Privacy Policy for Sørlandet Hospital

Privacy is the right to a private life and the right to determine what happens to your own personal data. Personal data is information and assessments that can be linked to an individual.

At Sørlandet Hospital, we process personal data in order to fulfill all of our societal duties. That we process personal data essentially means that we use personal data in or for our operations.

Sørlandet Hospital is legally obligated to ensure the safe storage of your personal data, including that your personal data is subject to confidentiality, integrity, availability, and quality. This privacy statement provides information on how we collect and use personal data and what rights you have when personal data about you is registered with us.

terminology, and particularly the new Personal Data Act of 20.07.2018 and the EU General Data Protection Regulation (also known as GDPR) are central. These legal bases establish obligations for Sørlandet Hospital when processing the personal data of others, and rights for those whose personal data is registered.

The most central laws that authorize South Norway Hospital's processing of personal data are the following: (the list is not exhaustive)

• Working Environment Act

• : The Archives Act

• The Administration Act

• EU's General Data Protection Regulation/GDPR

• The Act on Health Research

• Health Personnel Act

• National Health Register Act

• The Public Access Act

• : Patient Rights Act

• : Patient Records Act

• Personal Data Act
  

Sørlandet Hospital collects and processes personal information either because we are required to do so by law or regulations, or because we have obtained your consent to do so. How we collect personal information depends on the relevant legal basis and where the information originates.

Sørlandet Hospital is a public hospital and is therefore required to collect and process more personal data about you as a patient, including, among other things, we are obliged to keep records of all patients. The record will contain sensitivepersonal informationom (referred to as special categories of personal data in legislation) because it is health information. Information in your patient record can be collected in various ways, either through your conversations with healthcare professionals, specific treatment and/or follow-up care at Sørlandet Hospital, or the personal data may be collected from others you have previously been with, such as your family doctor or another public or private hospital. Such collection generally requires your consent. Your personal data is mainly used to provide responsible healthcare and give you medical treatment for your illness or condition. Stored personal data can also be used for research or quality assurance, and if it is to be used for other purposes, your consent is generally required for this.

Sørlandet Hospital processes necessary personal data about our employees to fulfill our role as employer, including, among other things, to manage salaries and exercise personnel responsibility. The purpose of storing this information includes having an overview of the employment relationship, ensuring that salaries are paid to the correct person, and being able to communicate with other public authorities and registers.

If you contact us without having been a patient or employee, relevant personal data about you may also be stored, for example, in complaint cases or where you have applied for a job with us.

As Sørlandet Hospital is a public administrative body, we to a certain extent collect and process personal data in connection with, among other things, case processing, the execution of meetings and visits, the exchange of emails and telephone calls, and public tenders.

Some personal data is also registered when you: visiting our website.

Sørlandet Hospital can only process relevant personal data within the purposes for which the processing of that personal data applies. The processing must also be proportionate, meaning that we cannot store more or additional personal data than is necessary.

When you are a patient with us, we process information about who you are (e.g. name and national identification number) and your contact information (address, telephone number, email). In addition, we process sensitive personal information related to your health condition. All information is stored either on South Norway Hospital's computer systems, or with data processors we have agreements with.

If you are employed by us, we process several of your personal data, such as name, social security number, account number, trade union membership, CV, course participation, further education, and more. This information is stored, among other places, in our own data systems such as the Personal Portal and/or GAT.

What concerns personal information collected from the websitesshf.noSo this website is managed by our communications department.

Cookies (also called cookies) are small text files that are stored in your browser when you open a website. According to the Electronic Communications Act § 2-7b, you have the right to know and approve what information is stored, what the information is used for, and who uses it. You can regulate what you allow of cookies yourself. For more information about which cookies are used on our website, seeAbout Cookies We use cookies to provide you with the best possible experience on our website and to collect information about how you use it. Cookies are small text files that are stored on your computer when you visit a website. They are used to remember your choices and settings, and to analyze how you use the website. We use both our own cookies and third-party cookies. Our own cookies are used to make the website function properly and to provide you with a better user experience. Third-party cookies are used for marketing purposes and to analyze how you use the website. You can control which cookies you accept by changing your browser settings. You can also delete cookies that have already been stored on your computer. Here's a breakdown of the cookies we use: **Cookies we use:** * **Essential Cookies:** These cookies are necessary for the website to function properly. They enable basic functions like page navigation and access to secure areas. Without these cookies, the website cannot function properly. * **Statistics Cookies:** These cookies collect information about how you use the website, such as which pages you visit and how long you stay on each page. This information is used to improve the website. * **Marketing Cookies:** These cookies are used to show you relevant advertising. They may also be used to track your browsing activity across different websites. **Third-party cookies:** We use third-party cookies from: * **Google Analytics:** Used to analyze website traffic and user behavior. * **YouTube:** Used to embed videos on our website. **How to manage cookies:** You can manage your cookie preferences in your browser settings. Here's how to do it in some popular browsers: * **Chrome:** [Link to Chrome cookie settings] * **Firefox:** [Link to Firefox cookie settings] * **Safari:** [Link to Safari cookie settings] * **Edge:** [Link to Edge cookie settings] **Do you have questions?** If you have any questions about our use of cookies, please contact us at [email address].

Information you enter in the contact form via our websitesshf.no or inquiries via our joint email address at: post.receive@sshf.nowill be forwarded by email to the appropriate department within our company. We emphasize that email is not a secure means of communication, and we want to avoid your personal information being lost or compromised. Therefore, never send sensitive personal information by email.

