Effective Date: 29.05.2025

At Medhead.no (https://medhead.no), we are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679.

1. Information We Collect

We collect limited personal data through the following means:

• Cookies and Tracking Technologies: (used via Google Analytics and Google Tag Manager)

• Forms: When you voluntarily submit information through contact or registration forms (e.g., name, email)

📜 Relevant GDPR Articles:

• Article 4(1) – Definition of personal data

• Recital 30 – Use of online identifiers and cookies

2. Purposes of Data Processing

We process your personal data for the following purposes:

• To analyze website usage (via Google Analytics)

• To respond to messages or registrations submitted via our forms

• To improve the website’s performance and user experience

📜 Relevant GDPR Articles:

• Article 6(1)(a) – Consent

• Article 6(1)(f) – Legitimate interests

• Recital 47 – Legitimate interest includes certain forms of analytics

3. Legal Basis for Processing

We rely on two primary legal bases:

• Consent – For cookies and tracking technologies (Article 6(1)(a))

• Legitimate Interests – For analytics and general service improvement (Article 6(1)(f))

You have the right to withdraw your consent at any time.

4. Cookies and Tracking Technologies

We use cookies to:

• Collect anonymous traffic and usage data

• Improve website functionality

This is managed through:

• Google Analytics

• Google Tag Manager

Cookies will not be placed without your consent, in accordance with ePrivacy Directive and GDPR.

📜 Relevant GDPR and ePrivacy Provisions:

• Article 7 – Conditions for consent

• Recital 32 – Clear affirmative action required for consent

• Directive 2002/58/EC (ePrivacy), Article 5(3) – Cookie consent

5. Data Sharing

We do not share your personal data with third parties. Google Analytics and Tag Manager are configured to anonymize IP addresses and prevent identification.

📜 Relevant GDPR Articles:

• Article 28 – Processor obligations

• Article 25 – Data protection by design and default

6. Data Retention

We retain analytics data for no longer than 26 months, or as required to fulfill the intended purposes.

📜 Relevant GDPR Articles:

• Article 5(1)(e) – Storage limitation principle

7. Your Rights (EU Users)

If you are located in the European Union, you have the following rights:

• Right to access your data (Article 15)

• Right to rectification (Article 16)

• Right to erasure (“right to be forgotten”) (Article 17)

• Right to restriction of processing (Article 18)

• Right to object (Article 21)

• Right to data portability (Article 20)

• Right to withdraw consent at any time (Article 7(3))

To exercise these rights, please contact us at info@medhead.no.

8. Data Security

We implement appropriate technical and organizational safeguards to ensure the confidentiality and integrity of your data.

📜 Relevant GDPR Articles:

• Article 32 – Security of processing

9. Changes to This Privacy Policy

We may update this policy occasionally to reflect changes in our practices or legal requirements. All updates will be published on this page.

10. Contact Information

If you have any questions or would like to exercise your data rights:

Email: info@medhead.no
Website: https://medhead.no

You also have the right to lodge a complaint with your local Data Protection Authority (DPA).