This data processing agreement ("Agreement") is entered into between:
The purpose of the Agreement is to regulate the processing of personal data in accordance with GDPR, where Stenoly acts as a data processor and the Data Controller is responsible for the basis for processing.
Stenoly shall only process personal data according to instructions from the Data Controller. The responsibility for establishing a legal basis for processing rests with the Data Controller.
Stenoly commits to confidentiality, and all employees and subprocessors who process data are bound by confidentiality. The information shall not be shared with third parties without express permission from the Data Controller.
Stenoly shall implement appropriate technical and organizational measures to protect personal data, including:
Stenoly processes personal data only in accordance with the Data Controller s instructions, and data is stored on secure servers in compliance with GDPR.
Stenoly may use subprocessors for data processing. In such cases, they must comply with the conditions set out in this data processing agreement. Stenoly is obligated to provide a complete list of its subprocessors upon request from the Data Controller.
Stenoly shall assist the Data Controller in fulfilling the rights of data subjects. The responsibility for responding to such requests rests with the Data Controller.
Stenoly shall notify the Data Controller without undue delay in case of security breaches.
The notification shall contain:
Stenoly shall not transfer personal data outside the EU/EEA without written consent from the Data Controller. Any transfers shall occur in accordance with GDPR.
Stenoly shall strive for high availability but does not guarantee uninterrupted uptime. Stenoly is not responsible for losses resulting from unavailability, and maintenance may be performed without prior notice.
Upon termination of the Agreement, Stenoly shall delete or return personal data according to the Data Controller s wishes. Confirmation of deletion can be provided upon request.
The Data Controller shall:
Stenoly is not responsible for the Data Controller s obligations under GDPR. In all cases, Stenoly is only liable for damages resulting from breach of the agreement or GDPR; and limited upward to the amount the Data Controller has paid for the Service in the last 12 months. The parties commit to cooperate in case of claims for compensation.
The Agreement applies as long as Stenoly processes personal data for the Data Controller. Upon termination, all data shall be returned or deleted.
This agreement is governed by Norwegian law, and disputes shall be resolved by Oslo District Court.
You speak.We listen.
The consultation is yours. The paperwork is ours. Stenoly listens during your consultation and writes a complete medical note before the patient leaves the room.
Stenoly is provided for general information and organisational purposes only. It does not provide medical advice, recommendations, diagnosis, monitoring, treatment, prognosis, or any clinical decision support relating to health conditions or illnesses.