Leyr logo

Leyr Privacy Policy

Effective date: 2024-07-01

The latest version is always available on our website.

Introduction

Leyr was founded with the vision of making healthcare data accessible throughout the ecosystem, benefiting patients, healthcare professionals, and organizations. In our mission to remove unnecessary barriers to data sharing, we are committed to handling data with the utmost care to maintain the trust placed in us.

We are based in Sweden and currently offer our services within the EU/EEA. To provide clarity on how we process data in different parts of our services, we have divided the privacy policy to reflect the different aspects of our offering.

Please read the full details below.

Data Subject's Rights

Access your personal data
Request rectification or erasure of your personal data
Object to the processing of your personal data
Withdraw your consent to the processing of your personal data at any time
File a complaint with the Swedish Authority for Privacy Protection (IMY)

Contact Information

If you have any inquiries or concerns regarding our privacy policy or if you would like to file a complaint under GDPR, the EU ePrivacy Directive, or the EU Digital Services Act, please don't hesitate to contact our Data Protection Officer (DPO) at dpo@leyr.io.

Name and contact details of the Data Controller:

Leyr Health AB Org.nummer 559384-5778 - contact@leyr.io

Privacy Policy for Leyr API in Production

Production Data, including but not limited to Patient Data, is processed solely in accordance with the Data Processing Addendum included in the signed commercial agreement between Leyr and a customer. If you would like a detailed explanation of our complete privacy policy for production data, please feel free to contact us.

Privacy Policy for Leyr Developer Portal (leyr.io/developers)

Personal Data We Process

We collect the following personal data:

Email address used for registration

Purpose

We collect personal data for the following purposes:

Providing the Leyr Developer Portal as a service
Tracking the volume of requests made to the Leyr API for performance monitoring and billing purposes
Conducting user research
Improving our services
Communicating any changes in the Leyr Terms of Use or Leyr Privacy Policy
Providing support and troubleshooting to our users

Legal Basis

To create an account and ensure the security of any apps created in the Developer Portal, an email address is required. The email address is also used for password resets and communication regarding any changes in the terms, policies, or services provided.

It is necessary for us to trace volumes of billable transactions in order to accurately charge customers based on existing commercial agreements.

We also believe that supporting, troubleshooting, analyzing, and improving our services is necessary. This includes adopting product development best-practices and involving users in research activities to ensure a user-centric approach.

Retention

Email addresses are kept for the following duration:

During the existence of the developer portal account and are immediately erased upon termination of the account.
Indefinitely in an anonymized format for accounts where billed transactions have occurred.

Protection of Personal Data

We protect personal data as follows:

Encryption: Personal data is encrypted during transit. If supported by the underlying subprocessor, personal data is also encrypted at rest.
Data minimization: We only process a minimal amount of personal data. We allow the use of non-personal email addresses and do not ask for any other personal identifiers.
Access minimization: Access to personal data is only permitted for Leyr employees who need it.

Processors and Third Countries

We use the following Processors for processing personal data:

Name of Subprocessor
Description of Processing
Data being processed
Location of Processing
Corporate Location
Covered by EU-U.S. Data Privacy Framework
Microsoft (Microsoft Azure)hosting of leyr.io, database servicee-mailNorway, EUUSYes
Intuit Inc. (Mailchimp)e-mail distribution tool for updatese-mailUSUSYes

As of 2023-07-10, an adequacy decision regarding the US was made by the European Commission. See what this means on either IMY's or EC's website: SV   EN

Cookies and Similar Technologies

A cookie is a text file stored by your browser. We use a persistent first-party cookie to keep you logged in, enhancing your user experience by eliminating the need to log in with each visit. You actively consent to this by selecting "Remember me (requires cookie)” upon login. You can withdraw consent at any time by deleting the cookie in your browser settings, where you can also manage cookie retention.

For website analytics, we utilize Plausible.io, an open-source privacy-friendly tool. As of November 2023, Plausible.io describes their technology in the following manner:

This means that we do not collect any personal data for website analytics.

Automated Decision-Making, Including Profiling

We don't use automated decision-making or profiling.

Privacy Policy for remaining parts of leyr.io

Personal Data We Process

We collect the following personal data:

Email address, upon registration

Purpose

We collect personal data for the following purposes:

Allowing visitors to register for the Leyr Newsletter
Allowing visitors to get in touch with Leyr via the 'Contact Us' form

With a separate explicit consent, we collect data for the following purposes:

Conducting direct marketing of our products and services
Conducting sales dialogue with potential customers

Legal Basis

When registering for the Leyr Newsletter, we acquire a separate explicit consent from the individual providing their email address. Consent can be withdrawn at any time by unsubscribing from the newsletter.

We also believe that we have a legitimate interest in processing the provided email addresses in the 'Contact Us' form to initiate a dialogue with potential customers, which may involve marketing and/or sales activities. As you provide your email address and provide explicit consent for data processing in this form, we have a legal basis to reach out to you.

Retention

Email addresses are kept as follows:

For the duration of the newsletter subscription and deleted immediately upon request to unsubscribe.
Indefinitely for email addresses provided when asking to be contacted by Leyr.

Protection of Personal Data

We ensure the protection of personal data through the following measures:

Encryption: Personal data is encrypted during transmission. If the underlying subprocessor supports it, personal data is also encrypted when stored.
Data minimization: We only process the minimum amount of personal data necessary. We allow the use of non-personal email addresses and do not request any other personal identifiers.
Access minimization: Access to personal data is restricted to Leyr employees who need it.

Processors and Third Countries

We use the following Processors for processing personal data:

Name of Subprocessor
Description of Processing
Data being processed
Location of Processing
Corporate Location
Covered by EU-U.S. Data Privacy Framework
Microsoft (Microsoft Azure)hosting of leyr.io, database servicee-mailNorway, EUUSYes
Intuit Inc. (Mailchimp)e-mail distribution tool for updatese-mailUSUSYes
Notion Labs, Inc. (Notion)maintaining list of e-mail addresses for newsletter, and incoming contact requestse-mailUSUSYes

As of 2023-07-10, an adequacy decision regarding the US was made by the European Commission. See what this means on either IMY's or EC's website: SV   EN

Cookies and Similar Technologies

Leyr.io does not use cookies.

For website analytics, we use Plausible.io, an open-source privacy-friendly tool:

This means we do not collect any personal data for website analytics.

Automated Decision-Making, Including Profiling

We don't use automated decision-making or profiling.

IT Systems Outside the Scope of Leyr's Privacy Policy

We may link to various external websites, such as LinkedIn and Medium. This privacy policy is not applicable for data collected after you leave leyr.io.