Privacy Statement

This is a privacy statement under the EU General Data Protection Regulation (GDPR) for EasyFlow Sexuality Therapy.

Considering and respecting our clients’ data protection and privacy form an integral part of our operations. All personal data are processed in compliance with current legislation, due diligence and good data management practices. We do not engage in any actions, without legal grounds to do so, that would restrict the data subject’s right to privacy or any other fundamental rights that protect the data subject’s right to privacy.

This privacy statement has been last updated on 26 Mar 2023.

Client and stakeholder group register for EasyFlow Sexuality Therapy

1. Data controller and responsible person

EasyFlow Sexuality Therapy

Sexologist Elina Purhonen
Company registration number: 930 749 338
Kirkeveien 61
0364 OSLO, NORWAY
Telephone number: +47 48465704
E-mail: info@easyflowsexualtherapy.com

2. Other parties that may process the register data

Act on Healthcare Professionals provides that essential and necessary data are to be registered in a patient journal system. The company uses the EasyPractice patient journal and booking system for processing your personal data after establishing the therapist-client relationship. The entrepreneur is bound by obligation to professional secrecy.

The company has concluded a data management contract with EasyPractice that is compliant with all data protection requirements provided by the GDPR. If you have any sensitive data to share with the company, please provide it either by oral communication or via the encrypted messaging function of Online Booking.

In addition to these, personal data as regards a person’s invoicing details are also processed in the invoicing and accounting software used by the data controller.

3. Legal basis and purpose of processing personal data

There is a contractual basis for processing personal data:
The data subject’s consent (documented, voluntary, specified, informed or unambiguous) as well as the data controller’s legitimate interests (e.g., a client relationship prior to the contract) and a contract on the client relationship.
The purpose of processing personal data is to communicate with clients and stakeholder groups as well as to maintain the said relationships. No data are used in automated decision-making.

4. Data content of the register

A client’s personal data that is recorded in the register are provided by the client in messages sent either via the contact form on the website, by e-mail, by phone, or via social media services; at client meetings; or in other situations where the client provides their data.

Data regarding companies and other organisations may also be collected from public sources such as websites, directory services, and other companies.

Data that are recorded in the client and stakeholder group register include:
● The person’s name
● Contact details (e-mail and/or phone number)

These contact details are only stored in the client register until the company has answered a contact request. After this, the data will be deleted. Such data regarding stakeholder groups or contact persons of stakeholder groups are kept in the register in order to realise the collaboration.

On our website, the server collects log data including the user’s IP address; this is based on legitimate interests. IP addresses are processed for ensuring technical functionality as well as troubleshooting and data protection purposes.

5. Rights of the data subject

Every person whose data are stored in the register has the right to

● access their data stored in the register and demand the rectification of any inaccurate data or request the completion of incomplete data
● restrict the processing of their data
● object to the processing of their data
● be forgotten (right to erasure)

It is recommended that you should start the data request process by contacting the data controller. The data controller will initiate the process as soon as possible. No data are provided to the data subject without proof of identity. The data controller will answer the client’s request within the time limit provided by the EU GDPR, i.e., within one month at the
maximum.

If your request is denied or you believe that your data have been processed without legal basis, you can file a complaint with the data protection authority. More information on www.datatilsynet.no

6. Data transfers

With the exception of invoicing details, no personal data are released to third parties nor are they used for marketing the company. No regular transfers of data are made to other parties nor outside EU or EEA.

7. Protection of personal data

Information systems where the personal data are processed are protected with firewalls, logins, two-factor authentication function and passwords. Only the data controller has access to them.

8. Cookies

A cookie is a small text file that is sent to and stored on the user’s computer. This website only uses essential cookies that are necessary to ensure the technical functioning of the website (e.g., language versions). They are not used in any other purposes.