Personal data responsibility
Rehappen AB, Organization number 559179-0034
The Customer is the owner of data while Rehappen is the processor of data.
- What personal information Rehappen collects
- Why Rehappen collects the personal data in question
- How Rehappen will use collected personal data and how storage and thinning takes place
What personal information does Rehappen collect from the employer?
Fundamental information is needed to be able to provide a sick leave platform. Rehappen obtains information about organizational structure and affiliation as well as the immediate manager of the employees, sick leave data from the employer and other absences. The information is necessary for the Customer to meet Employer labor law requirements. Rehappen collects the information to provide a tool for the personnel responsible manager with rehabilitation responsibility according to law, as well as by agreement with an external independent expert with the task of supporting the sick leave work.
The personal data collected are:
- Identity number or employment number
- If necessary, social security number, eg to enable BankID login
What personal information does Rehappen collect about employees?
When the employee comes in contact with Rehappen, Rehappen processes information about sick leave for the customer / employer to be able to support managers and leaders and HR in preventing and alleviating signs of ill health, or supporting rehabilitation. As a company, we are not subject to health and medical care legislation, for example the Patient Data Act (2008: 355), but have support based on the Work Environment Act and other laws or collective agreements that govern rehabilitation and sick leave.
In Rehappen, joint agreements and goals for employees’ sick leave and rehab are documented and stored.
Customers and employers own the data and are based on the provisions on the employer’s obligation, for example, to draw up a plan, ch. Section 6 of the Social Insurance Code, where a note field is used as a common work area and document area for support in sick leave work (both long-term and short-term sick leave) rehabilitation or adaptation. Rehappen is not a medical record system according to the Patient Data Act.
Health information or sick leave data is a sensitive personal data and is heavily regulated by confidentiality and we never disclose personal data to unauthorized persons. Information is only shared to the roles that have a legal right to take part in it and the employee always has the right to take part in their information. The personal data processed in Rehappen are:
- Contact information
- Social security number
- Data about absence, meeting notes, rehabilitation plans or
- Information that the employee chooses to provide for reasons related to dialogue about sick leave, preventive occupational health care and work adaptation.
- Medical certificate and rehabilitation plans
Rehappen does not store information from insurance companies or other statistics without the customer’s wishes. There may be statistics that are anonymised and cannot be traced to an individual.
How does Rehappen use your personal information?
When we at Rehappen process personal data about employees that have been transferred from your employer, it is done on a legal basis for reasons related to labor law, rehabilitation obligations, preventive work environment and wellness. In our function as experts in sick leave and healthy workplaces and in the role of advisor and managerial support, we can carry out factual investigations in the workplace on behalf of the customer.
Rehappen is a platform where medical certificates, rehab plans are saved in order to comply with the GDPR, these can be deleted when there is no longer any reason to save them.
Rehappen collects personal data to be able to ensure the connection to your employer and your own organization. Some advice is given on employees’ work environment and workplace based on safety, work adaptation and work rehabilitation in accordance with the Work Environment Act (1977: 1160) and the Social Insurance Code (2010: 110).
The employer is the one who gives assignments to Rehappen as a resource, for example to HR. In that case, contractual requirements may make it necessary for Rehappen to collect personal data in order to provide its services, on behalf of the employer. Rehappen has no opportunity to fulfill his duties as an external independent expert in the assignment from the employer without these tasks.
Rehappen also handle sick leave statistics completely anonymised and aggregated health information with the legal basis in the public interest and at the request of employers, trade unions or safety committee such as sick leave statistics that aim to build and strengthen a good working environment. Rehappen also compiles costs for sick leave to motivate employers to invest in preventive measures and healthy corporate cultures.
AI, Automated, individual decision making
Personal contact and dialogue are important to support in sick leave. We will not use technical methods, statistics to make decisions about employees without personal contact. Big data, AI or other decision method based on information from the system around employees will not be subject to decision, however AI can be used to create reminders and help users in the rehab chain.
E-mail communication from Rehappen
Rehappen communicates via various forms of e-mails, reminders linked to sick leave, the sick leave process, the rehab chain to support sick leave work, especially for managers. Rehappen can also send out tips, newsletters, information to managers, invitations to trainings or invitations to breakfast meetings or local activities. It is voluntary to take part in Rehappen’s newsletter, mailings and employees must actively register on our website so that we can make other mailings than reminders from the system. When the employee does, the employee chooses the type of information they want.
