Log in to your account
Try it for free!

Privacy policy for Medivox 

MediVox AS will process personal data in connection with our business. We are committed to processing personal data in a secure and legal manner. 

Our processing as a data controller of personal data is based on the business we operate and the purpose of our business, which is to develop and deliver digital solutions for doctors and health services. Information about the personal data we process, the legal basis for the processing, the purpose of the processing, how long we process the personal data, etc. can be found below. 

We may also process personal data in other ways than mentioned below, but then we will inform those to whom the personal data applies in other ways than through this statement.  

We will also be a data processor for our customers, such as doctors/doctor's offices, and in connection with our services, which means that our customers are responsible for the processing. See more about this below.  

If you have any questions or would like to know more about our processing of personal data, please contact us - see contact details below.  

1. Responsible for the processing of personal data 

MediVox AS is the data controller, i.e. decides why and how the personal data should be processed, for the processing described below. However, this does not apply where we are a data processor, i.e. we process personal data on behalf of our customers, see point 5. 

Contact details for the data controller:  

MediVox AS 

Rådhusgata 15, 3211 Sandefjord  

E-mail: [email protected] 

Phone: +47 332 212 77 

Organization number: 933 607 526 

medivox.ai  

2. Processing of personal data  

We collect and use personal data for different purposes depending on who you are and how we get in touch with you.  

All processing of personal data must take place in accordance with the data protection rules applicable at any time, including the Personal Data Act and the General Data Protection Regulation (GDPR). 

Personal data is any information about a natural person who can be identified directly or indirectly (the latter is referred to as "data subject"). 

Processing of personal data is any activity carried out with personal data such as collecting, recording, organizing, structuring, storing, adapting, modifying, transferring or deleting.   

If we are a data processor, i.e. we process personal data on behalf of others, you will receive information about the processing from the data controller. You can still contact us about the processing of your personal data and we will refer you to the right data controller. See also below about our role as data processor. 

Below are the processing operations we carry out as a data controller in our business.  

2.1 Communication and contact 

We process the personal data of those who contact us in order to respond to and document the communication and to contact others. This applies to all forms of communication, physical and digital, written and oral.  

In such cases, we process name, telephone number, e-mail address and any personal data that may result from the inquiry, including history/logs about the inquiry.  

The processing of data is based on the fact that we have a necessary legitimate interest in processing personal data related to the above (see GDPR Article 6 (1) f). We have therefore assessed that our legitimate interest in having contact with the outside world is part of our business and in documenting the business we conduct, as well as responding to those who contact us and registering such contact. We have assessed that this is necessary for us to handle inquiries we receive, and that the data subjects' privacy does not override these interests. 

Providing us with personal data is voluntary, but it will be necessary to provide us with the information in order for us to respond to inquiries.  

We process the information until we expect that there will be no further follow-up of the contact, normally for two years. 

2.2 E-mail

We use e-mail as a communication solution that contains personal data. The processing is based on the fact that we have a necessary legitimate interest in processing personal data through e-mail (see GDPR Article 6 (1) f) in order to have a work tool and communication solution, and that the data subjects' privacy does not override these interests. What personal data is processed in emails depends on the purpose of the email and what is included in it. Emails are deleted when they are no longer necessary, and we have measures in place to ensure regular deletion of emails.  

2.3 Information and marketing  

If you request information or sign up for a newsletter, we will send you information about our products and services, services from partners, newsletters and other information and marketing. We will then process your e-mail address and other necessary contact information that you provide to us. 

We process the personal data to inform you about services and products that may be of interest to you and process the personal data on the basis of your consent (GDPR Article 6 (1) a). You can withdraw your consent at any time by making use of any cancellation options in shipments you receive, or to opt-out of direct marketing and/or profiling under GDPR Article 21 (2), by contacting us. 

We only process personal data that enables us to send the newsletter, i.e. e-mail address and name, in order to personalize the inquiry and ensure that the newsletter is sent to the right person. The e-mail address and information you have provided is not used for anything other than sending out the newsletter.  

