Privacy policy

We process personal data that is necessary for the contractual relationship between Kaddio and the customer, alternatively, in agreement with the customer to be able to provide the best service possible. Personal data is saved for as long as needed for the business relationship with the customer, and then deleted. If you have questions or are dissatisfied you are welcome to contact us, or our data protection officer at [email protected].

Processing of personal data of your clients

Regarding the personal data of clients that customers of Kaddio add to the system, Kaddio has responsibilities according to our Data Protection Agreement (DPA) that is available for download upon creation of an account.

As a customer, you are responsible for taking appropriate organizational measures to fulfil GDPR with regards to the processing of personal data of your clients. Each individual customer needs to decide where in the organization the responsibility for data protection issues lies. For more information on when it is adviceable or mandatory to have a data protection officer and the responsibilities of such an officer, contact your local authorities for privacy protection.

Kaddio provides the technical conditions for you as a customer to be able to fulfil the requirements of GDPR.

Information we collect

• New customer. When you create a new organization we ask for personal data like given name, family name and email address.
• Usage. When you use Kaddio we save information about, for instance, what modules you have activated. In our server logs, we save information about your last log in.

How we use information

• Improvement. Information that we collect is utilized to provide, improve and protect our services.
• Cookies. Our website kaddio.com does not use cookies. The Kaddio application only uses cookies for load balancing and security.

Options

It is up to you as a customer to choose what information you want to share with us. The only personal data you need to share with us to create an organization is your given name, last name, email address and the name of your organization.

Where personal data is handled

GDPR is applicable in the entire EU/ESS which implies that all EU member states have equal protection of personal data and personal integrity.

• According to GDPR, personal data can be processed freely within the EU/ESS without limitations.
• Outside of the EU/ESS, personal data can only be processed given that the data processor follows the given regulations and has taken appropriate protective measures.

For all suppliers who process personal data on behalf of Kaddio outside of the EU/EES, we have agreeements that contain standard contractual clauses imposed by the European commission which fulfils an adequate level of protection according to GDPR.

Data for the following purposes are handled outside of the EU/ESS

• Newsletter. System to send newsletters from Kaddio to our customers.
• SMS. System to deliver SMS via Twilio.
• BankID. System to connect to BankID.
• Payment at booking. System to handle payment by card online at bookings.
• Email. System for automated sending of emails for: invoicing, invitations for practitioners and clients, receipts at bookings, and confirmations of bookings and cancellations.

All other information that contains personal data is handled within the EU/EES. All storage of data from Electronic Medical Records and Communication is within the EU/EES.

For details, see our list of Third-Party Subprocessors

See also FAQ