Please be aware that the case archive logs all emails sent to: postmottak@sshf.noIn accordance with current rules for case processing. Personal information you provide in emails to us is covered by what is considered archival under the Archives Act and the Archives Ordinance, and such inquiries are stored in the case processing and archiving system Public360. Here, we will process personal information such as name, address, telephone number, email, and other relevant information in accordance with the provisions of the Archives Act.

Requests for access to information/media inquiries to Sørlandet Hospital are stored in our case management and archiving system Public 360, and will include, among other things, the name of the person making the inquiry and the source of the inquiry.

Sørlandet Hospital has routines related to access control and who has access to what and to which personal data.

Employees of ours whose work tasks and/or have a legitimate need will have access to personal data from relevant registers and/or surveys related to the task to be performed.

Sørlandet Hospital is required to maintain a protocol that provides a comprehensive overview of all our processing of personal data.

Sørlandet Hospital stores personal data in various databases. Access to the databases is controlled by access and need, according to our internal procedures as stipulated in the digital electronic quality handbook (also called EK).

Our employees are subject to a duty of confidentiality, either by law because they are healthcare professionals or by virtue of their employment contract.

We handle correspondence in the form of letters, emails, and telephone calls, and process and archive cases in our own specialist, file, and archive systems. As an example, Public360 is our case management and archive system, while Dips is one of our patient record systems.

Storage time depends on the legal basis for the storage of the personal data in the first place.

The various legal grounds are usually law, regulation, or consent as described above in the section "How Sørlandet Hospital collects personal data." For example, there may be a statutory retention period, or it may be based on a specific assessment of purpose and proportionality regarding what storage time is necessary and relevant.

Personal information collected with your consent is stored according to that consent.

Generally, the main rule for a public administrative body like Sørlandet Hospital is that its case documents are publicly accessible according to the Public Access Act. This means that anyone who asks, the press and others, will be able to become familiar with the content of documents. Your inquiry to us will also, as the clear main rule, be public, whether it arrives by letter, email, fax, or SMS, and we publish a list of public inquiries on the internet (post list). However, much of the information Sørlandet Hospital processes is confidential, and for example, patient information is exempt from public access. Internal documents can also be exempt from public access.

Furthermore, the general rule is that Sørlandet Hospital cannot disclose your personal information without your consent. In some cases, however, we are legally obligated to disclose personal information without your consent, including, but not limited to:

1. : The registered person's employer: To the extent that the personal data concerns the employee's safety in a specific job or assignment.

2. : Research: In cases where the research project has been granted an exemption from the duty of confidentiality by the Regional Ethical Committee

3. Quality assurance: This generally applies to departments at the Southern Norway Hospital that need to quality assure patient treatment. You have the right to opt out of being stored in quality registries. In many cases, inclusion in a quality registry also requires your consent.

4. : NAV: According to the Social Security Act, NAV has the right to obtain personal information, including for control purposes.

5. Next of kin: Has the right to information in order to make decisions on behalf of a relative who is unable to do so themselves, according to the Patient and User Rights Act.

6. Parents or legal guardians: Have the right to information about children between the ages of 12 and 16, unless the child does not want this for reasons that should be respected, cf. the Patient and User Rights Act. If the child is under 12 years old, parents have an unconditional right to information.

7. National health registries: Sørlandet Hospital is obligated to provide personal information to several national health registries based on law or regulations, including, among others, the Norwegian Patient Registry, the Medical Birth Registry, the Cancer Registry, and others.

Data processors, sub-data processors, suppliers, partners, and supervisory authorities may sometimes have access to personal data. To ensure data protection in such cases, a formal data processing agreement must always be in place, or the party in question is subject to a strict confidentiality obligation.

As a general rule, you can request access to the information that Sørlandet Hospital has registered about you. When requesting access to treatment-related registers, such as your patient record, you also have the right to see a log of which of our employees have accessed your personal information.

s. You have the right to request that we transfer all of your personal data to another party (so-called the right to data portability).

If you believe the information registered about you is incomplete or incorrect, you can, as a general rule, request that it be corrected and/or deleted. To correct and/or delete, please contact the treating physician listed as data controller, the project manager for the research project, or the data protection officer at Sørlandet Hospital (see contact information in a separate section).

If you are not satisfied with the answers you receive, you can file a complaint with the Data Protection Authority, see more information about this.here.

If you have given your consent for us to process your personal data, you can withdraw your consent at any time. You can also request that Sørlandet Hospital delete your personal data from its systems, provided that the personal data has not already been anonymized, processed, or included in completed analyses. Please note that withdrawing a consent will not affect the legality of the processing of personal data that has already taken place prior to the withdrawal of consent.

You can contact the Data Protection Officer by email, telephone, or by sending a letter. Contact information can be found here:About Us / Contact Us Contact us The Norwegian Association for Development of Local Communities and District Associations (SSF) Address: Postboks 1340, Solbakken 0123 Oslo Norway Phone: +47 22 06 50 00 E-mail: post@ssf.no General inquiries: post@ssf.no Press inquiries: presse@ssf.no Inquiries regarding membership: medlemskap@ssf.no Inquiries regarding courses and events: kurs@ssf.no Follow us: Facebook: [https://www.facebook.com/ssf.no](https://www.facebook.com/ssf.no) Instagram: [https://www.instagram.com/ssf.no/](https://www.instagram.com/ssf.no/) LinkedIn: [https://www.linkedin.com/company/norwegian-association-for-development-of-local-communities-and-district-associations/](https://www.linkedin.com/company/norwegian-association-for-development-of-local-communities-and-district-associations/) Map [Map showing the location of SSF] We are located in Oslo, at Solbakken 14-16. We look forward to hearing from you!

As a general rule, the Data Protection Officer will respond to your inquiry within 30 days.

For more information about what a data protection officer is and what tasks the data protection officer has, seeData Protection Officer's Tasks