The processing takes place until you have either received the requested information or have withdrawn your consent. Then your personal data will be deleted. 

2.4 Information about services 

We may also send out information about our services and products, which does not contain marketing. This will be done regardless of whether you have consented, and the personal data will then be processed on the basis that we are either fulfilling an agreement with you in that you are an existing customer (GDPR Article 6 (1) b) or based on our legitimate interest to inform our users and contacts about our services (GDPR Article 6 (1) f). Or we may process the data based on your consent (GDPR article 6 (1) a). The purpose of the processing is then to keep you updated about products and services you receive and follow up on purchases of products or services. The processing of personal data will take place as long as you receive our services.  

2.5 Existing and potential customers, suppliers and partners, etc. 

We process personal data about contact persons at existing and potential customers (in business relationships), suppliers and other business partners for sales and marketing activities, to manage our relationship with suppliers and others, to prepare, implement and document services and to evaluate the use of services. In these cases, we will process name, contact information, company name and information related to the contact with the company in which the person works. 

The processing of personal data is based on the fact that we have a necessary legitimate interest (GDPR Article 6 (1) f) to manage the relationship with our customers, partners and suppliers, and that our interest outweighs the individual's privacy.  

We also store and disclose information where we have a legal obligation to do so, for example under accounting and tax legislation.  

Data is stored and processed for as long as it is necessary, for example to document conditions relating to services. 

In many cases, it will be necessary for us to obtain personal data in order to enter into agreements with customers and suppliers, including to document that an agreement has been entered into. If we do not receive the information we need, we will not be able to enter into agreements. 

It is voluntary for the contact persons to provide us with personal data. If we collect personal data from others, it will mainly concern contact information (including name, address, telephone number and e-mail address), position, function and employer, as well as any expertise and references where relevant. The source of such information will be the contact person's employer, for example from the employer's website. In some cases, we obtain references from others to assess the suitability of suppliers and partners. 

We store the data until the relationship with the customer, supplier or business partner ceases or until the contact person ceases to be a contact person, with the exceptions mentioned above. 

Collection of social security numbers
In connection with the use of our services, we may collect your social security number (11 digits) after you have verified your identity via BuyPass or similar identification services. The social security number is used as a unique identifier to ensure that we can verify your identity in a safe and secure manner, in accordance with applicable legislation. This is necessary to fulfill our agreement with you as a customer.

2.6 Recruitment 

When recruiting for new positions with us, we will process personal data related to CVs, applications, certificates, notes from interviews, results from surveys of references, etc.  

We may use job search services to manage submitted applications, and this is then our data processor. If you register with the job search service with your own profile, the service will be the data controller, and reference is made to its privacy policy for information about the processing of personal data in the service. The processing of personal data is based on the consent that you have given in the job search service (GDPR Article 6 (1) a), if such is obtained, or the grounds that follow below.  

The basis for processing personal data during recruitment is that the processing is necessary to carry out measures before an employment contract with the job applicant is entered into (GDPR Article 6 (1) b). 

If we carry out investigations in addition to contacting people who have been provided as references, investigating by searching for history, etc. personal data is processed on the basis of our necessary legitimate interest in ensuring the right candidate for the position (GDPR Article 6 (1) f). For the latter, we have assessed that our legitimate interest in recruiting new employees outweighs the individual's privacy. We encourage you not to include special categories of personal data, such as health, religion, political opinions, trade union membership, etc. in your application.  

In the event that we process special categories of personal data, we will do so on the basis of your consent (GDPR Article 9(2)(a)). Consent can be withdrawn at any time, and withdrawing your consent will not affect the lawfulness of the processing of personal data that occurred before the consent was withdrawn. 

Personal data is deleted as soon as the recruitment is completed, unless you have consented to longer storage. 

2.7 Events etc.  

For participants in events, contact information will be registered and processed, as well as the event they are attending, so that they can be identified as registered and so that necessary communication can be carried out and any invoicing of participation fees. Processing of personal data will take place on the basis of fulfilling an agreement with the participant (GDPR Article 6 (1) b), or if the participants represent a business on the basis that we have assessed that we have a necessary legitimate interest (GDPR Article 6 (1) f) in holding events as part of the business. In the latter case, we have assessed that our legitimate interest outweighs the individual's privacy.  

