Personvern

1. Introduction

At Overvinne AS, your privacy is of utmost importance to us. We are committed to protecting your personal information and handling it respectfully in compliance with applicable laws and regulations, including the Norwegian Personal Data Act and the EU General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and share your personal information when you use our services.

‍

Definitions:
"Data Controller" is the party who decides how personal data will be processed and is ultimately responsible for adhering to privacy principles and regulations.

"Data Processor" is a party that processes personal data on behalf of others and under instructions. It cannot determine the purpose or other decisive elements of the processing.

‍

‍Controller:

Overvinne AS
Address: Nordre Berggate 2, 7014 Trondheim
Organization number: 913 820 622
Customer Support Email: post@overvinne.no
Privacy Officer email: personvern@overvinne.no

About our services:
Our services consist of:

Website: www.overvinne.com
Web App: app.overvinne.no
Mobile Apps: Android and iOS apps available via Google Play and App Store

These platforms give you access to our digital services to support your mental health.
‍

2. What is personal data?

Personal data is any information that can be directly or indirectly linked to you as an individual. This includes, among other things, your name, contact information, social security number, IP address and information about how you use our services.
‍

3. What personal data do we process and why?

We process the following categories of personal information. The table below provides an overview of the data, purposes, and legal bases for processing:

Personal data	Purpose	Basis of treatment
Social Security Number	Secure identification at login and at consultations with therapist through BankID.	Fulfillment of agreement (GDPR Article 6 (1) (b))
Name	Personalization of the service and communication with you.	Fulfillment of agreement (GDPR Article 6 (1) (b))
E-mail address	Communicate with you about the Services, send important information and respond to your inquiries.	Fulfillment of agreement (GDPR Article 6 (1) (b))
Email address (Marketing)	To send you relevant information, newsletters and offers about our services.	Consent (GDPR Article 6 (1) (a))
E-mail address (Webinars)	Register for webinar, communicate about webinar and related topics.	Consent (GDPR Article 6 (1) (a))
Birthdate	For record keeping when ordering a psychologist consultation	Legal obligation (GDPR Article 6 (1) (c))
Phone number	Contact information for record keeping when ordering a psychologist consultation	Legal obligation (GDPR Article 6 (1) (c)), Fulfillment of contract (GDPR Article 6 (1) (b))
Username and password	Give you access to your account on our apps and web app.	Fulfillment of agreement (GDPR Article 6 (1) (b))
Use of the Service	Understand how our services are used to improve functionality and user experience.	Legitimate interest (GDPR Article 6 (1) (f))
Technical data (IP address, device information, etc.)	Ensuring the technical functionality and security of the services.	Legitimate interest (GDPR Article 6 (1) (f))
Technical data (IP address, device information, etc.)	Analyze usage patterns to improve services and user experience.	Legitimate interest (GDPR Article 6 (1) (f))
Health information (questionnaires, mood reports)	Offer you personalised content and services to support your mental health.	Consent (GDPR Article 6 (1) (a) and Article 9 (2) (a))
Health information (mood reports)	Sharing mood report data in conjunction with psychologist consultation	Consent (GDPR Article 6 (1) (a) and Article 9 (2) (a))
Communication data	Respond to your inquiries and provide effective customer support.	Fulfillment of agreement (GDPR Article 6 (1) (b))
Preferences	Send you relevant information and offers about our services (marketing).	Consent (GDPR Article 6 (1) (a))
Transaction data	Manage payments and comply with accounting and tax laws.	Legal obligation (GDPR Article 6 (1) (c))
Authentication Logs	Ensuring the integrity and security of services, preventing abuse, fraud and unauthorized access.	Legitimate interest (GDPR Article 6 (1) (f))
Error logs	Analyze and resolve technical issues to improve services.	Legitimate interest (GDPR Article 6 (1) (f))
Anonymized data	Conduct research and statistical analyses to contribute to better understanding of mental health.	Consent (GDPR Article 6 (1) (a)), Public Interest (GDPR Article 9 (2) (j))

4. Newsletters

We offer newsletters that you can sign up for via our website and our services.

Basis of treatment: Consent (GDPR Article 6 (1) (a).

‍Unsubscribe:

You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the newsletter or by contacting us at: personvern@overvinne.no

Storage time:

We keep your email address and related data for as long as you subscribe to the newsletter.
‍

5. Webinar

We offer webinars that you can sign up for through our services.

Basis of treatment: Consent (GDPR Article 6 (1) (a).

Unsubscribe:

You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the newsletter or by contacting us at: personvern@overvinne.no

Storage time:‍

We will retain your email address and related data for as long as you subscribe to webinar newsletters.
‍

6. Cookies

We use cookies and other analytics tools on our website, web app and mobile apps to collect information about the use of our services. This helps us to:

Ensuring Functionality: Necessary cookies for the proper functioning of the website and apps.
Analyze usage patterns: To improve the services and user experience.
Marketing: To display relevant content and ads.

Cookie Management:

Browser: You can manage your cookie preferences in your browser. Disabling the necessary cookies may affect the functionality of our websites. Manage your preferences by clicking on the icon that is fixed at the bottom left of all websites, or inside our statement of Cookies.
Mobile Apps: You can manage permissions and settings in the apps or in the device settings of your Android or iOS device.

