PRIVACY POLICY

 

BACKGROUND

Excellerate (or 1st person in the plural) receives, collects, stores and uses information about you as an individual. This privacy policy describes how and why we do this, and how you as an individual can relate to our processing of your personal data.

The declaration has been prepared in accordance with the EU’s regulation on personal protection (GDPR).

CONTEXT

Personal data is all information that can be uniquely linked to you as an individual. This can be an e-mail address, telephone number, a statement, a membership, a subscription or an overview of goods you have bought in a shop.

OUR ROLES IN PROCESSING AV PERSONAL DATA

We can act as both data controller and data processor. As data controller, we will independently obtain, store and use personal data, while as data processor we receive personal data from our clients and store and use this so that we can perform services on their behalf. We treat personal data with the same respect regardless of the role in which we act.

 

PURPOSE AV OUR DATA PROCESSING

As the controller of your personal data, our purposes of the processing are:

  • To provide you with the most tailored and relevant information possible when you are in contact with us. This contact can take place by you visiting our websites, downloading electronic material, receiving newsletters, receiving offers for courses, receiving physical material, etc.
  • To give you the best possible experience when you are on a course with us
  • To contact you as a representative of a business associate
  • To assess you as a candidate in connection with recruitment for vacant positions

As data processor of your personal data, we store and process your personal data on behalf of one or more clients. The purpose of the processing is then:

  • Collecting your assessment of our client through a survey sent to your contact address (email or telephone)
  • To block the sending of surveys on the basis of your reservation against such surveys
  • Receiving, quality assurance and entering data into systems that we offer on behalf of other data processors.

PERSONAL INFORMATION COLLECTED AND PROCESSED

As the controller of your personal data, our purposes of the processing are:

  • To provide you with the most tailored and relevant information possible when you are in contact with us. This contact can take place by you visiting our websites, downloading electronic material, receiving newsletters, receiving offers for courses, receiving physical material, etc.
  • To give you the best possible experience when you are on a course with us
  • To contact you as a representative of a business associate
  • To assess you as a candidate in connection with recruitment for vacant positions

As data processor of your personal data, we store and process your personal data on behalf of one or more clients. The purpose of the processing is then:

  • Collecting your assessment of our client through a survey sent to your contact address (email or telephone)
  • To block the sending of surveys on the basis of your reservation against such surveys
  • Receiving, quality assurance and entering data into systems that we offer on behalf of other data processors.

ACCESS TO PERSONAL INFORMATION

In order to ensure that the processing of information with us takes place in a secure manner, only specially approved persons with us have access to the information you give us. Access to information is secured with various mechanisms for access control.

We will not disclose, distribute, rent, license, share or forward information or personal information to any third party other than those who have an agreement and provide services to us unless we have your explicit consent to do so.

We use external actors for the purpose of distributing newsletters. We do not share personal data with our distribution partners to a greater extent than is necessary to complete this purpose.

We have contracted that our suppliers or partners cannot use or provide your personal data for other purposes without permission.

DATA PROCESSORS AND TRANSFER OF DATA ABROAD

We have entered into an agreement with the following types of data processors:

  • Eloomi AS for operation and delivery of video portals
  • Questback AS for obtaining data through surveys
  • Maze AS for obtaining data through surveys
  • Markedspartner AS for market-oriented activities
  • WordPress for running websites
  • Social media for exposure of marketing campaigns to selected groups of recipients
  • Various suppliers (such as HubSpot, Adform, etc) for tracking and analyzing activity on our websites.

Our data processors have reserved the right to transfer information to servers or subcontractors in other countries.

If information is otherwise transferred within the EU/EEA area, we will ensure that the EU directive on personal data in connection with data processing and country-specific laws on data protection are followed. If we pass on personal data to a third party located outside the EEA area, we will ensure that the transfer takes place in accordance with the EU directive on personal data (GDPR).

Should there be any changes to which data processors we have an agreement with and which are of significant importance for your privacy, we will notify you of this and give you the opportunity to withdraw any consents you have given.

HOW DO WE SECURE THE INFORMATION?

We have systems and routines for privacy and the protection of personal data.

If we process «non-personally identifiable information» combined with «personally identifiable information» (for example your name combined with geographical location) the combined information will be treated as personally identifiable information. If we collect or pass on sensitive personal data, we use recognized methods to protect the information.

If we pass on your personal data to a third party, we will make sure that there are arrangements and agreements that secure the data and prevent the third party from using the personal data for purposes other than those agreed upon.

We will use all reasonable precautions to ensure that our employees, data processors and third parties who have access to information about you have adequate information to ensure that they only process that information in accordance with this statement and our obligations under privacy legislation.

DIRECT MARKETING

It is voluntary to subscribe to newsletters and information from us. You can cancel your subscription at any time through a link you will find in the newsletter you receive.

We do not allow a third party to use your personal data for marketing or communication purposes.

OTHER DATA CONTROLLERS

Our websites link to websites that are owned and operated by other businesses. We do not have access to and do not process personal data entered on these websites, unless otherwise specified in this declaration. We are also not responsible for either the content or the processing of personal data on other websites. Here, reference is made to privacy statements relating to each individual website.

YOUR RIGHTS

All persons who ask whether they have the right to information about the processing of personal data in a business pursuant to Section 18, subsection 1 of the Personal Data Act. You will find such information in this statement.

If we process personal data about you, you have the right to access your own data. If the personal information is incorrect, incomplete or there is no access to process it, you can also ask us to correct the information.

We do not process and store information about you longer than is necessary for the intended purpose or for what is required in accordance with concluded agreements and not beyond the limits of the law. We delete your personal data when you let us know.

You have the right to object to the processing and possibly complain about the processing to the Norwegian Data Protection Authority.

ENFORCEMENT OF THIS PRIVACY STATEMENT

We may use the information that we collect about you when we have reason to believe that it is necessary to identify, contact, or take legal action against persons or companies that may harm you, us, or others. We may also disclose your information when we believe the law requires it.

CONSENT, CHOICE OF LAW AND VENUE

This privacy policy applies to you with whom we have or have had a relationship. We require that you agree to comply with the Statement as part of our relationship.

By using our websites, services and products, you accept that your personal data can be processed in accordance with this privacy statement, including being transferred to data processors and third parties as described in the statement.

We are subject to Norwegian law. You agree that any disputes shall be dealt with by a court in Oslo in accordance with the laws of Norway, unless otherwise follows from preceptorial local law.

THE LEGAL BASIS FOR THE PROCESSING

We have grounds for processing personal data in accordance with the Personal Data Act and the EU’s General Data Protection Regulation (GDPR).

It is voluntary for those who visit the website to provide personal data in connection with services such as receiving newsletters, ordering information material and brochures, signing up for courses and events, registering CVs, etc. The basis for processing in these cases is consent from or agreement with you, with unless otherwise specified.

CHANGES OF PRIVACY POLICY

We reserve the right to change or update the privacy policy when we deem it necessary. All changes are valid from the time they are published on our website and will include information collected both before and after this time.

VALIDITY

This privacy policy was last updated on 21 October 2021 and is valid from this date until further notice.

CONTACT

If you wish to get in touch with us in connection with this declaration or our relationship with your personal data, you can send an e-mail to personvern@excellerate.no or send a letter to:

 

Excellerate AS
Dronningens gate 3
0152 Oslo