In the event that food and/or beverages are served, we will be able to obtain information about any preferences, which may show health and/or religion based on the preferences. This is information that will only be processed by us and will be deleted immediately after the event. In such cases, the information will be processed on the basis of consent.  

2.8 Social media 

We have contact with stakeholders and others through social media. Among other things, we have established a LinkedIn page, where we are responsible for the processing of personal data in this connection together with Linkedin. Through the LinkedIn page, personal data will be processed if you post items on the page, comment on items or "like"/follow the page. The purpose of our processing of personal data through LinkedIn is to maintain contact with you who wish to communicate with us or interact on our LinkedIn page in other ways, see also about communication under point 2.1 above 

In this context, we process your name and links to other information that you have posted on Linkedin in connection with your name/account on Linkedin. In addition, everything you share through posts and comments on our LinkedIn page, as well as the fact that you have "liked"/follow our website, is processed. What you share on the LinkedIn page is up to you, and is voluntary.  

We ask you not to share personal data in posts or comments on the website, and especially not to share personal data about others, e.g. by "tagging" or mentioning people.  

We process personal data in social media, such as Facebook, on the basis that we believe we have a necessary legitimate interest in communicating with the outside world through the social media and will then process personal data in this context (GDPR Article 6 (1) (f)). We have assessed that this is necessary in order for us to communicate with the outside world and handle inquiries we receive, and that the data subjects' privacy does not override these interests. 

The data will be processed as long as posts/comments are available on the social media, and you can delete this yourself at any time.  

2.9 Use of websites 

On our websites and in our services, cookies are used, among other things, to collect information to improve the customer experience on websites and services, as well as to provide functionality in the services. We also use the information to provide visitors with recommendations and service adjustments that are most relevant to you. This will be based on the visitor's behavior, e.g. based on services used, links clicked on or information read, and based on the behavior of other users with similar usage patterns. As far as practicable, we try to do this with anonymous information, without knowing that the information is linked specifically to the individual visitor. 

A cookie is a text file or data that, when you visit or interact with a website, is placed in your browser's internal memory or a series of numbers/digits that can identify your browser or device that uses the website (referred to as cookies below for simplicity).  

You have the option to prevent us from placing cookies in your browser. Many browsers or devices are set to accept cookies automatically, but you can choose to change the settings so that cookies are not accepted. The disadvantage of disabling cookies in your browser is that the websites will not function optimally. The reason is that the purpose of most of the cookies we use is to ensure the functionality of the services. 

We also use tools other than cookies to collect information about your IP address, the type of browser you use, your operating system, the date and time of your visit to the website and services. We use this information to analyze trends so that we can make our website and services more user-friendly. 

We use cookies in connection with Google Analytics on the website. This helps us analyze user behavior and traffic on our website. 

We will process the aforementioned personal data on the basis of consent (GDPR Article 6 (1) a). The information will be processed until you withdraw your consent, which can be done on the website or by contacting us. See more about consent given on the website.  

Necessary and functional cookies, as well as cookies for statistics, are processed on the basis of our necessary legitimate interest (GDPR Article 6 (1) f) to adapt the website to our users and that this interest outweighs the individual's privacy. However, we safeguard the privacy of visitors to the website by only using the information for statistics. In these statistics, it is not possible to identify individuals. The data will be stored for as long as it is necessary for the purposes mentioned above.  

3. Processing on the basis of consent 

If we process personal data on the basis of your consent, see above, you may withdraw your consent at any time without affecting the lawfulness of any processing based on consent prior to its withdrawal. Please contact us if you wish to withdraw your consent. Please note that if you withdraw your consent, we may continue to process all or part of the data if there is another basis for the processing.  

4. Retention and storage (deletion) of personal data  

We retain personal data for as long as is necessary for the purpose for which the personal data was collected, and delete the data in line with regulatory requirements. The length of time we retain personal data varies depending on how the data was collected and the purpose for which it was collected.  

