Privacy Policy
BEHANDLINGSANSVARLIG
This privacy policy explains how we collect and use (process) personal data in our business.
Helselaben AS, represented by the general manager, is responsible for the processing of data.
NB! It is not allowed to copy any content from this privacy policy, cf. the Copyright Act. Our contact information is:
FIT4 Høvik AS
Business address: Fjordveien 1 Org. no.: 920006760
Email address: post@fit4.no
We take your privacy seriously and have taken several measures to ensure that we provide you with clear information about how we process your data and what rights you have. If you feel something is unclear or missing, please do not hesitate to contact us.
RETTIGHETENE DINE
Ta kontakt med oss hvis du har spørsmål om eller vil benytte deg av en av dine rettigheter. Du har krav på svar senest innen 30 dager. Les mer på Datatilsynets sider.
-
Innsyn i og retting av egne opplysninger: Du kan be om en kopi av alle opplysninger vi behandler om deg, og be oss om å rette opplysninger som ikke er riktige.
-
Sletting eller begrensning: I noen situasjoner kan du be oss om å slette og/eller begrense behandlingen av opplysninger om deg selv, men vi kan ikke slette data vi er pålagt å behandle.
-
Protestere mot en behandling: Dersom vi behandler opplysninger om deg på bakgrunn av berettiget interesse, har du rett til å protestere på det.
-
Dataportabilitet: Dersom vi behandler opplysninger om deg med grunnlag i samtykke eller en kontrakt, kan du be oss om å overføre opplysninger om deg til deg eller til annen behandlingsansvarlig.
-
Du har også rett til å trekke samtykket ditt tilbake når som helst.
-
Hvis du ikke er fornøyd med behandlingen av dataene dine kan du klage til Datatilsynet, men vi håper at du vil si ifra direkte til oss først så vi kan prøve å løse saken for deg på en god måte.
WHO WE PROCESS PERSONAL DATA ABOUT
We process personal data about:
-
Customers
-
Potential customers
-
Patients
-
Contact persons at suppliers and partners
-
Visitors to our website who sign up for our newsletter
-
Job applicants
-
Employees
-
Former employees
HVORDAN VI SAMLER INN PERSONOPPLYSNINGER
Det er frivillig å oppgi personopplysninger til oss, men for å kunne gjennomføre en handel trenger vi imidlertid en rekke opplysninger fra deg. Vi verken leier, kjøper eller selger personopplysninger fra/til andre. Vi bruker ikke automatiserte avgjørelser eller profilering i behandlingen av personopplysningene dine, og vi behandler ikke særlige kategorier personopplysninger utover det som gjelder i et vanlig ansettelsesforhold.
Vi behandler personopplysninger når du:
-
kjøper våre produkter/tjenester
-
kontakter oss via telefon, SMS, nettsiden vår, e-post eller sosiale medier
-
melder deg på nyhetsbrev
-
melder deg på arrangementer i vår regi
-
svarer på en spørreundersøkelse
-
bruker nettsiden vår
-
Former employees
PURPOSE, LEGAL BASIS, AND STORAGE
According to Article 6(1) of the General Data Protection Regulation (GDPR), we process personal data based on:
-
Your consent
-
A contract we have entered into
-
A legal obligation we have
-
A legitimate interest we believe we have
As a general rule, personal data should not be processed and stored longer than necessary to fulfill the purpose of the processing. However, we will retain data as long as required by applicable legal obligations, for example, related to accounting, tax, or employment law, and/or other relevant rules and regulations.
Your personal data will only be stored as long as we have a purpose and a legal basis:
-
Until you withdraw your consent (e.g., related to marketing via email and SMS)
-
As long as we have a contractual obligation, and possibly in accordance with accounting and bookkeeping rules (e.g., related to sales)
-
As long as we have a legal obligation and in accordance with applicable laws and regulations (e.g., related to employment)
-
As long as we have a legitimate interest or until you ask us not to process your personal data in such a manner (e.g., related to marketing to existing customers)
You can contact us at any time if you want us to stop processing or delete your personal data. We will fulfill our obligations under relevant laws. Note that we cannot delete personal data we are legally obligated to process.
We also have procedures to ensure that personal data is deleted from all relevant systems when we no longer have a purpose and/or legal basis for continuing to process it.
