Introduction
This privacy policy provides information about how Oris Dental AS and affiliated companies, hereinafter referred to as Oris Dental AS, "we", "us" and/or "our", process your personal data.
The privacy policy provides information about what personal data we process, how we process it, for what purposes and on what legal basis. The policy also explains your rights as a data subject and how you can exercise them. The processing of personal data follows the rules in the Personal Data Act of 2018 with the associated EU Regulation 2016/679 on the protection of natural persons with regard to the processing of such data, etc., hereinafter referred to as GDPR.
A separate privacy statement has been prepared for employees of Oris Dental.
Data controller
Oris Dental AS is the data controller for shared processing that runs across the system, and for the processing that occurs in the Norwegian companies. For more information about data controllership, please refer to the individual company's privacy statement.
Purpose of processing personal data
The purpose of processing personal data is to provide dental treatment to the individual patient and to meet related requirements in accordance with the provisions of health and care legislation. The processing shall contribute to ensuring the safety of patients and employees and lead to efficient administration.
The purpose is to further develop dental health services through teaching and research, as well as to carry out reporting in accordance with government requirements and prepare statistics and management data, etc.
Basis of treatment
The legal basis for the processing of personal data is GDPR Article 6 No. 1. letter b) and GDPR Article 9 No. 2 letters h) and i). This basis for the obligation follows from, among other things, the Health Personnel Act, the Patient Records Act, the Patient and User Rights Act and the Dental Health Services Act.
In such cases, we do not need consent to process information about you. Your rights will still be protected by only processing personal data in accordance with the GDPR and applicable laws for the business.
We refer to the processing basis for services relating to operations in separate sections below.
Special information about processing your own customer information
Generally
When a person orders or uses our services, visits our website or otherwise interacts with us, information about the visitor may be processed.
We process passwords and login information, logs and other security data used to protect our services and facilities and ensure the confidentiality and integrity of your information.
Payment and credit information – such as payment card details and account information necessary to confirm purchases, refunds or creditworthiness.
We may process information about agreements, purchases and orders, payments and invoices, recorded telephone calls, subscriptions and reservations, and your other interactions with us, such as requests and messages.
ServiceWell
ServiceWell is a system that provides statistics on our operations.
The following personal data is processed:
• Unique ID for the patient
• Date of the patient's appointment at the clinic Time of the patient's appointment at the clinic Patient's name
• Patient's email address Patient's phone number
• Appointment type for the patient's appointment at the clinic
Your personal information is collected by ServiceWell from:
• the medical record system
• the patient themselves via the customer satisfaction survey
ServiceWell retrieves personal information directly from the medical record system. As long as you have a medical record, the system will be able to retrieve the information.
Analysis and development
In order to evaluate, improve and optimize our products and services, we may analyze your use of our services and/or website.
The legal basis for this processing is our legitimate interest in improving our services and products, see GDPR Article 6 No. 1 f).
We retain your personal data for as long as necessary to achieve the purpose for which it was collected, which will generally not exceed three years.
Customer service and feedback
In order to provide customer service, we will process your contact information (email address or telephone number) as well as the content of your message/inquiry to us. Depending on the assistance requested, we may ask you to provide additional personal information in order to provide you with good and customized customer service.
The legal basis is our legitimate interest in providing a pleasant and adequate customer experience, see GDPR Article 6 No. 1 f).
Marketing and communications
We may send you, or otherwise inform you about, various offers and activities, e.g. in the form of newsletters or special offers. For this purpose, we will process your name, email address and other personal data related to the special offer.
The legal basis for processing personal data for direct marketing purposes is consent, unless you are an existing customer (in which case we base our direct marketing on our legitimate interest). For other forms of marketing, the legal basis is our legitimate interest in marketing our products and services, see GDPR Article 6(1)(f).
We retain your personal data for as long as necessary to achieve the purposes for which it was collected.
Camera surveillance
To ensure an appropriate level of security, we may use camera surveillance. The camera surveillance may process your image and any actions you take while you are subject to camera surveillance. The camera surveillance will also be indicated in the form of a physical sign.
The legal basis is the legitimate interest in preventing dangerous situations, theft and ensuring the safety of others, see GDPR Article 6 No. 1 f).
We retain camera footage for seven days. We may store the footage for a longer period of up to 30 days if it is likely that the footage will be used in investigations or must be handed over to the police.
Who we share personal information with
When a person orders or uses our services, visits our website or otherwise interacts with us, information about the visitor may be processed.
We process passwords and login information, logs and other security data used to protect our services and facilities and ensure the confidentiality and integrity of your information.
Payment and credit information – such as payment card details and account information necessary to confirm purchases, refunds or creditworthiness.
We may process information about agreements, purchases and orders, payments and invoices, recorded telephone calls, subscriptions and reservations, and your other interactions with us, such as requests and messages.
Access to and disclosure of data within Oris Dental
Access to and disclosure of your personal data shall be limited and reduced to what is necessary to provide the services. Based on specific legitimate grounds, personal data is shared between the controllers where lawful.
Access to and disclosure of information to external parties
Oris Dental AS will generally not disclose data to third parties, but we transfer your personal data to our IT service providers who are established within the EU/EEA.
Cookies
A cookie solution is used on our websites that helps us get an overview of your visits to the website, orisdental.no, so that we can continuously optimize and tailor the content on the website to the needs and interests of visitors. Cookies can, for example, remember what you have put in your shopping cart on previous visits to the site, whether you are logged in and which language and currency you want to be displayed on the site. We also use cookies to target our advertisements to you on other websites such as Snapchat, Facebook (Meta) and doubleclick.net. Cookies are mainly used as part of our service to ensure that the content displayed is as relevant as possible.