Björklund Scientific Advisory

Clear, traceable documents for scientific, regulatory and strategic decisions

You are here: Home / Privacy Policy

Privacy Policy

Last updated: 14 November 2025

This Privacy Policy explains how Bolna AS (operating under the name Björklund Scientific Advisory) collects, uses, and protects personal data in connection with the website bjorklund.md and related services.

By using this website or contacting us, you agree to the handling of your personal data as described here, in accordance with applicable data protection law, including the EU/EEA General Data Protection Regulation (GDPR).

1. Data controller

The data controller responsible for processing your personal data is:

Bolna AS
Toften 24
8610 Mo i Rana
Norway

Email: info@bjorklund.md
Phone: +47 41111942

2. Personal data we collect

We may collect and process the following categories of personal data:

  • Contact data: name, email address, phone number, organization, role, and any other information you include when you contact us by email, phone, or via a contact form.
  • Communication data: content of emails and other messages, including proposal requests, scope descriptions, and related correspondence.
  • Website usage data: technical data such as IP address, browser type, device information, pages visited, date and time of access, and referring pages. This may be collected through server logs and cookies.
  • Client and project data: information necessary to perform an assignment, such as project contacts, internal document references, and other data you provide during an engagement.

We do not intentionally collect sensitive personal data (such as health data about individuals) via this website. Such data, if relevant for a project, is only processed under separate contractual and confidentiality arrangements.

3. Purposes and legal bases

We process personal data for the following purposes and legal bases:

  • Responding to inquiries and providing proposals
    To answer your questions, prepare proposals, and communicate about potential or ongoing assignments.
    Legal basis: performance of a contract or steps prior to entering into a contract (GDPR Art. 6(1)(b)), and legitimate interests in responding to inquiries (Art. 6(1)(f)).
  • Performing assignments and managing client relationships
    To plan, execute, and document advisory and writing services, including invoicing and contractual obligations.
    Legal basis: performance of a contract (Art. 6(1)(b)) and compliance with legal obligations (Art. 6(1)(c)).
  • Operating and securing the website
    To ensure the website functions properly, monitor performance, and maintain security (for example, detecting misuse or attacks).
    Legal basis: legitimate interests in operating and securing the website (Art. 6(1)(f)).
  • Analytics and service improvement (if used)
    To understand how the website is used and improve content and structure, using aggregated or pseudonymized data.
    Legal basis: legitimate interests in improving services (Art. 6(1)(f)), and, where required, your consent for non-essential cookies (Art. 6(1)(a)).
  • Compliance and record-keeping
    To comply with legal obligations, maintain records for tax and accounting, and respond to authorities if required.
    Legal basis: compliance with legal obligations (Art. 6(1)(c)) and legitimate interests in maintaining necessary records (Art. 6(1)(f)).

4. Cookies and similar technologies

This website may use cookies and similar technologies. Essential cookies are used to ensure basic site functionality. Non-essential cookies (for example, for analytics) are used only where permitted by law and, where required, based on your consent.

For more details, please see the Cookie Policy.

5. Data retention

We retain personal data only for as long as necessary for the purposes described above:

  • Contact and communication data are kept for as long as needed to respond to your inquiry and, where relevant, for the duration of any client relationship and associated limitation periods.
  • Client and project data are retained for the duration of an engagement and for a reasonable period afterward to comply with legal requirements and internal governance.
  • Technical and log data are kept for a limited period necessary for security, troubleshooting, and analysis, unless longer retention is required for legal or security reasons.

When data are no longer needed, they are deleted or anonymized in a secure manner.

6. Sharing of personal data

We do not sell personal data. We may share personal data with:

  • Service providers who support website hosting, IT security, email, document management, and similar functions, under data-processing agreements and confidentiality commitments.
  • Professional advisers (such as legal or accounting advisers) where necessary.
  • Authorities where we are legally required to do so, or to protect legal rights.

Where service providers are located outside the EU/EEA, we take appropriate safeguards (such as standard contractual clauses) to protect your data, in line with applicable law.

7. Your rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Right of access to the personal data we hold about you.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) in certain circumstances.
  • Right to restriction of processing in certain circumstances.
  • Right to data portability for data you have provided, where processing is based on consent or contract and carried out by automated means.
  • Right to object to processing based on legitimate interests, including profiling, and to object to direct marketing if used.
  • Where processing is based on consent, the right to withdraw your consent at any time (without affecting prior processing).

To exercise these rights, please contact us at info@bjorklund.md. We may need to verify your identity before acting on your request.

You also have the right to lodge a complaint with your local data protection authority. In Norway, the supervisory authority is the Norwegian Data Protection Authority (Datatilsynet).

8. Security

We take appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Measures include encrypted file transfer for client materials, access limited to named participants, and version control for key documents.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on this page and will indicate the date of the most recent update.

If changes are material, we may notify you through the website or by other appropriate means.

For questions about this Privacy Policy, please contact info@bjorklund.md