Dignio offers software healthcare solutions that require the processing of personal data and sensitive health-related information about patients. Proper protection of the personal data and health data that we process on behalf of our customers is one of our top priorities. Dignio has implemented procedures to ensure that all the rights of the patients and other data subjects are respected.

Dignio is subject to European data protection regulations, including the General Data Protection Regulation (GDPR) as well as local data protection regulations in the countries in which we operate. We observe state of the art information security standards, see the page Dignio’s Information Security for more information about our information security measures.

In the following, you will find an overview of our data protection measures and guidance to our customers, pertaining to their role as controllers under the GDPR. If you have any questions after reading this document, feel free to contact us at privacy@dignio.com.

Dignio’s data protection measures

Dignio has implemented and continuously observes a number of data protection measures to ensure compliance with the GDPR and all other applicable data protection and health data regulations. Our current data protection measures include:

• Privacy by Design: Privacy concerns are taken into account from the beginning when developing new software or considering purchasing new products or services for our operations. When developing new software, we strive to minimise the amount of data processed to what is strictly necessary. We choose suppliers that are able to demonstrate privacy-friendly solutions.
• Adherence to privacy principles: All our privacy procedures are measures built under the auspices of the six fundamental privacy principles, namely, the principles of (1) purpose limitation, (2) data minimization, (3) storage limitation, (4) accuracy, (5) integrity and confidentiality and (6) lawfulness, fairness and transparency.
• Data subjects rights: We have procedures in place to ensure that the rights of the data subjects are respected, such as the right to information, access to data, correction, deletion and limitation of processing.
• Transparent data processing: We are fully transparent about all our data processing activities. Please read our Privacy Notices (below) for an exhaustive account of all of our activities.
• Storage of data within the EU/EEA (for EU customers) and UK (for our UK customers): Data is safely stored in Stockholm (for EU customers) and London (for UK customers).
• Effective security measures: We have an extensive set of security measures in place to ensure that all personal data is safe in our custody. See the page Dignio’s Information Security for more information.
• Anonymization: We strive to limit the amount of personal data processed on the Dignio platform as far as possible and use anonymized and aggregated data when the processing of personal data is not necessary. This includes the collection of technical security data and user statistics.
• Access limitations: Access to personal data is strictly limited to employees that need access in order to perform their duties. Access to data processed in our software services is restricted to technical and support personnel. Other Dignio employees will not access customer data unless authorised to do so by the customer.

Privacy Notices

We have developed privacy notices for all our services. In addition, we have a separate privacy notice related to all processing activities that we do in addition to providing our software services, such as customer contact, website operations and social media presence.

• Privacy Notice - Dignio Website
• Privacy Notice - Dignio Prevent
• Privacy Notice - MyDignio
• Privacy Notice - Dignio Care

Clarification of roles and responsibilities

Dignio only processes personal data in line with the instructions we receive from our customers. We enter into data processing agreements with all customers, which dictate how Dignio will process personal data on behalf of our customers. This means that our customers are responsible for the processing, and that Dignio is the data processor.

As data controllers, our customers are responsible for defining the purpose of the processing, what types of personal data is to be processed, how the personal data is to be processed, and how long the personal data is to be stored. Dignio only processes the personal data based on instructions from our customers.