STYLE SHEET
GLOBAL CSS
COLORS
ANIMATIONS
MEDIA QUERY
SPACING SYSTEM

Privacy policy

Illustration of an apple with a bite out of it.

Information on the Processing of Personal Data – Yazen Health AB

Controller and Data Protection Officer

Yazen Health AB, corporate identity number 559315-6234, with registered office at Spolegatan 22, 222 19 Lund (“Yazen”), is, under the EU General Data Protection Regulation (“GDPR”), the controller for the processing of personal data for which we determine the purposes and means. Under the GDPR, we are required to provide you with information on how we, as controller, process personal data in our operations.

Yazen has a Data Protection Officer who works with issues relating to our compliance with data protection legislation and the processing of personal data. Please feel free to contact our Data Protection Officer if you have any questions about our processing of your personal data, by email at: dpo@yazen.com or by post to Yazen Health AB, Attn: Data Protection Officer, Spolegatan 22, 222 19 Lund, Sweden.

Personal Data and Processing

Personal data is any information that relates directly (e.g. name or personal identity number) or indirectly to a living natural person. Examples of information that can indirectly relate to a natural person include behavioural data, diagnoses, images and sound recordings that are processed in a computer without names being mentioned.

Any action performed on personal data constitutes processing of personal data. Examples of common processing activities include collection, recording, organisation, structuring, use, storage, processing, alteration, retrieval, reading, disclosure by transmission, dissemination, matching, linking, restriction, transfer, destruction and deletion.

In order to process your personal data, we must, under Article 6 of the GDPR, have a legal basis, which for us is primarily contract, consent, legitimate interests, or legal obligation. Where we process special categories of personal data (e.g. health data), we must have a specific legal basis for such processing. This basis is primarily found in Article 9(2)(a) (explicit consent) and Article 9(2)(h) (health and social care), Article 9(2)(b) (employment law) and Article 9(2)(f) (establishment, exercise or defence of legal claims).

How We Process Your Personal Data

Under the headings below, we describe in detail how we process your personal data in different contexts, i.e. what personal data is processed, how it is processed, for what purposes, on what legal bases, how the data was collected, and with whom it is shared.

1. For Website Visitors

Categories of personal data:

  • User-generated technical data, e.g. how you use the website
  • Information about your technical device

Processing carried out:

  • Adapting the website to make it easier for you (e.g. by saving your website settings and cookie preferences)
  • Collecting data required for the website to function on your technical device
  • Analysing user behaviour

Purposes:

  • Providing the website and its associated functions
  • Marketing our service

Legal basis:

  • Legitimate interest in providing and adapting the website and marketing our service
  • Consent for non-essential cookies

The data was collected from:

  • You, either by you providing the information directly or via cookies

Recipients/categories of recipients of the data:

  • IT service providers
  • Companies we cooperate with in marketing

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • No.

2.  For Recipients of Care and Treatment

2.1 When you create an account and we assess whether our service is suitable for you

Categories of personal data:

  • Personal identity number
  • Name
  • Age
  • Contact details
  • Health data
  • Information you provide to us regarding your lifestyle
  • Photos
  • User data
  • Login details
  • User-generated technical data, e.g. how you use the website or app
  • Information about your technical device
  • Logs and other technical data

Processing carried out:

  • Collecting data through questionnaires and a conversation and assessing this information
  • Booking and conducting meetings and related documentation
  • Collecting data through communication with medical staff and assessing this information
  • Identification
  • Creating an account
  • Communicating with prospective patients or patients
  • Storing data for documentation purposes
  • Assessing whether the service is suitable for you

Purposes:

  • Providing an account and conducting an assessment of whether our service is suitable for you
  • Providing the app and website and their associated functions

Legal basis:

  • Contract
  • Legitimate interest in providing and adapting the website and app
  • Legitimate interest in improving our services and maintaining the security of our services

The personal data is collected from:

  • You.

Recipients/categories of recipients of the data:

  • Bank ID
  • IT service providers

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • Yes.

