Boring to read for most people, but still important!
1. Data controller and contact information
Our contact information:
NO916 391 838MVA
2. Your rights
If you wish to exercise any of your rights, please send us an email at [email protected]. You are entitled to a response as soon as possible, and within 30 days at the latest. Read more about all your rights on the Norwegian Data Protection Authority's website.
- Access to and correction of your personal data: You can request a copy of any data we process about you and ask us to correct any data that is incorrect.
- Erasure or restriction: In some situations, you can ask us to erase and/or restrict the processing of your personal data.
- Object to a processing of personal data: If we process data about you on the basis of legitimate interest, you have the right to object to it.
- Data portability: If we process your data on the basis of consent or a contract, you can ask us to transfer your data to you or to another controller.
- You can complain to the Norwegian Data Protection Authority about our processing of personal data. We hope that you will contact us directly first, so that we can try to resolve the matter for you in a good way.
3. Who we process personal data about
We process personal data about:
- Customers' customers if the delivery of the service requires this
- Potential customers
- Contact persons at suppliers and partners
- Visitors to the website
- Job seekers
- Former employees
- Customers' employees if the delivery of the service requires this
- Customers' former employees if the delivery of the service requires this
4. How we collect personal data
Providing personal data to us is voluntary. However, in order for us to be able to deliver products or services, we need a range of information from you in order to complete the transaction. We do not rent, buy or sell personal data from/to others. We do not use automated decision-making or profiling in the processing of your personal data.
We process personal data when someone:
- enter into an agreement with us for the purchase of products/services
- sign up for a membership with us
- send us email, SMS, social media or other correspondence
- sign up for newsletters
- order a free template or other free content from us
- sign up for events (courses, lectures, workshops, etc.) organized by us, both free and paid
- use our website (cf. the section on cookies)
- leave a comment on our website
- submitting an inquiry via communication tools or the contact form on our website
- respond to a survey
5. Categories of personal data, purposes and basis for processing
We process personal data in accordance with the following processing basis in Article 6(1) of the GDPR:
- "consent": when you yourself have given us your consent.
- "Agreement": to be able to fulfill an agreement to which you are a party, or to be able to take steps at your request, before we enter into an agreement.
- "legal obligation": To enable us to fulfill a legal obligation.
- "legitimate interest": In order to pursue a legitimate interest, which we believe outweighs the individual's privacy interest.
We process personal data related to: (Click on the boxes below to read more)
When you contact us via the website (contact form, comment field, communication tools), by email, by phone (call, text message) or social media, we process personal data. Depending on where and how you send us a message, this may include contact information, IP address and other information you choose to send us.
The purpose is to be able to respond to inquiries from you, for history, and to have documentation in case we receive complaints, grievances or legal claims. The legal basis for the processing is Article 6 (1) (f) of the General Data Protection Regulation, where the legitimate interests are to be able to respond to inquiries from you, for historical data, and to have documentation in case we receive complaints, appeals or legal claims.
We review, archive and delete comments as needed, but no less frequently than every two years. To preserve any history and logic in the comments section, comments are not systematically deleted.
Inquiries that we are obliged to retain, such as documentation in connection with a complaint/complaint, are stored until the deadline for making a complaint/complaint has expired (two or five years). Accounting material is stored for up to five years, in accordance with the rules of the Bookkeeping Act.
When you purchase products and services from us, including membership, we process personal data such as contact information, order and payment information and purchase history.
The purpose is to be able to deliver products and services, including membership, to you after ordering/purchasing, and to keep a history of products and services sold. The legal basis for processing is GDPR article 6 no. 1 b) agreement, or c) legal obligation.
Accounting material is kept for up to five years, in accordance with the rules in the Bookkeeping Act.
When you become a customer or member with us, we process personal data as mentioned above. If you have an existing customer relationship with us, we will be able to send you marketing by email and SMS, in accordance with section 15 of the Marketing Control Act and the Consumer Authority's associated guidance.
The purpose is to be able to provide good customer service. The legal basis for processing is Article 6(1)(f) of the GDPR, where the legitimate interest is to be able to offer you relevant products and services. The basis for processing may also be Article 6(1)(a) of the GDPR, where you have given us your consent. You can unsubscribe from email and SMS marketing at any time.
Information on how to unsubscribe is provided in all marketing-related emails and SMS messages we send. The information is stored until the data subject requests to be deleted.
We send out email newsletters with articles, blog posts, discounts, offers, free templates, checklists, etc.
The newsletters may occasionally also contain information about our products and services. When you subscribe to our newsletters, we process personal data such as contact information and IP address.
The purpose is to be able to inform about relevant news and offers, as well as to provide good customer service to potential and existing customers.
The basis for processing is Article 6(1)(a) of the GDPR, consent. Subscribing to the newsletters is voluntary, and you can withdraw your consent (unsubscribe) at any time by clicking "unsubscribe" or "opt-out" at the bottom of one of the emails. The data will be retained until the data subject requests to be deleted.
