Data Controller’s details:
Company code: 986 845 550
Address: Bragernes Torg 6, 3017 Drammen, Norway
We confirm that we will collect information about you in line with the requirements of the applicable legislation of the Kingdom of Norway and the European Union as well as the guidelines of the regulatory authorities, and that we have adopted all reasonable technical and administrative measures to ensure that data that we collect about website visitors are protected from loss, unauthorised access and/or alteration. The Data Controller has caused its employees to make written commitments not to disclose and distribute information accessed in the workplace to any third party, including information about visitors of the website/social media accounts.
Persons under the age of 14 may not provide any personal data through our website. If you are a person under 14, make sure that you obtain permission from your parents or other legal guardians before you provide personal information to us.
- How do we collect information about you?
- What information (personal data) about you do we process?
- Purposes and legal basis of data processing
- To whom we disclose your personal data?
- To what countries do we transfer your personal data?
- How do we protect information about you?
- How long will your personal data be kept?
- Your rights
- Cookies, beacons and similar technologies
- Contact us
- Final provisions
How do we collect information about you?
We may collect personal data about you, i.e. any information identifying you, in various ways:
- You may provide us with information (personal data) directly (by filling in an inquiry form on our website, making a call to us, subscribing to our newsletter, or otherwise contacting us directly).
- In certain cases we may acquire information about you from third parties and may collect information about you from publicly available sources (e.g. from our partners who provide services to you or us, through LinkedIn social networking platform, your company’s website or otherwise).
We may collect information that you provide to us directly. Typically this will happen when you:
- provide your data to us in order to obtain information about our services/products/partners;
- submit your requests or claims;
- subscribe to our newsletter or register to receive other communications;
- participate in our surveys.
We may collect information about you automatically. Typically this will happen when you:
- submit inquiries through our social media accounts;
- make public posts on social media platforms that we follow;
- visit our office, which is monitored through the use of video surveillance cameras;
- call us (if phone calls are recorded and call details records are used).
Where permitted by applicable law, we may obtain information about you from third parties. This may include information shared by our partners who provide services to you on our behalf, marketing and PR agencies, and your publicly available profile information (LinkedIn, Facebook, Twitter, Instagram). We may associate information provided by yourself or collected from public and commercial sources with other information we obtain from you or about you.
What information (personal data) about you do we process?
Although we seek to collect as limited amount of your information as possible, we collect the following information:
- information necessary to provide our services/products to you;
- information you give us in surveys;
- information you give us when you call us;
- information necessary to verify your identity;
- information about your activity on our website;
- summary about the usage habits of all website visitors;
- information about the device you use.
Purposes and legal basis of data processing
We use the above information we collect for the following purposes:
- to administer orders for services and products;
- to provide you with information about services, partners or products that you request;
- to ensure safety of property and people (video surveillance);
- to ensure quality of customer service (including recording of phone calls);
- for marketing purposes*, e.g. providing customised advertisements and sponsored content and sending promotional communications; assessment and analysis of our market, clients, products and services (including asking for your opinions on our products and services, carrying out client/partner surveys, running competitions or promotions, as permitted by law);
- to understand the way people use our online services so that we can improve them and develop new content, products and services;
- to protect our interests before any court or any other institution.
⃰ Please note that we have the right to send e-mail advertisements about other similar products or services to our clients or individuals who have signed-up on our website, while you may opt out of direct marketing communications from us right away or at any time later. If you prefer not to receive our direct marketing communications, please let us know by sending us an e-mail to email@example.com or clicking on the opt-out link appearing in the newsletter.
Your personal data are processed on the basis of one or more legal grounds.
- compliance with the legislative requirements;
- performance of the contract with you;
- our legitimate interests, unless your private interests are overriding;
- in certain cases, your consent.