2.2 When you take out a subscription with us and pay

Categories of personal data:

  • Personal identification number
  • Name
  • Contact details
  • Payment details, e.g. credit card or invoice details
  • Credit assessment
  • User data

Processing carried out:

  • Processing payment (including obtaining any necessary credit information)
  • Identification
  • Setting up and administering your subscription
  • Communication with you
  • Storing data for documentation purposes

Purposes:

  • Administering and invoicing your subscription

Legal basis:

  • Contract

The data was collected from:

  • You
  • Credit reference agencies
  • A payment solution provider
  • BankID

Recipients/categories of recipients of the data:

  • IT service providers
  • Bank ID
  • Provider of a prescription management service
  • National population address register (Statens personadressregister)
  • A payment solution provider

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • Yes.

2.3 When we provide your treatment

Categories of personal data:

  • Name
  • Personal identification number
  • Health data (including weight, wellbeing, information about illnesses, lab results, prescribed medicines, treatment data)
  • Contact details
  • Photo
  • Information about your lifestyle (including exercise and dietary habits)
  • Information you provide to our systems or in your communication with us
  • User data  
  • Information you provide in our communication channels and in the community, including information about your health if you choose to provide such data

Processing carried out:

  • Identification
  • Booking and conducting meetings and related documentation
  • Creating a treatment plan and assessing your progress, health and treatment needs
  • Communicating with you (including counselling and recommendations regarding e.g. exercise and nutrition)
  • Prescribing and administering medicines (prescriptions)
  • Patient record keeping including archiving
  • Administration and evaluation of laboratory tests
  • Referral to other care providers
  • Issuing certificates
  • Providing, managing and moderating a communication channel between you, medical staff and other patients (community)

Purposes:

  • Providing the treatment

Legal basis:

  • Contract

The data was collected from:

  • You and from our healthcare suppliers/partners (including laboratories)

Recipients/categories of recipients of the data:

  • IT service providers
  • Bank ID
  • Provider of a prescription management service
  • National population address register (Statens personadressregister)
  • Laboratories
  • Other care providers and pharmacies
  • The recipients you specify when issuing certificates (e.g. employer or Försäkringskassan)
  • Postal service providers
  • Cooperation partners providing aids, e.g. smart scale and body scan

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • Yes.

2.4 When we ensure quality of care and your patient safety

Categories of personal data:

  • User data
  • Information about your health

Processing carried out:

  • Creating and managing a deviation list
  • Documenting patient injuries
  • Collecting, analysing and evaluating for quality assurance
  • Investigating medical issues
  • Conducting and evaluating inspections
  • Managing IVO cases
  • Documenting and assessing possible side effects

Purposes:

  • Ensuring your patient safety and quality assurance of your treatments
  • Systematically and continuously developing and ensuring the quality of the operations
  • Administration, planning, follow-up, evaluation and supervision of the operations

Legal basis:

  • Our legitimate interest in ensuring safe treatment and fulfilling our obligations regarding patient safety

The data was collected from:

  • You.

Recipients/categories of recipients of the data:

  • Authorities
  • Insurance companies
  • IT service providers

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • No.

2.5 When you contact customer service and we handle your case

Categories of personal data:

  • Contact details
  • Name
  • User data
  • Personal identity number
  • Information about your health
  • The data you provide in communication with our customer service
  • Data required to investigate your case, e.g. technical data such as chat logs and IP address
  • Data required to keep the service secure, such as technical function and diagnostic data

Processing carried out:

  • Communicating with you
  • Communicating with medical staff when necessary
  • Investigating and assisting  with your case
  • Following up and documenting your case

Purposes:

  • Providing customer service and handling your case

Legal basis:

  • Our legitimate interest in providing you with customer service

Destinatarios/categorías de destinatarios de los datos:

The data was collected from:

  • You and our systems

Recipients/categories of recipients of the data:

  • IT service providers
  • Customer service providers

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • No.

2.6 When we market our services

Categories of personal data:

  • Name
  • Contact details
  • Details of your employment (including company and position)
  • User behaviour on our website, e.g. how you navigate
  • Age and date of birth
  • Gender
  • Place of residence and position
  • Information about your experiences and health that you have provided in your “success story”
  • Information you have provided in reviews on Trustpilot (including information about your health if you choose to provide such data)
  • Information you provide in connection with using the “refer a friend” function (e.g. name and contact details)

Processing carried out:

