Personal information is defined as any kind of information that can be attributed to a natural person in life. The personal data that NordiCare collects and processes consists primarily of a person’s name, address, e-mail address, telephone number, order number, and customer number. This information is needed to fulfil our legal and contractual agreements and to fulfil delivery. NordiCare also collects information regarding our customers' interests in products and item selections based on information provided by our customers and the businesses in which our customers are engaged in.
Collection of personal data
Legal basis for processing of personal data
NordiCare only processes personal data when we have a legal basis to do so. Personal data is collected and processed so that NordiCare can fulfil the agreements we have with our customers and/or with the expressed consent of our customers. Data may be processed for longer periods of time if required for accounting purposes.
Storage, sorting, and deletion of personal information
NordiCare only retains personal data as long as there is a need to save that data in order to fulfil the purposes for which it was collected. The information contained within our customer management system may be changed or discarded when the customer relationship has ceased or changed; for example, in instances of alterations or modifications of address. Our customer management system only contains information about our corporate customers and employees/contact persons. Information collected through our website may be changed or discarded in accordance with the conditions stated under the "Purchases on our website" description below. As a general rule, we only store information when it is necessary to assist a customer and/or to follow up on a purchase that has been made from our webshop. Information may also be stored if it was provided through active consent to register as a customer with us or when subscribing to our newsletter. In our financial and accounting system, data that is required for accounting purposes is stored for a duration of time that is in accordance with the Book-keeping Act (bokföringslagen).
How your personal information is processed
NordiCare processes your personal data for various purposes within the framework of our activities as described in the paragraphs below.
Customer lists and order management
Within our customer management system, data is processed and stored on behalf of corporate customers who have placed orders, as well as potential corporate customers who, through their consent, have provided their information for contact purposes and for the purpose of receiving future information. The customer management system is primarily used by NordiCare's salespeople, individuals who are in direct contact with our corporate customers and their employees who work with order and inventory management. The data in the customer management system is continually updated and sorted, a process that is handled by the salesperson responsible; reports of changed or modified data may also be updated within our financial and accounting systems. Information concerning orders and transactions is processed and stored in our financial and accounting systems. This data may be stored for extended durations (a maximum of 7 years) in records that are saved for accounting purposes according to the Book-keeping Act (bokföringslagen). When ordering and delivering goods, personal data is processed in order to fulfil agreements with our customers. The necessary personal data may be shared with our subcontractors, such as but not limited to freight forwarding companies, suppliers of our payment solutions, etc. For information regarding service agreements with our subcontractors, please see the "Access to personal data" and "Contract partners and suppliers" sections below.
Purchases on our site
The information provided when making a purchase on our website is stored and processed within the framework of the required details to implement and provide the necessary services in connection with your purchase. Information collected for the purpose of purchases is sorted and stored for a maximum of one year after the purchase is made on our website platform. Data that has been collected in another manner but is not necessary for processing is continuously thinned and stored for a maximum of 3 months on our website platform. If you registered as a customer on our website, any information provided during registration on our website platform may be stored even if you deregister as a customer in the future. The same applies if you register for a subscription to our newsletter. You can choose to deregister your account or unsubscribe to our newsletter at any time. Information about purchases made via our webshop is collected in our financial and accounting systems. Information that must be stored for accounting purposes may be saved for an extended period of time, in accordance with the Book-keeping Act (bokföringslagen). Data regarding private customers is not transferred to the customer database that is part of our customer management system.
We may use the personal information that you provided to our customer service as part of the process of responding to and handling your questions, comments or complaints. In order to provide good service, we may connect this information with information already provided to us by the customer through other means; we may keep notes in our customer management system for required services and management activities. Only corporate customer information is handled within our customer management system.
Personal information from our customers may be used to address direct marketing material, such as sending out information concerning current products and offers. Essentially, mailings are typically only made to representatives of our corporate customers. Our goal is to be balanced in our approach to marketing, only sending information about products and news that would be of interest to our business customers' operations. You always have the option to indicate that your personal data should not be processed for direct marketing purposes. You may make a request to withhold your data from direct marketing purposes via the link in our newsletter and mailed circulars, or through a written request with our customer support. Private customers who have registered via our website must actively give their consent that they wish to receive such information from us via a checkbox; such consent can be withdrawn at any time in accordance with the above principles.