When we delete the information is included in the above where the individual treatments are mentioned, or the storage period is based on the following criteria: 

  • Whether we have a legal or contractual need to retain the information, as there may be claims against us 
  • Whether the information is necessary for our business 
  • Where the basis for processing is consent, when consent is withdrawn.   

When we no longer have an ongoing legitimate need to process your personal data, it will be deleted or anonymized as quickly as possible in accordance with applicable law. 

Instead of deleting personal data, it may in some cases be relevant to anonymize the personal data. Anonymization means that all identifying or potentially identifying characteristics are removed from data sets that are retained.  

This means, for example, that personal data that we process on the basis of your consent will be deleted if you withdraw your consent. Personal data we process in order to fulfill an agreement with you will be deleted when the agreement has been fulfilled and all obligations arising from the contractual relationship have been fulfilled, such as legal obligations related to accounting, follow-up of the customer relationship related to complaints, etc. Personal data we process as a result of a legal obligation will be deleted as soon as we are not obliged to store the data. 

5. Processing of personal data as part of services 

MediVox provides services to, among others, doctors and doctors' offices. Our customers who use our services are the data controller for the personal data processed when using the services. We will then process personal data on behalf of the customer, and are then the data processor. A data processing agreement has been entered into between us and our customers to regulate our processing of personal data on behalf of our customers.  

The information in this privacy policy will also apply to our processing of personal data about our customers' customers in terms of disclosure and transfer of personal data and security/technical matters. For deletion of personal data, it depends on when our customer chooses to delete the information. We will never use information or data from our services without this being instructed or approved by our customers.  

We may send out emails to contact persons at users of our services and our customers in order to provide information about the services, such as technical matters, upgrades, new functionality, etc. in addition to emails that are automatically generated by our services. Recipients of these can unsubscribe/provide information that they do not want the emails. See more above.   

Below we have included a general description of the processing that takes place in our services. It may be that the individual data controller processes or has personal data processed differently in the service. The data controller is responsible for providing information about the processing carried out, even if we are the data processor. However, we have made this information available to make it easier for users to gain insight into the processing carried out. 

5.1 Purpose of the processing 

The purpose of the processing of personal data carried out in the service is to provide the functions and perform the tasks that are the purpose of the service, which is to make the documentation process easier and more efficient for doctors. This is done, among other things, by doctors reading audio files that are converted into text, which is interpreted by algorithms, including through the use of artificial intelligence solutions.  

5.1.1 Processing performed in the service 

The following processing of personal data will take place in the Service:  

  • Registration of personal data that can be linked to users of the services and others who are registered in the service (personal data).  
  • Recording of audio, which is converted into text using voice recognition algorithms and artificial intelligence. This process is done in the memory of the solutions that perform the conversion, so there is no storage of information with us. However, processing takes place so that data, including personal data and health information, may be available to us and our subcontractors for as long as the processing takes place. All data is deleted as soon as the processing is complete. 
  • The text is then transferred to the doctor's equipment, where the doctor can copy the text to, for example, the medical record system.  
  • Integration with other systems that may result in the compilation, modification and transfer of personal data to these systems.  
  • Calculate statistics and analyses, which are provided on reports. The reports will not contain personal data.   
  • Operations personnel use their administrator access to perform user support and operational maintenance on the data controller's data and operational resources (servers, databases, user accounts and the like). However, no data/text from users will be available here, apart from the short time text is processed, see above. 

6. Personal data collected and processed 

Contact information on users of our solution will be processed. In addition, only text that doctors read in and which is processed so that doctors can copy text out will be processed. Such text is dependent on what the doctors read in, but could be health information and other depending on the text.  

The legal basis for processing personal data depends on the purpose of the processing by our customer who is the data controller, but normally the processing will be done to either fulfill an agreement with the user (who will be patients), fulfill a legal obligation such as performing medical services, as well as that there may be a legitimate interest in the business such as running a medical business. 

