This privacy statement applies to our customers, suppliers, and visitors of our website («you»). This statement contains information on how we handle personal data.
1. Roles and responsibility
Jordanes AS («we») act as an independent data controller for processing of personal data for the purposes described in this privacy statement.
2. What is personal data?
Personal data is information and assessments regarding an individual, and includes for example most e-mail addresses and telephone numbers. Personal data may also be sensitive information, such as information about a person’s health condition. We are concerned with protecting the privacy in a responsible way. Should you have any questions regarding how we handle personal data, you may send an enquiry to email@example.com.
3. Purposes, types of information and legal basis
Below, we have listed the purposes for which we will process personal data, the legal basis for the processing and the types of information comprised:
- Administration of customer and supplier relationships: We need to process certain personal data in order to establish and administer customer- and supplier relationships. The registration and administration of contact information for private customers is necessary for the performance of a contract to which the client is party, cf. GDPR Article 6 (1) (b). For business customers or suppliers, the registration and administration of contact information is based on a balancing of interests, cf. GDPR Article 6 (1) (f).
- IT operation and security: Personal data stored in our IT systems will be available to us or our contractors in connection with system updates, implementation or following up on security measures, error recovery or other maintenance. The legal basis for the processing is GDPR Article 6 (1) (c), cf. GDPR Articles 32 and 6 (1) (f) (balancing of interests).
- Invoicing and accounting: Contact information received from business customers or suppliers is used to mark invoices sent to or from the company. The legal basis for the processing is GDPR Article 6 (1) (f) (balancing of interests) for business customers and suppliers and GDPR Article 6 (1) (b) (processing is necessary in order to take steps at the request of the client) for private customers.
- Website analysis and statistics: We collect personal data through our websites and related services. This includes data collected by cookies, and it also includes, for example, if you contact us via contact forms, or if we carry out online surveys and similar services where you freely provide us with personal information.
In certain cases, we store email and IP address information for the purpose of analyzing relevant information requested by users through our services, compiling user statistics, including analyzing usage patterns to further develop and improve the application, and customizing the user experience. The basis for processing is GDPR article 6 no. 1 letter f (balancing of interests) where we have received data from users who have requested our services.
4. Access to personal data
Jordanes AS may share personal data with:
- Our affiliated companies and partners for the purposes described immediately above
- Third party service providers that process personal data on our behalf, including, but not limited to administration of credit cards and payments, shipment and deliveries, manage and operate our data, distribute e-mail, research and analysis, conduct brand and product promotion, in addition to administration of particular services and functions.
- Other third parties to the extent necessary to: (i) comply with public authority requests or court orders to adhere to applicable laws; (ii) prevent illegal use of our websites and services, or violation of our apps’ terms of service and/or our policies; (iii) protect us against third party claims; and (iv) assistance with fraud prevention or investigation (for example, counterfeiting).
Our IT service providers might have access to personal data if the personal data are stored with the contractor or otherwise made available to the contractor based on the contract with us. The contractors act in accordance with the data processing agreement and our instructions. The contractor may only use the personal data for the purposes determined by us and as described in this privacy statement.
We may also share/transfer your personal data if we transfer all or parts of our business or assets (including in the event of a reorganization, division, or liquidation).
We will not disclose personal data in other situations or in any other ways than described in this privacy statement unless you explicitly requests so or consents to this.
5. Security of processing
We have established routines for secure processing of personal data and client information in general. The measures are of a technical, formal (subject to contract) and organizational nature. We regularly assess the security of all central systems used for the data processing, and we have concluded contracts that instruct contractors of such system to ensure satisfactory information security.
Access to personal data and case information in general is limited to personnel that need such access in order to perform their work.
We have adopted IT guidelines that our employees shall comply with when they use our IT systems, and the guidelines are available on our intranet, and our employees are regularly trained with regard to security and using of IT systems.
We will delete personal data when it is no longer needed to store the data for the purposes for which it was collected, see section 3.
Accounting legislation requires us to store certain accounting documents for a stipulated period. When certain purposes imply storage for a particular period, we will ensure that the personal data is used solely for the relevant purpose during this period.
7. Your rights
We appreciate your feedback. Below you will find which rights you have at any time, and you may assert them by contacting us on firstname.lastname@example.org:
- Withdrawal of consent: If you have consented to receiving our newsletters, you may at any time withdraw this consent. If you have consented to other data processing, you may at any time withdraw your consent with regard to that processing by directing an enquiry to us.
- Request access: You are entitled to access the personal data we have registered about you, unless professional secrecy impedes this. In order to ensure that personal data is delivered to the right person, we may request that an access requires is provided in writing or that your identity is otherwise verified.
- Request rectification or deletion: You may request that we correct incorrect information that we have about you or ask us to delete personal data. We will to the extent possible comply with a request to delete personal data, but we cannot do that if there are important reasons for not deleting them, e.g. that we have to store the information for documentation purposes.
- Data portability: In some cases, you have the right to request a copy of personal data that you have provided to us and reuse it for the purposes of your choice.
- Complain to supervisory authorities: If you disagree with the way in which we process your personal data, you may lodge a complaint with the Norwegian Data Protection Authority. We hope you choose to direct an enquiry to us first.
If you do not want the cookies to be stored, you may alter the settings in your browser. You may also delete existing cookies. If you choose to delete or not accept cookies, you may experience a reduced functionality on our website.
We might make minor changes in this privacy statement. The latest version will always be available on our websites. In cases of material changes, we will provide a notice of this.