  • Sendind newsletters
  • Sending e.g. offers or campaigns
  • Collecting, managing and storing your “success story”
  • Managing agreements and consents relating to your “success story”
  • Publishing your “success story” across all internal and external digital channels as well as internal and external print media
  • Obtaining your reviews via Trustpilot
  • Publishing your reviews
  • Sending information to the person who has received an invitation via “refer a friend”
  • Providing a discount to the person who has sent the “refer a friend” link to a prospective patient
  • Conducting competitions and related administration
  • Anonymisation
  • Analysing and segmenting you and your use of our website to understand your interests and provide you with relevant, tailored advertising and other materials, such as invitations to events
  • Collecting, combining, analysing and transferring data to our marketing partners in order to run targeted ads on social media and other digital platforms and websites

Purposes:

  • Marketing our service

Legal basis:

  • Legitimate interest

The data was collected from:

  • You, cookies, Trustpilot

Recipients/categories of recipients of the data:

  • IT service providers
  • Companies we cooperate with in marketing
  • Recipients of our marketing communications
  • Visitors to our website

Is automated decision-making (including profiling) used?

  • Yes. Analysing and segmenting you and your use of our website to understand your interests and provide you with relevant, tailored advertising and other materials, such as invitations to events.
  • Collecting, combining, analysing and transferring data to our marketing partners in order to run targeted ads on social media and other digital platforms and websites.

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • No.

2.7 When we evaluate, develop and improve our services, treatment and systems

Categories of personal data:

  • Name
  • Contact details (e.g. phone number, address, email address)
  • Information about you (e.g. gender, age, date of birth)
  • Health data (including weight, wellbeing, information about illnesses, lab results, prescribed medicines, treatment data)
  • Video material
  • Comments you have provided regarding the use of our service
  • Information about your use of our service and systems (e.g. click behaviour on our website)
  • Logs and other technical data

Processing carried out:

  • Maintaining, updating and improving our service and systems
  • Collecting, analysing and segmenting user behaviour, user experience and data
  • Troubleshooting and fixing errors in our systems
  • Producing statistics and materials for clinical research
  • Anonymising patient data to develop and improve obesity care

Purposes:

  • Providing, evaluating, developing and improving our service and systems
  • Research to improve obesity care

Legal basis:

  • Legitimate interest

The data was collected from:

  • You and through our systems

Recipients/categories of recipients of the data:

  • IT service providers
  • Cooperation partners providing aids
  • Cooperation partners processing our statistics and publishing our research

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • Yes.

3. Communication with Cooperation Partners

3.1 When we operate and develop our business

Categories of personal data:

  • User data
  • Contact details
  • Name, gender , age, date of birth
  • Health data
  • Employment information (including company and position)
  • Information contained in contracts, invoices, orders and other documents
  • Information in communication with our suppliers, cooperation partners and other business relationships
  • Information about how our service is used

Processing carried out:

  • Administering salary payments for our staff
  • Administering invoices or payment documents and related payment
  • Managing customer relationships or business relationships
  • Managing invoicing and payment
  • Anonymisation
  • Analysis

Purposes:

  • Operating our business and raising capital

Legal basis:

  • Performance of a contract for patients
  • Legitimate interest for employees of suppliers, cooperation partners or other business relationships

The data was collected from:

  • You, your employer or other information sources. Some sources are publicly available, such as websites.

Recipients/categories of recipients of the data:

  • IT service providers
  • Advisors
  • Banks and potential investors

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • Yes.

3.2 When we comply with our legal obligations

Categories of personal data:

  • Data necessary to comply with our legal obligations, e.g. name, personal identity number and information about your health
  • Data necessary for accounting, e.g. name, chosen payment option and other information contained in payment documents
  • Information resulting from a request to exercise your rights (e.g. contact information)

Processing carried out:

  • Handling your request to exercise your rights under the GDPR, including identification
  • Accounting administration
  • Managing and responding to requests for information from authorities
  • Communication related to the request to exercise rights

Purposes:

  • Complying with our legal obligations

Legal basis:

  • Compliance with legal obligations

The data was collected from:

  • You, our systems and your employer

Recipients/categories of recipients of the data:

  • IT service providers
  • Authorities

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • No.

