1 Introduction

Dr.Ankerstjerne AS takes privacy seriously, and therefore follows all relevant laws and regulations at any given time. This includes the new EU regulation (GDPR).

The purpose of this privacy policy is to make it as easy as possible for you to get an overview of how we collect, use, store, share, transfer, delete or in other ways process (hereinafter referred to as "processing") your personal data. Our measures to protect and secure your personal data are also covered by the declaration. Finally, our declaration contains contact information so that you can easily get in touch with us regarding questions, requests and/or complaints in connection with data protection.

2. Covered parties and definition

This privacy policy refers to "you" and "your", which includes any covered individual. "We", "us", "our" and "Dr.Ankerstjerne AS" include Dr.Ankerstjerne AS AS.

"Personal information" is defined as data relating to an identified/identifiable person or a person who can be identified using means that are highly likely to be used.

3. Scope of the privacy policy

The privacy policy covers Dr.Ankerstjerne AS' goals and activities in the geographical areas where we operate and where the GDPR applies.

Furthermore, the privacy policy applies to the processing of personal data collected by us, directly or indirectly, from all individuals. This includes, but is not limited to, our current, former or prospective: job applicants, employees, consultants, users, consumers, children, suppliers/subcontractors, shareholders and third parties.

4. Collection and processing of personal data

In accordance with the GDPR and local laws

Your personal data is processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and potential and relevant local legislation.

Legal, fair and transparent

We guarantee that your personal data is processed in a legal, fair and transparent manner. This means that we do not process personal data without a legal basis (for more information, see the section "Legal basis for storage").

At the same time, please note that there may be a need to process your personal data if necessary for the performance of a contract/service of which you are a party or recipient, when it is necessary to comply with legal obligations to which we are subject or in other cases where it will be necessary , of course with your prior consent. As long as your rights and freedoms do not override ours, we can also process personal data for our legitimate interests.

In cases where we process your personal data, we will inform you of this through a notice or a privacy statement. The information will include, among other things, who is responsible for the processing of your personal data, for what purposes the personal data is processed, who the recipients are, what your rights are and how you can exercise these (unless it is impossible or requires disproportionate effort for us to implement this).

Where required by applicable law, we will seek your prior consent before collecting sensitive data. By, for example, ticking the box "I agree to the processing of the personal information that I leave for the above-mentioned use" on our website, you agree that the personal information that you fill in/give us can be used for the use that has been formulated in the consent.

Legitimate purpose, limitation and data minimization

We guarantee that your personal data will only be collected for specific, explicit and legitimate purposes, and will not be further processed in a way that is incompatible with these purposes. The personal information must also be adequate, relevant and not too extensive in relation to the legitimate use for which it is arranged.

We collect information by, among other things: entering into agreements on services with suppliers and business customers, filling in contact details on our website, contacting us by e-mail, telephone, website and social media, registering for receiving newsletters, signing up for education or attending information meetings .

Please also note that if you visit our website, this will generate data, in addition to, for example, IP address, device type, operating system and browser type used.

When we process personal data for our own purposes, this is mainly used, but not limited to, for the following: customer care, sales and marketing activities, statistics and analysis, user customization of the website, recruitment administration, HR and administration, accounting, financial management and associated controls and reports, tax administration, risk management, HSE, directory services, IT tools or internal websites and other digital solutions or collaborative platforms, IT support (including infrastructure, system administration, applications, health and safety management, information security management), customer relationship management, bidding, internal and external communications and incident management, compliance with anti-money laundering obligations or other legal obligations, data analysis, legal corporate governance and implementation of compliance processes).

Correctness and time limit

We guarantee that your personal information is up-to-date and correct. We will take all expected measures to ensure that incorrect information is deleted or corrected.
We only store your personal data with us for as long as is necessary for the purpose for which the personal data was processed or in accordance with statutory procedures. This includes any legal, accounting or reporting requirements, as well as if it is necessary for us to assert or defend ourselves against legal claims.

The personal data will then be stored until the end of the relevant storage period or until the relevant requirements have been settled. If you want to read more about our specific time limits for storing personal data, you can contact us at kundeservice@ankerstjerne.no.

We also guarantee that your personal data will not be stored in a format that makes it possible to identify you for a longer period of time than is necessary for the use for which the data is intended. At the end of the storage period, we will delete your personal data in a secure manner, in accordance with applicable laws and regulations.

5. Legal basis for storage

Regardless of the processing of personal information, Dr.Ankerstjerne AS AS must always be supported by at least one of the following legal terms (cf. Act on the processing of personal data, §6):

a. the data subject has consented to the processing of his personal data for one or more specific purposes,
b. the processing is necessary to fulfill an agreement to which the data subject is a party, or to carry out measures at the data subject's request before entering into an agreement,
c. the processing is necessary to fulfill a legal obligation incumbent on the controller,
d. the processing is necessary to protect the vital interests of the data subject or another natural person,
e. the processing is necessary to carry out a task in the public interest or exercise public authority to which the controller is required,
f. the processing is necessary for purposes linked to the legitimate interests pursued by the controller or a third party, unless the data subject's interests or fundamental rights and freedoms take precedence and require the protection of personal data, particularly if the data subject is a child.

