1. Introduction
Dr.Ankerstjerne AS takes privacy seriously, and therefore follows all applicable laws and regulations in this regard. This includes the new EU regulation (GDPR).
The purpose of this privacy policy is to make it as easy as possible for you to understand how we collect, use, store, share, transfer, delete or otherwise process (hereinafter referred to as "process") your personal data. Our measures to protect and secure your personal data are also covered by the policy. Finally, the policy contains our contact information so that you can easily get in touch with us regarding questions, requests and/or complaints related to data protection.
2. Covered Parties and Definition
This Privacy Policy refers to “you” and “your”, which includes any covered individual. “We”, “us”, “our” and “Dr.Ankerstjerne AS” include Dr.Ankerstjerne AS AS.
"Personal data" is defined as data relating to an identified/identifiable person or a person who can be identified using means that are likely to be used.
3. Scope of the privacy policy
The privacy policy covers Dr.Ankerstjerne AS's goals and activities in the geographical areas where we operate and where GDPR applies.
Furthermore, the Privacy Policy applies to the processing of personal data collected by us, directly or indirectly, from all individuals. This includes, but is not limited to, our current, former or prospective: job applicants, employees, consultants, users, consumers, children, suppliers/subcontractors, shareholders and third parties.
4. Collection and processing of personal data
In accordance with the GDPR and local laws
Your personal data is processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and potential and relevant local legislation.
Legal, fair and transparent
We guarantee that your personal data is processed lawfully, fairly and transparently. This means that we do not process personal data without a legal basis (for more information, see the section "Legal basis for storage").
Please note that we may need to process your personal data if necessary for the performance of a contract/service to which you are a party or recipient, when necessary to comply with legal obligations to which we are subject or in other cases where it is necessary, of course with your prior consent. If your rights and freedoms do not override ours, we may also process personal data for our legitimate interests.
In cases where we process your personal data, we will inform you of this through a notice or a privacy statement. The information will include, among other things, who is responsible for the processing of your personal data, for what purposes the personal data is processed, who the recipients are, what your rights are and how you can exercise them (unless it is impossible or requires disproportionate effort for us to do so).
Where required by applicable law, we will seek your prior consent before collecting sensitive data. For example, by checking the box “I consent to the processing of the personal information I provide for the above purposes” on our website, you consent to the personal information that you provide/provide to us being used for the purposes stated in the consent.
Legitimate purpose, limitation and data minimization
We guarantee that your personal data will only be collected for specified, explicit and legitimate purposes and will not be further processed in a manner incompatible with those purposes. The personal data will also be adequate, relevant and not excessive in relation to the legitimate use for which it is intended.
We collect information, among other things, when: entering into agreements for services with suppliers and corporate customers, filling in contact information on our website, contacting us by email, telephone, website and social media, registering to receive newsletters, registering for education or participating in information meetings.
Please also note that if you visit our website, this will generate data, in addition to, for example, IP address, device type, operating system and browser type used.
When we process personal data for our own purposes, it is mainly used, but not limited to, for the following: customer service, sales and marketing activities, statistics and analysis, website customization, recruitment administration, HR and administration, accounting, financial management and related controls and reporting, tax administration, risk management, HSE, directory services, IT tools or internal websites and other digital solutions or collaboration platforms, IT support (including infrastructure, system administration, applications, health and safety management, information security management), customer relationship management, bidding, internal and external communication and incident management, compliance with anti-money laundering obligations or other legal obligations, data analysis, legal corporate governance and implementation of compliance processes).
Correctness and time limit
We guarantee that your personal data is up-to-date and correct. We will take all reasonable steps to ensure that inaccurate data is deleted or corrected.
We only store your personal data with us for as long as is necessary for the purposes for which the personal data was processed or in accordance with statutory procedures. This includes any legal, accounting or reporting requirements, as well as if it is necessary for us to assert or defend against legal claims.
The personal data will then be stored until the end of the relevant storage period or until the relevant requirements have been resolved. If you would like to read more about our specific time limits for storing personal data, you can contact us at kundeservice@ankerstjerne.no .
We also guarantee that your personal data will not be stored in a format that allows you to be identified for longer than is necessary for the purposes for which the data is provided. At the end of the storage period, we will securely delete your personal data, in accordance with applicable laws and regulations.