3.3 When we defend and monitor our legal interests, prevent misuse, and prevent and investigate offences against the company

Categories of personal data:

  • Data necessary for us to defend and monitor our legal interests, e.g. contact details, name, personal identity number, data from communication with us, payment documents

Processing carried out:

  • Preparing documentation for filing a report
  • Filing a report
  • Preparing documentation for and conducting court proceedings or other dispute resolution
  • Other processing necessary to defend our legal interests
  • Assessing whether users should be excluded from our service due to inappropriate behaviour (e.g. providing misleading information)

Purposes:

  • Defending and monitoring our legal interests

Legal basis:

  • Legitimate interest
  • Compliance with a legal obligation (where such obligation exists)

The data was collected from:

  • You, our systems, your employer and authorities

Recipients/categories of recipients of the data:

  • IT service providers
  • Authorities
  • Courts

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • No.

4. When you apply to us or are provided as a reference in a recruitment process

Categories of personal data:

  • Name
  • Contact details
  • Information about nationality, place of birth and passport
  • Information about your previous and current employment
  • Information about your skills and personal qualities
  • Information about your education and qualifications
  • Information resulting from communication with you
  • Information contained in your application, e.g. in your CV, cover letter and letters of recommendation
  • Information you provide during the interview
  • Test results
  • Information provided by references about you
  • Information you provide in reference interviews

Processing carried out:

  • Communicating with you
  • Managing your application
  • Assessing and selecting candidates
  • Managing and contacting the references you have provided
  • Assessing and verifying your qualifications
  • Conducting and evaluating tests
  • Communicating with recruitment agencies where applicable

Purposes:

  • Conducting the recruitment process

Legal basis:

  • Legitimate interest in being able to conduct recruitment processes

The data was collected from:

  • You, your references, recruitment agencies and publicly available sources

Recipients/categories of recipients of the data:

  • IT service providers
  • Recruitment agencies

Are you obliged to provide us with personal data?

  • No.

Is the provision of personal data necessary to enter into a contract?

  • No.

Sources from which we obtain your personal data

In addition to the data you provide to us yourself or that we collect from you through your use of our service, we may also collect personal data via cookies or from other so-called third parties. For example, we obtain credit information from credit reference agencies and we verify address data using the national population address register. Information about where data was obtained and whether it came from third parties is stated in each section under “The data was collected from”.

Automated decisions and profiling

Profiling means that we analyse information about you to assess personal characteristics. This enables us to better understand you as a customer and to create the most suitable offers for you. Whether, and for what purposes, we carry out profiling follows from the processing operations described above. Profiling may occur to some extent in connection with the production of marketing materials.

Recipients of Data

Employees at Yazen

Your personal data is shared with our employees (including consultants) who require access in order to perform their work tasks.

Processors

Where necessary in order to provide our services, we share your personal data with companies that act as processors on our behalf. This includes, for example, providers of IT solutions, a customer service bot, and marketing service providers. A processor is a company that processes data on our behalf and in accordance with our instructions.

The processors we engage may only process personal data in accordance with the purposes and instructions for processing and security that we have set out in a data processing agreement.

Independent Controllers

We also share your personal data with certain companies that are independent controllers. This means that it is not we who decide how these companies process the personal data they receive. Independent controllers with whom we share your personal data include:

  • Public authorities (Police, Skatteverket, IVO, Försäkringskassan or other authorities), where we are legally required to do so or where there is suspicion of a criminal offence
  • Companies providing payment solutions
  • BankID
  • Insurance companies
  • Other care providers and laboratories
  • Pharmacies
  • Cooperation partners providing aids, e.g. scales and body scan
  • Cooperation partners processing our statistics for research purposes
  • Providers using functional and diagnostic data to improve their services
  • Advisors

When your personal data is transferred to a company or other entity that is an independent controller, their own privacy information applies.

How long do we retain your data?

We only process your personal data for as long as is necessary for the purposes described above.

This means that personal data processed to administer your subscription and your contract with us is stored for the duration of the contract and for six months thereafter. Some information is then stored for up to ten (10) years in order to safeguard our legal claims, taking into account statutory limitation rules.

As a registered healthcare provider, we are obliged under the Patient Data Act to retain patient records for ten (10) years. This means that we cannot delete or anonymise the data contained in patient records.

Personal data stored to fulfil accounting requirements is retained for seven (7) years.

If we use personal data for marketing purposes, it is stored no later than six (6) months after the marketing activity has been carried out.

