Skip to content

Privacy Policy

Data Controller

The data controller for the processing of personal data is Oltek AS, organisation number 927 146 495.
Contact:  info@oltek.no

What personal data is processed – and why

In connection with psychological treatment, Oltek AS processes necessary personal data, including:

  • name and contact details
  • national identification number
  • health information and clinical records

This information is processed solely for the purpose of providing appropriate psychological healthcare and fulfilling statutory obligations related to clinical record-keeping and accounting.

How personal data is collected

Personal data is collected when you:

  • contact me via email, telephone, or SMS
  • use the contact form on the website
  • book an appointment via the booking system

Personal data is processed on the basis of:

  • the Norwegian Health Personnel Act and the Patient Records Act
  • GDPR Article 6(1)(c) (legal obligation)
  • GDPR Article 9(2)(h) (provision of health or social care)

Clinical records and confidentiality

As a licensed psychologist, I am legally required to maintain clinical records in accordance with applicable legislation. The clinical record contains only information necessary to provide appropriate healthcare, such as symptoms, medical history, clinical assessments, and any diagnoses where relevant.

All clinical records are subject to strict professional confidentiality and are not shared with others without valid consent or a legal basis.

Data storage and information security

Clinical records are stored electronically in the clinical record system Konfidens. The system complies with the Norwegian Directorate of eHealth’s Norm for Information Security and Privacy in the Health and Care Sector. All data is encrypted and inaccessible to unauthorised parties.

Video sessions are conducted via Whereby. No audio, video, or images from sessions are recorded or stored. Whereby complies with requirements for secure, fully encrypted video consultations.

Disclosure of personal data

Personal data is not disclosed to third parties unless required by law, for example in cases involving serious risk to life or health.

Data retention and deletion

Clinical records are stored in accordance with statutory requirements and are generally not deleted until at least ten (10) years have passed since the last entry in the record. Other personal data is deleted when it is no longer necessary for the purpose for which it was collected.

Your rights

You have the right to access your clinical record and to receive a copy upon request. If your record contains errors or incomplete information, you may request correction or deletion where applicable.

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) regarding any matters relating to the processing of your personal data.