Data Protection and Privacy Policy

In this Data Protection and Privacy Policy, we describe how we process your personal data. Here we explain;

  • How we collect your personal data, who we collect and why
  • How we protect your personal data and to whom we disclose it
  • How long do we store your personal data?
  • What choices and rights you have


The content of this policy may change over time. Your privacy is always held high, and we comply with GDPR and other laws within the EU and Norway. If you want to stay up to date, we recommend that you read this policy regularly.

To find out more about cookies and how we use them, please read more in the cookie information pop-up on our websites.

 

What personal data do we process about you?

We strive not to process more personal data than necessary. Therefore, it is only collected when there is a need for us to process it.

We process personal data about you when this is necessary and in accordance with the applicable legislation. Depending on the specific circumstances, the processed personal data may include the following types of personal data:

  1. IP addresses
  2. device
  3. telephone number
  4. email
  5. name

 

For what purposes do we process your personal data?

We will only process your personal data if we have a legitimate purpose and in that case in accordance with the rules of the GDPR. The personal data we collect about you may be processed for the following purposes:

  1. To optimize the user experience on our websites
  2. To deliver products or services
  3. To provide service messages and information
  4. To store personal data to comply with applicable legislation requirements such as bookkeeping acts
  5. To provide support and service messages, including responding to questions and complaints and sending updates about our products and services
  6. To send newsletters and direct marketing (such as e-mails, SMS', direct messages on social media, etc.)
  7. To send newsletters by e-mail
  8. To prevent fraudulent behaviour or misuse of our products, services, and websites, including the processing of personal data for the purpose of legal actions
  9. To improve our products and services
  10. To facilitate a sales process

When you submit a form entry via our websites, the information is saved in order to be able to carry out what you ask us to do. To be able to submit the form, you need to tick a box where you agree that we may store your information according to this policy.

 

Legal basis for processing personal data

We only process your personal data when we have a legal basis to do so in accordance with the GDPR. Depending on the specific circumstances, the processing of personal data is done on the following legal basis:

  1. The processing is necessary for the performance of a contract to which the data subject is a party in accordance with GDPR, Article 6(1)(b), the first indent.
  2. The processing is necessary in order to take steps at the request of the data 4 subject prior to entering into a contract in accordance with GDPR, Article 6(1)(b), last indent.
  3. The processing is necessary to comply with applicable legislation in accordance with GDPR, Article 6(1)(c).
  4. The processing is necessary for the purposes of the legitimate interests where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data in accordance with GDPR, Article 6(1)(f).

 

How long do we store your personal data?

Personal data may be kept for the duration of the engagement, and the data is relevant to operate the engagement and/or ensure contractual performance of our obligations.

Cookies for our websites will be stored for 30 days. Read more about our Cookie Policy in the cookie information pop-up on our websites.

 

How do we protect your personal data?

As a data subject under GDPR, you have a number of rights.

  1. You have the right to request access to the personal data we process about you, the purposes we process the personal data, and whether we disclose or transfer your personal data to others.
  2. You have the right to have incorrect information rectified.
  3. You have the right to have certain personal data deleted.
  4. You may have the right to restriction of our processing of your personal data. ‘
  5. You may have the right to object to our processing of your personal data based on reasons and circumstances that pertain to your particular situation. Objection can also be to the processing of personal data for the purpose of direct marketing.
  6. You have the right not to be subject to a decision based solely on automated means, without human interference unless the decision (1) is necessary for entering into, or performance of a contract between you and the Organization, (2) is authorised by law, or (3) is based on your explicit consent.
  7. If the processing of your personal data is based on your consent, you are entitled to withdraw such consent at any time. Withdrawal of your consent will not affect the lawfulness of the processing carried out prior to your withdrawal.
  8. You are entitled to receive personal data which you have provided to us in a structured, commonly used, and machine-readable format (data portability).
  9. You can always lodge a complaint with the data protection authority.

Your rights may be subject to conditions or restrictions. Accordingly, there is no certainty that you will be entitled to for example data portability in the specific situation; it will depend on the circumstances of the processing.

More information about data subject rights can be found in the guidelines of the national data protection authorities.

Please use the contact details under ‘Your Choices and Rights’ in this document if you want to use your rights.

We try to meet your wishes about our processing of personal data, but you can always file a complaint to the data protection authorities.

 

To whom do we disclose your personal data?

We only transfer personal data to other entities when legally permitted or required. Our organization is a group of companies where, depending on the circumstances, personal data is shared.

We may transfer personal data to the following recipients from the EU/EEA:

  1. Processors
  2. Collaborators
  3. Suppliers

From time to time we use external companies as suppliers to assist us in delivering our services. The external suppliers will not receive or process personal data unless the applicable law allows for such transfer and processing. Where the external parties are data processors, the processing is always performed on the basis of a data processor agreement in accordance with the requirements hereto under GDPR. Where the external parties are data controllers, the processing of personal data will be performed based on said external parties’ own data privacy policy and legal basis which the external parties are obligated to inform about unless the applicable legislation allows otherwise.

We do not transfer personal data to countries or international organisations outside the EU/EEA unless it is necessary on your specific request.

 

Your Choices and Rights

You may contact us at the below specified email if you:

  1. disagree with our processing or consider our processing of your personal data infringes on the law,
  2. have questions or comments to this Policy, or
  3. want to invoke one or more of your rights as a data subject described in this Policy.

If you have questions or comments to this Policy or if you would like to invoke one or more data subject rights, please contact us at gdpr@saferoad.com.