Where personal data is used to produce materials for developing and improving our service, the data will be anonymised.

If we use personal data to produce statistics or for clinical research, anonymisation measures will also be carried out.

Personal data stored on the basis of your consent is deleted when you withdraw your consent, or at the latest two years after we received the data. More information on how to withdraw your consent is provided below. Withdrawal of your consent does not affect our obligation to keep patient records or the processing of personal data on other legal bases.

Where do we process your personal data?

We always strive to process your personal data within the EU/EEA. However, your personal data may be transferred to third countries. Regardless of where your personal data is processed, we take appropriate legal, technical and organisational security measures to ensure that the level of protection is equivalent to that within the EU/EEA.

Where personal data is processed outside the EU/EEA, the level of protection is ensured either by a decision of the European Commission that the relevant country ensures an adequate level of protection, or by using appropriate safeguards. If you would like more information about the safeguards that have been implemented, please feel free to contact us by email at dpo@yazen.com.

Risks and Security Measures

Yazen uses technical and organisational security measures to protect your personal data against loss and unauthorised access. This includes, for example, secure and private connections (such as VPN), encryption, and restricting access to your personal data to employees who require it for their work. We continuously review our systems, routines and policies to ensure that they are secure and protected.

For further information, please feel free to contact us using the contact details stated above in this privacy information.

What rights do you have?

You have several rights under the GDPR. These rights are briefly described below. More information about your rights is available on the IMY website:
https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/de-registrerades-rattigheter/

If you wish to exercise your rights or have any questions, you can contact us. The contact details are set out above in this privacy information.

Right to information

You have the right to receive information about how we process your personal data. We provide this information through this privacy information.

Right of access

You can request confirmation as to whether we process personal data about you and, if so, a copy of such data — a so-called register extract — together with certain additional information.

Right to rectification

We are responsible for ensuring that the personal data we process is accurate. However, if you believe that any information about you is incorrect or incomplete, you have the right to request rectification.

Right to object

If we process personal data on the basis of our legitimate interest, you have the right to object to such processing at any time. If we cannot demonstrate compelling legitimate grounds for continuing the processing, we must stop the processing.

Right to withdraw consent

If our processing of your personal data is based on your consent, you may withdraw it at any time by emailing dpo@yazen.com or by sending a letter to our Data Protection Officer (contact details under “Controller and Data Protection Officer”). Withdrawal does not affect the lawfulness of processing of your personal data that took place before the withdrawal. Withdrawal also does not affect our obligation to keep patient records or the processing of personal data under applicable law — meaning that we will still be required to process certain personal data in accordance with such legislation.

Right to restriction

In certain cases, such as where you have objected to processing, you may request restriction of processing of your personal data. Restriction allows you to prevent us, at least for a certain period, from using the data for other purposes, such as defending legal claims. You may also prevent us from deleting the data, for example where you need the data in order to claim compensation.

Right to erasure

In certain cases, you may request that your personal data be erased. If your personal data is necessary for the purposes for which it was collected, needed to comply with a legal obligation, or required to establish, exercise or defend legal claims, we have no ability to erase the data.

Right to data portability

If we process personal data about you in order to fulfil a contract, you may, in certain cases, obtain your personal data for use elsewhere — for example, to transfer the data to another controller.

Comments on our processing of personal data?

If you have comments regarding our processing of your personal data, please feel free to contact us using the contact details above.

You may also submit a complaint to IMY. Information on this is available on IMY’s website regarding how to submit a complaint.

If you have suffered damage as a result of our processing of your personal data in violation of applicable law, you may be entitled to compensation. You may then claim compensation from us or bring a compensation claim in court. Our contact details are set out above.

This privacy information was updated in December 2025.

Get Started
Get Started
Get Started
News & Knowledge
News
Knowledge & inspiration
About obesity
For the profession
Science and publications
Company
About us
Feedback
Contact us
Pressroom
Work with us
Influencer application
Impressum
Get the app
Download on the App Store button with Apple logo on black background.Android app available on Google Play store with the Google Play triangle logo on a black background.
Privacy Policy
Terms of Service
Cookies Setings
Accessibility
Country
United Kingdom (EN)
Sverige (SV)
Norge (NO)
Nederland (NL)
Deutschland (DE)
España (ES)
Schweiz (DE)
Danmark (DK)