This privacy statement describes how Safetec collects and uses
personal data. The policy contains information you are entitled to when
information is collected from our website, and general information about
how we process personal data.
Safetec, represented by the CEO, is the data controller for the company's processing of personal data. The daily follow-up may be delegated in some cases. The delegation includes only tasks and not the responsibility.
Personal data we collect and process
We mainly process personal data in the following cases:
- You have sent us an inquiry
- You have a customer relationship
- You have signed up for a course or event organized by Safetec
- You have taken part in a survey organized by Safetec
- You visit our websites
- You have applied for a job, or a job seeker has specified you as a reference
- You are or have been employed by Safetec
Safetec has an ICT operating model where we operate large parts of our systems ourselves, but where we have also outsourced operation of some systems to external parties. When we operate out own systems, we also use external consultants. All our suppliers are required to work from Norway, and in those cases where data is moved out of our own servers, this is stored on servers in Norway.
Safetec uses e-mail and telephone to follow up inquiries, operational activities, and dialogue with internal and external contacts. Personal data revealed during telephone conversations and e-mail exchanges is recorded and stored if necessary to respond to requests, fulfil agreements or legal obligations. In that case, this information is processed as described below (see "Information about clients").
Employees have an overview of the latest calls on their phones, but there is no systematic registration or recording of phone calls. Safetec's employees are responsible for deleting e-mails that are no longer relevant. Upon resignation, the e-mail accounts are deleted, but certain relevant e-mails will normally be transferred to colleagues. Please be aware that regular e-mails are not encrypted. We therefore encourage you to not send confidential, sensitive, or other confidential information via unencrypted e-mail.
The lawfulness of processing inquiries is according GDRP Art. 6(1), letter f, which allows us to process information that is necessary for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. The legitimate interest is to be able to follow up e-mail and telephone inquiries when necessary.
In connection with client relations, we are required to collect data about name, address, organisation number and other necessary information. We only use this information to process our client relation, through e.g., responding to inquiries, sending tenders, and executing orders. Information about clients is registered in our project room and associated client database.
We keep of the information you provide us as long as our client relationship lasts. You have the right to access, correct and delete data we have stored about you. We will keep relevant client information as long as we see it necessary, also after the client relationship has ended. This is to be able to help if you should need the information in the future.
The lawfulness of processing is according GDRP Art. 6(1), letter b, as it is necessary for the performance of a contract to which the data subject is party, or prior to entering into a contract; and GDRP Art. 6(1), letter c, which legitimates processing necessary for compliance with legal obligations.
Course and events
When registering for a course or event arranged by us, we will ask for information such as name, contact information and place of work. In addition, we may ask for information about food allergies. The purpose of the information is to provide information to the participants, prepare participant lists for the participants, collect course fees, as well as manage and organize events.
The lawfulness of processing the information is according GDRP Art. 6(1), letter f, which allows us to process information that is necessary for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. The legitimate interests are to conduct courses and events in an effective way.
Safetec uses SurveyXact by Rambøll to conduct surveys. Only Safetec and Rambøll have access to the information collected. A separate data processor agreement between Safetec and Rambøll regulates which information the supplier has access to and how it is to be processed. In cases where Safetec conducts surveys with the processing of personal data for clients, there will be processing agreements with them. We will always inform you about the purpose of the survey, how long the data is stored and other rights through an informed consent. Safetec will not share the information with others or use the information for purposes other than those stated. Data from surveys used for future comparisons and research will always be anonymised.
Visit on our websites
Los & Co Drammen is the service provider of https://www.safetec.no/. The supplier Blåis contributes with operation and development of the websites. Only Safetec and the service provider with any subcontractors have access to the information that is collected. Separate data processing agreements between Safetec and the service providers regulate which data the providers have access to and how it is to be processed.
Safetec collects de-identified information about visitors to https://www.safetec.no/. The purpose of this is to prepare statistics that we use to improve and further develop the information offered on the website. Examples of what the statistics provide us with are how many people visit various pages, duration of the visits, which websites the users come from, and which browsers are used.
The lawfulness of generating anonymous statistics is according GDRP Art. 6(1), letter f, which allows us to process information that is necessary for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. The legitimate interest is to improve and further develop information on our websites.
If you apply for a job at Safetec, we must process information about you to evaluate your application. We then process the information you provide to us through the documents you send us, including application, CVs, diplomas and certificates. In addition to any interviews, Safetec can also carry out its own investigations, for example talks with the job applicant's references.
Safetec uses CVideo's job portal for recruitment purposes. Registration in the database is based on voluntary consent. Only personal data that the individual candidate submits in connection with creation of a profile is processed. CVideo processes candidate data on behalf of Safetec and uses subcontractors who assist with the processing. A data processing agreement regulates how the personal data is to be processed. Information about CVideo's processing of candidate information can be found here: https://app.cvideo.no/assets/t....
The lawfulness for processing data from submitted documentation, interviews and references is according to GDRP Art. 6(1), letter b. This provision allows us to process personal data in order to take steps at the request of the job applicant prior to entering into a contract.
If we carry out our own investigations in addition to this, for example contacting someone who has issued a certificate, but who is not provided as a reference, the basis for processing is according to GDRP Art. 6(1), letter F, which allows us to process information that is necessary to protect a legitimate interest. The legitimate interest is to find the right candidate for the position.
Job applications are stored in CVideo's job portal and automatically deleted within 24 months. A job applicant can withdraw the consent to the processing of personal data at any time. The information will then be deleted from CVideo's candidate database.
Your rights as a data subject
Right to access to personal data
Those who are registered in one of Safetec's systems have the right to access their own personal data.
Right to rectification of personal data
You can ask us to correct or supplement personal data if it is incorrect or misleading.
Right to erasure of personal data
You can ask us to delete personal data about you. However, personal data that we are required to retain due to legal obligations will not be deleted.
Right to restriction of processing of personal data
In some situations, you can ask us to limit the processing of personal data about you. You do this by managing consents or reservations in our solutions.
Object to the processing of personal data
If we process personal data about you based on our activities, or based on our legitimate interest, you have the right to object to our processing.
Right to data portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
You can complain about our processing of personal data
If you think we are not complying with the rules in the Personal Data Act and GDRP, we hope you will let us know by contacting us. You can also complain about our processing of personal data to the Norwegian Data Protection Authority.
For questions related to this privacy statement, or exercising your privacy rights, please contact us by e-mail or phone:
E-mail: email@example.com, Phone: +47 73 90 05 00, Address: Sluppenvegen 6, 7037 Trondheim, Norway
Changes to the privacy statement