Grasp's privacy statement

At Grasp, we are committed to protecting and respecting your privacy in accordance with the EU's General Data Protection Regulation (GDPR ).

This privacy statement provides information about how we collect and process personal information about our customers and users of our products and services. All references to "we" and "us" refer to Grasp AS. If you have any further questions after reading this statement, please feel free to contact us by email at

The products and services we deliver to our customers are developed on the basis of built-in privacy - which means that privacy security is the basis for the design of the entire system and that privacy is taken into account in all phases of development. This allows us to store and process personal and health information in a secure way. All information registered in our system is stored securely in the cloud and is only available to authorized personnel.

In addition to personal information that is processed by our products / services, we collect personal information about customers, suppliers, subscribers of newsletters and people who contact us for information. In the sections below, there are further details about what kind of personal information we collect, how it is processed and what you are entitled to as registered.

Who are we?

Grasp AS is a private owned, digital Med-Tech company who is focusing on development, production and distribution of innovative digital devices within the healthcare industry. Our mission is to provide healthcare market with reliable digital solutions, enhance accuracy and effectiveness of medical treatment, and enable best patient experience.

Customer data

When you enter into a subscription agreement with us or purchase one of our products, we collect one or more of the following data about you:

  • Name
  • Company name
  • Organization number
  • Phone number
  • E-mail address
  • Delivery address
  • Payment details
  • Information about the customer's business manager (name, mobile number, e-mail address)
  • Information about the customer's contact person (s) (name, e-mail address)
  • Information about the customer's admin user (name, username, e-mail address, telephone number and social security number) 

The information is processed to fulfill the contract with the customer and is stored throughout the subscription period to manage the customer relationship and provide support services. We store certain information beyond the subscription period for the following reasons:

  • Accounting (according to Norwegian law, we must keep accounts for 5 years).
  • Collect outstanding receivables (if you still owe us money after the end of the subscription period).
  • Defend legal claims (if there is a question of a legal dispute in connection with terms in the subscription agreement).
  • Our customers 'duty to document patients' treatment in accordance with the Patient Records Act.

Our technology platform Grasp Clinic 

Grasp delivers a technology platform to customers that enables follow-up of patients using Grasp. When it comes to the information that is collected and stored by the customer in the system, Grasp acts as data processor and the customer as data controller. The software allows the customer to specify (configure) the scope and types of personal information that will be collected from the patients / the registered. The responsibility for ensuring that all collection of personal information, as specified (configured) by Customer, is lawful rests solely with the Customer, provided that the Software provides the necessary tools for this.

Only technical personnel in Grasp who are subject to strict confidentiality have access to the information in the system.

Grasp Clinic has been developed as a treatment- oriented health register in accordance with the Patient Records Act and meets the requirements of the Norm. The system is designed not to collect information that is unnecessary for the purposes the system was designed to support. In Grasp Clinic , customers can collect and store data about both patients and healthcare professionals / employees.

Patient data

When the customer registers a new patient in Grasp Clinic , the following information will normally be registered about the patient:

  • Name
  • Social security number
  • Address
  • Phone number
  • Information about the patient's state of health

Once the patient has been registered, healthcare professionals employed by the customer can register medical records and medical plans on the patient's user profile. The system will also store data and results from patient measurements performed by the patient (both medical measurements and answers to questionnaires).

The above information is necessary to ensure the correct identification of the patient and to document the patient's treatment in a treatment-oriented health register in accordance with the Patient Records Act.

The information is stored until the customer considers that, due to the nature of the health care, it is no longer assumed that it will be used. This assessment is made exclusively by the customer. We will only delete data according to instructions from the customer (eg as a result of an inquiry from a patient).

Data about the customer's employees / health personnel

When new user profiles are created for employees / healthcare professionals in the system, the customer can register the following information about these in Grasp Clinic :

  • Name
  • Date of birthday
  • E-mail address
  • Phone number
  • Username

In addition, Grasp Prevent collects log data, among other things to ensure information security and prevent unauthorized use. These logs will store data about, among other things, the system users' activities in the system.

The above information is necessary to ensure correct documentation of patients' treatment in a treatment-oriented health register in accordance with the Patient Records Act.

The information is stored until the customer considers that, due to the nature of the health care, it is no longer assumed that it will be used. This assessment is made exclusively by the customer. We will only delete data according to instructions from the customer (eg as a result of an inquiry from an employee).

How do we store data?

We use the Grasp as a unique identifier in our system. This means by knowing the identifiacationnumber of the Grasp, as well as what organization the Grasp is linked to, we can store data from it. However, to store data with us we need to collect some information.

What information do we collect to store squeezes?

  • The unique identifier for each Grasp
  • An anynmous randomly generated mobile device identificator
  • If you choose to upload data to us, we connect the Grasp with an email adress (a real person). Data (squeezes) that is uploaded using this connection
  • Optionally you can fill in our first and last name when registering an account for uploading data.

To whom do we disclose your information?

We do not share, sell, rent or exchange your information with third parties without your consent, except as described below.