HOW WE PROCESS PERSONAL DATA
Here we describe in detail when and how we process your personal data, for what purposes, on what legal basis, and for how long.
When you communicate with us
When you give us your business card or contact us via the website (contact form, comment section, chat, or similar), by email, via phone (call, text message), or social media, we process personal data. Depending on where and how you send us a message, this may include name, contact information, IP address, and other information you choose to send us.
The purpose is to respond to your inquiries, for historical purposes, and to have documentation in case we receive complaints, claims, or legal demands. The legal basis for processing personal data is f), where the legitimate interests are to respond to your inquiries, for historical purposes, and to have documentation in case we receive complaints, claims, or legal demands. We review, archive, and delete inquiries as needed, but not less frequently than every 2-3 years. Accounting material is retained for up to five years, according to the rules in the Accounting Act.
In principle, we do not communicate with patients over email. However, there are instances where we receive inquiries from patients, with descriptions of ailments, and sometimes letters from doctors or from examinations. We try to delete such inquiries as soon as the correspondence is over.
When you purchase our products and services
When you purchase products and services from us, we process personal data such as name, contact information, order and payment information, and purchase history.
For patient consultations, we comply with the regulations on patient records in processing your personal data. These data are, in principle, not allowed to be deleted, except in special cases. For purchases of drop-in massage sessions or other products we sell, these will be paid in cash, and no personal data is stored in our database.
The purpose is to deliver products and services to you according to your order/purchase, to maintain a history of sold products and services, and otherwise to manage and follow up the customer relationship with you. The legal basis is b) contract and c) legal obligation under, among others, the Accounting and Taxation Acts. Accounting material is retained for up to five years, according to the rules in the Accounting Act.
Marketing in existing customer relationships
When you become a customer with us, we process personal data as mentioned above. If you have an existing customer relationship with us, we may send you marketing emails and SMS, in accordance with the Marketing Act § 15.
The purpose is to provide good customer service. The legal basis is f), where the legitimate interests are to offer you relevant products and services. The legal basis may also be a), where you have given us your consent. You can unsubscribe from marketing emails and SMS at any time. Information on how to unsubscribe is provided in all emails and SMS we send related to marketing. The data is retained as long as the customer relationship exists, until you unsubscribe, or until you object to the processing.
When you apply for a job or work with us
When you apply for a job with us, we process personal data such as name, contact information, CV, and other information we need to evaluate your application. The legal basis is b) contract, and possibly Article 9(2) b) and h) if your application contains special categories of personal data. The data is deleted after a person is selected for the job, unless you have consented to us retaining your information longer in case you wish to apply for a job at a later time.
For employees, we process personal data as mentioned above, in addition to information necessary to pay wages and otherwise manage the employment relationship. The legal basis for this is b) contract, c) legal obligations under applicable employment laws, and possibly Article 9(2) b) and h) for special categories of personal data. Employee data is generally deleted when the employment relationship ends, unless special reasons (such as disputes over termination or dismissal) make it necessary to retain them longer. Data related to payroll administration is retained for up to five years, according to the rules in the Accounting Act.
When you subscribe to a newsletter
We send newsletters by email with information about new articles, blog posts, discounts, offers, free templates, checklists, and similar. The newsletters sometimes contain information about our products and services. When you subscribe to newsletters, we process personal data such as name, contact information, and IP address.
The purpose is to inform you about relevant news and offers, as well as to provide good customer service to potential and existing customers. The legal basis is a) consent. Subscribing to newsletters is voluntary, and you can withdraw your consent (unsubscribe) at any time by clicking "unsubscribe" at the bottom of one of the emails.
The provider we use to send newsletters has integrated analytics showing that subscribers open and possibly click on links in the newsletters. This functionality is integrated into the system and cannot be disabled. If you do not want your data to be analyzed in this way, you should not become a subscriber. We use the data to analyze the results of the newsletters and tailor content for our subscribers. The legal basis is f), where the legitimate interest is to continuously improve our products and services. The data is retained as long as you subscribe and is deleted at our next GDPR review.
