Privacy policy
Omtre AS's processing of personal data regarding visitors to the websites omtre.no and sirktre.no, customer contacts, employees and job applicants
NB! Copying from this privacy policy is not permitted and is considered a violation of the Copyright Act.
When you use our website and/or are in contact with us by phone, email or otherwise, Omtre AS will process personal data about you. Below you will therefore find information about the personal data that is collected, why we do this and your rights related to the processing of personal data.
The data controller for the personal data we process is Omtre AS by Kristine Nore. The contact information for Omtre AS is:
Address: Årbogveien 100, 3515 Hønefoss
E-mail: kristine.nore@omtre.no
Organization number: 825 181 342
Data Protection Officer: Christine Kvalvik Jørgensen v/ Omtre AS
E-mail: christine@omtre.no
If you have any questions about our processing of your personal data, you can contact us by email or phone.
Your rights
If you wish to exercise any of your rights, please send us an e-mail at kristine.nore@omtre.no or christine@omtre.no. You are entitled to a response as soon as possible, and at the latest within 30 days. Read more about all your rights on the Norwegian Data Protection Authority's website.
Access to and rectification of your own data: You can request a copy of all the data we process about you and ask us to correct data that is incorrect.
Deletion or restriction: In some situations, you can ask us to delete and/or restrict the processing of data about yourself.
Object to a processing of personal data: If we process data about you on the basis of legitimate interest, you have the right to object to it.
Data portability: If we process information about you on the basis of consent or a contract, you can ask us to transfer information about you to you or to another data controller.
You can complain to the Norwegian Data Protection Authority about our processing of personal data. We hope that you will let us know directly first, so that we can try to resolve the matter for you in a good way.
Who we process personal data about
We process personal data about contact persons belonging to:
Partners (affiliated companies, students)
Potential partners (potential affiliated companies)
Customers
Contact persons of companies that are considering becoming customers
Suppliers' contact persons
In addition, we process personal data about:
Visitors to the website
Job applicants
Employees
Former employees
How we collect personal data
Providing us with personal data is voluntary. However, in order for us to be able to deliver products or services, we need a range of information from you in order to complete the transaction. We do not use automated decisions or profiling in the processing of your personal data.
Where we process personal data on the basis of consent, we would like to draw your attention to the fact that you can withdraw your consent at any time without this affecting the lawfulness of any processing that took place before you withdrew your consent.
We process personal data related to:
Inquiries from you
When you contact us via the website (contact form, communication tools), by email, by phone (call, text message) or social media, we process personal data. Depending on where and how you send us a message, this may be contact information in the form of email and telephone number, IP address and other information you choose to send to us.
The purpose is to be able to respond to inquiries from you, for historical purposes, and to have documentation in case we receive complaints or legal claims. The basis for processing is Article 6(1)(f) of the General Data Protection Regulation, where the legitimate interests are to be able to respond to inquiries from you, for historical purposes, and to have documentation in case we receive complaints, appeals or legal claims.
We review, archive and delete inquiries as needed, but no less frequently than every two years. Inquiries that we are obliged to retain, such as documentation in connection with a claim/complaint, are stored until the deadline for making a claim/complaint has expired (two or five years). Accounting material is stored for up to five years, in accordance with the rules in the Bookkeeping Act.
Purchase of services
When your company purchases services from us, we process personal data related to the individual contact person in the company. This may be contact information in the form of name, email and telephone number. We will also process information about ordering and payment information and purchase history associated with the business, where the contact person's name may appear.
The purpose of this is to be able to deliver services to your business after ordering, and to keep a history of services sold. The basis for processing is Article 6(1)(b) of the General Data Protection Regulation and (c) legal obligation. Accounting material is stored for up to five years, in accordance with the rules in the Bookkeeping Act.
Job search and employment
When you apply for a job with us, we process personal data such as contact information in the form of name, email and telephone number, CV and other information we need to be able to assess your application, such as applications, certificates, references and diplomas. The basis for processing is the General Data Protection Regulation (GDPR), Article 6 (1) (a), and possibly Article 9 (2) (a) if your application contains special categories of personal data. The data will be stored for as long as it is relevant to carry out the application and recruitment process, and will be deleted when the process is completed.
For employees, we process personal data as mentioned above, in addition to information that is necessary in order to pay salaries and otherwise administer the employment relationship, such as account number, your residential address, information in connection with necessary adaptation of the workplace, etc. The processing basis for this is Article 6(1)(b) of the General Data Protection Regulation, and possibly Article 9(2)(b) for special categories of personal data. Information about employees is generally deleted when the employment relationship ends, unless special reasons (such as a dispute about termination or dismissal) make it necessary to keep them longer. Information related to payroll administration is stored for up to five years, in accordance with the rules in the Bookkeeping Act.
