Create account

Privacy policy

Latest update: March 17th, 2026

Why and for whom?

Evidentals is part of Internetmedicin AB. At Internetmedicin AB, organisation number 556583-6250, ("Evidentals", "we", "us", "our") we care about personal integrity. This means that we respect and safeguard your privacy and your right to control and transparency in the processing of your Personal Data.

This Privacy Policy ("Policy") applies to the processing for which Evidentals is the Data Controller. The Policy provides an overview of the purposes for which we need your Personal Data, the legal basis we rely on, and the measures we take to protect personal data. We also inform you of how to exercise the rights you have in connection with our processing of your Personal Data.

The Policy covers our handling of Personal Data when you communicate with us, use the Service, or visit our website www.evidentals.com.

Definitions

  • Processing of personal data includes any action taken with personal data, such as storing, altering, reading, transferring, etc.
  • Applicable law refers to the legislation governing the processing of personal data, including the GDPR, national supplementary laws, and relevant practices and guidelines from supervisory authorities.
  • Personal data is any information that can be linked to a living, identifiable individual.
  • Data controller is the entity that determines the purposes and means of processing personal data and is therefore responsible for ensuring processing complies with Applicable Law.
  • Data processor is the entity that processes personal data on behalf of the Data Controller and must follow the Controller’s instructions and Applicable Law.
  • Data subject refers to the living individual whose personal data is being processed.
  • Special categories of personal data or sensitive data include information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, health data, or information about a person’s sex life or sexual orientation.
  • The Service is a subscription service for dental professionals featuring peer-reviewed articles for the diagnosis and treatment of various conditions. The articles are written by Swedish experts within the respective specialty and updated at least once a year. Users may register for newsletters and thereby receive information when new articles are added to the database or existing ones are updated. An editorial board consisting of ten of Sweden's most prominent odontological experts reviews all articles before they are published on Evidentals. Evidentals is financed through subscription revenue. Payments are processed securely via Stripe.

Evidentals' Data controller responsibilities

This Policy covers processing for which Evidentals is the Data controller—that is, we determine the purposes (why) and means (how, what data, how long, etc.) of processing. It does not describe our role as a Data processor acting on behalf of clients.

We provide a platform that serves as a knowledge database for dental professionals, featuring articles for the diagnosis and treatment of various odontological conditions. We therefore need to process users' personal data in order to send newsletters with current information and to collect payment for the subscription service. We also need to process personal data for authors and reviewers of content on the platform in order to make it available and to pay remuneration for the work they perform. Finally, we process personal data for the company's employees and suppliers in order to pay salaries and fees.

How we process Personal data

We are responsible for showing how we meet legal requirements in processing your personal data. This section explains what types of data we collect and for what purposes.

Data subjects and retention periods:

The intended recipients of this Policy are the following groups, whose personal data we store in accordance with the criteria below.

Users of the Service

Users' personal data will be stored for the duration of their use of the Service and to fulfil legal obligations, such as handling reported errors in the Service.

Prospective clients

Prospective clients' personal data will be stored for the time required to determine whether they wish to enter into an agreement.

Employees of prospective clients

Personal data of employees at prospective clients will be stored for the time required to determine whether the prospective client wishes to enter into an agreement.

Employees of existing clients

Personal data belonging to employees will be stored for the time required to provide the service and to fulfil legal obligations, such as handling reported errors in the service.

Authors and reviewers of content

Employees

Processing activities and purposes

The primary purpose of the personal data processing we carry out is to provide, perform, and improve our services to you. There are several reasons why we may need to collect, handle, and store your data.

We primarily process personal data for the following purposes:

Contact and identification details to confirm your identity, verify your information, and communicate with you.

Information about your use of the service or product in order to improve your experience.

Payment information in order to offer services such as direct debit.

Processing Sensitive data

We obtain the Data subject's explicit consent before processing their sensitive personal data.

How we collect your Personal data

We gain access to your personal data through information you have provided to us yourself.

In order to process your personal data, we are required to have a legal basis for each processing activity. In our operations, we process your personal data primarily on the following grounds:

Consent

Evidentals processes your Personal Data after obtaining your consent to the Processing. Information about the processing is always provided at the time we request your consent.

Contract

The processing is necessary for us to fulfil obligations under an agreement between us, or in preparation for entering into an agreement with the Data Subject.

If you would like further information about the legal basis or bases on which we process your personal data, you always have the right to request a so-called register extract. Please see "How to exercise your rights" below.

Your rights

You are in control of your Personal Data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.

Access

You always have the right to receive information about the Personal Data processing that concerns you in a so-called register extract. The register extract will include, among other things, which of your personal data we have stored, for what purposes, and on what legal basis. We only disclose data once we have been able to verify that it is in fact you making the request.

