This data processing agreement ("Agreement") is entered into between:
The purpose of the Agreement is to regulate the processing of personal data in accordance with GDPR, where Stenoly acts as a data processor and the Data Controller is responsible for the basis for processing.
Stenoly shall only process personal data according to instructions from the Data Controller. The responsibility for establishing a legal basis for processing rests with the Data Controller.
Stenoly commits to confidentiality, and all employees and subprocessors who process data are bound by confidentiality. The information shall not be shared with third parties without express permission from the Data Controller.
Stenoly shall implement appropriate technical and organizational measures to protect personal data, including:
Stenoly processes personal data only in accordance with the Data Controller s instructions, and data is stored on secure servers in compliance with GDPR.
Stenoly may engage subprocessors to process personal data. Any subprocessor is bound by the same data protection obligations set out in this data processing agreement. A current list of Stenoly's subprocessors is published in our Privacy Policy and is also available upon request. Stenoly will inform the Data Controller before adding or replacing a subprocessor and will give the Data Controller a reasonable opportunity to object.
Database hosting.
Accounts, consultations, notes, billing.
Application hosting and file uploads.
Website traffic; uploaded documents.
AI note generation.
Consultation transcripts and notes.
AI dictation and note processing.
Clinical text.
Speech-to-text transcription.
Consultation audio, transcribed and not stored.
Document text extraction.
Uploaded documents.
Authentication (BankID, Buypass, email).
Identity and login verification.
Delivery of finished notes to the EHR.
Notes sent to the EHR.
Customer relationship management.
Account contact details. No clinical data.
Subscription billing.
Billing details. No clinical data.
Business email.
Email correspondence.
Customer support chat.
Support messages and contact details.
These run on our marketing website only and never receive patient or clinical data.
All sub-processors that handle personal or clinical data process it within the EU/EEA under signed data processing agreements.
Stenoly shall assist the Data Controller in fulfilling the rights of data subjects. The responsibility for responding to such requests rests with the Data Controller.
Stenoly shall notify the Data Controller without undue delay, and in any event within 72 hours of becoming aware of a personal data breach, in line with GDPR Article 33.
The notification shall contain:
Stenoly shall not transfer personal data outside the EU/EEA without written consent from the Data Controller. Any transfers shall occur in accordance with GDPR.
Stenoly shall strive for high availability but does not guarantee uninterrupted uptime. Stenoly is not responsible for losses resulting from unavailability, and maintenance may be performed without prior notice.
Upon termination of the Agreement, Stenoly shall delete or return personal data according to the Data Controller s wishes. Confirmation of deletion can be provided upon request.
The Data Controller shall:
Stenoly is not responsible for the Data Controller s obligations under GDPR. In all cases, Stenoly is only liable for damages resulting from breach of the agreement or GDPR; and limited upward to the amount the Data Controller has paid for the Service in the last 12 months. The parties commit to cooperate in case of claims for compensation.
The Agreement applies as long as Stenoly processes personal data for the Data Controller. Upon termination, all data shall be returned or deleted.
This agreement is governed by Norwegian law, and disputes shall be resolved by Oslo District Court.
You speak.We listen.
The consultation is yours. The paperwork is ours. Stenoly listens during your consultation and writes a complete medical note before the patient leaves the room.
Add to ChromeStenoly is provided for general information and organisational purposes only. It does not provide medical advice, recommendations, diagnosis, monitoring, treatment, prognosis, or any clinical decision support relating to health conditions or illnesses.