We will also be the controller of certain personal data processed in connection with our services which will include:  

6.1 System monitoring, error correction etc. 

We monitor our systems for errors and problems. Part of these processes involves storing and processing personal data as users. The legal basis for processing personal data for this purpose is our legitimate interest, as we believe we have a legitimate interest in ensuring that our systems and solutions do not have errors or problems. 

6.2 Security 

We process personal data in our efforts to protect our solutions and services, users and ourselves against security breaches, fraudulent activity, misuse, etc. The legal basis for processing personal data for this purpose is our legitimate interest, as well as the fact that we have obligations under the data protection regulations to safeguard personal data, see e.g. GDPR Articles 24 and 32, and that we have obligations to our customers under the data processing agreement entered into with them. 

6.3 Compliance with legal obligations 

We may be required to process personal data in order to comply with other legal obligations, such as securing data in connection with legal disputes, disclosure requirements, etc. The legal basis for processing personal data for this purpose is that the processing is necessary in order to comply with a legal obligation to which we are subject. However, it is very unlikely that such disclosure will occur.  

6.4 Communication to users 

We may send information about the Solution to users of the Solution to inform them about the Solution, its availability, functionality and other matters that are necessary for users to be aware of. Such mailings are made on the basis of our legitimate interest in keeping users updated about the solution. You can opt out of such mailings, but we recommend that you do not do so as you may then miss out on important information.  

6.5 Your rights 

If we are a data processor in the processing of personal data as stated above, you must contact the data controller to exercise your rights, which will be the doctor you use. However, the rights you have will be largely the same as we have listed below. If you contact us, we will also be able to help refer you to the data controller, if we have this information.  

If we are the data controller, you can find more about your rights below, and you can contact us to enforce your rights.  

7. Transfer or disclosure of personal data to others  

We do not disclose personal data to others in cases other than those mentioned in this statement and unless there is a legal basis for this. Examples of such a basis will typically be an agreement with or consent from the data subject or a legal obligation that requires us to disclose the information. The latter applies to public activities such as tax collection (if necessary), accountants/auditors, as well as others that we need in our business as a bank.  

We use data processors to collect, store or otherwise process personal data on our behalf. In such cases, we have entered into agreements to safeguard your rights and the security of your personal data at all stages of processing.  

If it is required by law or there is a suspicion that a crime has been committed in connection with the use of our services, personal data we have stored about you may be disclosed to public authorities, such as the police in the event of an investigation. 

If personal data may be subject to transfer to another organization in connection with a merger, financing, reorganization or dissolution transaction of all or part of us, we will only do so if the parties involved have entered into an agreement in which the collection, use and sharing of the personal data is limited to the purposes relating to the transaction, including a determination as to whether or not the transaction will proceed, and the personal data will only be used by the parties involved to effect and complete the transaction. If another company acquires us or our business or assets, that company will have access to the personal data collected by us and will assume the rights and obligations with respect to your personal data as described in this Privacy Statement. 

8. Transfer of personal data to recipients in countries outside the EEA 

It is a goal for us that all processing of personal data shall be carried out within the EEA, but it may be that we use suppliers or process personal data outside the EEA. In such cases, transfer and processing outside the EEA (third countries) will take place in countries approved by the European Commission or in accordance with a valid legal basis for the transfer of personal data under Chapter V of the GDPR. If a transfer to a country approved by the European Commission does not take place, the transfer will only take place in accordance with the guarantees set out in Article 46 (2) of the GDPR. You can find out which basis is used for the transfer if you contact us.  

9. Security of the processing 

We give high priority to the security of personal data in our business and will implement all required technical and organizational measures to secure your personal data.  

We manage information so that it is accurate, accessible and handled according to the level of sensitivity of the information. We also use a variety of security technologies and information security procedures to protect personal data from unauthorized access, use or disclosure. Risk assessments are carried out for the processing of personal data. 

We have entered into data processing agreements with all of our suppliers who process personal data, whereby they undertake the same degree of security as we have for our processing of personal data.  

We restrict access to personal data to those staff or third parties who will process the data on our behalf. These parties are subject to confidentiality obligations.  