Rectification

If you discover that the Personal Data we process about you is incorrect, please contact us and we will correct it.

Erasure

Would you like us to forget you entirely? You have the right to request erasure of your Personal Data when it is no longer necessary for the purpose for which it was collected. If we are required by law or by an agreement we have entered into with you to retain your data, we will ensure that it is only processed for the specific purpose set out in the law or agreement. We will then ensure that the data is deleted as soon as possible.

Objection

Do you disagree with our assessment that our interest in processing your Personal Data outweighs your interest in protecting your personal integrity? No problem – in that case we will review our balancing of interests and verify that it still holds. We will of course take your objection into account when making a new assessment to evaluate whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will remove your Personal Data immediately without reviewing our assessment.

Restriction

You may also ask us to restrict our Processing of your data in the following circumstances:

While we are handling a request from you regarding any of your other rights. If, instead of requesting erasure, you wish us to flag that the data should not be processed for a certain purpose. If, for example, you do not want us to send you marketing in the future, we still need to retain your name to know that we should not contact you. In cases where we no longer need the data for the purpose for which it was collected, provided that you have an interest in us retaining the data in order to establish a legal claim.

Data portability

We can provide you with the data you have submitted to us or that we have received from you in connection with entering into an agreement with you. You will receive your data in a commonly used and machine-readable format that you can then transfer to another Data Controller.

Withdraw consent

If you have consented to one or more specific processing activities involving your Personal Data, you have the right to withdraw your consent at any time and thereby request that we cease the Processing immediately. Please note that you may only withdraw your consent for future Processing of Personal Data and not for any Processing that has already taken place.

How to exercise your rights

Evidentals will, on its own initiative or at the request of the data subject, correct personal data found to be inaccurate. You may at any time obtain information about what you have consented to, request that your personal data be deleted, or that its use be restricted by contacting us at info@evidentals.com.

Transfers of Personal data

In order to conduct our operations, we engage third parties who process Personal Data on our behalf, known as Data Processors. We always strive to process personal data within the EU/EEA, but have Data Processors in the following countries outside the EU/EEA: the United States. In such cases, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

We have entered into data processing agreements (DPA) with all of our Data Processors. The DPA regulates how the Data Processor may process the Personal Data and what security measures are required for the processing.

We may also need to disclose your Personal Data to certain designated authorities in order to fulfil obligations under law or regulatory decisions.

Categories of Processors we use:

Below are the categories of recipients with whom we may share your data:

  • Providers of marketing services, e.g. advertising agencies for the development of campaigns or suppliers assisting with postal or email distribution.
  • IT suppliers for systems such as business management and case handling. In order to carry out our assignments and services, we store your data in our business systems (a system that administers our clients and contacts).
  • Systems for conducting customer analysis and generating statistics to contribute to industry data and to improve the customer experience.
  • Providers of financial services, for the payment of salaries and fees.
  • Payment service providers, for the secure processing of payments and subscription fees. Evidentals uses Stripe for payment processing. Stripe operates from the United States and may process personal and payment data in accordance with their own privacy policy, available at stripe.com/privacy.
  • Form and survey services, for the collection of user information and registrations. Evidentals uses Typeform for this purpose. Typeform is an EU-based company and may process personal data in accordance with their own privacy policy, available at typeform.com/help/a/typeform-privacy-policy.
  • Content management and newsletter services, for the management and distribution of journal content and newsletters. Evidentals uses Ghost for this purpose. Ghost operates from the United States and may process personal data in accordance with their own privacy policy, available at ghost.org/privacy.

Security

Evidentals has implemented appropriate technical and organisational measures to ensure that your personal data is processed securely and protected from loss, misuse, and unauthorised or unlawful access. In the event that your Personal Data is shared with Data Processors, your Personal Data will receive equivalent protection.

Our security measures:

Organisational security measures are measures implemented in working methods and procedures within the organisation. Our organisational security measures are:

Internal governance documents (policies/instructions):Login and password management, Information security policy

Technical security measures are measures implemented through technical solutions. Our technical security measure is two-factor authentication.

If we fail to keep our promises

If you believe that we are processing your Personal Data incorrectly, even after you have brought this to our attention, you always have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).

More information about our obligations and your rights can be found on the Swedish Authority for Privacy Protection's website https://www.imy.se/. You can also contact the authority at imy@imy.se.

Changes to this Policy

We reserve the right to make changes to this Policy. In cases where the change affects our obligations or your rights, we will inform you of the changes in advance so that you have the opportunity to consider the updated policy.

Contact

Please get in touch if you have questions about your rights or any other questions about how we process your personal data:

info@evidentals.com