The purposes of the processing of your personal data, with respective legal grounds and personal data collected for such purposes, are set out in the table below.
|Purpose||Legal basis||Personal data|
|Administration of orders for services and products||Performance of the contract with you Legal compliance||Name, surname, telephone, e-mail, address, other information, and information about payment method, which may be necessary in connection with the provision of services.|
|Ensuring safety of property and people (video surveillance)||Legitimate interest – ensuring safety of property and people||Video surveillance data.|
|Ensuring quality of customer service||Legitimate interest – ensuring quality of customer service||E-mail address and content of correspondence.|
|Information based on your request concerning services, partners or products||This information is provided to you on the basis of our legitimate interest to provide you with accurate information about the services provided by us or our partners, extra services, etc.||In order to be able to answer your queries by phone, e-mail, through social media and otherwise, we may ask you to give us your phone number, e-mail address or other contact details convenient to you.|
|For marketing purposes, e.g. providing customised advertisements and sponsored content and sending promotional communications; assessment and analysis of our market, clients, products and services (including asking for your opinions on our products and services and carrying out client surveys)||For this purpose we process your personal data on the basis of our legitimate interest to inform about our services, events, news and other relevant information. Your consent||Name, surname, social media account details, telephone, e-mail, address.|
|To understand the way people use our online services so that we can improve them and develop new content, products and services||For this purpose we process your personal data on the basis of the legitimate interest to monitor the quality of our services, develop and improve the content we provide, and ensure security of the website.||IP address, operating system version, and settings of the device you use to access our content/products, time and duration of your login session, search query terms you enter through our website, and any information stored in cookies that we have set on your device, your device’s GPS signal or information about nearby WiFi access points and cell towers that may be transmitted to us when you use our website content.|
Where we do not base our use of information about you on one of the above legal grounds, we will ask for your consent before we process your information (these cases will be clear from the circumstances and the context).
In some instances, we may use information about you for purposes other than described above. Where this is the case, we will provide an additional notice to you.
To whom we disclose your personal data?
We may disclose your personal data to the following entities:
- companies that provide services to you at our request;
- other companies managed by INVL Technology CEF;
- banks/companies that provide payment services;
- companies assisting with organising competitions/games/promotions;
- other carefully selected business partners;
- law enforcement authorities;
- other parties, when so required under law or necessary in order to protect our legitimate interests.
Companies providing services at our request are currently the following: UAB FINtime, UAB DPD Lietuva, UAB Skubios siuntos, LT Paštas, IT services providers Lietuvos Radijo ir Televizijos centras, UAB Acena, Microsoft, Oracle, firm of auditors UAB PricewaterhouseCoopers, and law firm Cobalt. These entities are limited in their ability to use your information for purposes other than providing services to us.
We currently transfer personal data to the following companies within CEF INVL Technology group: UAB Novian, UAB Acena, UAB FINtime, UAB Algoritmų sistemos, UAB NRD CS, UAB Etronika, UAB NRD, Andmevara AS (Tallinn, Estonia), Andmevara Serives OU (Tallinn, Estonia), Andmevara SRL (Chisinau, Moldova), Norway Registers Development AS (Oslo, Norway), Norway Registers Development East Africa Ltd (Dar es Salaam, Tanzania), Norway Registers Development Rwanda Ltd (Kigali, Rwanda), NRD Bangladesh Ltd (Dhaka, Bangladesh), Infobank Uganda Ltd (Kampala, Uganda).
If you wish to receive direct marketing offers from our business partners, we will ask you to give a separate consent.
We may share information about you with other third parties, such as public authorities, pre-trial investigation officials, courts, and others, when we consider disclosure to be necessary to protect our legitimate interests.
To what countries do we transfer your personal data?
Sometimes we may have to transfer your personal data to other countries that may offer lower levels of data protection. In such cases we do all that is within our control to ensure the security of the personal data we transfer.
In very rare cases we may transfer your personal data to the following countries outside the European Economic Area: Tanzania, Rwanda, Burundi, Mauritius, Bangladesh, Kyrgyzstan, Moldova, the USA, and China.
Where we transfer your personal data to countries outside the European Economic Area, we ensure that any of the following safeguards is implemented:
- A contract is signed with the data recipient based on the standard contractual clauses adopted by the European Commission.
- The data recipient is established in a country recognised by the European Commission as applying adequate data protection standards.
- Authorisation is obtained from the Data Protection Inspectorate.
How do we protect information about you?
We have put in place reasonable and appropriate physical and technical measures to safeguard the information we collect in connection with the provision of our content/services. Please note, however, that although we take reasonable steps to protect your information, no website, Internet transmission, computer system or wireless connection is completely secure.
How long will your personal data be kept?
We will retain your personal data for the period necessary to fulfill the purpose for which it was collected. After that, we will delete it, except where we are legally obligated to retain the information for tax purposes, or such data may be required in conducting a pre-trial investigation, but in any event the retention period will not extend beyond 10 years. On expiration of this period, the data will be irretrievably deleted.