When you apply for a job with us, we process personal data such as contact information, CV and other information we need to assess your application. The basis for processing is Article 6(1)(b) of the GDPR, and possibly Article 9(2)(b) and (h) if your application contains special categories of personal data. The data is stored for as long as it is relevant for the purpose, and then deleted.
For employees, we process personal data as mentioned above, in addition to information that is necessary to be able to pay salaries and otherwise administer the employment relationship. The legal basis for this processing is Article 6(1)(b) of the GDPR, and possibly Article 9(2)(b) and (h) in the case of special categories of personal data. As a general rule, information about employees is deleted when the employment relationship ends, unless special reasons (such as a dispute about termination or dismissal) make it necessary to keep it longer. Information related to payroll administration is kept for up to five years, in accordance with the rules in the Bookkeeping Act.
When you participate in free events with us, we collect personal data such as contact information. For paid events, we also collect booking and payment information. The purpose is to be able to offer customers and potential customers relevant courses, lectures and workshops.
The basis for processing is Article 6(1)(a) of the General Data Protection Regulation, consent or (b) agreement. The data will be stored until you withdraw your consent and request that it be deleted, or, by agreement, for up to five years in accordance with the rules of the Bookkeeping Act.
We always inform you about the purpose of the surveys we conduct and whether they are anonymous or not. We do not share the information with others or use it for purposes other than what we have stated. No personal data is collected in anonymous surveys.
The legal basis for processing for surveys that are not anonymous is Article 6 (1) (a) of the GDPR, consent. The data is stored for as long as it is relevant for the purpose, or until you withdraw your consent and possibly request that it be deleted.
When you enter into an agreement with us, either as a supplier, partner or data processor, we process personal data such as contact information. Other information is normally linked to a business and is therefore not personal data.
The purpose is to be able to enter into such agreements, and the basis for processing is Article 6 (1) (b) of the General Data Protection Regulation. The information is stored for up to five years, in accordance with the rules of the Bookkeeping Act.
When you use our website, we process personal data such as IP address and other technical data collected via cookies and analytics tools.
The purpose is to provide you with a good user experience and to compile statistics in order to improve and develop our website and services. The basis for processing is Article 6(1)(f) of the General Data Protection Regulation, where the legitimate interests are to provide you with a good user experience and to improve our website and services.
6. Who we share personal data with
In order to run our business, we sometimes need to share your personal data with parties such as:
- Data processors: providers of various services and products that process your personal data on our behalf (for example, for IT and administration services, accounting, cloud storage, web hosting, sending emails and the like)
- Professional advisors from industries such as law, finance, accounting, auditing and insurance
- Support for IT and administration systems
- Public authorities we are obliged to report to
We require that everyone we share your personal data with secures your data in accordance with good information security practices and the requirements of the General Data Protection Regulation. We enter into data processing agreements with all suppliers.
7. Transfer of personal data outside the EU/EEA
In some cases, your personal data is transferred outside the EU/EEA, for example where we use suppliers outside the EU/EEA to handle the sending of newsletters, to process customer data, to make products and services available on our website, to enable payment, for security on our website and otherwise to operate our business in a safe and efficient manner.
Transfer of personal data outside the EU/EEA is only permitted to countries approved by the European Commission, or under the necessary safeguards under the GDPR. This may be Privacy Shield for suppliers we use based in the USA, use of EU standard contracts, or in accordance with binding corporate rules. If you would like to know which suppliers we use outside the EU/EEA, and access documentation of the necessary guarantees, please contact us by email: [email protected]
8. Safety and security
We take information security seriously, and we will always do our utmost to safeguard your personal data in the best possible way. Among other things, we use strong passwords, data encryption, access control, backups and two-factor authentication to secure our data and prevent unauthorized persons from accessing, modifying, deleting or in any way affecting the data we hold, including your personal data.
We only use reputable providers of IT and management services such as web hosting, website and PC security, virus software, email provider, backup, and more. We only allow others to access and/or process your personal data in accordance with our instructions and only where strictly necessary (e.g. for IT support).
We have established procedures for handling data security breaches, and in the event of a breach, we will send a non-conformance report to the Norwegian Data Protection Authority within 72 hours of the breach being detected. If the breach involves a high privacy risk, we will also notify the affected data subjects.
Cookies and analysis tools on fjellvann.no
What are cookies?
Disable or delete cookies
You can disable and/or delete cookies in your browser yourself. On the website nettvett.no you can learn how to do this for most browsers. There you can also learn more about safer use of the internet. However, if you turn off or delete cookies, you can change your user experience on a website, and sometimes services on a website will no longer function properly.
Affiliate links / Sponsored links
We recommend various products and services through so-called affiliate links (sponsored links), which are created uniquely for us. When you click on such a link, a cookie is stored in your browser so that it will be possible to track any purchase.
We always clearly inform about the use of such links.Acceptance of cookies