6. Security measures

We guarantee that your personal information is protected against accidental or unlawful alteration or loss, or against unauthorized use, disclosure or access in accordance with our data security guidelines. To ensure such protection, we have implemented appropriate technical and organizational measures.
We ensure, where appropriate, that all reasonable safeguards based on built-in privacy and privacy by default are in place to protect the processing of your personal data. Depending on the level of risk for the processing of the personal data, we also carry out a PIA privacy assessment ("PIA"). We also have extra security measures for data that is considered sensitive.

7. Sharing of personal data

We are very strict about who will have access to your personal information and only people who need access to such information will have this.
Personal data that is processed in connection with assignments (including potential ones) is delivered to the client in accordance with laws and regulations that we are required to follow. Other recipients only receive this information as a result of statutory requirements, other constitutions or authority decisions.
We share your personal data under the following circumstances:

• internally for the purposes described in this privacy policy;
• with third parties, including certain service providers we have retained in connection with the purposes described in this privacy policy and the services we provide;


• with companies that offer control services in the field of anti-money laundering and anti-terrorist financing, as well as other purposes aimed at preventing fraud and crime, and companies that offer similar services, including financial institutions and regulatory bodies with whom such personal data is shared;


• with courts, law enforcement authorities, regulators, government officials or lawyers and other parties as reasonably deemed necessary to establish, exercise or defend a legal or equitable claim, or for a confidential alternative dispute resolution process;
• with service providers that we engage with or outside Dr.Ankerstjerne AS AS, domestically or abroad, e.g. shared service centres, to process personal data for one of the purposes listed on our behalf and only in accordance with our instructions;


• if we sell or buy business or assets, we will be able to share your personal data with the potential seller or buyer of such business or assets who are then assigned or transfer any of our rights and obligations.

8. Children

There are separate procedures for personal data relating to children. This is a group that requires specific protection, as minors are less able to familiarize themselves with and understand the risks, consequences, security measures and rights associated with sharing their information. Children also do not have the opportunity to give consent in the same way as adults.

Such specific protection shall particularly apply to marketing, personality or user profiles, as well as services offered directly to children. We do not process children's personal data without the consent of a parent or guardian where this is necessary. We do not target our marketing to children, except for specific services and with the consent of the holder of parental responsibility. If you believe that we have incorrectly processed a child's personal data, please contact us directly at kundeservice@ankerstjerne.no.

9. Data transfer

According to the GDPR, it is not permitted to transfer personal data to third countries outside the EEA that do not have the opportunity to guarantee an adequate and satisfactory level of data protection. Some third countries outside the EEA area where we operate do not offer the same level of data protection as the country you live in, and are thus not recognized by the European Commission as providing an adequate level of protection for privacy rights.
As in some cases it may be necessary to transfer data to such countries, we have sufficient security procedures in place to protect your personal data. More information about such transfers will be made available to you at the time of collection.
If you would like more information or documentation on data protection procedures, please contact us at kundeservice@ankerstjerne.no.

10. Cookies

Our website can also use information cookies (also called "cookies"). A cookie is a small text file that is stored on your computer, mobile phone or tablet by the website you visit. The file contains the address of the website and the codes that your browser sends back to this website every time you visit a page. The goal is to recognize your device and store information about your preferences or past activities. That way, your visit can be adapted to your needs and create a better user experience for you.
When you visit our websites, you will be told which types of cookies we use and how you can deactivate them. When required by law, you will be given the option to reject the use of cookies when you visit our websites. For more information, see our cookie policy

11. Your rights

You have a number of rights when it comes to your personal data, and you have the opportunity to influence your information and what is stored. Among other things, you have the right to receive information about which information we have stored. You can also demand that we correct incorrect information or delete your information. You can contact us at any time and request that your information be deleted or that the use of the information be restricted.

If you wish to withdraw your consent or demand an overview of information, correction or deletion, contact us at the e-mail address we have specified under the section for contact information. Should you have questions about the complaints process, you can find many answers in our guidelines for complaints and inquiries .

If you believe that your rights are not being respected, please contact us (see contact information below) or the Norwegian Data Protection Authority ( postkasse@datatilsynet.no ).

12. Updates

This privacy policy may be updated from time to time when there are changes in operations or otherwise. If significant changes are made, we will post information about this on our website when the changes come into effect, and if applicable, communicate the change(s) directly to you.

13. Contact us

If you should have questions, comments and/or requests related to this privacy policy, please contact the data protection officer at kundeservice@ankerstjerne.no. You can also send a letter to the following address:

Dr. Ankerstjerne AS
3324 Sørenga,
0140 Oslo