Askin - Digital dermatologist

About this privacy policy The basis for processing personal data What personal data we process How we collect personal data Why and how we process personal data
How we protect personal data To whom we may disclose personal data How long we store personal data Built-in privacy Your rights
How you can contact us Changes to the Terms

About This Privacy Policy

Askin AS is dedicated to handling your personal data with respect and responsibility, in compliance with Norwegian and European privacy legislation. This privacy policy outlines how we process personal data, what personal data we collect, and the purposes for processing it. Askin AS acts as the data controller for all personal data processing activities.

The privacy policy applies to:

Use of our websites.
Contact with our customer service.

Key Definitions

Personal data: Any information that can be directly or indirectly linked to you.
Processing of personal data: Any use of personal data, including collection, storage, modification, analysis, sharing, and deletion.
Cookies: Small text files placed on your device when you visit a website.

The Basis for Processing Personal Data

Askin operates as a healthcare service provided by authorized medical specialists. We process personal data to deliver our healthcare services to patients, as permitted under Article 9, point 2(h) of the Personal Data Act.

Additionally, we process necessary secondary information, such as payment details, to facilitate the delivery of our services. As a healthcare provider, we are also governed by the Health Personnel Act and the Patient Records Act, ensuring patient safety, service quality, and privacy in compliance with these regulations.

What Personal Data We Process

We may process personal data in the following categories:

Basic Information: Such as name, address, and email address. For healthcare personnel, this may also include information about their employer or workplace.
Demographic Information: Including date of birth and gender.
Customer Relationship Information: Such as payment details and communication with customer support.
Healthcare Provider Information: Details about your GP or other healthcare personnel, if relevant.
Health Information: Necessary data for performing our services, including case studies, medical history, drug use, and images of affected skin areas.
Anonymous Information: Technical data (server logs) generated during the use of our services, such as device information, IP address, and timestamps.

How We Collect Personal Data

We collect personal data in the following ways:
- When you register for our services, complete a digital consultation, or contact us.

- When others share information on your behalf, such as parents providing information for their children, or a GP or other healthcare personnel referring patients or sharing medical records.

Providing personal data is voluntary, but without it, we may be unable to offer our services, such as processing payments or sending requested information.

We also maintain our company profile and pages on social media platforms. When you visit these pages, such as our company page on Facebook, the social media platform processes your personal data independently. Askin AS has no control over this processing. For more details, please refer to the privacy policy of the respective social media platform.

Why and How We Process Personal Data

We use the information we collect about you for the following purposes:

Providing ServicesWe process personal data to deliver and manage our services, including:
- User administration.
- Diagnosing and issuing prescriptions, and medical reports.
- Payment processing and follow-up.
- Error correction and customer support.

Ensuring Security and Preventing MisuseWe process personal data to maintain the security of our services and to detect or prevent misuse, fraud, or other unauthorized activities.

Fulfilling Statutory Duties
We process personal data to comply with legal obligations, such as those related to accounting and record-keeping, as mandated by the Health Personnel Act and the Patient Records Act.

Statistics, Research, and Market AnalysisIn some cases, we use personal data to generate statistics or conduct research. When used in this way, personal data is anonymized or otherwise protected to prevent unauthorized access. Additionally, anonymized data may be used for service improvement, development, and market analysis. Please note that anonymized information is not considered personal data, as it cannot be linked to an individual.

Additionally, anonymized data may be used for service improvement, development, and market analysis. Please note that anonymized information is not considered personal data, as it cannot be linked to an individual.

How We Protect Personal Data

Protecting your personal data is a top priority for us. We continuously implement physical, technical, and administrative measures to ensure its security. Our data processing practices comply with current legislation, including:

We perform risk assessments and evaluate measures to safeguard personal data against unauthorized access, alteration, or deletion. When working with partners or data processors, we ensure they adhere to this privacy policy and comply with applicable privacy regulations.
‍
Our systems are designed in accordance with the norm for information security and privacy in the health and care sector , and we work according to the Norwegian Data Protection Authority's guidelines and NSM's basic principles for ICT security 2.0.

To Whom We May Disclose Personal Data

We may disclose personal data in the following circumstances:

To you. We provide your personal data to you upon request.
To Data Processors. We may share personal data with subcontractors who process the information on our behalf. These data processors are strictly prohibited from using the personal data for any purpose other than delivering the agreed-upon service. We take precautions to ensure these subcontractors comply with Norwegian privacy legislation and our privacy policy. We prioritize working with service providers based in the EU/EEA or certified businesses in the USA under the EU's adequacy decision.
To Public Authorities. In statutory cases, we may disclose personal data as required by law, such as through orders from courts, the police, or other public authorities.

How Long We Store Personal Data

We store personal data only for as long as it is necessary for the purpose it was collected. In some cases, longer storage periods are permitted or required by law, and we adhere to these regulations.

Our storage periods include:

Customer Relationship Information: Contact details and other necessary data related to the customer relationship are retained as long as the relationship continues or your user account remains active.

Legally Required Information: Certain information must be retained to comply with legal obligations and cannot be deleted under current legislation.

Anonymized information, which is no longer considered personal data, is not subject to deletion and may be stored indefinitely.

Built-In Privacy

Our systems are designed with privacy as a core principle. Privacy considerations are integrated into every stage of our processes and systems—from idea and design to architecture and implementation. This approach applies to both IT systems and business processes.

We use a development methodology that prioritizes privacy throughout all phases. We adhere to the Norwegian Data Protection Authority’s privacy guidelines and conduct risk and vulnerability analyses (ROS) in accordance with the National Security Authority's (NSM) recommendations. Our information architecture complies with the standards for information security and privacy in the health and care sector.

Key features of our privacy-focused systems include:
- Storing only necessary personal data, with no redundant information.
- Implementing role-based access management to ensure only relevant users and personnel can access necessary information.
- Supporting users' rights to access, correct, delete, and transfer their data.

We follow strict routines and protocols for data processing, with well-defined activities and ongoing audits to assess security risks and privacy impacts. This ensures compliance, reliability, and user trust.

Your Rights

You have the right to:

Find out what information we have registered about you and be given this information.
Demand that incorrect, unnecessary, incomplete or out-of-date personal data be corrected or deleted.
Withdraw or limit any consents to process personal data that you have given us.
Protest against the processing of personal data if you believe that we do not have a legal basis for the processing.
Get the information we have about you handed over to yourself or others you want to share it with (data portability).

Please note that exercising these rights may result in us not being able to deliver our services to you. For example, we cannot offer our services if we cannot process your payment information.

Please also note that we will always ask you to provide identification if you wish to make use of these rights. This is to ensure that your personal data is not disclosed to anyone other than you.

We are committed to processing personal data in a responsible and respectful manner. If you believe that we do not comply with these terms or the applicable legislation, you can contact us.

How you can contact us

The data controller according to this privacy policy is Askin AS (Org. no. 917881456).

Our address is:

Askin AS
Postboks 474 Bedriftssenteret
1411 Kolbotn

You can reach us at:

E-mail: support@askin.com
or by phone: 64 80 90 90
(weekdays 9am-3pm)

Changes to the Terms

Changes to this privacy policy may occur over time, as a result of changes in legal requirements.

Privacy statement