Privacy statement


Who is responsible for processing?

The CEO is responsible for the company's processing of personal data. The day-to-day responsibility is delegated to the data processing manager, who is also the company's system manager. The delegation only applies to tasks and not responsibilities. Day-to-day responsibility for patient data is delegated to the head of clinic in each department.

What is the purpose?

The purpose of storing information is to provide correct and effective healthcare to our users. We are required by law to retain some data, but you can provide us with other data voluntarily to enable more effective communication.

What is the legal basis?

Our orthopaedic engineers are authorized healthcare professionals, and thus subject to the Health Personnel Act, Chapter 8 (§§39 - 47) with associated regulations - which regulates the basis for processing patient data.

Telecomputing is our IT service provider. All personal data is processed by Telecomputing. This is regulated by a data processing agreement.

We have similar agreements with Hove Medical (System X), Medilink and Columbus Norway.

What personal data is processed?

Statutory information:

Personal data, including national identity number, for secure identification
Address, telephone number, marital status and occupation
Information about risk of infection, to ensure HSE
Relevant diagnoses in relation to the services we will provide
Guardian or whoever consents on your behalf
Records of our examinations and assessments
Relevant images and/or videos
Epikrises, referrals, decisions and other documents that other healthcare professionals send us in connection with the treatment

Voluntary information:

Additional contact information
for repayment of advance payment
Where is the data collected from? The data is collected from referrals, applications and decisions submitted to us in connection with processing. Or directly from you as a customer. We are not linked to the National Population Register.
Is it voluntary to provide the information? We are required by law to store the statutory data listed in section 4. The voluntary data may make it easier for us to communicate with you.
Is the data disclosed to third parties? In order to ensure that correct and effective health care is provided, it may - upon request or when necessary - be appropriate to share relevant information with other partners. The following third parties may receive information:
The referring doctor or other healthcare professional receives a summary of our medical records (discharge summary). This applies to information that is relevant to the treatment in question.
NAV receives information in connection with the processing of the application, as well as confirmation of completion of the assistive device. This information includes personal data, contact information, current diagnosis and the orthopaedic engineer's assessment.

In some cases, we would like to use images or films in connection with training, courses and the like for other healthcare professionals. If you are identifiable in a photo or film, this may not be used without your prior written consent.

How is the information deleted and archived? According to the Medical Records Regulations, information must be stored for a minimum of 10 years after the last entry in the medical record.

All information is stored on server Telecomputing in Norway according to applicable regulations. Some of the oldest information is stored in a local database that is securely locked and with limited access. This database is not connected to networks or the internet.

What rights does the data subject have and which country's legislation applies? You have the right to access your own medical records as long as the information is not believed to be harmful to you. You can also demand that the information be disclosed.

You may require rectitation or deletion of the voluntary information. As regards the statutory information, you may only require the correction or deletion of incorrect information.

This statement may not limit the rights or obligations arising from Norwegian law. Applicable laws and regulations are the Health Personnel Act, the Patient Rights Act, the Archival Regulations and the Journal Regulations.

How is the data secured? Only OCH employees and our data processors have access to the data. Procedures are in place to ensure that only relevant personnel have access to sensitive data. All employees have signed a confidentiality agreement.


Telephone. 23 288200

Postal address: Innspurten 9, 0663 Oslo, Norway