5. Legal basis for storage
Regardless of the processing of personal information, Dr.Ankerstjerne AS shall always be supported by at least one of the following legal terms (cf. the Norwegian Act on the Processing of Personal Information, §6):
a. the data subject has consented to the processing of their personal data for one or more specific purposes,
b. the processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the data subject's request prior to entering into a contract,
c. the processing is necessary for compliance with a legal obligation to which the controller is subject,
d. the processing is necessary to protect the vital interests of the data subject or of another natural person,
e. the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
f. the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject override those of the data subject and require the protection of personal data, in particular where the data subject is a child.
6. Safety measures
We guarantee that your personal data is protected against accidental or unlawful alteration or loss, or against unauthorized use, disclosure or access in accordance with our data security guidelines. To ensure such protection, we have implemented appropriate technical and organizational measures.
We ensure, where appropriate, that all reasonable security measures based on privacy by design and privacy by default are in place to protect the processing of your personal data. Depending on the level of risk of the processing of your personal data, we also carry out a Privacy Impact Assessment (“PIA”). We also have additional security measures in place for data that is considered sensitive.
7. Sharing of personal data
We are very strict about who will have access to your personal information and only people who need access to such information will have this.
Personal data processed in connection with assignments (including potential ones) is provided to the client in accordance with laws and regulations that we are required to follow. Other recipients only receive this information as a result of statutory requirements, other constitutions or government decisions.
We share your personal information under the following circumstances:
- internally for the purposes described in this Privacy Policy;
- with third parties, including certain service providers we have retained in connection with the purposes described in this Privacy Policy and the services we provide;
- with companies providing control services in the field of anti-money laundering and anti-terrorist financing, as well as other purposes aimed at preventing fraud and crime, and companies providing similar services, including financial institutions and regulatory bodies with which such personal data is shared;
- with courts, law enforcement authorities, regulators, government officials or attorneys and other parties where reasonably necessary to establish, exercise or defend a legal or equitable claim, or for a confidential alternative dispute resolution process;
- with service providers that we engage within or outside Dr.Ankerstjerne AS AS, domestically or internationally, e.g. shared service centers, to process personal data for one of the purposes listed on our behalf and only in accordance with our instructions;
- If we sell or buy any business or assets, we may share your personal information with the prospective seller or buyer of such business or assets who will then be assigned or transfer any of our rights and obligations.
8. Children
There are separate procedures for personal data belonging to children. This is a group that requires specific protection, as minors are less able to understand and comprehend the risks, consequences, security measures and rights associated with sharing their information. Children also do not have the ability to give consent on an equal footing with adults.
Such specific protection shall apply in particular to marketing, personality or user profiles, and services offered directly to children. We do not process children's personal data without the consent of a parent or guardian where this is necessary. We do not direct our marketing to children, except for specific services and with the consent of the holder of parental responsibility. If you believe that we have incorrectly processed a child's personal data, please contact us directly at kundeservice@ankerstjerne.no .
9. Data transfer
Under the GDPR, it is not permitted to transfer personal data to third countries outside the EEA that are unable to guarantee an adequate and satisfactory level of data protection. Some third countries outside the EEA where we operate do not offer the same level of data protection as the country in which you reside and are therefore not recognised by the European Commission as providing an adequate level of protection for your data protection rights.
As in some cases it may be necessary to transfer data to such countries, we have adequate security procedures in place to protect your personal data. More information about such transfers will be made available to you at the time of collection.
If you would like more information or documentation on data protection procedures, please contact us at kundeservice@ankerstjerne.no .
10. Cookies
Our website may also use cookies (also called "cookies"). A cookie is a small text file that is stored on your computer, mobile phone or tablet by the website you are visiting. The file contains the address of the website and codes that your browser sends back to this website each time you visit a page. The aim is to recognize your device and store information about your preferences or previous activities. In this way, your visit can be tailored to your needs and create a better user experience for you.
When you visit our websites, you will be informed about the types of cookies we use and how you can disable them. Where required by law, you will be given the opportunity to reject the use of cookies when you visit our websites. For more information, see our Cookie Policy
11. Your rights
You have a number of rights when it comes to your personal data, and you have the opportunity to influence your information and what is stored. Among other things, you have the right to receive information about what information we have stored. You can also demand that we correct incorrect information or delete your information. You can contact us at any time and request that your information be deleted or that the use of the information be limited.