For more information, see our statement on Cookies.
‍

7. Storage and deletion of personal data

Storage time:

User Info: Stored for up to 24 months for analysis and improvement of the service. If the data is no longer necessary for the purpose, the data will be deleted or anonymised.
Sensitive personal data other than patient records: Stored only for as long as is necessary to fulfil the purpose for which they were collected and regularly reviewed for the need for deletion or anonymisation.
Personal data in patient records: If you have used a psychologist consultation, personal data will be stored in a patient record. Health information from a psychologist consultation is subject to strict confidentiality under the Law on Healthcare Professionals etc. and the Law on Record Keeping. This information will only be shared with third parties if required by law.

If you have used a psychologist consultation, personal data will be stored in a patient record. Health information from psychologist consultation is subject to strict confidentiality according to Law on health professionals, etc. and Law on record keeping.
Read more about personal data stored patient records here.

8. Sharing of personal data

Data Processors and Third-Party Recipients

a) Data processors

We use trusted third-party providers (data processors) to provide our services, such as hosting, data storage, payment solutions, customer support and analytics. These data processors process personal data on our behalf and in accordance with our instructions. We ensure that all data processors are bound by data processing agreements that require them to protect your personal data in accordance with applicable data protection legislation.

b) Transfer to third countries

Some of our data processors may be located outside the EU/EEA, or may store personal data in such countries. When we transfer personal data to countries outside the EU/EEA that do not have an adequate level of protection, we ensure that the transfer is made in accordance with the GDPR by:

European Commission Standard Contracts: Conclude agreements based on standard contract provisions approved by the European Commission.
Other safety measures: Ensure that the data processors have implemented the necessary technical and organisational measures to protect the personal data.

9. Security

We take the security of your personal data seriously and have implemented appropriate technical and organizational measures to protect you from unauthorized access, alteration, loss or destruction. This includes:

Encryption of data during transmission and storage: We use modern encryption technology to protect your data both when it is sent over the web and when it is stored with us.
Access controls and authentication: Only authorized personnel have access to personal data and they are subject to confidentiality.
Regular security update and monitoring of our systems: We continuously update our systems and perform security audits to detect and prevent vulnerabilities.
‍

10. Your rights

You have the following rights in relation to your personal data:

Right to transparency

You have the right to know what personal data we process about you and can request a copy of it.

Right to rectification

If you discover errors or inaccuracies in your information, you have the right to have them corrected.

Right to erasure

You can request that we delete your personal data when it is no longer necessary for the purpose for which it was collected, or if the processing is based on your consent which you withdraw.

Right to restriction of processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example if you dispute the accuracy of the data or the processing is unlawful.

Right to data portability

You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format and to have it transferred to another controller where technically feasible.

Right to protest

You can object to the processing of your personal data based on our legitimate interest or for direct marketing purposes.

Right to withdraw consent

If the processing is based on your consent, you can withdraw this at any time.
‍

How to exercise your rights:

Web App and Mobile Apps: You can manage your rights and settings in the app's settings.
Contact us: Send an email to personvern@overvinne.no with your request.

We may request additional information to verify your identity and we will respond to your enquiry without undue delay and within 30 days at the latest.

If the request is complex or multiple requests have been received from the same person, the response time may be extended by up to two months (a total of three months). We will then inform you within one month of receipt of the request, together with the reasons for the delay.
‍

11. Children's privacy

Our services are aimed at people over the age of 18. We do not knowingly collect personal data from children under the age of 18 without the consent of a parent or guardian. Please contact us if you believe we have collected such information in error.

‍Contact us: Send an email to personvern@overvinne.no with your request.
‍

12. Consent and settings management

Change or withdraw consent:

Web App and Mobile Apps: You can manage your consents and privacy settings in the settings of your account in the app. If you want to delete all the data we have stored about you, select Delete account on Settings. In case of account deletion, the current subscription will be terminated.
Website: You can manage your cookie preferences in your browser. Disabling the necessary cookies may affect the functionality of our websites. Manage your preferences by clicking on the icon that is fixed at the bottom left of all websites, or inside our statement of Cookies.
Contact us: Send an email to personvern@overvinne.no to withdraw consent or request changes.
‍

13. Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our Services, legal requirements or other necessary updates. We reserve the right to change the privacy policy if necessary. We encourage you to review the declaration regularly. When we make material changes to the Privacy Policy, we will:

Explain the meaning: We will provide a clear explanation of what the changes entail and how they may affect you.
Allow you to react: If the changes require your consent, we will give you the opportunity to read and accept the updated Privacy Policy.

Your continued use of our Services after the changes have taken effect will be deemed acceptance of the updated Terms.

‍If you do not accept the changes, you have the right to terminate your use of our services. You may also contact us to have your personal data deleted or to exercise your other rights as described in this statement.
‍

14. Contact information

Data Protection Officer:

E-mail: personvern@overvinne.no

Customer Service:

E-mail: post@overvinne.no

Address:
Overvinne AS
North Berggate 2
7014 Trondheim
‍

15. Complaint to supervisory authority

If you believe that our processing of your personal data is not in accordance with applicable laws and regulations, you have the right to complain to the Data Protection Authority.

Data Inspectorate:
Phone: +47 22 39 69 00
Website: www.datatilsynet.com
‍

We hope this privacy statement provides you with clarity on how we process your personal data when you use our services across our website, web app and mobile apps. Your trust is important to us and we are dedicated to protecting your privacy. Feel free to take contact by e-mail if you have any questions or want more information.

Privacy Policy

Privacy Statement