Privacy Policy – Septer AS and the website www.septer.no

1. Introduction

Septer AS is registered in Norway as a private company. The registered address is Brugata 7 Brumunddal, Norway. In this policy, “we,” “us,” and “our” refer to Septer AS.

Septer is committed to protecting the rights of our users, clients, and visitors, and to meet all our obligations under Data Protection Law, including the General Data Protection Regulation (GDPR). The purpose of this statement is to inform you of what personal data is being collected, how it is processed, who is responsible for processing, what rights you have, and whom you can contact.

Septer is responsible for controlling the personal data you provide to us on this website (www.septer.no). Should you have any question regarding this privacy policy, feel free to contact us at septer@septer.no

2. What is Personal data and Processing?

In this policy, personal data and processing refer to (Art 4 of GDPR): 

1. «personal data»

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person 


2. 
«processing»

processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 

3. Types of data being processed and the legal basis for processing?

1. Website visitor data

We may automatically collect your personal data that is provided in the course of the use of our website. The usage data may include your IP address, geographical location, length of visit, website navigation paths, timing relating to the use of the site, frequency, and any patterns which may emerge. This data is only processed for operation and further development of Septer´s webpage. The legal basis for this processing falls under Art 6 (1)(f), that processing is necessary for our legitimate interests as a business to promote and improve our website. 

The data is retained by us for as long as is considered necessary for the purpose for which it was collected and for as long as it is required by the law. Data subjects can request to have their data deleted at any point. Personal data may be kept for more extended periods where required by the law or necessary to establish, exercise, and defend our legal rights. 

Cookies  

We use cookies on our website, which are placed on your hard drives to assist in personalising and enriching your browser experience by displaying content that is more likely to be relevant and of interest to you. Such use of cookies is a standard procedure for most websites. If you do not wish us to use cookies, you can optout of such when you first enter the site. After you exit our site, you can delete the cookie from your system if desired.  

Links to other Websites 

We may provide links to other websites on our page, such as Facebook, LinkedIn, or the website of our technology partnersto allow for easy navigation to our social media pages or the website of our technology partners. We do not use embedded links for social media to ensure that no data is collected by the respective social media channel when you browse our website. The third-party sites are not controlled by Septer and operate under their privacy framework. Please refer to their privacy notice for any further questions about how they process their data.  


2. Enquiry Data

We may process your personal data and information that is provided to us in the course of any inquiry or follow up of that inquiry through the contact form on the website, email, or telephone. The enquiry data may be processed for the purpose of answering inquiry, marketing, and selling relevant services. The legal basis for this processing falls under Art 6(1)(b) for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract. At times, the processing will fall under Art 6 (1)(f), that processing is necessary for our legitimate interests as a business where the processing is necessary for our commercial outreach, and such contact is made as a response to the inquiry by the data subject. The individual is in control of the personal data shared with us and can request the deletion of their data.  

The data is retained by us for as long as is considered necessary for the purpose for which it was collected and for as long as it is required by the law. The personal information will be kept in accordance with our retention policy unless request for deletion is made. Personal data may be kept for more extended periods where required by the law or necessary to establish, exercise, and defend our legal rights. 


3. Customer Relation Data

We only collect personal data necessary for agreed purposes and request our clients to only share personal data with us in accordance with the purpose. We may process data relating to our customer relations, including customer contact information. This category of data may include name, address, business association, geographical locations, etc. The legal grounds for this processing may fall under: Art 6 (1)(b) the necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract; Art 6 (1)(f) that processing is necessary for our legitimate interests; and Art 6(1)(a) data subject has given consent to the processing of information they have provided to us. The individual is in control of the personal data shared with us and can request the deletion of their data.   

The data is retained by us for as long as is considered necessary for the purpose for which it was collected and for as long as it is required by the law. The personal information will be kept in accordance with our retention policy unless request for deletion is made. Personal data may be kept for more extended periods where required by the law or necessary to establish, exercise, and defend our legal rights. 

4. Product VARN User Account Data  

We may process your personal data if you are a representative of our customer who has granted you access to our system. The Product Privacy Notice for VARN explains why and how personal data is collected and processed by the system. We encourage individuals using VARN to refer to the Product Privacy Notice available here.   

5. Company contacts

We process personal data about companies, and the associated individuals, using a CRM system called HubSpot. A representative of Septer initiates the collection of contact details and enters it into the CRM system, which usually includes company contact details, company website address, contact name, contact title, and location.  

Unless we are asked not to, we use the client’s business contact details to provide information that we think will be of interest, including information about us, new developments in law, and news relating to our services. Septer does not sell information to third party or otherwise use personal data for any other purpose.  

The CRM system is provided by HubSpot and is hosted in Amazon Web Services (AWS) in the US and Google Cloud Platform (GCP) in the EU. The HubSpot processes and secures its customer data in the EU and then transmits and stores in the US. Several HubSpot services are routed through the GCP data centre before being securely transferred to the US and securely stored in the AWS. The basis for the transfer of data to the USA is the EU-US Privacy Shield, for which HubSpot is certified.      

The data is retained by us for as long as is considered necessary for the purpose for which it was collected and for as long as it is required by the law. The personal information will be kept for the duration of the relationship with Septer and then deleted. If you would like to have no longer your information processed by Septer, please let us know and we will delete the information we have about you. Personal data may be kept for more extended periods where required by the law or necessary to establish, exercise, and defend our legal rights. 

