Our contact information is:
Leirfossvegen 27, 7038 TRONDHEIM
Organization no.: 994 807 609 VAT
E-mail address: firstname.lastname@example.org
Contact us if you have questions about or want to exercise one of your rights. You are entitled to a response within 30 days at the latest. Read more on the Norwegian Data Protection Authority’s website .
- Access to and correction of your own information: You can request a copy of all information we process about you, and ask us to correct information that is incorrect.
- Deletion or restriction: In some situations, you can ask us to delete and/or limit the processing of information about yourself, but we cannot delete data we are required to process.
- Object to processing: If we process information about you on the basis of legitimate interest, you have the right to object to it.
- Data portability: If we process information about you based on consent or a contract, you can ask us to transfer information about you to you or to another data controller.
- You can also complain to the Norwegian Data Protection Authority, but we hope that you will report directly to us first so that we can try to resolve the matter for you in a good way.
Who we process personal data about and how we collect it
We process personal information about potential and existing customers, subscribers to newsletters, contact persons at suppliers and partners, as well as visitors to the website.
We process personal data when you:
- buy our products or services
- Sign up for our newsletter
- register for events organized by us, free and paid
- contact us by phone, SMS, e-mail, the website or via social media
- respond to a survey
It is voluntary to provide us with personal information, but in order to carry out a transaction we need a number of information from you. We do not use automated decisions or profiling in the processing of your personal data. Basically, we do not process special categories of personal data, except for employment and events where we ask about food intolerances/allergies.
Categories of personal data, purpose and legal basis
According to Article 6 No. 1 of the Personal Data Protection Regulation, we process personal data on the basis of:
a. Your consent
b. An agreement we have entered into
c. A legal obligation we have
f. A legitimate interest we believe we have
We process personal data when:
You communicate with us
When you contact us via the website (e.g. through contact forms), by e-mail, by telephone (call, text message) or social media, we process personal data. Depending on where and how you send us a message, this may be contact information, IP address and other information you choose to send to us.
The purpose is to be able to respond to inquiries from you, for history, and to have documentation in case we receive claims, complaints or legal claims. The legal basis is f), where the legitimate interests are to be able to respond to inquiries from you, for history, and to have documentation in case we receive complaints, complaints or legal claims.
We review, archive and delete inquiries as necessary, but no less often than every five years. Accounting material is kept for up to five years, according to the rules in the Bookkeeping Act.
You buy our products and services
When you buy products and services from us, we process personal data such as contact information, order and payment information and purchase history.
The purpose is to be able to deliver products and services to you after ordering/purchasing, and to have a history of products and services sold. The legal basis is b) agreement or c) legal obligation. Accounting material is kept for up to five years, according to the rules in the Bookkeeping Act.
Marketing in existing customer relationships
When you become a customer with us, we process personal data as mentioned above. If you have an existing customer relationship with us, we will be able to send you marketing by e-mail and SMS, in line with Section 15 of the Marketing Act, as well as the Norwegian Consumer Protection Authority’s corresponding guidance.
The purpose is to be able to provide good customer service. The legal basis is f), where the legitimate interests are to be able to offer you relevant products and services. The legal basis can also be a), where you have given us your consent. You can unsubscribe from e-mail and SMS marketing at any time. Information on how to unsubscribe is stated in all e-mails and SMSes we send that are linked to marketing. The information is kept as long as the customer relationship exists or until you object to the processing.
You sign up for the newsletter
We send out newsletters in the form of e-mail, with articles, discounts, offers and the like. The newsletters occasionally contain information about our products and services. When you subscribe to the newsletter, we process personal data such as contact information and IP address.
The purpose is to be able to inform about relevant news and offers, as well as to provide good customer service to potential and existing customers. The legal basis is a) consent. Subscribing to the newsletters is voluntary and you can withdraw your consent (unsubscribe) at any time by clicking on “unsubscribe” at the bottom of one of the emails. The information is stored for as long as you subscribe, until you request to be deleted or up to 3 months after you have unsubscribed.
You are applying for a job or working with us
When you apply for a job with us, we process personal data such as contact information, CV and other information we need to be able to assess your application. The legal basis is b) agreement, and possibly article 9 no. 2 b) and h) if your application contains special categories of personal data. The information is deleted after a person has been selected for the job, unless you have consented to us storing it in case you wish to apply for a job at a later time.