When you sign up for an event
When you participate in free events with us, we process personal data such as name and contact information. For paid events, we also collect order and payment information. The purpose is to plan, manage, and carry out the event and provide good customer service. The legal basis is b) contract. The data is retained for up to one year after the event unless otherwise stated in the event agreement. If the event is paid, accounting material is retained for up to five years, according to the rules in the Accounting Act.
When you respond to a survey
When you participate in surveys with us, we process personal data such as name, contact information, and your answers to survey questions. The purpose is to get feedback and analyze the results to improve our products and services. The legal basis is a) consent. The data is deleted after the analysis is completed unless otherwise stated in the survey.
When you are a supplier or collaborate with us
When you enter into an agreement with us either as a supplier, partner or data processor, we process personal data such as name, contact information and correspondence. The purpose is to be able to enter into an agreement with you and the legal basis is b) agreement. The information is kept for up to five years according to the rules in the Bookkeeping Act . We process personal data related to general correspondence and communication as described above.
When you use our website
When you use our website, we process personal data in line with our cookie statement. www.Fit4.no The purpose is to administer our website, promote the company and respond to inquiries from visitors. The legal basis for cookies that store or process information that falls under § 2-7b of the Electronic Communications Act is consent through a preset in your browser, in line with Nkom's recommendations as described here (May 2020).
HVEM VI DELER PERSONOPPLYSNINGER MED
For å kunne drive virksomheten vår effektivt og sikkert, er vi noen ganger nødt til å dele personopplysningene dine med parter som:
-
Databehandlere: leverandører av ulike tjenester som behandler personopplysningene dine på våre vegne (for eksempel for IT- og administrasjonstjenester, regnskap, skylagring, webhotell, utsendelse av e-poster og lignende)
-
Profesjonelle rådgivere fra bransjer som advokat, finans, regnskap, revisjon og forsikring
-
Brukerstøtte for IT- og administrasjonssystemer
-
Offentlige myndigheter vi er pliktig å rapportere til
-
Mellom behandlere med felles pasienter, men bare gjennom sikker innlogging med bankID.
Vi krever at alle vi deler personopplysningene dine med sikrer dataene dine i henhold til god informasjonssikkerhet og etter kravene i personvernforordningen. Vi inngår databehandleravtale med alle som behandler data på våre vegne.
SAFETY
We take information security seriously, and we will always do our utmost to safeguard your personal information in the best possible way. Among other things, we use strong passwords, encryption of data, access control, backups and two-factor authentication to secure our data and prevent unauthorized persons from gaining access to view, change, delete or in any way influence the data we store, including your personal data.
We only use recognized providers of IT and administration services such as web hosting, website and PC security, virus software, e-mail provider, backup, and more. We only allow others to access and/or process your personal data in accordance with our instructions, and only where strictly necessary (e.g. for IT support).
We have established routines for handling breaches of data security, and we will, in the event of a discrepancy, send a notification of non-compliance to the Norwegian Data Protection Authority within 72 hours after a breach is detected. If the breach entails a high privacy risk, we will also notify affected data subjects.
We have used a template from Bedre Bedrift AS in preparing this privacy policy. They are in no way legally responsible for the content, but can be contacted if you need help preparing a privacy policy for your websites.
NB! It is not permitted to copy any content from this privacy policy, cf. copyright law.
OVERFØRING AV PERSONOPPLYSNINGER UTENFOR EU/EØS
I noen tilfeller overføres personopplysningene dine utenfor EU/EØS, for eksempel der vi bruker leverandører utenfor EU/EØS til å håndtere utsendelse av nyhetsbrev, til å behandle kundeopplysninger, for å tilgjengeliggjøre produkter og tjenester på nettsiden vår, for å muliggjøre betaling, for sikkerhet på nettsiden vår og ellers for å kunne drive virksomheten vår på en trygg og effektiv måte.
Overføring av personopplysninger til utenfor EU/EØS er kun tillatt til land EU-kommisjonen har godkjent, eller under nødvendige garantier etter personvernforordningen. Dette kan være Privacy Shield for leverandører vi bruker med tilhold i USA, bruk av EUs standardkontrakter, eller etter bindende virksomhetsregler. Dersom du vil vite hvilke leverandører vi bruker utenfor EU/EØS, og få tilgang til dokumentasjon av nødvendige garantier, kan du ta kontakt med oss.