EN 
PL 
NO No products in the cart.
Privacy Policy for Aktivklinikk1 Agnieszka Ewa Jakubowska-Maziarz
This privacy policy describes how Aktivklinikk1 Agnieszka Ewa Jakubowska-Maziarz (hereinafter „we”, „us” or „Aktivklinikk1”) collects and processes personal data.
1. data controller
The controller of the personal data processed by us is:
Name: Aktivklinikk1 Agnieszka Ewa Jakubowska-Maziarz
Organisational number: 919 552 344
Address: Rolvsøyveien 324, 1663 Rolvsøy
Phone: 486 79 214
If you have any questions about the processing of your personal data, please contact us by telephone or email.
2 Processing purposes
We process personal data for the following purposes:
Provision of medical services: to be able to provide physiotherapy that is appropriate and tailored to you.
Maintenance of medical records: we are legally obliged to keep patient records in accordance with Helsepersonelloven and Pasientjournalloven.
Administration: handling appointment bookings, cancellations and communication with you.
Invoicing and payments: Issuing invoices and accepting payments, including communication with Helfo or insurance companies (only on the basis of your consent or the law).
Meeting legal obligations: e.g. arising from accounting regulations.
3 What data are processed?
We process the following categories of personal data:
Core data:
- name
- identification number/fødselsnummer (for reliable identification and medical records)
- contact details: address, telephone number, e-mail address
Special category data (medical data):
This is the sensitive data that you provide us with, among other things, on your health form before your first visit and that which arises during your consultation and treatment. These include:
- health
- medical history
- diagnoses
- medication taken
- other information necessary for the provision of health services
Administrative data:
- history of visits
- payment history
- correspondence with you
4 Legal basis for processing
The processing of your data takes place on the basis of:
Medical data (health form and documentation):
The processing is necessary for the provision of health services.
Legal basis: article 9(2)(h) RODO in connection with Helsepersonelloven and Pasientjournalloven.
Your medical data is protected by professional secrecy.
Administrative data (e.g. contact, visits):
The processing is necessary for the performance of the service contract (Article 6(1)(b) RODO).
Legal obligations:
Processing required to comply with statutory obligations, e.g. concerning medical records or accounting (Article 6(1)(c) RODO).
5. data collection and sharing
We mainly collect data directly from you - by phone, email or through the health form.
We are bound by professional secrecy concerning all medical data.
We do not share your data with third parties without your express consent, unless required by law (e.g. referrals to other specialists, reports to Helfo).
We also use data processors, such as systems for record keeping or accounting. We have entered into a data entrustment agreement with each of these entities to ensure safe and lawful processing.
6. Storage and deletion of data
We retain personal data for as long as necessary to fulfil the purposes for which it was collected.
Medical records: stored in accordance with the Pasientjournalloven - in principle 10 years since the last entry.
Accounting documents: according to Bokføringsloven - usually 5 years.
Other correspondence: deleted when it is no longer needed for administrative purposes.
7 Safety
We take care of the security of your personal data by using appropriate technical and organisational measures, such as:
- access control
- encryption (where appropriate)
- secure patient record systems
The purpose of these measures is to protect data from unauthorised access, alteration or deletion.
8. Your rights
You have the right to:
- access to the data we hold about you (subject to the restrictions of Helsepersonelloven)
- corrigenda incorrect or incomplete data
- deletions data if we have no legal basis for their further processing
(Note: data in the medical record cannot be deleted if regulations mandate their retention) - restrictions on processing in certain situations
- lodging a complaint to Datatilsynet if you believe that we are in breach of data protection legislation
