The basis for processing personal data is to fulfill a contractual obligation to our customers or to provide services as per their request.
Our goal is for you to always feel safe and have trust in us by handling your personal data with respect and allowing you to have control over them.
We have done our best to explain this concisely and simply. If you would like more information or have questions, you can contact us at firstname.lastname@example.org.
Vertikal Helse has a quality committee that safeguards your privacy. The Data Protection Officer can be reached at email@example.com.
The Personal Data Act (personopplysningsloven), which incorporates the EU's General Data Protection Regulation (GDPR), establishes the formal framework for what personal data Vertikal Helse can store and how we can manage it.
This also applies to our internet services. In addition, legislation such as the Marketing Act (markedsføringsloven) and the Accounting Act (regnskapsloven) provide guidelines on how information that can be linked to an individual should be handled.
Personal data is used by Vertikal Helse for the administration of customer relationships, billing, orders, order management, and in other contexts where Vertikal Helse needs to know who they are in contact with.
The purpose of collecting and processing personal data about the customer/insured is to use the information to ensure that the relevant treatment needs are covered by the insurance and to provide the best possible treatment plan in accordance with the customer's/insured's needs. We request the customer's/insured's personal identification number because it is necessary to ensure that we gather information about the correct person, to obtain offers for specialist assessments, surgery, or treatment, and to carry out such treatment.
A signed power of attorney gives Vertikal Helse the right to collect, share, and process necessary medical information from doctors, other healthcare professionals, or hospitals in connection with a specific treatment need. The authorization exempts doctors and other healthcare professionals from their statutory duty of confidentiality. A signed authorization can be revoked at any time, but this may affect the ability to use health insurance.
Personal data is used in patient records at various treatment locations in connection with treatment appointments, diagnostics, assessment, and medical treatment. The information is also used for internal quality assurance at Vertikal Helse.
Most of the personal data used by Vertikal Helse at treatment locations can be processed in accordance with the laws that regulate healthcare. If it is not described in a specific law, we will always obtain written consent from you.
Vertikal Helse collects and stores personal data through our online services, only to the extent that you have been informed about and have approved. On My Pages, we present information about you from our customer systems, and we use your name and email for sending our newsletters. The personal data (such as name, address, email address, etc.) provided by customers on Vertikal Helse's services will be stored in our databases to ensure that we can deliver the service our users expect.
In some cases, personal data is stored on servers of subcontractors. In such cases, you will receive specific information related to each treatment.
For orders for former employees, dental insurance, and other contact forms, these are processed through Mandrill, which stores detailed data from the emails for 30 days. After this period, all data is deleted (90 days for bounced emails).
Vertikal Helse only uses personal data in compliance with the legal framework and what we have informed you about in advance, or with your written consent.
From September 16, 2017, a collaboration agreement was established between If Skadeforsikring NUF (referred to as If) and Vertikal Helseassistanse AS (referred to as Vertikal Helse), and a Data Processor Agreement was entered into between the companies from this date.
If, through the Executive Director, is the data controller for all data collected when new agreements are signed and renewals of If/Vertikal Health insurance are made after September 16, 2017, with If as the insurer. Vertikal Helse, through the CEO, is the data processor.
If is the data controller for personal data that Vertikal Helse uses in connection with claims settlement. Vertikal Helse is the data controller for personal data that the company processes for its own purposes/products.
Information you provide, such as through a form on the website, will only be used in the context for which they are intended. Such data will only be disclosed to third parties when necessary to provide the service, are part of payment collection/accounting processes, or if you have consented to it.
Vertikal Helse has a duty of confidentiality, and medical information is not disclosed to anyone other than those directly involved in the treatment.
A signed authorization for the use of health insurance functions as acceptance that Vertikal Helse obtains offers for specialist assessments and surgery/treatment at private clinics or public hospitals. All such communication takes place in a secure data system or through encrypted and secure transfers to hospitals and subcontractors.
The customer's/insured's information is used to ensure that the customer receives the best possible treatment offer, and the information is only passed on to doctors and other healthcare professionals who need it because they are directly involved in the customer's assessment and treatment.
We will not sell, exchange, or otherwise disclose any information about you to third parties without your consent.
You can contact us and request to know what kind of information Vertikal Helse has about you, what the information will be used for, and where it was obtained from. This also applies to information in data systems and paper archives.