Third party service providers and product suppliers / manufacturers working on our behalf:

We may forward your information to our distributors, NAV and manufacturers / subcontractors for the purpose of delivering services / products to you in collaboration with us or on our behalf. 

If required by law:

We publish your personal information if required by law, or if we as a company reasonably believe that this publication is necessary to protect the company's rights and / or to comply with claims in connection with a lawsuit or court order. However, we will do what we can to ensure that our privacy rights are still protected.

What do we do to keep your information secure?

All communication is encrypted and stored securely. Furthermore, access to production data has a chain of command structure where only trusted individuals with heightened security clearance has access.


Partners and suppliers

We process personal information about partners and suppliers for service delivery and service exchange. The personal information processed is name, telephone number, address, e-mail address and billing information.

This information will be stored during the contract period. Furthermore, in order to facilitate potential future contact and cooperation, we maintain an overview of current, past and potential partners and suppliers for 5 years (GDPR Art. 6 (1) (f)). We will delete all information at the request of the registered.

Newsletter and information requests

If you want to contact us or subscribe to our newsletter, we collect the following data:

  • Newsletter: E-mail address.
  • E-mail: If you contact us by e-mail, we will save the correspondence to respond to your inquiry.
  • Telephone: If you contact Grasp support by telephone, we store a written summary of the correspondence to respond to your inquiry.

We need your consent to have you subscribed to our newsletters. You can withdraw your consent at any time and we will consequently delete your e-mail from the e-mail list.

If you are a customer, we reserve the right to keep e-mail and telephone correspondence as long as you are an active customer to provide the best possible customer care. We store collected personal information for as long as we believe it is necessary to fulfill the purpose of the collection.This means that we can store your personal information for a reasonable period after your last interaction with us. When the personal information we have collected is no longer required, we delete it securely. You can send us a request to delete all correspondence. We will then process your request. If we decide to keep your data, we will inform you why in a short time.


If you are applying for a position in Grasp , we will collect and process your CV, application, certificates and references as well as personal information such as name, e-mail address and telephone number. The basis for our processing of this personal data is your consent which is freely given by you during the recruitment process. We will store such data for three years after the end of the recruitment process to assess you for future positions. You can withdraw your consent at any time. 


Information security

Grasp has documented technical and organizational measures to ensure that personal information is processed in a way that ensures its confidentiality, integrity and availability. We take adapted measures to ensure that all personal data is processed in a secure manner, including comprehensive security measures have been implemented to prevent personal data from going astray or unauthorized persons gaining access. We restrict access to your personal information to those who have a service need for access. Those who process your information are subject to a duty of confidentiality, and will only process the information in an authorized manner.

Grasp also has procedures for handling any suspected breaches of computer security. We will notify you and any relevant authority of suspected data breaches where we are required by law to do so.

Recipients of personal data and use of subcontractors

We will not transfer your personal information to third parties unless such transfer is necessary as a result of statutory obligations.

We may use subcontractors to process personal data on our behalf. In that case, we are responsible for ensuring that they undertake to comply with this privacy statement and applicable privacy laws by signing a data processing agreement. If the subcontractor processes personal data outside the EU / EEA area, such processing must be in accordance with the EU-US Privacy Shield framework , the EU's standard contractual terms for transfer to third countries or another specific legal basis for the transfer of personal data to a third country.

Our websites

When you visit one of our websites, we collect and store information about user behavior. This includes information about your IP address, browser, location, network provider, operating system, time spent on the site, which website you come from and web activity on our websites.
The purpose of the treatment activities is to optimize our websites to our visitors as well as perform analyzes of trends and patterns in the use of the websites. The legal basis is our legitimate interest in adapting our websites and services to the users' perceived needs. Further down in the privacy statement, you will find further information about our use of cookies .

Anonymous information that cannot be linked to you may be used and retained for statistical and analytical purposes.

Cookies ( cookies )

We use cookies when you visit our websites. Cookies, also referred to as cookies , are text files that are downloaded and stored on your device when you visit the website. We use cookies for authentication purposes so that you do not have to identify yourself every time you visit our website. Cookies are also used for user statistics, to customize the web pages above our visitors and to remember visitors' user preferences.

The information is used to make the web pages work more efficiently, as well as to provide us with business and marketing information. We also collect information about the operating system, referring page, the path through the website, etc. The purpose is to understand how visitors use a website. Cookies and similar technology help us to tailor the website to your personal needs. If cookies are used alone, they will not personally identify you.

You can use the browser settings to prevent the browser from storing cookies and deleting cookies.  Please note that such deletion and prevention of the use of cookies may lead to reduced functionality on this and other websites. 


Your rights as registered

You have the right to request:

  • access to all personal information we have stored about you,
  • correction of any errors in the personal information we have stored about you, and
  • deletion of your personal information.

We will respond to your request as soon as possible, and within 30 days at the latest.

Your personal data will be deleted when the data is no longer necessary for the processing purposes specified in point 1 above.

If you wish to exercise any of your rights, please contact us by email at


If you have any objections to how we process your personal information, you can send a complaint to the Norwegian Data Protection Authority .