Privacy, GDPR and processing of health information for Tigeni AS
Privacy, GDPR and processing of health information for Tigeni AS
All personal sensitive data will be processed in accordance with any applicable privacy rules in Norway and the EU.
Tigeni and their subcontractors only make use of the user's information in order to fulfill their obligations under the delivery of the service and the test to be performed.
The use of personal information is only intended for the purpose for which it was collected.
Tigeni processes the customer's personal data in accordance with the Act on the processing of personal data Link: https://lovdata.no/dokument/NL/lov/2018-06-15-38 and the Act on health registers and processing of health data.
Link: https://lovdata.no/dokument/NL/lov/2014-06-20-43
Insight
Tigeni's users may demand access to their own personal information and demand that their information be deleted after termination of the service.
Identification of users and the creation of user profiles, for both clients as well as authorised healthcare professionals is performed using BankID.
All dialogue between patient and doctor is recorded in the doctor's own recordin system in accordance with the rules in force at any given time. Tigeni has no access to the journal system.
Identification of samples
All samples are anonymised and are only identified by a unique 8-digit serial number. Third parties have access to this serial number and no other personally identifiable information. This number is linked to the user inside the Tigeni system only. For each new samples, a new unique serial number is created.
Storage and transfer of data
All data is stored within the EEA area and in accordance with the rules within this area
All data transfers are in accordance with the basic requirements of privacy legislation.
Privacy legislation allows the use of cloud services and the Norwegian Data Inspectorate is of the opinion that satisfactory privacy is achievable in the cloud. The regulations are the same for the use of cloud and traditional storage methods; Tigeni is legally responsible and must ensure that personal data is processed in accordance with the law.
The user can delete all or part of the data in the Tigeni app, here
Data Processor Agreement
Tigeni has entered into a data processor agreement with Google Cloud regarding Data Processing and Security Terms. Link: https://cloud.google.com/terms/data-processing-terms
GDPR principles in Tigeni
1. Consent must be given
Tigeni can not process personal data about the user unless each individual has freely given a specific, informed and clear indication of consent, either via a statement or via a clear "affirmative action".
2. Right of Access
Legislation gives individuals the right to demand access to their personal information and to know how the information is used by Tigeni after it is collected. Tigeni shall be able to provide a copy of the personal information, free of charge and in electronic format, if the user so requests.
The right to be forgotten
If users are no longer customers, or if they withdraw the consent they have given Tigeni to use their personal information, users have the right to have the information deleted.
4. Right to transfer data
The user has the right to transfer information from one service provider to another.
5. The right to be informed
This covers all types of collection of personal information, and individuals must be informed before the information is collected. The user must consent to the collection of personal data, and consent must be given actively, not implied.
6. Right to correct information
This ensures that the user can update the information if it is outdated, incomplete or incorrect.
7. Right to limited treatment
Users may request that their information not be processed. The information can still be stored but should not be used.
8. Right to oppose treatment
This includes the right to oppose the processing of personal data for use in direct marketing. There is no exception to this rule, and all processing must be stopped as soon as this request is received. This right must be clearly communicated to the user at the beginning of any communication on the web or mobile.
9. The right to be notified
If there has been a data breach that may have consequences for the user's information, the user has the right to know this within 72 hours after the breach was discovered.
10. Use of Cookies
Tigeni's websites use cookies. If the cookie is not necessary for our website to work, it will not be stored on your device unless the user agrees to this.
Required cookies
These cookies support core functionality and/or are security-related . Tigeni deem these necessary and they are thus stored without prior consent.
Form functions
These cookies are necessary if the user wishes to use the forms on our website. Other functionality on the website is not affected if the user refuses consent. The choice the user makes here is valid for up to 90 days.
Web analytics
Tigeni is considering using a cookie-based analytics tool. Currently Tigeni does not employ cookies for this purpose.
Users can withdraw their consent at any time, by selecting "manage cookies" in their browser.
