Purpose This privacy policy describes the processing of personal information of the companies associated with Advanced Medical Support (AMS). Companies associated with Advanced Medical Support are: AMS Holdings AS, AMS Assistanse AS, AMS Transport AS and AMS eOmsorg AS. The privacy statement also includes eClinic, which AMS uses as a trademark. 
 
Introduction 
AMS is obligated by law to ensure confidentiality, integrity, availability, and quality of your information. AMS is responsible for the management of the company’s personal data processing and ensuring that all processing and handling of personal data complies with current legislation. 
 
Personal information is defined as data, information and assessments that may be linked to you as an individual. This may include information such as name, contact details, information about your health or medical assessments. 
 
AMS processes your personal data in accordance with the requirements of the Personal Data Act (GDPR). The Personal Data Act regulates how personal data collected from uses may and will be processed, how they are secured, who may access the information and whether the data may be disclosed to a third party. 

Business classification of personal data 

Our customers’ and users’ personal information is classified as internal and confidential information and is as such stored and managed under restricted access rights. 
 
Use of personal data follows the Personal Data Act. AMS processes personal data in accordance with the Personal Data Act based on your consent or because it is required by law (medical record). Furthermore, it may be necessary to process personal data to fulfill an agreement with you as a registered user. Consent to the processing of personal data may be withdrawn at any time. 
We, as the data controller, will ensure that we use personal information about you in accordance with the rules of law. 

Applies to All employees, suppliers, partners, patients, and the public
Ansvarlig Quality Manager
Beskrivelse What personal information do we have about you? 

Depending on what information you give us, how you use our services, and what permissions you give us, we have this information about you: 
 
Information about you 
When registering on our website / service, you must provide some information stored by us, such as name, e-mail address and mobile number. In some cases, we need an address to reach you by post or know more about where you are. The information you provide can also be expanded with the help of lookup services.   
Information we receive using our services 
Your device and your internet connection: We can register information about the device you use (mobile / PC, operating system, and browser). We may collect information about the connection to our services, such as IP addresses, network IDs and cookies.  Use of service or purchase: registers information about your use of the services, such as which pages you are on, when you are on the pages and which functions you have used on our pages. 
Purchase information 
Information we receive when you receive something from us, such as what you have purchased, card number and payment method (eg Visa). If you have a user account with us, you will get an overview of your previous purchases in your user account. 
 
Communication 
Information you give us when you contact us, such as emails sent between us. 
 
Information we receive from other sources 
We may receive information about you if you use any of the other services we offer. We also work closely with third parties (e.g., technical service providers and search engines) and may receive information about you from them. This also includes information that is publicly available. 
Information required by law 
We are required by law to hold certain personal information. An example of this is the regulations on patient records. (forskrift om pasientjournal).  

For the medical part of the services we offer, we may need a number of information from you. We do not use automated decisions or build user profiles based on personal information you provide to us. AMS does not buy, rent or sell personal information about you. 
 
Why do we collect user information? 

We collect user- and personal information in our services for the following purposes: 
Offer website: We use information to adapt our website to the technical equipment you use. We may also use the information to adapt the content of our website and app to what we think you are interested in. 
Orders: We use information to complete your order, to provide services, receive payment and store purchase history. 
Create user account:  We use information if you create a user account, e.g., to give you access with username and password, to store your contact information and payment information, and for you to see your purchase history. 
Statistics:  We collect statistics and map market trends to improve and further develop our products and services. We do this with anonymous information, without knowing that the information is specifically related to you. 
To prevent misuse of our services 

We use personal information to prevent attempts at abuse, fraud, “spamming”, incitement, harassment, and other acts that are prohibited by Norwegian law. 

Categories of personal information, purpose, and basis for processing 
 
AMS processes personal data according to the following processing basis 
 
With your consent 
When you as a customer of our service have given consent for us to collect your personal information. 
Inquiries from you (incl. Communication, support, customer service, etc.) 
When you contact us via the website (contact form, comment field, communication tool), by e-mail, by telephone (call, text message) or social media, we process personal information. Depending on where and how you send us the message, this may be contact information, IP address and other information you choose to send to us. 
We review, archive, and delete inquiries as needed. Inquiries we are obliged to keep, such as documentation in connection with a complaint / complaint case, are stored until the deadline for complaining / complaint has expired (two or five years). Accounting material is stored for up to five years, in accordance with the rules in the Accounting Act. 
Purchase of products and services   
When you use services from us, we process personal information such as contact information, order and payment information and purchase history. 
The purpose is to deliver products and services to you after ordering / purchasing, and to have a history of sold products and services.   
Marketing in existing customer relationships 
During your customer relationship with us, we can communicate with you via electronic communication in accordance with the Marketing Act, as well as the Norwegian Consumer Agency’s guidelines. 
Examples can be newsletters, inquiries about content, services, and events from us, via e-mail, telephone, SMS and social media. You can unsubscribe from marketing by email and SMS at any time. 
If you are not an active customer, we will only send you marketing if you have given us consent. 
Surveys   
It may be desirable to ask you how you experience our services. We always inform about the purpose of surveys we conduct, and whether they are anonymous or not. We do not share the information with others or use it for purposes other than what we have provided. In anonymous surveys, no personal information is collected. The information is stored as long as it is relevant for the purpose, or until you withdraw your consent and possibly request that it be deleted. 
 