When users sign up for Rehappen’s tips and newsletters or mailings, they agree that Rehappen saves and processes information to provide relevant information about articles, services, training or activities. To unsubscribe from mailings can be done at any time on the website, by clicking on the link in the e-mail or by contacting us at email@example.com
In the case of pilots or follow-up on sick leave, we can carry out evaluations and in cases where personal data from employees and managers are also processed when, this with a legal basis in our legitimate interest. In such surveys, the employee can choose to remain anonymous.
Rights – the employee always has the right to access their personal data
According to the GDPR, if employees wish, they always have the right to access their personal data if they wish. They can then get a copy of all or part of the information we have about them. If desired, you contact your employer or Rehappen, who then ensures that the employer produces the information. If someone believes that the personal data that Rehappen has is incorrect and needs to be corrected or deleted, the employee may contact his employer, so this can be done, if it does not meet any legal obstacle.
The right to data portability means that if the employee wishes to obtain their personal data and transfer it to another actor, Rehappen can help to do this if the processing of personal data is based on consent or on us being able to fulfil contractual obligations. That right is handled whenever technically possible. Please note that this does not automatically mean that the personal data is deleted from Rehappen’s system and that it does not affect the original storage period for the data that has been transferred.
Who or what has access to the personal data?
Only those who absolutely must have access to the personal data have access (minimum privilege principle), for example only the immediate manager, HR or rehab specialist.
Collecting all sickness and absence data is something that the employer has an obligation to do. With the employee’s consent, we can forward or transfer your personal information to the competent authorities, eg the social insurance office, caring doctor. Employees at Rehappen are subject to the same “minimum principle-principle” – access is limited to only those who need it to perform their tasks.
For our products, we also use produced personal data assistants within the EU / EEA who are categorized as:
- IT services: Software, operation, support and infrastructure
Personal data assistants who process personal data for Rehappen’s purposes do so in accordance with Rehappen’s instructions.
None of these may access personal data that is not required for them to be able to provide their services in accordance with agreements. This also includes those who work under the direction of the personal data assistant. Special personal data assistant agreements are established that regulate the processing of personal data in its entirety, including organizational and technical security measures.
How long is personal data stored?
Rehappen is there to support employers in a GDPR-safe way to save important documentation regarding sick leave, medical certificates, rehab plans to fulfil their obligation according to law. Rehappen works to not store more information than is necessary for the purposes and in accordance with provisions in national legislation, labor law, rehab rules, the Work Environment Act etc. The Accounting Act (1999: 1078).
How long is personal data stored?
It is important to store your personal data, so they are “extra worthy of protection”, ie sensitive personal data constitutes a significant part of Rehappen’s operations. Rehappen maintains a high level of protection by protecting personal data that is processed against unauthorized access, alteration, disclosure or destruction of the information Rehappen processes for its customers.
Access to information and personal data that Rehappen processes is strictly permitted and the “minimum privilege principle” is applied. This means that only those who are involved in a personal matter have access to the personal data. Authorization is strictly regulated, and no one shall have more access than is necessary to perform their duties and duties based on work environment laws and ch. Section 6 of the Social Insurance Code.
Rehappen’s server halls are always available in Microsoft Azure within the EU and in northern Europe. They are certified according to ISO 27001, management system for information security.
For the public sector, customers can save their data in Swedish suppliers’ server halls if required. Development of “Swedish clouds” is taking place and Rehappen is of course involved in the work for the public customers who wish.
Cookies on rehappen.se
Only the website that set a cookie can read its own cookie. We use two types of cookies, fixed cookies and third-party cookies.
A permanent cookie means that the website recognizes you on a return visit. It stores information so that, for example, certain messages are only displayed once.
Third party cookies
Cooperation with regulatory authorities on compliance
If necessary, Rehappen will cooperate with the relevant supervisory authorities, including the Swedish Data Inspectorate, the Swedish Social Insurance Agency, in accordance with current data protection regulations. In the event of written complaints, the person concerned will be contacted and the matter will be followed up in collaboration with the current employer.
For questions regarding the processing of your personal data, you are welcome to contact us: Postal address: Rehappen AB, Västra Trädgårdsgatan 111 53 Stockholm Email: firstname.lastname@example.org
Visiting address: Västra Trädgårdsgatan 15, 111 53 Stockholm Phone: 0734412118
You can also send an e-mail to Rehappen’s data protection officer by emailing email@example.com
Contact the Datainspektionen (Data Inspectorate)
If you believe that Rehappen does not comply with the requirements of the Datainspektionen, the comment can be submitted to the Datainspektionen.
E-mail: firstname.lastname@example.org Phone: 08-657 61 00 Fax: 08-652 86 52 Postal address: Datainspektionen, box 8114, 104 20 Stockholm