Information collected in the Health Form and verbally during the treatment is necessary to establish the correct diagnosis, provide appropriate treatment, and ensure safety to prevent the spread of various infectious risks. Failure to provide answers may result in you, other patients, and clinic staff contracting diseases/complications that could have been avoided. The information will be stored in your personal medical record and kept for a minimum of 10 years, after which it will be archived (according to archive laws and patient record laws) or until the customer relationship between you and Sebastian Däröste is terminated. Only the employees have access to the medical record. The information may be disclosed to consulting healthcare providers for assistance in initiating the appropriate treatment or for specialist referrals. An anonymized version of your medical record may be used for internal training purposes.

Once a treatment plan has been proposed, you must provide verbal consent, which will then be recorded in your medical record. You have the right to withdraw consent before treatment begins.

You also have the right to access, correct, delete, and transfer your medical record to another healthcare provider. Additionally, you can request that the processing of your personal information be restricted and that your personal information not be used for certain types of processing. However, the right to delete does not apply if the information is necessary for the data controller to fulfill a legal obligation, is necessary for the public interest related to public health, or is necessary for archival purposes in the public interest.

There are specific rules for the storage and deletion of health information, including in patient record laws §25, healthcare personnel laws §§ 42 and 43, and journal regulations §§ 13 and 14.

Furthermore, you have the right to lodge a complaint with the Data Inspectorate if you believe that the processing of your personal information is in violation of the rules in the Personal Data Act. Please contact us if you have any questions.

Privacy Statement Website
Sebastian Däröste is responsible for the processing of personal information. This statement concerns how we collect and use such personal information and what you can expect from us when we collect such information about you.

What are personal data?
Personal data are pieces of information that can be used to identify a person. This can include name, address, phone number, email address, etc. Information about your activities is also considered personal data, such as the stores you shop at, the TV shows you like, and where you usually jog.

Some personal data are considered sensitive. This can include information about health, religion, ethnicity, sexuality, etc., but on our website, we neither have access to nor need this type of information.

What is a data controller?
By processing, we mean any use of personal data, such as collection, recording, sharing, storage, analysis, and similar actions. The data controller is the one who determines why and how such personal data is processed and bears legal responsibility. In this case, it is Sebastian Däröste.

What is a data processor?
A data processor is other businesses that assist with processing but do so on behalf of the data controller. This can include providers of accounting systems, analytics tools, shipping solutions, etc. Everyone who uses such data processors is required by law to have a data processing agreement to ensure that all personal data is handled in a responsible manner and in compliance with the law.

What kind of personal data do we collect?
To create the best possible website, we need to monitor what happens on it. This means that we may store information that qualifies as personal data. Below is a list of the types of information we collect:

• Information about your connection: Primarily, this is your internet address, also known as an IP address. When you request to view our website, your IP address is the sender of the request.
• Information from your device: This is the information that comes with your request when it reaches us. It includes details about the operating system and browser you use when visiting our website.
• Information you provide to us: These are details you voluntarily provide, such as when you send us a message through the contact form. This often includes your name, address, phone number, email address, etc.
• Information about your actions: When you click on things, we store when and what you clicked on. In most cases, this information cannot be used to identify you as an individual.
• Cookies: These are small data files we store in your browser and can read later. We use them to recognize you as you navigate from page to page.

Why do we process personal data?
There are several reasons why we collect personal data. Some we collect simply because the website won’t work properly without them, while others are collected to make the website more user-friendly. Below is a list of reasons for collecting such personal data:

• To deliver the website to you: To show you our website, we need to know where you are on the internet so we know where to send the website. We use your IP address for this.
• To remember your consent: When you give us consent, we try to remember it for your next visit. We use a cookie for this purpose.
• To improve the website: We don’t need to identify everyone who visits our website, but we’d like to know things like how many people visit us, whether they’ve visited us before, and what they do on the website. This information helps us improve both how we set up our computers and how the website functions as best as possible.
• To identify you: If you want to log in to our site or make purchases on the website, we need to make sure you are who you say you are.
• For marketing: Marketing is important to us. We need to get our message out to the world, but by analyzing some of the information we collect, we can do this in a more targeted way.
• To prevent misuse: Not everyone on the internet is kind, and we use personal data to some extent to protect our website from abuse. This could be, for example, someone trying to hack us, defraud us, or engage in other unwanted behavior prohibited by Norwegian law.

What legal basis do we have for processing personal data?
For us to process personal data, we must have a legal basis. Several bases can be used, but here are the three that are relevant to us:

• In most cases, our collection of personal data is based on your consent, and this is voluntary. For us to be able to store cookies, for example, you must approve this in advance. If we already have an existing customer relationship, we can use this as a basis (this is called legitimate interest) to send newsletters, etc., but if you are a new customer, you still have the right to approve this in advance. Sometimes we must use personal data to fulfill obligations with our customers, and this is the basis for collecting it.

How do we safeguard personal data?
You should be able to trust that your personal data is in safe hands with us. We do not keep more data than we need, and we try as much as possible to ensure that the information we store cannot be used to identify anyone. Access to such information is only granted when strictly necessary for someone to do their job, and all personal data is stored securely and responsibly.

We use a security certificate (SSL) to secure communication between us and you. This certificate ensures that we can verify who we are and that all information transmitted is encrypted before sending. All the information we store is kept in Norway, and we are responsible for ensuring that the information we store is accurate and that changes can be tracked. If we suspect that personal data has been compromised, we are also obligated to notify you as soon as possible.

Who do we share personal data with?
We use Google Analytics to track statistics about visits to the website. For this to work, we need to store a separate cookie and send information about how users navigate the website. The information we send to Google is automatically anonymized and cannot be used to identify individuals.

In very specific cases, the authorities may also require access to the information we have stored if this is legally required.

What rights do you have?
After the new law comes into force, everyone has the right to see what personal data is stored, request a copy of this data, and demand corrections or deletion of their personal data. When you give us consent, such as to store cookies, you also have the right to withdraw this consent whenever you wish.

In addition, everyone has the right to general information about how we process personal data, but this is covered by this privacy statement.

All such requests should be processed free of charge and within 30 days. For more information about your rights, please visit the Data Inspectorate’s website: link to Datatilsynet’s webpage on individuals’ rights under the new regulations.