If we use a recruitment agency, they are responsible for processing, unless we send them information about relevant candidates. In that case, we will enter into a data processing agreement with the agency.
For employees, we process personal data as mentioned above, in addition to information that is necessary to be able to pay salaries and otherwise administer the employment relationship. The legal basis for this is b), and possibly Article 9 no. 2 b) and h) for special categories of personal data. Information about employees is deleted as a general rule when the employment relationship ends, unless special reasons (such as a dispute about dismissal or resignation) make it necessary to keep them longer. Information related to salary administration is kept for up to five years, according to the rules in the Bookkeeping Act.
You sign up for an event, also digital
When you participate in free events with us, we process personal data as contact information. For payment arrangements, we also collect order and payment information. The purpose is to be able to offer customers and potential customers relevant courses, lectures and workshops. The legal basis is a) consent or b) agreement. The information is kept until you request that it be deleted or at the latest up to 12 months after the event, or, by agreement, up to five years according to the rules in the Bookkeeping Act.
You answer a survey
We always inform about the purpose of the surveys we carry out, and whether they are anonymous or not. We do not share the information with others, or use it for purposes other than what we have stated. In the case of anonymous surveys, we do not collect personal data. The legal basis for surveys that are not anonymous is a) consent. The information is kept until you request that it be deleted or at the latest up to 12 months after you answered the survey.
You are a supplier or collaborate with us
When you enter into an agreement with us either as a supplier, partner or data processor, we process personal data such as contact information and correspondence. The purpose is to be able to enter into an agreement with you and the legal basis is b) agreement. The information is kept for up to five years according to the rules in the Bookkeeping Act.
You use our website
When you use our website, we process personal data such as IP address and other technical data, collected via cookies and analysis tools. The purpose is to give you a good user experience, as well as to compile statistics in order to improve and develop the website and our service offer. The legal basis is f), where the legitimate interests are to provide you with a good user experience, as well as improving the website and our service offer. Read more in the next chapter.
Cookies and analysis tools
We use the following Google Analytics as an analysis tool on the website, and we have also installed social media buttons for Facebook and LinkedIn. See a complete overview of the cookies we use on the website in our cookie statement here: https://www.apurgo.no/cookies/
Turn off or delete cookies
You can turn off and/or delete cookies yourself in your browser. On the website nettvett.no you can learn how to do this for most browsers. There you can also learn more about safer use of the internet .
Who we share personal data with
In order to run our business, we sometimes need to share your personal information with parties such as:
- Data processors: providers of various services that process your personal data on our behalf (for example for IT and administration services, accounting, cloud storage, web hosting, sending e-mails and the like)
- Professional advisers from industries such as lawyers, finance, accounting, auditing and insurance
- User support for IT and administration systems
- Public authorities we are obliged to report to
We require that everyone we share your personal data with secures your data in accordance with good information security and in accordance with the requirements of the Personal Data Protection Regulation. We enter into a data processing agreement with everyone who processes data on our behalf.
Transfer of personal data outside the EU/EEA
In some cases, your personal data is transferred outside the EEA area (EU + EEA countries), for example where we use suppliers to handle the sending of newsletters, to process customer data, to make products and services available on our website, to enable payment , for security on our website and otherwise to be able to run our business in a safe and efficient way.
Such transfer is only permitted to countries approved by the European Commission, or under the necessary guarantees according to the Personal Data Protection Regulation. This can be the Privacy Shield for suppliers we use with restrictions in the US, use of the EU’s standard contracts or according to binding business rules. We have ensured that we have entered into a data processing agreement and obtained the necessary guarantees for such suppliers.
We take information security seriously, and we will always do our utmost to safeguard your personal data in the best possible way. Among other things, we use strong passwords, encryption of data, access control and backups to secure our data and prevent unauthorized persons from gaining access to view, change, delete or in any way influence the data we store, including your personal data.
We only use reputable providers of IT and administration services such as web hosting, website and PC security, virus software, e-mail provider, backup, and more. We only allow others to access and/or process your personal data in accordance with our instructions, and only where strictly necessary (e.g. for IT support).
We have established routines for handling breaches of data security, and we will, in the event of a discrepancy, send a notification of non-compliance to the Norwegian Data Protection Authority within 72 hours after a breach is discovered. If the breach entails a high privacy risk, we will also notify affected data subjects.