Leyr Privacy Policy
Effective date: 2024-07-01
The latest version is always available on our website.
Introduction
Leyr was founded with the vision of making healthcare data accessible throughout the ecosystem, benefiting patients, healthcare professionals, and organizations. In our mission to remove unnecessary barriers to data sharing, we are committed to handling data with the utmost care to maintain the trust placed in us.
We are based in Sweden and currently offer our services within the EU/EEA. To provide clarity on how we process data in different parts of our services, we have divided the privacy policy to reflect the different aspects of our offering.
Please read the full details below.
Data Subject's Rights
Contact Information
If you have any inquiries or concerns regarding our privacy policy or if you would like to file a complaint under GDPR, the EU ePrivacy Directive, or the EU Digital Services Act, please don't hesitate to contact our Data Protection Officer (DPO) at dpo@leyr.io.
Name and contact details of the Data Controller:
Leyr Health AB Org.nummer 559384-5778 - contact@leyr.io
Privacy Policy for Leyr API in Production
Production Data, including but not limited to Patient Data, is processed solely in accordance with the Data Processing Addendum included in the signed commercial agreement between Leyr and a customer. If you would like a detailed explanation of our complete privacy policy for production data, please feel free to contact us.
Privacy Policy for Leyr Developer Portal (leyr.io/developers)
Personal Data We Process
We collect the following personal data:
Purpose
We collect personal data for the following purposes:
Legal Basis
To create an account and ensure the security of any apps created in the Developer Portal, an email address is required. The email address is also used for password resets and communication regarding any changes in the terms, policies, or services provided.
It is necessary for us to trace volumes of billable transactions in order to accurately charge customers based on existing commercial agreements.
We also believe that supporting, troubleshooting, analyzing, and improving our services is necessary. This includes adopting product development best-practices and involving users in research activities to ensure a user-centric approach.
Retention
Email addresses are kept for the following duration:
Protection of Personal Data
We protect personal data as follows:
Processors and Third Countries
We use the following Processors for processing personal data:
Name of Subprocessor | Description of Processing | Data being processed | Location of Processing | Corporate Location | Covered by EU-U.S. Data Privacy Framework |
|---|---|---|---|---|---|
| Microsoft (Microsoft Azure) | hosting of leyr.io, database service | Norway, EU | US | Yes | |
| Intuit Inc. (Mailchimp) | e-mail distribution tool for updates | US | US | Yes |
As of 2023-07-10, an adequacy decision regarding the US was made by the European Commission. See what this means on either IMY's or EC's website: SV EN
Cookies and Similar Technologies
A cookie is a text file stored by your browser. We use a persistent first-party cookie to keep you logged in, enhancing your user experience by eliminating the need to log in with each visit. You actively consent to this by selecting "Remember me (requires cookie)” upon login. You can withdraw consent at any time by deleting the cookie in your browser settings, where you can also manage cookie retention.
For website analytics, we utilize Plausible.io, an open-source privacy-friendly tool. As of November 2023, Plausible.io describes their technology in the following manner:
This means that we do not collect any personal data for website analytics.
Automated Decision-Making, Including Profiling
We don't use automated decision-making or profiling.
Privacy Policy for remaining parts of leyr.io
Personal Data We Process
We collect the following personal data:
Purpose
We collect personal data for the following purposes:
With a separate explicit consent, we collect data for the following purposes:
Legal Basis
When registering for the Leyr Newsletter, we acquire a separate explicit consent from the individual providing their email address. Consent can be withdrawn at any time by unsubscribing from the newsletter.
We also believe that we have a legitimate interest in processing the provided email addresses in the 'Contact Us' form to initiate a dialogue with potential customers, which may involve marketing and/or sales activities. As you provide your email address and provide explicit consent for data processing in this form, we have a legal basis to reach out to you.
Retention
Email addresses are kept as follows:
Protection of Personal Data
We ensure the protection of personal data through the following measures:
Processors and Third Countries
We use the following Processors for processing personal data:
Name of Subprocessor | Description of Processing | Data being processed | Location of Processing | Corporate Location | Covered by EU-U.S. Data Privacy Framework |
|---|---|---|---|---|---|
| Microsoft (Microsoft Azure) | hosting of leyr.io, database service | Norway, EU | US | Yes | |
| Intuit Inc. (Mailchimp) | e-mail distribution tool for updates | US | US | Yes | |
| Notion Labs, Inc. (Notion) | maintaining list of e-mail addresses for newsletter, and incoming contact requests | US | US | Yes |
As of 2023-07-10, an adequacy decision regarding the US was made by the European Commission. See what this means on either IMY's or EC's website: SV EN
Cookies and Similar Technologies
Leyr.io does not use cookies.
For website analytics, we use Plausible.io, an open-source privacy-friendly tool:
This means we do not collect any personal data for website analytics.
Automated Decision-Making, Including Profiling
We don't use automated decision-making or profiling.
IT Systems Outside the Scope of Leyr's Privacy Policy
We may link to various external websites, such as LinkedIn and Medium. This privacy policy is not applicable for data collected after you leave leyr.io.