Privacy Policy
Processing of personal data in VIDSYN MIDJÅS AS
VIDSYN MIDJÅS AS (reg. no. NO 927 249 766 MVA) will process personal data in connection with our business.
Our processing as the controller of personal data is based on the business we run and the purpose of our business. Information about personal data we process about you, the legal basis for the processing, the purpose of the processing, how long we process the personal data, etc. are included below.
If you have questions or want to know more about our processing of personal data, you can contact us – see contact details below.
Responsible for processing personal data
VIDSYN MIDJÅS AS is the data controller, i.e. decides why and how the personal data is to be processed, for the processing described below.
Contact details for the data controller:
Address: Midjåsvegen 333, 3880 Dalen
Email: contact@vidsynmidjas.com
Organization no.: NO 927 249 766 MVA
Why do we collect personal data and what kind of information do we collect
We collect and use personal data for various purposes depending on who you are and how we come into contact with you.
All processing of personal data takes place in accordance with the privacy rules applicable at any time, including the Personal Data Act and the Personal Data Protection Regulation (GDPR).
By “personal data” is meant all information that can be linked to a natural person (the latter is referred to as “registered”).
By “processing” is meant everything that is done with personal data, such as collection, registration, organization, structuring, storage, adaptation or change, retrieval, consultation, use, disclosure by transfer, dissemination or any other previously made available, compilation or sharing, limitation, deletion or destruction.
Description of the type of treatment and to whom the treatment applies, e.g. We process customer contact information for…
Purpose of the processing (why the processing takes place), e.g. … to perform the services described in more detail in …
Basis for processing according to GDPR article 6, possibly also article 9 if special categories of
personal data are processed.
From whom the information is collected; the registered or others
How long the information is processed, possibly the criteria for how long the information is to be processed
communication and contact
We process personal data about those who contact us in order to answer and document the communication and to contact others. This applies to all forms of communication, physical and digital, written and spoken.
In such cases, we process names, telephone numbers, e-mail addresses and any personal data that may result from enquiries, including history/logs of enquiries.
The processing of information is necessary based on the fact that we have a legitimate interest in processing personal data related to the above (see GDPR article 6 (1) f). We have therefore considered that our legitimate interest in having contact with the outside world is part of our business and in documenting the business we run, as well as responding to those who contact us and registering such contact. We have assessed that this is necessary for us to handle inquiries we receive, and that the registered persons do not come before these interests.
It is voluntary to provide us with personal information, but it will be necessary to provide us with the information in order for us to be able to respond to inquiries.
We process the information until we expect that there will be no further follow-up of the contact, normally for one year.
Recruitment
When recruiting for new positions with us, i.a. CVs, applications, certificates, notes from interviews, results from investigations of references are processed, which will contain personal data.
The basis for the processing of personal data during recruitment is that the processing is necessary to carry out measures before an employment contract with the job seeker is possibly entered into (GDPR Article 6 (1) b).
If investigations are carried out by us in addition to contacting people who have been given as a reference, investigating by searching for history etc., then personal data is processed on the basis of our necessary legitimate interest to ensure that the right candidate for the position (GDPR article 6 (1) f ). For the latter, we have assessed that our legitimate interest in recruiting new employees outweighs the individual’s privacy. We encourage you not to enter special categories of personal data, such as health, religion, political opinions, trade union membership etc. I your application.
Personal data will be deleted as soon as the recruitment has been carried out if you have not consented to longer storage.
Storage and storage (deletion) of personal data
We keep personal data for as long as is necessary for the purpose for which the personal data was collected, and delete the data in line with requirements in the regulations. How long we process the individual types of information we process is included above where the individual treatments are mentioned.
This means, for example, that personal data that we process on the basis of your consent will be deleted if you withdraw your consent. Personal data we process in order to cancel an agreement with you when the agreement has been fulfilled and all obligations resulting from the contractual relationship have been fulfilled, such as e.g. statutory obligations related to accounting, follow-up of the customer relationship related to complaints, etc. Personal data we process as a result of a legal obligation will be deleted as soon as we are no longer obliged to keep the data.
Disclosure of personal data to others
We do not pass on your personal data to others unless there is a legal basis for this. Examples of such a basis would typically be an agreement with you or a legal obligation that requires us to release the information.
All processing of personal data that we undertake takes place within the EU/EEA area.
Safety of the treatment
All processing of personal data is secured with the required technical and organizational measures.
We handle information so that it is correct, accessible and handled according to the degree of sensitivity of the information. We also use a number of security technologies and information security procedures to protect the personal data from unauthorized access, use or dissemination. Risk assessments are carried out for the processing of personal data.
We have entered into data processing agreements with all our suppliers who process personal data, where they undertake the same level of security as we have for our processing of personal data.
We limit access to personal data to the staff or third parties who will process the data on our behalf. These parties are subject to confidentiality obligations.
Routines have been established for handling breaches of information security and (breach of privacy), and if there is a breach that entails a risk to the privacy of the personal data concerned, we will send a notice of deviation to the Norwegian Data Protection Authority as quickly as possible and no later than 72 hours after the breach was discovered . If the breach entails a high probability for the privacy of those affected by the breach, we will also notify them.
Your rights when we process personal data about you
Below are your rights for the processing of personal data. To exercise your rights, you must contact us by e-mail
We will respond to your inquiry to us as soon as possible, and within one month at the latest. If it takes longer than one month, you will be notified.
We will ask you to confirm your identity or provide additional information before we allow you to exercise your rights against us. We do this to be sure that we only give access to your personal data to you – and not to something pretending to be you.
information
You have the right to receive information about the personal data we process about you. Through this declaration, we inform you about our processing of personal data. You can also contact us if you want more information.
Insight
You have the right to demand access to the personal data processed about you. Please contact us if you would like access.
Change and deletion
You can also ask us to correct incorrect information we have about you or ask us to delete personal data. We will as far as possible accommodate a request to delete personal data, but we cannot do this if we still need the data.
Processing on the basis of consent
If we process personal data on the basis of your consent, you can withdraw consent at any time. The easiest way to do this is to use the method provided for giving consent or contacting us.
Right to restrict or object to processing
You have the right to have the processing restricted in certain cases, see GDPR Article 21, such as:
You dispute the correctness of the personal data – the processing is stopped for a period that enables us to check the correctness of the personal data.
The processing is illegal, and you object to the deletion of the personal data and instead request that the use of the personal data be restricted.
We do not need the personal data for the purpose of the processing, but you need it to establish, enforce or defend legal claims.
You can also object to processing according to GDPR Article 21 No. 1 pending the check of whether our legitimate interests take precedence over your privacy.
The right to data portability
For information which you have provided to us and which is necessary to carry out an agreement with us, and which is processed automatically (i.e. not manually by us), you may wish to have the personal data about you handed over or transferred to another supplier in a structured, commonly used and machine-readable format (data portability).
Automated processing, including profiling
There will be no automated processing, including profiling, based on your personal data that has legal effects or that significantly affects the scope of the personal data. See GDPR Article 22 No. 1 and 4.
Complaints
If you feel that our processing of personal data is not in accordance with what we have described here or that we are in breach of privacy legislation in other ways, you can complain to the Norwegian Data Protection Authority.
You can find information about your rights and how to contact the Norwegian Data Protection Authority on the Norwegian Data Protection Authority’s website: www.datatilsynet.no.
Changes
Should there be a change to our services or changes to the regulations on the processing of personal data, this may result in changes to the information you have provided here. If we have contact details, we will draw attention to these changes. Otherwise, updated information will always be available on our website.