You have the right to receive a response within 30 days of a written request. It is necessary that we receive a written and signed request from you, as we must ensure that no one else is pretending to be you and is requesting your personal information.
We collect and analyze personal information, such as online user behavior and location, to send you insurance-related communication and other messages that may be useful to you. If you are an existing or potential customer, you may receive insurance-related communication that we believe is relevant and beneficial to you. This may include phone calls, emails, SMS, targeted advertising, letters, or product recommendations on our websites. At the same time, we strive to avoid sending or displaying irrelevant messages. We never sell personal information to third parties.
We collect statistics at an aggregate level for online user behavior, either separately or in conjunction with other information we have about you, to better understand how our digital services function. Such aggregate-level analyses cannot identify individuals.
Improved customer experience
We also collect and analyze user behavior online to develop and improve our services so that we can provide you with a better experience. An example of this is making website content more relevant to you by analyzing data we have on user behavior in our logged-in self-service solutions, along with other data we already have about users.
As part of our quality assurance and proactive customer service, we may contact you via email or phone when you have checked the price of an insurance policy in our online store but have not completed the purchase. The way we contact you depends on the contact information you have previously provided to us. We do this to ensure that we provide you with a good experience of our digital services and to ensure that you are properly insured. You can always opt out of such communications.
We may also use contact information from other sources, such as public records, to contact you, even if you have not provided contact information in our online store. If you have requested not to be contacted for marketing purposes in these public records, we will respect this.
When we use personal information to estimate personal preferences, for analysis, or to predict expected behavior, this is called profiling. If you do not want us to use your personal information or profile you for marketing purposes, please let us know. You will still receive information related to your insurance, as we are obligated to provide this.
We use legitimate interests to create statistics and analyses and for activities that ensure our customers and potential customers are properly insured. When we perform 'Advanced analysis and targeting' by combining online behavioral data with other information we have about you, this is based on your consent.
This chapter describes what happens if you consent to 'Advanced analysis and targeting.' We may combine data about your behavior on our websites with other information we have about you to analyze behavior and interests on a personal level. We can also customize the content in our channels based on the information we have about you. Online behavioral data can be linked to the data we have about you, such as when you log in to self-service solutions (such as My Pages). These links are possible by associating a visit in a browser with a person with other information that you have provided to us and can be made for all visits where such a link is available. This link is based on the information you have provided when using our services. The information you have provided to us using different devices, such as a PC or a mobile phone, also allows us to link different devices and channels to your user profile. For example, if we observe that you have purchased an insurance product by calling our customer service, we will not show you targeted ads for this type of product. We can also link information we receive from our third-party marketing providers, such as email addresses, to provide you with more relevant and targeted ads.
When we handle data about you, we will, when possible, anonymize or pseudonymize the information so that individuals cannot be identified based on the stored information alone.
According to the rules of the Personal Data Act, you, as a customer, have the right to access your own personal information. If the information we have about you is incorrect, you can request to have it corrected, supplemented, or deleted. Some information about your customer relationship with Vertikal Helse can be corrected by yourself by logging into My Pages at If.no.
In principle, we will proactively correct incomplete or inaccurate information. However, it is not always easy for those who process large amounts of information to become aware that something is missing or incorrect. Therefore, we recommend that everyone actively exercises their right of access and informs the relevant department if there are any error
All information collected with written consent can be deleted at any time. Information obtained under legal authority is typically not subject to deletion. Please contact us or the processing site if you have questions about deletion.
After the completion of treatment, your case will be closed, but you can request to receive documents containing your own health information at your own initiative without any cost. Otherwise, the medical information will be archived and deleted in accordance with applicable data protection laws.
- Obtain your personal information and store it on a private device for further personal use.
- Move, copy, or transfer your personal information from one business to another business.
Vertikal Helse is legally responsible for ensuring that personal information is adequately secured. We have implemented procedures based on risk assessments to provide the necessary security.
We ensure that only those with a legitimate need have access to the information. Furthermore, we ensure that information cannot be altered or deleted by anyone other than those authorized to do so.
We periodically review our procedures to ensure that security is as strong as possible at all times. If we discover that a procedure has not been followed, it is thoroughly investigated and addressed.