Last Updated: 2023-09-12
Data Controller and Processor
The services are operated by Mindcare AS (Business Registration Number: 925 239 070), headquartered at Rathkes gate 5B, 0558 Oslo. You can reach us via email at firstname.lastname@example.org.
Mindcare acts as the data controller for information collected from its clients. This typically includes data necessary for service delivery and fulfilling our obligations to our customers.
Our customers utilize our services to manage their mental health care practices. As part of this process, data pertaining to their clients is stored and processed on our platform. For this data, Mindcare assumes the role of the data processor, while the account holder serves as the data controller.
When is Personal Information Collected?
We process information about you in the following situations:
- You have registered as a user on the platform.
- You create an order or agreement on the platform.
- An order or agreement is made on your behalf.
- You are invited to the platform by a colleague or friend.
- You subscribe to our newsletter.
- You have applied for a job with us.
- You contact us via chat, email, or other means.
Legal Basis for Processing Personal Information
The personal information collected is processed based on the following:
For platform users
Data Processing Agreement: Regarding the information that our customers input into the platform, we assume the role of a data processor, governed by the provisions set forth in our data processing agreement. This agreement clearly outlines our responsibilities and obligations in managing this data.
The legal foundation for data processing relies on your consent to utilize our platform for the services we offer, in accordance with Article 9(2)(a) of the General Data Protection Regulation (GDPR). When using our platform as a patient, this consent is granted for the following purposes:
- Secure Login: We process your information to facilitate secure login.
- Appointment Management: This includes appointment booking and any subsequent changes to your appointments with your healthcare provider.
- Booking History: We maintain a history of your past bookings.
- Payments: Facilitating payments from you to your healthcare provider.
It's important to note that beyond these specified purposes, your healthcare provider assumes the role of the data controller for information related to you, while we act as the data processor for this information.
Visits to app.konfidens.com
For security and privacy reasons, Konfidens does not use any third-party cookies on the website**. Konfidens only uses its own cookies to provide functionality related to user-friendliness and security, but we strive to keep this number to a minimum.
You can read more about our cookies on this page.
Konfidens adheres to the information security and privacy standards set by the Norwegian Directorate of eHealth within the healthcare sector. Consequently, a majority of your actions as a healthcare professional are systematically recorded. These actions encompass, among others:
- Initiating a session from an unfamiliar device.
- Accessing a patient's record.
- Writing session notes.
- Electronically signing a note.
- Revising an already signed note.
- Granting access to a patient's record to a supervisor or colleague (subject to patient consent).
Each log entry comprises a user identifier, the date of the action, and specifics about your login method during that session. In cases involving particularly sensitive actions, such as printing notes from a patient's record, we also log your IP address for added security and accountability.
Who is Your Personal Information Shared With?
Konfidens uses a limited number of subcontractors to provide services on the platform. In cases where the processing of personal information is necessary, we require the data to be processed and stored in Europe, in compliance with the General Data Protection Regulation (GDPR).
To provide the Services, we rely on select data subprocessors, which process different categories of data. Processors never store data outside of the scope of their specific purpose. Subprocessors are as follows:
The platform runs and stores data in data centers located in Frankfurt, Germany, operated by AWS EMEA SARL. All information on the platform is stored in databases in these data centers.
Applicable only for Norwegian users.
The platform uses SMS to verify ownership of phone numbers and for authentication of known users. We use GatewayAPI for sending SMS. Data is stored and processed in Germany, Finland, and/or Denmark. The personal information transmitted includes:
- Your phone number
Emails sent automatically from the platform, such as email confirmations or clinic invitations, are sent via Brevo (formerly Sendinblue). Data is stored and processed in Germany, Belgium, and/or Ireland. The personal information transmitted includes:
- Email address
- Recipient's name
- Subject and content of the email
- Google Cloud / Helpcrunch / Intercom
Emails to and from us that are not automatic emails are received and sent via HelpCrunch or sent via Intercom or Google Cloud, depending on the recipient's address you send to. When we initiate the email exchange, we will provide your name and email address to the third party. If you initiate the exchange, the personal information exchanged is controlled by your email provider but typically limited to name and email address.
How Long Do We Store Your Information?
If you have created a user account but have not been active for a period of 4 years, we will send you a notice that your account will be archived and deactivated. Archiving involves anonymizing your data and occurs 6 months after the notice, unless you log in again in the meantime. Personal information processed under Konfidens' legitimate interests will be stored as long as we are required to keep them. For example, if you have made payments on the platform, information we are legally required to store according to Norwegian accounting regulations will be retained for 10 years after the end of the fiscal year.
You have the right to receive a response without undue delay, and no later than one month. Contact us at email@example.com if you wish to exercise any of these rights.
- Access to Your Data
You have the right to access the data we have about you. If we hold healthcare information about you, we will require identification to provide you with this information. Learn more about the right to access.
- Correction of Personal Information
You can ask us to correct or supplement inaccurate or misleading information. Learn more about the right to correct or supplement information.
- Right to Be Forgotten
You have the right to be forgotten if our information about you is inadequate, irrelevant, or no longer necessary for the purpose it was processed. Learn more about the right to erasure.
- Data Portability
If we process information about you based on consent or a contract, you can request that we transfer information about you to you or to another data controller.
Information in Patient Records
If you are a patient and require corrections or deletions of information entered into the platform by your healthcare provider, kindly reach out to the therapist or clinic responsible for your treatment. Please be aware that healthcare professionals may have legal obligations to maintain records of individuals who have received healthcare services and the nature of the care provided, as stipulated by national legislations.
Complaints About Processing
We hope you will let us know if you believe we are not in compliance with the rules in the Personal Data Act. In that case, please contact us through the contact or channel you have already established with us.