What personal data we collect and why we collect it
Processing of personal data When you are in contact with us, for example as a private customer or as the contact person for a business customer, Enter Norway Consulting AS processes personal data about you.
Below you will therefore find information about what personal data is collected, why we do this, and your rights related to the processing of personal data.
“Personal Data” means any information that can be linked to a natural person, such as name, identification number, email address, etc. “Processing” means any process using personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transfer, dissemination or any other form of disclosure, compilation or coordination, restriction, deletion or destruction.
All processing of personal data takes place in accordance with the privacy policy in force at any given time, including the Personal Data Act and the General Data Protection Regulation (GDPR).
Why we collect personal data and what type of information we collect
We collect and use your personal data for different purposes, depending on who you are and our contact with you. We collect the following personal data for the purposes stated here:
1. Establishment and management of customer relationships
In this regard contact information, documentation of identity, payment information, etc. are processed. The processing is conducted on the basis of Article 6 (1) (b) of the GDPR (processing is necessary to fulfil an agreement to which the data subject is a party) for private customers, and Article 6 (1) (f) of the GDPR (processing is necessary for purposes related to legitimate interest) for contact persons for business customers and for other things processed in connection with business customers. In addition, Enter Norway is subject to legal obligations in connection with the establishment of customer relations cf. Section 4 (2) (c) of the Anti-Money Laundering Act and processes data pursuant to Article 6 (1) c of the GDPR (processing is necessary to fulfil a legal obligation).
2. Case management
In this regard, we process personal data that is necessary in relation to the case in question. This processing is conducted on the basis of Article 6 (1) (b) of the GDPR (processing is necessary to fulfil an agreement to which the data subject is a party) for private customers, and Article 6 (1) (f) of the GDPR (processing is necessary for purposes related to legitimate interest) for contact persons for business customers and other information processed in connection with business customers.
3. Information about counterparties and other third parties
In this regard, we process personal data that is necessary in relation to the case in question. The processing is conducted on the basis of Article 6 (1) (f) of the GDPR (processing is necessary for purposes related to legitimate interest). We have assessed that processing is necessary to resolve incoming cases as efficiently as possible in accordance with commercial considerations.
4. Storage/retention of case documents
In this regard, we process personal data that is necessary in relation to the case in question. The processing takes place on the basis of legal obligations to file ongoing and closed cases.
5. Billing
In this regard, contact information and payment information is processed. The processing is conducted on the basis of Article 6 (1) (b) of the GDPR (processing is necessary to fulfil an agreement to which the data subject is a party) for private customers, and Article 6 (1) (f) of the GDPR (processing is necessary for purposes related to legitimate interest) for contact persons for business customers and other things processed in connection with business customers.
6. Sending newsletters and other relevant information about our business
In this regard, names and e-mail addresses are processed. This processing is conducted based on the consent of the person receiving the marketing, pursuant to Section 15 of the Marketing Act, usually a private customer or contact person of a business customer.
7. Information about potential customers
In this regard, contact information is processed. The processing is conducted on the basis of Article 6 (1) (f) of the GDPR (processing is necessary for purposes related to legitimate interest). We have determined that the processing is necessary to protect our commercial considerations.
8. Knowledge management (e.g. the reuse of documents in later cases)
Personal data processed in this context is personal data that is necessary in relation to the case in question. The processing is conducted on the basis of Article 6 (1) (f) of the GDPR (processing is necessary for purposes related to legitimate interest). We have assessed that processing is necessary for internal learning processes and to be able to work more efficiently.
9. Recruitment
In this regard, CVs, applications, certificates, diplomas, statements from references and internal assessments/interview minutes are processed. The processing of personal data is conducted on the basis of agreement with the person applying for the position with us, i.e. Article 6 (1) (b) of the GDPR. If we retain application documentation after a recruitment process has been completed, this will be done based on consent from the applicant, cf. Article 6 (1) (a) of the GDPR.
10. Security
In this regard logs on servers, disclosures, resolution and follow-up of security incidents, etc. are processed. The processing is conducted on the basis of Article 6 (f) of the GDPR (processing is necessary for purposes related to legitimate interest). We have assessed that this processing is necessary to ensure information security and prevent the unauthorised disclosure of personal data.
Disclosure of personal data to others
We will not disclose your personal data to third parties unless there is a lawful basis for such a disclosure. Examples of such would typically be an agreement with you or a legal basis that requires us to disclose the information.
We use data processors to collect, store or otherwise handle personal data on our behalf. In such cases, we enter into agreements to safeguard information security in all stages of processing.
Storage time and deletion
We store your personal data for as long as is necessary to fulfil the original purpose of collection.
This means, for example, that the personal data that we process on the basis of your consent is erased if you withdraw your consent. The personal data we process to fulfil an agreement with you is erased when the agreement is fulfilled and all of the obligations arising from the agreement have been satisfied. Personal data that we process in order to fulfil a legal obligation to the authorities is deleted when this is indicated on a legal basis. This applies, for instance, to posting and accounting rules.
The table below has an overview of the length of processing time for personal data when used for various purposes.
Purpose Storage period
Customer administration Up to 10 years after closing the last case
Storage/retention of case documents Up to 10 years after closing the last case
Billing information Up to 5 years after the expiry of the fiscal year in which billing occurred
Information about potential customers Up to 5 months
Knowledge management (e.g. reuse of documents in later cases). Up to 10 years
Recruitment Up to 3 months after the application deadline. With the consent of the applicant we store CVs, applications, certificates and diplomas for up to 2 years for use in new, relevant job advertisements.
Security logs Up to 1 year
Security copies (backups) Up to 3 years
Your rights when we process your personal data
You have the right to demand access, rectification or erasure of your personal data. You also have the right to demand limited processing, object to the processing and claim the right to data portability. You can read more about the content of these rights on the Norwegian Data Protection Authority’s website: www.datatilsynet.no.
To apply your rights, you must contact us by email or phone. We will respond to your enquiry as soon as possible and within 30 days. We will ask you to confirm your identity or to provide additional information before we allow you to apply your rights. We do this to make sure that we only provide you with access to your personal data – and not to someone pretending to be you. You may withdraw consent for our processing of personal data at any time.
Complaints
If you believe that our processing of personal data does not match what is described here, or that we have violated data protection laws in some other way, you may file a complaint with the Norwegian Data Protection Authority. You can find information about how to contact the Norwegian Data Protection Authority on the Data Inspectorate’s website: www.datatilsynet.no.
Changes
Should any changes occur in our services, or the regulations regarding the processing of personal data, it may result in changes to the information provided here. If we have your contact information we will make you aware of these changes. Otherwise, updated information will always be available on our website.
Contact
The data controller for the personal data we process is: General Manager Aase Herkules, Enter Norway Consulting AS. If you have any questions, or would like to know more about our processing of personal data, please contact us:
Enter Norway Consulting AS
St. Olavs plass 3, 0165 Oslo, Norway
P.O. Box 6893, St. Olavs plass, 0130 Oslo
Email: Information@enternorway.no
Phone: +47 934 32 115
Organisation number: 920 171 583
Last modified 16.05.22