6. Recruitment applications

We will process personal data in connection with our recruitment activities. All the personal data we process as part of recruitment is provided to us by the individuals, and may include:  

  • Contact details (name, telephone number, email); 
  • CV, experience, education, academic and professional qualifications; 
  • Information provided as part of interviews; 
  • Pre-employment screening information if your application is successful (i.e., references, offer details, previous salary amount and expectations);  
  • Verification of information shared during the interview process by contacting former employers or using publicly available information. 

The legal basis is Art 6 (1)(f) GDPR, where the processing is necessary for our legitimate interests to attract talent to grow our team.  Our recruitment process does not include automatic decision-making or employment agencies. We may use social media or online platforms such as www.finn.no for advertising positions available to which the user has the option to apply directly to us or via the online platform. Should you choose to apply via the platform, your personal data may be processed by the third-party service provider.  Please refer to their privacy notice for more information regarding their processes: 

Finn.no Privacy policy
Linkedin.com Privacy policy

The personal information will be kept for the duration of the recruitment process and, after that, maybe saved with the consent of the individuals, to be considered for future positions for further 12 months or until a deletion request has been made the individual. Personal data may be kept for more extended periods where required by the law or necessary to establish, exercise, and defend our legal rights. 

7. Suppliers, Partners, or Sub-contractors 

We process personal data of our suppliers, including individuals associated with our suppliers, to manage the relationship, receive and send invoices, contracts, to provide support service to our clients. The personal data is general business contact details, payment details, and any communication with us. The basis for processing this data falls under Art 6 (1)(f), that processing is necessary for our legitimate interests; Art 6 (1)(b) the necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract to receive or provide services.  

The data is retained by us for as long as is considered necessary for the purpose for which it was collected and for as long as it is required by the law. The personal information will be kept for the duration of the relationship with the organisation and then deleted. Personal data may be kept for more extended periods where required by the law or necessary to establish, exercise, and defend our legal rights.  

4. Security

We take the security of all the data we hold very seriously. We adhere to industry standards and continuously work on updating our internal frameworks to ensure best practices. We have policies, procedures, and training in place regarding security, confidentiality, and protection of all data we hold.  

5. Sharing or Transferring your Personal Data to Others

Septer does not transfer personal data to a third country for any purposes other than those specified above or are legally permitted to do so. Septer only has sub-processors based in the EU or the US. Where we share information with the companies based in the US, the basis of the transfer is the EU-US Privacy Shield Framework, and we ensure that the sub-processors are certified under the said framework.  

When we share data, we put in place contractual agreements with standard contractual clauses approved by the ECDP, that offer sufficient safeguards to protect the data that is transferred outside of the Union.   

6. Your rights as a Data Subject

1. Right to information and Access

You have a right to get information on how your personal data is processed by Septer AS. This privacy policy is intended to contain the information you are entitled to. You have the right to view/access all personal data registered about you at Septer. You also have the right to obtain a copy of your personal data, if you wish.


2. Right to Rectification

You are entitled to request any incorrect personal data about you corrected. You also have the right to have incomplete personal data about you completed. If you believe we have registered incorrect or insufficient personal information about you, please contact us. It is important that you substantiate and possibly document why you believe personal information is incorrect or inadequate.


3. Right to Restrict the Processing of the Data

n some cases, you may have the right to request the processing of your personal data to be limited. The limitation of personal data means that personal data is still being stored, but that the possibilities for further processing are limited.

If you believe that your personal information is incorrect or inadequate or has raised an objection to the processing (see below), you are entitled to request that processing of your personal data be temporarily restricted. That is, the processing is limited until we may have corrected your personal data or have considered if your opposition is justified.

In other cases, you may also require a more permanent limitation of your personal data. In order to be entitled to require a limitation of your personal data, the terms of the Personal Data Act and GDPR Article 18 must be met. If we receive a request from you for the limitation of personal data, we will review whether the terms of the law are met.


4. Right to Erasure

In some cases, you have the right to demand that we delete your personal data. The right to deletion is not an unconditional right and whether you are entitled to deletion must be considered in the light of current privacy laws, i.e. the Data Protection Laws and the GDPR. If you wish to delete your personal data, please contact us. It is important that you state why you want the personal data to be deleted and, if possible, also state what personal data you want to delete. We will then consider whether the conditions for requiring deletion in the law are fulfilled.


5. Right to Protest

ou may be entitled to object to the processing, that is, protest against processing if you have a particular need to stop processing. The right to object is not an unconditional right, and it depends on what is the legal basis for the processing and if you have a specific need. The terms are outlined in the GDPR Article 21. If you raise an objection for the processing, we will consider whether the terms for raising an objection are met. Please note that the right to protest does not apply if the personal data is required to perform an agreement you have with Septer or if we are required by the law to process your personal data. If we believe you have the right to object to the processing and the objection is justified, we will stop processing and you may also request to have your data deleted.


6. Right to Complain about the Processing

If you believe that we have not processed your personal data in a correct and legal manner, or if you believe that we have not been able to fulfil your rights, you will be able to complain about the processing. For information about how to contact us, see below.
If we reject your complaint, you have the right to direct the complaint to the Data Protection Authority (Datatilsynet). The Data Protection Authority is responsible for ensuring that Norwegian companies comply with the provisions of the Personal Data Act and the GDPR, when processing personal data.
You’ll find updated information about how to contact the data protection company at www.datatilsynet.no

7. Contact

Septer AS is responsible for matters regarding the personal data collected on the website www.septer.no

Septer AS
Brugata 7
2380 Brumunddal
Norway

Septer AS has appointed a Data Protection Officer. The Data Protection Officer can be reached at personvernombud@septer.no