Procedures have been established for handling breaches of information security and routines (data breaches), and if there is a breach that poses a risk to the privacy of those to whom the personal data relates, we will send a deviation report to the Norwegian Data Protection Authority as soon as possible and no later than 72 hours after the breach was discovered. If the breach has a high probability of affecting the privacy of those to whom the breach relates, we will also notify them. 

10. Your rights when we process personal data about you  

Below are your rights regarding the processing of personal data. In order to exercise your rights, you must contact us, see the contact information above, or in another way as described below.  

We will respond to your inquiry as soon as possible, and at the latest within one month. If it takes longer than one month, you will be notified.  

We will ask you to verify your identity or to provide additional information before we allow you to exercise your rights towards us. We do this to ensure that we only give access to your personal data to you - and not someone pretending to be you. 

Your rights below apply where we are the data controller, see above. If we are a data processor for our customers, and you use services from one of our customers, the customer is responsible for the processing of personal data (data controller). You must then contact the person from whom you receive the service to exercise your rights relating to the processing of your personal data. Your rights will then essentially be as described below. 

10.1 Information 

You have the right to receive information about the personal data we process about you. Through this statement, we inform you about our processing of personal data. You can also contact us if you want more information.  

If we have disclosed information to others, we have a duty to inform the recipient of claims for rectification and deletion of personal data, see section 9.3 below, or restrictions on processing, see section 9.5 below, if such information is impossible or involves a disproportionate effort. We have a duty to inform you of such disclosure if requested to do so.  

10.2 Transparency 

You have the right to demand access to the personal data processed about you. Please contact us if you want access.  

If you request it, you will also receive a copy of the personal data we process about you. We may ask you to specify which information you want a copy of, to make the disclosure easier for us. When providing a copy of your personal data, we may require you to identify yourself to ensure that we do not disclose personal data to unauthorized persons. Your personal data will be transmitted in digital form unless you request that it be transmitted in another way. 

10.3 Change and deletion 

You can also ask us to correct incorrect information we have about you or ask us to delete personal data. We will, as far as possible, comply with a request to delete personal data, but we cannot do this if we still need the data.  

10.4 Processing on the basis of consent 

If we process personal data on the basis of your consent, you can withdraw your consent at any time. The easiest way to do this is to use the method stated when you gave your consent or contact us.  

10.5 Right to restrict or object to processing 

You may demand that our processing of your personal data be restricted in certain cases, if the conditions for this are met. If the processing is restricted, the personal data will only be stored. See further details in GDPR article 21. 

10.6 The right to data portability 

For data that you have provided to us and is necessary for the performance of a contract with us, and which is processed automatically (i.e. not manually by us), you may request that your personal data be disclosed or transferred to another provider in a structured, commonly used and machine-readable format (data portability).  

10.7 Automated processing, including profiling 

There will be no automated processing, including profiling, based on your personal data that produces legal effects or significantly affects those to whom the personal data relates. See GDPR article 22 no. 1 and 4.  

10.8 Right to be notified  

If there is a data breach, i.e. a breach of the security of personal data that will result in a high risk to your privacy, we will notify you without undue delay. 

11. Complaints 

If you feel that our processing of personal data is not in accordance with what we have described here or that we are otherwise in breach of data protection legislation, you can complain to the Norwegian Data Protection Authority. However, we ask you to contact us first, so that we can rectify any incorrect processing as quickly as possible.  

You can find information about your rights and how to contact the Data Protection Authority on the Data Protection Authority's website: www.datatilsynet.no 

12. Amendments 

If there are any changes to our processing of personal data or changes to the regulations on the processing of personal data, this may result in changes to the information you have provided here. If there are changes that concern you directly and that affect your privacy, we will be able to contact you if we have your contact details. Otherwise, you will always find an updated version of this privacy policy on our website.  

From the heart of Norway, MediVox AS develops the digital solutions of the future for doctors assisted by the latest artificial intelligence

Menu
Contact us

Copyright © 2024 MediVox AS. All Rights Reserved

Design by essDesign

en_USEnglish
nb_NONorwegian en_USEnglish