Privacy Policy

Last updated: 15th January 2020

At Learning to Sleep our mission is to help people with sleeping disorder through evidence based digital treatment programmes. We are passionate about high-quality and convenient healthcare. But we also care about your privacy. We strive to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).

This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
This policy explains how we use your personal data for our healthcare services and products, including, amongst others, our private service. It also governs the use of your data through our App, or any of our websites, including the Learning to Sleep website.

This policy covers:
  • Who we are;
  • What personal data we hold and how we get it;
  • What we use your personal data for;
  • Sharing your personal data;
  • Retention
  • Data security and transfers; and
  • Your rights.

  • If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting our Data Protection Officer:

    Who we are

    Our healthcare services are delivered by Learning to Sleep AB, a Swedish registered company located at Södergatan 19, 211 34 Malmö. Your relationship is with Learning to Sleep AB. When this policy talks about ‘Learning to Sleep’, ‘us’ or ‘we’, it means Learning to Sleep AB.

    What personal data we hold and how we get it

    We use the following categories of personal data:

    Personal details

    When you register with us, you complete forms and provide us with basic information about yourself, such as your name, phone number, home address and email. For Swedish citizens you will also provide us with your personal identification number so that we can - when asked for - share your medical records with other caregivers.

    Health and medical information

    The main type of information we hold about you is medical information related to sleeping problems or sleep disorder. This includes details of your consultations with our psychologists, and interactions with our digital services.

    We get some of this information directly from you, when you register with us and when you use our healthcare services.

    Any correspondence we receive from you is uploaded electronically to your Learning to Sleep medical record.

    All information regarding a patient's medical record is kept strictly confidential and can be accessed only by Learning to Sleep. We strictly follow Swedish law regarding medical records according to the Swedish ”Patientdatalagen (2008:355)” which regulates medical record keeping.

    Financial information

    If you make any payments through our app or our website, your credit/debit card details are processed directly by a third party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information.

    Technical information and analytics

    When you use our programme or app, we may automatically collect the following information where this is permitted by your device settings:

    (a) technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system type and version, browser or app version, time zone setting, operating system and platform, and your location (based on IP address); and

    (b) information about your visit, including products and services you viewed or used, App response times and interaction information (such as button presses).

    We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services.

    What we use your personal data for

    The purposes for which we use your personal data and the legal grounds on which we do so are as follows:

    • We obtain and use your personal details and financial details in order to establish and deliver our contract with you.
    • Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services, and our artificial intelligence system, so that we can deliver better healthcare to you and other Learning to Sleep users. This medical information (de-identified in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with our artificial intelligence services, such as our symptom checker. This does not involve making any decisions about you – it is only about improving our products, services and software so that we can deliver a better experience to you and other Learning to Sleep users, and help achieve our aim of making healthcare affordable and accessible to everyone. Strict confidentiality and data security provisions apply at all times.
    • We may use strictly anonymised information (including medical information) to improve our healthcare products and services.
    • We use your email address and/or phone number to contact you with occasional updates and marketing messages where you have not opted out.
    • Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to, for example, troubleshoot bugs within the App, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
    • Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection.
    • We also store your medical information, such as notes from consultations, recordings of our consultations with you and your interactions with our digital services, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including Socialstyrelsen in Sweden or other equivalent governmental bodies.
    • Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.

    We may use non-personal data (data from which an individual cannot be identified) to improve our products and services.

    Sharing your personal data with others

    • We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us.
    • We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
    • Where you access our services through your health insurance provider or any of our commercial partners(including your employer) we may share with such partner your name, date of birth, email address, policy number, location, and the fact you have registered/used the service (and any other similar information). We will not without your consent share any details relating to the content of your consultation with us or your health/medical records. With your consent, we may share the date of the appointment, details of your diagnosis, prescription, whether or not you had a referral made and other similar information about your appointment with us.
    • We will, where necessary for your treatment or care, share your information with your other health and social care providers. For example, your GP (if you use our private service) and other governmental bodies, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, diagnosis centres chosen by you for the purpose of imaging requests, and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations.
    • We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.

    Except as described above, we will never share your personal information with any other party without your consent.

    Retention periods

    We retain your medical records in accordance with national best practice guidance - in particular, advice provided by Swedish Socialstyrelsen, IVO and Läkemedelsverket. We also follow Swedish law regarding medical records according to the Swedish ”Patientdatalagen (2008:355)” which regulates medical record keeping. The below is a summary of our retention policy, but we may retain records for other periods as required by law or regulation.

    Type of record
    Retention period

    Medical records
    Medical records retained for 10 years after the last contact.

    Data storage, security and transfers

    We store all your personal health data on secure servers. Where you have chosen a password that enables you to access certain parts of our Programme/APP, you are responsible for keeping this password confidential. We ask you not to share the password with anyone. We do not store any credit or debit card information. Payments are processed via a third party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology. We encrypt data transmitted to and from the web based portal and from our related apps. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Your data may be processed or stored via destinations outside of the Sweden (but always within the European Union or EAS area), but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards.

    Your rights

    As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the programme/APP or contacting us. You also have specific rights under the GDPR and DPA to:

    • Wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App or through contacting us;
    • Understand and request a copy of information we hold about you. For other information, you can make a request by email;
    • Ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical records for prescribed periods of time;
    • Ask us to restrict our processing of your personal data or object to our processing; and
    • Ask for your data to be provided on a portable basis.