Normally, personal data storage periods are as follows:
|Personal data||Storage period|
|Payment data||10 years after the payment transaction|
|Personal data used for marketing purposes||3 years after your consent to receive marketing information|
|IT system logs||Up to one year|
|Analytical data||Such data is normally collected automatically while you visit the website and immediately depersonalised/aggregated.|
The data subject whose data are processed in connection with activities carried out by the Data Controller, depending on the situation, has the following rights:
- to know (be informed) about the processing of data concerning him/her (right to know);
- to access his/her data and be informed about the methods of their processing (right of access);
- to obtain rectification of personal data or, taking into account the purposes of the processing of personal data, to have incomplete personal data completed (right to rectification);
- to obtain the erasure of data concerning him/her or the suspension of data processing activities concerning him/her (except storage) (right to erasure and ‘right to be forgotten’);
- to obtain from the Data Controller restriction of the processing of personal data if there is a legitimate ground (right to restriction of processing);
- to exercise the right to data portability (right to data portability);
- to exercise the right to object at any time to the processing of personal data concerning him or her, unless the processing is necessary for reasons of public interest or for the purposes of the legitimate interests pursued by the data controller or by a third party; the Data Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject (right to object);
- to lodge a complaint with the State Data Protection Inspectorate.
We offer you easy ways to exercise these rights. You can do so by giving us a call to +47 22 83 85 00, writing to us to firstname.lastname@example.org or using certain links provided at the end of our promotional communications.
You may not be able to exercise these rights when in the cases provided by law it is necessary to ensure prevention, investigation and detection of crimes, violations of official or professional ethical standards, as well as the protection of the rights and freedoms of the data subject or other persons.
You will be able to exercise your rights after we have verified your identity in person or using an electronic signature.
|Your rights||Certain restrictions|
|To know (be informed) about the processing of your data (right to know)||You have the right be informed in a concise form and using simple and plain language before the processing of your personal data.|
|To access your data and be informed about the methods of their processing (right of access)||This right means: confirmation whether or not we process personal data concerning you; providing you with the list of your personal data that we process; informing you about the purposes and legal bases for the processing of your data; confirmation as to whether or not we transfer data to third parties and, if so, the safeguards we have implemented; informing you from which source your personal data originate; information as to the existence of profiling; information about the storage period. After we have established your identity, we will provide you with the above information, provided this does not affect the rights and freedoms of others.|
|To obtain rectification of personal data or, taking into account the purposes of the processing of personal data, to have incomplete personal data completed (right to rectification)||This applies if the information we hold is incomplete or inaccurate.|
|To obtain the erasure of your data (right ‘to be forgotten’)||This applies if: the information we hold is no longer necessary in relation to the purposes for which we use it; we process your data on the basis of your consent and you withdraw your consent; we process your data on the basis of legitimate interests and we find that, following your objection, they are overridden by your private interests; the information was unlawfully obtained.|
|To stop all data processing activities in respect of your data (except storage)||This right applies temporarily while we look into your case, if you: contest the accuracy of the information; have objected to our processing of your personal data on the basis of legitimate interests; our processing of your information is unlawful and you oppose the erasure of the information; we no longer need the information, but you require it to establish a legal case.|
|To obtain from the Data Controller restriction of the processing of personal data if there is a legitimate ground (right to restriction of processing)||You may opt out of our use of your personal data for direct marketing purposes.|
|To exercise the right to data portability||This right may be exercised if you have provided your data to us and the processing is carried out by us by automated means and on the basis of either your consent or the contract concluded with you.|
|To exercise the right to object||This right may be exercised where the processing is necessary for reasons of public interest or for the purposes of the legitimate interests pursued by the data controller or by a third party. The Data Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject. (right to object)|
|To lodge a complaint with Norwegian Data Protection Authority||https://www.datatilsynet.no/en/|
Cookies, beacons and similar technologies
We use the following cookies on our website:
Please note, however, that some services may not function properly without cookies and if you disable them, the services or any part of services may no longer be available to you.
Please note that our social networking accounts are governed by the cookies policy of the respective social media network.
Mailing address: Zissor AS, Bragernes Torg 6, 3017 Drammen, Norway
Last reviewed 1 July 2020.