Access to personal data
Within NordiCare, only those employees who need access to personal data in order to carry out their duties will have such access. NordiCare has service agreements with subcontractors who process personal data on NordiCare's behalf. These agreements contain provisions on confidentiality and security in the processing of such personal data. See also the section entitled “Contract partners and suppliers” below.
Secure handling of personal data
The data entrusted to NordiCare shall be treated in an adequately safe and secure manner. Only employees with access privileges will be able to access the personal data, and safeguards are in place to protect against both intrusion and unwanted destruction of data. Our employees are trained in the handling of personal data and in the current security issues related to such services. NordiCare is continuously working to comply with the principles of "integrated data protection and data protection as standard". This is accomplished by regularly evaluating the risks associated with our personal data processing and by choosing safe options for our internal management as well as for our work with contract partners and suppliers. Personal data may be transferred to the management of IT systems that is provided by external parties in the situations described under the heading "Contract partners and suppliers" section written below.
Contract partners and suppliers
NordiCare uses several IT systems and services in the course of its business operations. Personal data is stored and processed on some of these systems. Some programs are installed directly with us while others are part of cloud-based solutions or may be installed with one of our suppliers. In any case where personal data is handled or stored by a third party, the supplier is the personal data assistant while NordiCare remains the personal data controller. The personal data assistant only stores and processes information based on the assignment specifically given to them, in accordance with the agreement signed between NordiCare and the supplier.
Internal IT systems
NordiCare's internal IT system includes our customer management system, financial and accounting systems, synchronization programs that provide connections between our web platform and the aforementioned financial and accounting systems, and our internal IT environment. The storage of data on all internal IT systems is accomplished through cloud services which are administered with physical servers in the EU/EEA.
Website and purchases
We use a website platform from an external supplier. The information you provide when visiting, making purchases, and registering via our website is collected and processed. Our web server is managed with a physical server in the EU/EEA.
We use external suppliers to handle customer payments. We use vendors who provide services for making secure card payments and invoice payments. NordiCare does not handle any personal data in connection with the payments that are made with these respective services.
Newsletters and circulars are distributed via our web-based supplier service. Through this service, email addresses and the names on various mailing lists are part of the data that is processed. The application server is located in EU/EEA.
We utilize personal information in order to oversee and execute the transportation of purchased goods booked through our freight forwarder. The specific information is linked to the respective order/delivery of goods; this data is necessary in order for the shipment to be delivered to you. Information provided is stored for a limited time by the freight forwarder; this time is determined by the duration necessary for timely handling and delivery.
Your rights and withdrawal of consent
The personal data processing that NordiCare carries out in order to fulfil its agreements and according to its authorised accounting purposes are permitted without your consent. By contrast, any processing of personal data for other purposes is only permitted with your consent. You can withdraw your consent at any time by contacting NordiCare's customer service. When you revoke your consent, all of the information you have consensually provided will be deleted and the associated data processing will be terminated. You also have the right to request that the processing of your personal data be limited to certain purposes and not used for others; for example, that it is not used for direct mail or newsletters. For more information, see the “Marketing” section listed above. If the same information would be processed through the support of your consent and because of the necessity of fulfiling NordiCare’s agreements (or are committed on any other legal basis), the information may still be processed and retained, even after you have withdrawn your consent, on the basis of the other reasons that are still in effect.
Contact NordiCare's customer service:
+46 42 35 22 20
NordiCare Rehab & Ortopedi AB
263 62 Viken, Sweden
If you would like more information
You have the right to know what information is registered about you within our systems. You have the right to make requests that the information be supplemented, deleted, or corrected. If you wish to access the information that is stored about you, please make a request in writing and send it to our customer service by post. The template below can be used as a model request for your personal information without our registry. Registry excerpts are free and available upon request. Please contact our customer service if you have any questions about such requests.
I wish to make a request for the personal information you have stored about me in your registry.
Place and date
Personal Identification Number
Telephone number/email address
Please attach a copy of your ID. We will send the information to your registered address.
If you have comments on our operations or management
Anyone who believes that a company is in violation of the Personal Data Act (personuppgiftslagstiftningen) may contact the relevant responsible authority. In Sweden, the Data Inspection Board (Datainspektionen) is the responsible authority.