Events, including digital events
When you participate in free events with us, we process personal data in the form of contact information including name, email and telephone number. For paid events, we also collect booking and payment information. The purpose is to be able to offer customers and potential customers relevant courses, lectures and workshops. The basis for processing is the General Data Protection Regulation Article 6 (1) a) consent or b) agreement. The data will be stored until you withdraw your consent and, if applicable, request that it be deleted, or, by agreement, for up to five years in accordance with the provisions of the Bookkeeping Act. For information stored on the basis of the Bookkeeping Act, Article 6(1)(c) of the General Data Protection Regulation applies as the basis for processing.
Suppliers, partners and data processors
When you enter into an agreement with us either as a supplier, partner or data processor, we process personal data such as contact information in the form of name, email and telephone number. Other information is normally linked to a business and is therefore not personal data. The purpose is to be able to enter into such agreements, and the basis for processing is Article 6(1)(b) of the General Data Protection Regulation. For information stored on the basis of the Bookkeeping Act, Article 6(1)(c) of the General Data Protection Regulation is used as the basis for processing. The information is stored for up to five years, according to the rules in the Bookkeeping Act.
Use of the website
When you use our website, we process personal data such as your IP address and other technical data collected via cookies and analysis tools. The purpose of this is to provide you with a good user experience and to compile statistics in order to improve and develop our website and services.
The basis for processing is consent from you as a user, as well as Article 6(1)(f) of the General Data Protection Regulation, where the legitimate interests are to improve our website and services. Read more in the next chapter.
Cookies and analysis tools
Web analytics and cookies
We use analytics tools from Google Analytics and Hotjar on our website omtre.no and sirktre.no. By closing the message box that appears when you visit the website, you consent to our use of cookies, and you agree that Google Analytics' privacy policy also applies to this processing.
Google Analytics is set up so that IP addresses are only processed in anonymized form. The analytics tool Hotjar uses a cookie that tracks traffic on omtre.no and sirktre.no.
Cookies are small text files that are placed on your computer when you download a website. We use cookies to generate statistics and for web analysis to facilitate the best possible functionality and user experience on the websites.
Turning off or deleting cookies
You can turn off and/or delete cookies in your browser. You can learn how to do this for most browsers on the nettvett.no website. You can also learn more about safer use of the internet. However, turning off or deleting cookies can change your user experience on a website, and sometimes services on a website will no longer function properly.
Who we share personal data with
In order to run our business, we sometimes need to share your personal data with parties such as:
- Data processors: providers of various services that process your personal data on our behalf (e.g. for IT and administration services, accounting, cloud storage, web hosting, email delivery and similar)
- Professional advisors from industries such as law, finance, accounting, auditing and insurance
- Support for IT and administration systems
- Public authorities we are obliged to report to
We require everyone with whom we share your personal data to secure your data in accordance with good information security and the requirements of the General Data Protection Regulation. We enter into data processing agreements with all suppliers who process personal data on our behalf.
Transfer of personal data outside the EU/EEA
In some cases, your personal data will be transferred outside the EU/EEA, for example where we use suppliers outside the EU/EEA to handle the sending of newsletters, to process customer information, to make products and services available on our website, for security on our website and otherwise to run our business in a safe and efficient manner.
The transfer of personal data outside the EU/EEA is only permitted to countries approved by the European Commission, or under necessary safeguards under the General Data Protection Regulation. This may include the use of EU standard contracts or binding corporate rules. If you want to know which suppliers we use outside the EU/EEA, and get access to documentation of necessary safeguards, please contact us by e-mail kristine.nore@omtre.no or christine@omtre.no.
Data security
We take information security seriously and we will always do our utmost to safeguard your personal data in the best possible way. Among other things, we use strong passwords, data encryption, access control, backups and two-factor authentication to secure our data and prevent unauthorized persons from accessing, changing, deleting or in any way affecting the data we hold, including your personal data.
We only use reputable providers of IT and management services such as web hosting, website and PC security, virus software, email provider, backups, and more. We only allow others to access and/or process your personal data in accordance with our instructions, and only where strictly necessary (e.g. for IT support).
We have established routines for handling data security breaches, and we will, in the event of a deviation, send a deviation report to the Norwegian Data Protection Authority within 72 hours of discovering the breach. If the breach entails a high privacy risk, we will also notify affected data subjects.
Complaints
If you believe that our processing of personal data does not comply with what we have described here or that we are otherwise in breach of data protection legislation, you can complain to the Norwegian Data Protection Authority.
You can find information on how to contact the Data Protection Authority on the Data Protection Authority's website: www.datatilsynet.no.
Changes to our services
If there are any changes to our services or changes to the regulations on the processing of personal data, this may result in changes to the information you have provided here. If we have your contact details, we will make you aware of these changes. Otherwise, updated information will always be readily available on our website.
Updated 10.02.2023