PRIVACY POLICY

Headache Calendar

This privacy policy applies to the processing of personal data that occurs in connection with the Headache Calendar mobile app (also referred to as the «service»), developed by KBB Medic AS, Org no 912 372 022. Thormøhlens gate 51, 5006 Bergen («KBB Medic»).

KBB Medic is responsible for the processing of the data and activities described in the privacy statement. You can get in touch with KBB Medic by sending us an inquiry to the address given at the beginning or by e-mail to: post@kbbmedic.no

1              About the Headache Calendar and the possibility of sharing personal data

When you use the Headache Calendar, we record and store data that you plot into the service. The information is stored on a secure server that we manage.

You can choose to share information with others via the service. This is only done when you yourself actively choose to share data. A code is then generated that a treating doctor / specialist can use in a doctor’s tool. The code is valid for 10 minutes after it was generated.

2             More details on the basis and type of personal data we collect

We process personal data in order to deliver the Headache Calendar service. The purpose is to offer a service where the user can document the number of headache days as well as the development of the headache. Keeping a headache diary is also required by some health guidelines in order to get reimbursement for certain medicines against headaches and migraines. A digital tool is an efficient way to carry out the registration.

Which personal data we process depends on the information you enter in the service, but typically includes:

  • Email
  • The duration of the headache
  • Number of seizures
  • Intensity
  • Whether it is experienced as a migraine
  • If an aura is experienced
  • If you are having your period
  • Medicinal use
  • Effect of medication use
  • A personal note

Our legal basis for processing this personal data is that the processing is necessary to deliver a service and execute the agreement with you, according to GDPR Article 6(1)(b). 

Since information about headaches, medication use and menstruation is health information, we must also have your consent to process the information according to GDPR Article 9(2)(a). If you do not give consent, we cannot offer the service, as the main function of the service is to process information about headaches. You can withdraw consent at any time by sending us an inquiry to one of the contact points stated at the beginning, we will then end further processing of your health information.

3             Anonymisation of data for use in research 

We use data you enter into the service to collect information for use in research. Before we use your personal data in this way, we remove all identifying information, so that the data sets are anonymous. Our basis for anonymizing the personal data is that we have assessed that the anonymization is in line with the original purpose of the processing – as the anonymization means that you can no longer be identified.

4            Sharing of personal data with healthcare personnel

In the Headache Calendar, you will have the opportunity to share personal information with healthcare personnel. Healthcare personnel will then have access to the information mentioned in point 2 above. The sharing is based on your consent to share such information according to GDPR Article 6(1)(a). The purpose is to simplify the administrative work for you and the relevant healthcare personnel. The healthcare personnel themselves will be responsible for the processing of your personal data after it has been shared.

5             Disclosure of information and use of data controllers

As a general rule, KBB Medic does not share your personal data with others. Exceptions are in cases of business transfer, or if we are required to share the information by law or order from a public authority.

Provided that we have anonymised the personal data you have entered into the service, we can share this for use in research. Anonymization means that it will no longer be possible to identify you as a user.

We use data controllers to deliver the service, including companies that assist us with the development and operation of the service. The data controllers are bound by data processing agreements with KBB Medic AS. You can get more information about our data controllers by contacting us.

All processing of personal data that we undertake takes place within the EU/EEA area.

6            Storage period

We store your information as long as you have a user. You can request the deletion of your user at any time by sending us an inquiry to one of the contact points stated at the beginning.

7             The rights of the registered user

As registered user, you have the right to demand:

  • Correction, access and deletion. You have the right to request a free copy of your personal data, request the rectification of incorrect information and, in certain circumstances, request that your personal data be deleted.
  • Restriction. You have the right to demand that we limit the processing of your personal data under certain circumstances, for example while we investigate any objections from you relating to our processing of personal data.
  • Data portability. In some cases, you have the right to data portability, which means that you can demand that we hand over information about you in a structured, usable and machine-readable format, in order to be able to transfer these to another data controller. This only applies if we process the personal data based on your consent or because it is necessary to fulfill an agreement with you.
  • Protest. In some cases, you have the right to object to our processing of your personal data. We will then stop the processing of the information, unless we can show compelling legitimate reasons why we can continue the processing.
  • Protest against direct marketing. You have the right to object to our direct marketing (including profiling for these purposes). We will then stop our processing of your personal data for these purposes.
  • Withdraw consent. If the processing of personal data is based on your consent, you have the right to withdraw your consent at any time. We will then stop future processing of personal data that is based on your consent.
  • Complaint to the Norwegian Data Protection Authority. You have the right to complain to the Norwegian Data Protection Authority about the processing of your personal data. We appreciate it if you contact us directly first. You can find information on how to contact the Norwegian Data Protection Authority on the Norwegian Data Protection Authority’s website: www.datatilsynet.no.

8            Changes

If we make changes to the privacy policy, we will publish an updated version on the website. We will notify you of changes that may have negative consequences for you, or changed processing of purpose, legal basis or recipients of personal data. Such notice can be given by notification in the service or by e-mail.

The privacy policy was last updated on 24/05/2023.