1 Data Controller
This privacy policy explains how we collect and process personal data in our business. ONITIO NORGE AS, represented by the managing director, is the data controller for the processing of personal data.
Our contact information is as follows:
ONITIO NORGE AS
Business Address: KRISTIANSAND S, Skibåsen 33H, Norway, 4636
Organization Number: 938751943
Email Address: contact@onitio.com
We take your privacy seriously and have implemented several measures to ensure that we provide you with clear information about how we process your data and what rights you have. If you find anything unclear or missing, please do not hesitate to contact us.
2 Your Rights
Please feel free to reach out to us if you have any questions about or wish to exercise any of your rights. You can expect to receive a response within 30 days. For more information, please refer to the Data Inspectorate's website.
3 Who We Process Personal Data About
We process personal data about:
4 How We Collect Personal Data
Providing us with personal data is voluntary, but in order to complete a transaction, we do require a variety of information from you.
We process personal data when you:
We also use cookies and other tracking technologies when you visit Onitio's websites, use our applications/services, and communicate with us via email to enhance your experience with Onitio, our products, and our websites. Please refer to our cookie policy for further information on this.
5 Purpose, Legal Basis, and Storage
In accordance with the General Data Protection Regulation Article 6(1), personal data can be processed based on:
As a rule, personal data should not be processed and retained longer than necessary to fulfill the purpose of the processing. If we process your personal data based on a legitimate interest that we believe we have, you can object to the processing by contacting us. We will then assess your objection and provide you with a prompt response.
To comply with this, we conduct annual GDPR reviews in which we formally assess and review our privacy work. The purpose is to amend, update, and if necessary, delete personal data.
We retain data for as long as we are legally obligated to do so under applicable legal obligations, such as accounting, tax, or employment laws, and/or other relevant rules and regulations. You can contact us at any time if you wish for us to cease processing or delete your personal data, but please note that we cannot delete personal data that we are legally obligated to process.
We have procedures in place to ensure that personal data is deleted from all relevant systems when we no longer have a purpose and/or a legal basis to continue processing them.
Accounting records are retained for up to 5 years in accordance with the rules of the Accounting Act.
6 How We Process Personal Data
Here, we provide detailed information about when and how we process your personal data, for what purposes, on what legal basis, and for how long. We process personal data when:
You communicate with us
When you provide us with your business card or contact us through our website (contact forms, comment sections, chat, or similar), via email, over the phone (calls, text messages), or through social media, we process personal data. Depending on where and how you reach out to us, this may include your name, contact information, IP address, and any other information you choose to provide.
The purpose is to respond to your inquiries, maintain a record of communication, and have documentation in case we receive complaints, claims, or legal demands.
The legal basis can be:
• Your consent.
• A contract we have entered.
• A legitimate interest we believe we have, where the legitimate interest is the ability to respond to your inquiries, maintain a record of communication, and have documentation in case we receive complaints, claims, or legal demands.
We review, archive, and delete communications as needed but no less frequently than once a year.
You purchase our products and services
When you buy products and services from us, we process personal data such as your name, contact information, order and payment details, and purchase history.
The purpose is to deliver products and services to you based on your order/purchase, maintain a history of sold products and services, and otherwise manage and follow up on our customer relationship with you.
The legal basis can be:
Marketing in Existing Customer Relationships
When you become a customer with us, we process the personal data as mentioned above. If you have an existing customer relationship with us, we may send you marketing materials via email in accordance with the Marketing Act § 15. The legal basis for this will be a legitimate interest but may also be based on your consent.
The purpose of the marketing is to provide excellent customer service.
You can unsubscribe from marketing emails at any time. Information on how to unsubscribe will be provided in all marketing-related emails.
The information is processed as long as the customer relationship exists or until you opt out of the marketing list.
You Apply for a Job or Work for Us
When you apply for a job with us, we process personal data such as your name, contact information, CV, and other information we need to assess your application.
The legal basis can be:
The legal basis may vary depending on where we are in the recruitment process and the type of position in question.
The information is deleted after a candidate is selected for the job, unless you have consented to us keeping your information for a longer period in case you wish to apply for a job at a later date. In this case, the consent will be renewed annually.
For employees, we process the personal data as mentioned above, in addition to information necessary for payroll processing and overall employment administration.
The legal basis can be:
Most employee information is processed in accordance with the employment agreement and is typically deleted when the employment relationship ends, unless specific reasons (such as disputes over termination or dismissal) require them to be retained for a longer period.
You Register for an Event
When you participate in our free events, we process personal data such as your name and contact information. For paid events, we also collect order and payment information. The purpose is to provide relevant courses, lectures, and workshops, or to fulfill agreements for booked events.
The legal basis can be:
We may also use your personal data to send you a survey about the event you attended and potentially invite you to other similar events. The legal basis, in this case, is a legitimate interest, where the legitimate interest is to continually improve our products and services and provide you with good customer support.
The retention period for this information depends on the type of event, but it is typically deleted no later than 12 months after the event.
You Respond to a Survey
We always inform you about the purpose of the surveys we conduct and whether they are anonymous or not. We do not share the information with others or use it for purposes other than what we have stated. In the case of anonymous surveys, we do not collect personal data.
The legal basis for non-anonymous surveys can be:
You Are a Supplier or Collaborator with Us
When you enter into an agreement with us as a supplier, collaborator, or data processor, we process personal data such as your name, contact information, and correspondence.
The purpose is to establish an agreement with you, and the legal basis can be:
The information is retained for as long as we have an ongoing relationship. We process personal data related to general correspondence and communication as described above.
You Use Our Website
When you use our website, we process personal data in accordance with our cookie policy. The purpose is to manage our website, promote the company, and respond to inquiries from visitors. The legal basis for cookies that store or process information falling under the Electronic Communications Act § 2-7b is consent through a browser setting, following the recommendations of the Norwegian Communications Authority (Nkom), as described here.
7 Who We Share Personal Data With
In order to operate our business efficiently and securely, we sometimes need to share your personal data with parties such as:
We require that all entities with whom we share your personal data ensure the security of your data in accordance with good information security practices and the requirements of the General Data Protection Regulation. We enter into data processing agreements with all those who process data on our behalf and, as needed, require confidentiality agreements.
*We use data processors for:
For security reasons, we have not specified these by name, but please feel free to contact us if you would like to know more.
8 Security
We take information security seriously, and we will always do our utmost to safeguard your personal data in the best possible way. We implement various security measures, including:
These measures are in place to protect our data and prevent unauthorized access to view, modify, delete, or in any way affect the data we store, including your personal information.
We only use reputable providers of IT and administrative services such as web hosting, website and PC security, antivirus software, email services, backup, and more. We only allow others to access and/or process your personal data in accordance with our instructions and only when strictly necessary (e.g., for IT support).
We have established procedures for handling data security breaches, and in the event of a breach, we will report it to the Data Inspectorate within 72 hours of discovering the breach. If the breach poses a high risk to data privacy, we will also notify the affected data subjects.
This privacy statement was last updated on: 27.11.2023.