layout.layout.t1
Sign in
Privacy Policy
← Legal

Privacy Policy

Last updated: May 5, 2026

1. General

This privacy policy describes how Zample AB, company registration number 559563-6357 (“Zample”, “we”, “us”) processes personal data when you use our platform zample™ via app.zample.com (the “Service”) and zample.com.

zample™ is a digital platform used by private individuals and affiliated healthcare providers to enable the digital management of health data, referrals, and the reporting of test results.

2. Roles and responsibilities – who is the data controller?

Zample may have different roles depending on the processing in question:

2.1 Zample AB is the data controller for the account

Zample AB is the data controller for personal data processed in order to:

  • create and manage your account in zample™,
  • enable login and access to the platform,
  • maintain security and operational stability of the Service,
  • handle support related to the account and platform.

2.2 Affiliated healthcare provider is the data controller for care and health information

When you use zample™ to access test results and other health information within the scope of healthcare, the affiliated healthcare provider is the data controller for the processing relating to, for example, referrals, test results, medical assessments, and medical records.

2.3 Zample AB is a data processor for the healthcare provider

When zample™ is used for healthcare-related purposes, Zample AB processes personal data as a data processor on behalf of the data controller (the healthcare provider) in accordance with a data processing agreement.

2.4 Multiple healthcare providers may be data controllers for the same user

You may use zample™ in relation to multiple affiliated healthcare providers. Each provider is the data controller for its own processing of personal data relating to care/medical records/referrals/test results within the scope of its services. Zample AB is the data controller for your account and the platform’s functionality.

3. Which privacy policies apply when you use zample™?

This privacy policy applies to Zample AB’s processing of personal data when you visit zample.com and for personal data related to your account and your use of the zample™ platform via app.zample.com.

When you use services from an affiliated healthcare provider via zample™, the relevant healthcare provider is the data controller for the processing of personal data relating to healthcare, such as referrals, test results, medical assessments, and medical records.

When you activate a service or referral via zample™, you will be provided with the relevant healthcare provider’s privacy policy. This applies to the healthcare-related processing of your personal data.

4. What personal data does Zample AB process as data controller?

4.1 When you create and use an account in zample™, we may process:

  • Account data: name, personal identity number/coordination number or equivalent identifier (depending on the market), email address, phone number.
  • Account logic and security: information about login, authentication, security logs, and technical events related to the account.
  • Support data: information you provide when contacting support, as well as case history.

4.2 When you visit zample.com (website visitors)

When you visit zample.com, Zample AB may process:

  • technical data such as IP address, device/browser information, language settings, time, visited pages, and technical logs, and
  • cookie/identifier data in accordance with the cookie policy for zample.com.

4.3 When you sign up for newsletters, waitlists, or marketing via zample.com

When you sign up for our newsletter, waitlist, or other marketing communications via zample.com, Zample AB may process:

  • email address,
  • information that you have provided consent to marketing communications,
  • technical information related to registration and verification of consent (e.g. IP address, timestamp, and verification through double opt-in),
  • information about interactions with mailings, such as opens and clicks, to the extent such features are used.

Registration for newsletters and marketing communications is carried out through a so-called double opt-in procedure, meaning that you must confirm your registration through a verification message sent to your email address before the subscription is activated.

5. Purpose, legal basis and storage (Zample AB as data controller)

5.1 Create and manage account in zample™

Purpose: create an account, manage login, identify users, and provide the platform’s core functionality.

Legal basis: Article 6(1)(b) GDPR (performance of a contract).

Storage: account data is stored as long as the account is active and thereafter only as long as necessary to handle legal claims, disputes, or security purposes.

5.2 Security, operations and prevention of misuse

Purpose: protect the platform, detect and manage unauthorized login attempts, fraud, and misuse.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in maintaining a secure and reliable service).

Storage: security logs are normally stored for up to 12 months unless longer retention is required for incident investigation or legal claims.

5.3 Support and customer service related to account/platform

Purpose: handle questions and support cases regarding the account and platform.

Legal basis: Article 6(1)(f) GDPR (legitimate interest) and/or Article 6(1)(b) GDPR (contract), depending on the nature of the case.

Storage: support cases are normally stored for up to 24 months after closure, unless longer retention is required.

5.4 Provide and protect zample.com

Purpose: provide the website, ensure functionality, troubleshoot, and protect against misuse/attacks.

Legal basis: Article 6(1)(f) GDPR (legitimate interest). For cookies and similar technologies, applicable rules on electronic communications also apply; see the cookie policy for zample.com.

Storage: technical logs are normally stored for a limited time for operations, troubleshooting, and security.

5.5 Newsletters and marketing

Purpose: to send newsletters, information about Zample’s services, offers, product updates, and other marketing communications to individuals who have chosen to subscribe or join a waitlist via zample.com.

Legal basis: Article 6(1)(a) GDPR (consent).

Retention: personal data processed for marketing purposes will be stored until you withdraw your consent or unsubscribe from the subscription. You may unsubscribe at any time through the link included in our communications or by contacting us.

6. Processing on behalf of healthcare providers (Zample AB as data processor)

When zample™ is used to provide healthcare, Zample AB processes personal data on the instructions of the data controller (the healthcare provider). In such cases, personal data may be processed and shared with recipients in accordance with the healthcare provider’s instructions and agreements. For information on such processing, including retention periods for medical records, recipients, and how to exercise your rights related to care/medical records, please refer to the relevant healthcare provider’s privacy policy.

7. Recipients of personal data

Zample AB may share personal data with:

  • IT and service providers who help us operate, develop, and protect the Service (e.g. hosting, monitoring, support tools). These providers process personal data only in accordance with our instructions and are subject to data processing agreements.
  • Authorities when we are required to do so by law or official decision.

8. Where is personal data processed?

Zample AB processes personal data primarily within the EU/EEA. If personal data is exceptionally transferred to a country outside the EU/EEA, we ensure that the transfer is carried out in accordance with GDPR Chapter V, for example by using the European Commission’s standard contractual clauses (SCC) and, where necessary, supplementary safeguards.

9. Your rights

You have rights under the GDPR, including the right to access, rectification, erasure, restriction, objection, and data portability.

  • For rights relating to account data in zample™ (where Zample AB is the data controller), you can contact us as set out in section 11.
  • For rights relating to care/medical records/referrals/test results, you should contact the data controller healthcare provider, as Zample AB processes such data as a data processor.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY), which is our lead supervisory authority, or with the supervisory authority in the country where you live or work.

10. Cookies and similar technologies

zample.com: Zample AB uses cookies and similar technologies on zample.com. For information on which cookies are used, their purposes, and how you can manage your choices, please refer to Zample AB’s cookie policy for zample.com.

app.zample.com: No cookies are used in the app.zample.com service. However, the service may use local storage and similar technologies that are necessary for functionality and security (e.g. login and session management).

Market-specific webshops: Market-specific websites using Zample’s platform may use cookies and have their own cookie and privacy policies. When you visit such a website, the policies of that website apply.

11. Contact

If you have questions about Zample AB’s processing of account data or wish to exercise your rights, you can contact us:

Email: [email protected]

Mail: Zample AB, Attn: Data Protection Officer, Själagårdsgatan 9, SE-111 31 Stockholm