This privacy notice has been prepared by Otivio AS (“we” or “us”) to ensure that you receive the information we are required to provide you and which is necessary for you to exercise your rights under the General Data Protection Regulation (EU Regulation 2016/679 – the “GDPR“). We act as a data controller with regards to the processing of personal data described in this privacy statement.
Effective date 11.11. 2021
1 Data subjects
This privacy statement applies to our processing of the following persons’ personal data:
- Persons who contact us for information about FlowOx
- Users of FlowOx that contact us for support
- Contact persons at our customers, suppliers and business partners
- Job applicants
2 Purpose, types of personal data and legal basis
Below we have listed the purposes for our processing of personal data, what kind of personal data we process, and the legal basis for such processing.
2.1 Persons who contact us for information about FlowOx™
When contacting us through the contact form on our website or through phone, we will process the personal data such as contact details and other information you are providing us. The legal basis for this data processing is GDPR article 6 (1) (a) consent. If you are providing us health information, the legal basis for our processing is GDPR article 9 (2) (a) consent. However, we will advise you not to provide any health information when contacting us through the contact form on our website.
2.2 Users of FlowOx™ that contact us for support
Users of FlowOx will purchase or rent FlowOx from their health care providers. We will not process any personal data in connection with your purchase or renting of FlowOx. However, when contacting us for support related to FlowOx, we will process the personal data to respond to your request, such as contact details. We will also process any other information you are providing us. We will however not ask for any personal data beyond what is strictly necessary for providing adequate support. The legal basis for this data processing is GDPR article 6 (1) (a) consent. If you are providing us health information, the legal basis for our processing is GDPR article 9 (2) (a).
2.3 Processing of personal data about customers, suppliers and business partners
To fulfil our contractual obligations, as well as providing you with service within our area of business, it is necessary for us to process some of your personal data. In this context we will process name, company name, e-mail and telephone number.
This processing has legal basis in GDPR article 6 (1) (b) fulfilment of agreement with a business partner, or for implementing measures upon the business partner’s request prior to entering into agreement.
We distribute newsletters to e-mail addresses we have received in connection with our services as well as others who have requested to receive our newsletter. Otivio may additionally distribute newsletters to e-mail addresses that are obtained from public sources, however only including persons we deem likely to be interested in Otivio’s services. Recipients of the newsletter can easily unsubscribe from this service via the link included in each e-mail.
The legal basis for this data processing is either GDPR article 6 (1) (f) since the recipient of the newsletter will have an interest in receiving news from us, or GDPR article 6 (1) (a).
2.5 Job applicants
In connection with recruitment and processing of job applications, we will process certain personal data, such as name and address, personal ID number, e-mail, telephone number, CV, transcript of grades and references.
Our legal basis for this processing will be either an informed consent from the applicant, cf. GDPR article 6 (1) (a) or GDPR article 6 (1) (b) fulfilment of agreement with a job applicant, or for implementing measures upon the job applicant’s request prior to entering into agreement.
3 Parties with whom we share personal data
Otivio may disclose personal data with our partners and service providers necessary to fulfil our obligations towards you. Beyond this, we do not disclose personal data with anyone, unless explicitly requested or approved by the data subject, or the disclosure is required by law.
4 Storing of personal data
We will not store personal data longer than necessary for obtaining the purpose of the processing.
Under the Norwegian Accounting Act we are directed to store certain accounting documents for a specific amount of time. When personal data is stored for a specific amount of time in order to fulfil a predefined purpose, we make sure that the personal data is exclusively used for that purpose during that period.
5 Your rights
You hold the rights to any personal data that pertains to you. Your specific rights depend upon the circumstances in question.
Retraction of consent: If you have consented to receiving our newsletter, you may at any time retract you consent. We have made sure that it is easy for you to opt out from receiving this type of communication by including a link in each newsletter for unsubscribing from the service. If you have consented to any other processing of personal data, you may also at any time contact us and retract your consent to this processing.
Request access to information: You have the right to request information on the personal data pertaining to you we have on file, as long as this does not conflict with the duty of confidentiality. In order to ensure that personal data is handed over to the right individual, we may require a written motion for access to information, or that ID is confirmed in another way.
Request correction or deletion of information: You may request that we correct incorrect information regarding you or that we delete your personal data. We will to the best of our abilities comply with a request of deleting personal data, but we cannot comply if there are strong grounds for not deleting it, for example if we need to store the data for documentation reasons.
Data portability: In some instances, you may receive access to personal data you have provided us with in order to transfer the data to another company in a machine-readable format. If technology allows, it may in some cases be possible to transfer the data directly from us to the other company.
Complaint to the regulatory authority: If you disagree with the way we process your personal data, you can submit a complaint to The Norwegian Data Protection Authority.
We have established procedures for handling personal data in a secure manner. The measures are of both technical and organizational nature. We regularly assess the security of all key systems that are used for handling personal data, and agreements are in place that impose providers of such systems to ensure adequate information security.
7 Changes to the privacy statement
We may make slight adjustments to this privacy statement. You can always find our latest version on our website. We will notify you in case of any material changes.
8 Contact us
If you have any questions or comments to our privacy statement, or want to exercise your rights, please contact us at:
Phone: +47 98 08 20 42