests.

Legitimate interest: In cases where we use a balancing of interests as a legal basis for a purpose, you have the opportunity to object to the processing. In order to continue processing your personal data after such an objection, we need to be able to demonstrate a compelling legitimate reason for the processing in question that outweighs your interests, rights or freedoms. Otherwise, we may only process the data for the establishment, exercise or defence of legal claims.

Direct marketing (including analyses carried out for direct marketing purposes): You have the option to object to your personal data being processed for direct marketing purposes. The objection also covers the analyses of personal data (so-called profiling) carried out for direct marketing purposes. Direct marketing refers to all types of outreach marketing measures (e.g. by post, e-mail and text message). Marketing activities where you as a customer have actively chosen to use one of our services or otherwise sought us out to find out more about our services are not considered direct marketing (e.g. product recommendations or other features and offers on My Pages).

If you object to direct marketing, we will cease processing your personal data for that purpose and cease all types of direct marketing measures.

Keep in mind that you always have the opportunity to influence which channels we use for mailings and personal offers. For example, you can choose to receive offers from us only by email, but not by text message. In that case, you should not object to the personal data processing as such, but instead limit our communication channels (by changing the settings, contact customer service).

Cookies and similar technologies

We collect information using cookies and other technologies that recognize you as a user. For the reason that we strive to help you with your needs in the most efficient and productive way possible and much more than that. In order for us to do that, we need to get to know you and find out what we can do for you. We do this by personalizing the content, adapting, and measuring and offering a safer user experience through cookies. Therefore, we place cookies on your device when you visit our website.

If you do not accept cookies through your browser, we will not be able to offer the website in full and you will not be able to access our services. You can always click on View details in the cookie pop-up box to see what kind of cookies we place on your device.

To fulfill our commitments to you, we may also pass cookies from your device to the social media and advertising and analytics companies we work with. These, in turn, may combine the information with other information that you have provided or that they have collected when you have used their services.

Links to other websites

Please note that links that may be found on this website that lead to other websites may cause you to visit other websites that contain different privacy policies than those set out in this document.

 And also that the mediated entrepreneurs who can meet your needs may contain other rules for privacy protection than what is stated in this document.

What does it mean that the Swedish Data Protection Authority is a supervisory authority?

The Swedish Data Protection Authority is responsible for monitoring the application of the legislation, and anyone who believes that a company is handling personal data incorrectly can file a complaint with the Swedish Data Protection Authority.

Changes to the Privacy Policy

If we make changes to this Privacy Policy, we will notify you by posting the updated version here

If the changes are material, we will also notify you appropriately and, if required, ask for your consent.

FORCE MAJEURE

A party shall be exempt from damages and other sanctions if the performance of a certain undertaking is prevented or significantly impeded by circumstances beyond the party’s reasonable control or foreseeability. An exonerating circumstance may include, among other things, legislative amendments, lightning, fire, government regulations or other public regulations, war, natural disasters or faults in major telecommunications or data networks.

Choice of law and dispute resolution

The processing of your personal data in accordance with this Privacy Policy and your use of the Service is governed by Swedish law.

Disputes shall be resolved by a Swedish general court with Malmö District Court as the first instance, unless otherwise provided by mandatory law.

What is the easiest way to contact us if you have questions about data protection?

Because we take data protection very seriously, we have dedicated customer service staff who handle these particular matters, and you can always reach them on dataprivacy@eumedstaff.com

We may make changes to our privacy policy. The latest version of the privacy policy is always available here on the website. In the event of updates that are essential to our processing of personal data (e.g. changes to specified purposes or categories of personal data) or updates that are not essential to the processing but may be of vital importance to you, you will be informed by eumedstaff.com and by email (if you have specified an email) well in advance of the updates taking effect. When we make information about updates available, we will also explain the meaning of the updates and how they may affect you.