Who we share personal information with? 

In order to run our business, it is sometimes necessary to share your personal information with other companies that perform services on our behalf. This is primarily to give you a safer and better user experience. 
Examples of this are: 
Data processors – for example, providers of various services that process your personal data on our behalf. These are not permitted to use this personal information for any purpose other than performing Advanced Medical Support services. (for example, for IT and administration services, accounting, cloud storage, web hosting, sending e-mails and the like). 
User support for IT and administration systems. 
Public authorities we are obliged to report to. 
In case of suspicion of crime – information can be handed over to public authorities upon request. We will also be able to provide information in the event of suspected fraud, or information that is necessary to resolve specific disputes.   
 
We require that everyone we share your personal information with, secures your data in accordance with good information security, and in accordance with the requirements of the Privacy Ordinance. We enter into a data processor agreement with all suppliers. 
You can contact us for contact information for relevant partners and suppliers. 

Personal information shared with third parties 

In the following cases, personal data may be shared with a third party: 
When part of the order includes services provided by a third party 
For video consultation: Confrere: https://confrere.com/no  Healthcare professionals who are our medical providers of digital services are registered in Confrere. 
When you place an order in eClinic, you create a user account. Your data is stored in your account until you delete your account. 
When third party service providers perform tasks or work on our behalf and according to our instructions as data processors. 
Payment services: Payex Swedbank https://www.swedbankpay.no/. 
Data shared may include: Name, registration of payment transactions for the services. 
When performing the services requires a third-party service, such as by referring to a medical specialist. 
 
AMS ensures that all data processors are subject to the same duty of confidentiality as personnel employed by AMS and that agreements on the use of data processors comply with the Personal Data Act’s requirements for the use of data processors / content of data processor agreements. 
 
Your rights 

Personal information is information that can be linked to an identifiable individual. This can be the name, address, telephone number, e-mail address, IP address and history of your use of our services. 
All processing of personal data, such as collection, registration, storage, and disclosure, is subject to special rules, including in the Personal Data Act. 
You can exercise your rights by sending us an e-mail: [email protected] You are entitled to a response as soon as possible, and no later than within 30 days. 
More information about your rights can be found on the Data Inspectorate’s pages (Datatilsynets sider). Here is a short summary: 
You may have the right to ask us to: 
Provide you with additional information about how we process your personal information. 
Give you a copy of personal information about you. 
Update your personal information. 
Delete information that we no longer have a basis for storing. 
Limit or stop the processing of your information. 
Withdraw any consent you have given us. 

Be aware that there are restrictions on these rights. Feel free to contact us if you want more information about this. If you believe that we process personal data in violation of the Personal Data Act, you have the right to complain to the Norwegian Data Protection Authority( Datatilsynet). Before you do this, we would like you to contact us so that we can answer your questions or clear up any misunderstandings. 
 
Patient consultations on video 

With video consultation, you receive AMS services via a digital device (PC / mobile, tablet). 
When you use the service, you also give consent for AMS to send an hourly reminder via SMS. 
Informed consent – when you accept the terms of use, you have received information about what data we need and possibly store. 
We use BankID to verify the identity of our healthcare professionals and you as a patient.

Safety 

AMS takes information security seriously and always makes sure to do our best to safeguard your personal information, cf. current legislation. 
 
Access Control – We use recommended strong passwords, data encryption, access control, backup, and two-factor authentication to secure our data and prevent unauthorized access to view, modify, delete or in any way affect the data we hold. 
Reputable providers – AMS only uses reputable providers of IT and administration services (web security, virus software, e-mail provider, backup, etc. Access to and / or processing of your personal information is only permitted in accordance with our instructions, and only where it is strictly necessary. 
Routines and risk – AMS has routines for handling breaches of data security. In the event of non-conformities, a non-conformance report is sent to the Norwegian Data Protection Authority within 72 hours of the discovery of the breach. If the breach entails a high privacy risk, affected data subjects will also be notified. 
 
Transfer of personal data outside the EU/ EEA

Sometimes we transfer personal data outside the EU / EEA, for example where we use suppliers outside the EU / EEA to process your information to make services available via our website, to enable payment, for security and otherwise to be able to run our business on a safe and efficient way. 
 
Transfer of personal data to outside the EU / EEA is only permitted to countries approved by the EU Commission, or under the necessary guarantees under the Privacy Regulation. 
An example of such a guarantee is the Privacy Shield for suppliers we use based in the USA, and the use of the EU’s standard contracts or binding business rules. 
 
Please contact us if you want to know which suppliers we use outside the EU / EEA and get access to documentation of necessary guarantees. 

Cookies 
We use cookies on our websites to ensure functionality on the website, analyze internet traffic and see which areas of our website you have visited. 

Change to the privacy statement

We will update the privacy statement from time to time. You will be notified of significant changes. You will always find the latest version of our privacy statement on the website. 

Contact information 

Our contact information is: 
Email address: [email protected] Phone: +47 4000 2640 

Please refrain from sharing personal or health-related information about yourself in emails to AMS.