PRIVACY POLICY

Orthecta AS is a medical company established in 2022. Orthecta produces 3D Printed surgical parts in Norway.
Our aids are sold through NAV, various institutions/orthopedic workshops, and to private individuals.

At Orthecta, we are committed to respecting and protecting your personal data in a secure manner and in accordance with the EU’s General Data Protection Regulation (GDPR).
This privacy statement provides information about what personal data Orthecta collects, why we do this, and how we process personal data in our business.

Orthecta AS
Symreveien 5,
1470 Lørenskog, Norway

Org.nr: 927 152 479

E-Mail: info@orthecta.no
Phone: +47 45268257 

Data Controller: Max Temmesfeld (CEO & founder)
Email: max@orthecta.no
Phone: +47 45268257 

We may collect and process the following categories of personal data:

• Contact information: address, phone number, email address, IP address
• Billing information if an order is placed by the customer
• Cookies
• Special categories of personal data, including health information: necessary documentation as a basis for the production of individually adapted products sent to us electronically; descriptions, diagnoses, sketches, images, etc.

We collect and use your personal data for the purposes listed below, depending on your relationship with us and how we come into contact with you. Orthecta will process information about you that is necessary for you to access the relevant services and products you need. All employees at Orthecta who process personal data are subject to confidentiality.

Orthecta generally does not store personal data longer than necessary to fulfill the purpose for which they were collected. Orthecta has systems and procedures in place to ensure that deletion is carried out. You can read more about deletion/storage time for personal data below. However, legal obligations may mean that certain information must be stored longer.

When Orthecta collects personal data, there must always be a legal basis for processing. The legal basis for processing personal data can be found below.

Storage time

The information is stored as long as the employment relationship lasts. Certain information, such as leave, notifications, salary, terminations, severance agreements, garnishments, etc., may be stored beyond the duration of the employment relationship based on legitimate interest or as required by accounting legislation.

When you communicate with us

When you contact us and interact with us, through correspondence, via our website, social media, email, phone, or similar as a potential customer, existing customer, supplier, partner, visitor to the website, etc., we process personal data that you choose to share with us to carry out sales activities, respond to inquiries, follow up on inquiries, etc.

Storage time Personal data based on consent will be deleted upon withdrawal of consent. Deletion will then take place at the next GDPR review, unless we are legally required to retain the data. Other personal data will be reviewed, deleted, and archived as needed, but no less frequently than every 3 years. Accounting material may be retained for 5 years, according to the rules in the Accounting Act.

When you use our website Like most others, we use cookies when you visit our website to provide you with a faster, better, and safer user experience. A cookie is a small file that is stored on your computer, tablet, or smartphone. A cookie is not a program that contains harmful processes or viruses. When you visit the website, you can accept or refuse the use of cookies. If you disable the website’s ability to set cookies, the user experience may be affected, and some functions on the website may not work. You can also delete existing cookies in your browser.

Storage time Information related to website activity (cookies) is stored for one month. Inquiries via the website are stored until the case is processed, or until consent is withdrawn. Other personal data will be reviewed, deleted, and archived as needed, but no less frequently than every 3 years.

Supplier or partner with Orthecta AS If you are a user of aids from, for example, NAV, or are employed in a company that is a customer or partner with Orthecta AS, we may process personal data to fulfill our contractual obligations. If personal data is exchanged between companies, there will be data processing agreements and possibly confidentiality agreements where this is required.

Necessary to provide health services according to the agreement, cf. GDPR Article 9(2)(h).

The information may be stored for up to 10 years if the information is necessary for later follow-up of the user on behalf of NAV. In special cases and by special agreement with NAV, the information may be stored for more than 10 years. It can then be agreed that deletion will take place when NAV requests it.

Storage time

The information is deleted if the job seeker requests it or as soon as the recruitment process is completed. The information will never be stored longer than 6 months.

When Orthecta receives orders from NAV or therapists/health professionals

If you need aids and/or individually adapted aids and receive help from NAV/therapists/health professionals to try out or purchase this, we will collect the necessary information to fulfill contractual obligations such as orders, offers, orders, production, reminders, and similar. In most cases, we do not receive personal data in connection with this, as NAV may be our customer and distribute the products to customers. In some cases, sensitive personal data such as images, sketches, and detailed descriptions of the extent of the injury are necessary to find the best solution for the user. The information we register about you will mainly come from yourself or from a public employee who has been given the responsibility to order individually adapted products that you have a documented need for and that are covered by the National Insurance Scheme. We may also receive contact information if products are to be sent directly from us to the user.

• GDPR Article 6(1)(c) (legal obligation)
• GDPR Article 9(2)(h) (Necessary to provide health services according to the agreement)

Storage time

The information is stored as long as necessary to provide the services or as long as the customer relationship/agreement lasts, or as long as required to fulfill legal obligations.

Personal data may be stored for up to 10 years if the information is necessary for later follow-up of the user on behalf of NAV. In special cases and by special agreement with NAV, the information may be stored for more than 10 years. It can then be agreed that deletion will take place when NAV requests it.

When you purchase products and services from Orthecta (physical and digital) If you contact Orthecta to request a quote for products or help finding products that may suit you, we will process information about you.

Storage time

Accounting material is retained for up to 5 years, according to the rules in the Accounting Act. In addition, orders and documentation are retained for up to 5 years. This is partly to be able to document deliveries based on legitimate interest, cf. GDPR Article 6(1)(f). Other personal data will be reviewed, deleted, and archived as needed, but no less frequently than every 3 years.

Orthecta generally does not disclose personal data to third parties. In some cases, however, we will have to share personal data if this is required by law, if we need to use subcontractors, or to be able to operate the business in an efficient and secure manner.

This may include parties such as accountants, public authorities, or other providers of necessary services. Orthecta ensures that all personal data is protected by entering into data processing agreements and possibly confidentiality agreements where necessary, with all those who process personal data on behalf of Orthecta.

When Orthecta corrects or deletes personal data, this is also communicated to any partners who have received the data.

Only employees at Orthecta and possibly our data processors have access to the data. All employees have signed confidentiality agreements, and our procedures and routines ensure that access to personal data is limited to employees who need access to the data to perform their work tasks.

Your rights When Orthecta processes your personal data, you have the right to the following:

• Access: You have the right to receive information about what personal data we have registered about you and to receive a copy of your personal data.
• Correction: You can request that information about you that is incorrect, incomplete, or irrelevant be corrected or supplemented with correct information.
• Deletion/restriction of processing of personal data: You can request deletion or restriction of the processing of your personal data. You can withdraw consent if the legal basis is consent. However, this does not apply to information that Orthecta is legally required to process or retain.
• Data portability: You can request to receive the personal data you have provided to us in a machine-readable format for yourself or another data controller.
• Object: You can object to our processing of information about you.

If you believe that Orthecta’s processing of personal data violates your rights in any way, we ask you to contact us at the following:

email: mail@orthecta.no, so that we can resolve the matter together.

Orthecta will normally respond to requests from you regarding your rights within 30 days. If you believe that this does not lead to a solution, you have the right to complain to the Data Inspectorate. This can be done via their website, which you can find here.

Security Orthecta takes information security seriously and works to protect your personal data in the best possible way. Among other things, we use strong passwords, password managers, backups, encryption of information, and two-factor authentication to secure data and prevent unauthorized access to view, change, delete, or in any way affect the data we store, including personal data.

We only use reputable providers of all the technical systems/solutions we use. We only allow others to access and/or process your personal data according to our instructions, and only where it is strictly necessary.