Privacy statement

Your privacy is important to Anteo. We want you to understand how we handle your personal data. In this privacy policy, we explain, among other things, what personal data we collect and process, for what purposes we process your data and provide information about your rights.

1. WHAT IS PERSONAL DATA?

Personal data is any information that can be directly or indirectly linked to a natural person, such as name, postal address, email address, IP address and mobile number.

2. WHAT ARE ANTEO'S RESPONSIBILITIES UNDER THE GDPR?

Anteo AS, Industrivegen 12, 7900 Rørvik, is the data controller for all processing of personal data where we ourselves determine the purpose of the processing of the data and the means we use for this. In this privacy statement, you can read more about the processing for which Anteo is the data controller.

As a data controller, we must process your personal data in accordance with our obligations under applicable data protection legislation, including the Personal Data Act and the EU General Data Protection Regulation ("GDPR").

As a provider of the Anteo SaaS Platform, Anteo is the data processor for the processing of personal data that takes place on behalf of our customers in connection with the delivery and administration of the platform, including the processing of data in connection with the registration of a user account and further use of the platform. Our obligations as a data processor are regulated in a separate data processing agreement with our customers (who are considered to be the data controller).

3. WHO DO WE PROCESS PERSONAL DATA ABOUT?

This privacy policy addresses our processing of personal data about the following individuals:

Contact persons at our customers

Visitors to our website

People who apply for positions with us or whom we otherwise recruit

Others who come into contact with us in other ways

4. WHAT PERSONAL DATA DO WE PROCESS?

The personal data that we collect and process can be divided into the following categories:

Basic information, such as name and contact details, including phone number and email address.

Demographic information, such as date of birth and gender.

Information related to our customer relationships, such as service and order information, payment information and customer service inquiries.

Information about visits to our website (including information about your IP address, date and time of visit, what kind of PC/mobile phone, operating system and browser you use, and what country you are in, etc.)

Any other data collected on the basis of your consent. In that case, you will receive specific information about what data we collect and what it is used for when we ask for your consent.

Information shared by candidates applying for a job with us, including information provided in CVs and applications.

Any other information shared with us in connection with inquiries, e.g. inquiries to our customer service.

5. HOW DO WE RECEIVE PERSONAL DATA ABOUT YOU?

We may receive your personal data in different ways:

We receive personal data directly from you when you, as an employee of our customers, order our services or otherwise contact us, or in connection with recruitment when you apply for a position with us. This information is necessary for us to be able to provide the service you have ordered or to follow up on your inquiries and any job application.

We receive personal data indirectly from you when you use our services, such as our websites. This information is important in order to improve and further develop the services we offer you.

We receive personal data from other sources, e.g. if your data is available in public registers.

It is of course voluntary to share personal data with us. However, certain information may be necessary in order to execute any agreement with our customers, including, for example, information used in connection with invoicing.

6. WHY ARE WE ALLOWED TO PROCESS PERSONAL DATA?

Under applicable data protection legislation, we are required to base our processing of personal data on a lawful basis for processing. Our processing of personal data is based on one or more of the following grounds:

You have given your consent to the processing of your personal data for one or more specific purposes (GDPR article 6(1) a).

The processing is necessary for the performance of a contract with you (GDPR article 6 (1) b).

The processing is necessary to fulfill a legal obligation incumbent on us, including, for example, to store information in accordance with the bookkeeping legislation (GDPR article 6 (1) c).

The processing is necessary for purposes related to a legitimate interest pursued by us, provided that your interests or fundamental rights or freedoms do not override and require the protection of your personal data (GDPR article 6 (1) f).

If our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.

7. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?

We collect and use your personal data for different purposes depending on your relationship with us and how we come into contact with you.

Below you can read more about what personal data we process, what we use it for (the purpose) and why we are allowed to do so (the legal basis for processing).  

Anteo uses personal data for the following purposes:

Delivering our products and services: We process personal data in order to deliver our products and services to our customers, and in that connection enter into agreements and manage our customer relationships. For example, personal data is processed in connection with email correspondence and order placement. In this context, we process the following categories of personal data: basic information relating to our customers' employees, such as names and contact details, as well as other information that may be shared with us. The legal basis for processing personal data in connection with entering into customer agreements and managing our customer relationships is Article 6(1)(b) of the GDPR.

Development, improvement and analysis: We process personal data to understand the needs of our customers and to improve and further develop our products and services. Among other things, we process information in order to compile statistics for the purpose of improving and further developing the offer on our website. In this context, we process the following categories of personal data: information about IP address, how many people visit different pages, how long the visit lasts, which websites users come from, date and time of visit, what type of PC/mobile phone, browser used, and which country you are in. When data is processed for statistical purposes, the data is processed in de-identified and aggregated form (in a larger group of data). The legal basis for the processing is GDPR article 6 (1) (f) - our legitimate interest.

Sales, marketing and communication: We use personal data for marketing purposes in accordance with applicable law. These activities include marketing of products and services, including sending out newsletters and other information you have requested. We may also use your personal data to communicate with you, including to follow up on your inquiries, e.g. inquiries that you send us by using our contact form on our website. In this regard, we process the following categories of personal data: basic information relating to employees of our customers and potential customers, such as name and contact details, as well as other information that you may share with us. The legal basis for the processing is based on GDPR article 6 (1) (f) - our legitimate interest.

Job advertisement and employment: We use personal data to assess candidates who apply for positions with us, either unsolicited or through an advertisement. In this context, we process the following categories of personal data: the personal data provided in the CV and application, as well as other information that the candidate may share with us. The legal basis for the processing is Article 6(1)(f) of the GDPR - our legitimate interest.

Information security and misuse of services: We may process personal and traffic data to ensure good security in all our services. We may also process personal data to detect or prevent various types of fraud and misuse. In this context, we process the following categories of personal data: log data, IP addresses, metadata, etc. and other information that you may share with us. The legal basis for the processing is Article 6(1)(f) of the GDPR - our legitimate interest.

Compliance with legal requirements: We process personal data to fulfill our statutory obligations, for example, in connection with accounting or to provide information to competent authorities when required to do so by applicable law. In this regard, we process the following categories of personal data: The categories of personal data processed depend on legal requirements. The legal basis for the processing is GDPR article 6(1)(c) - our legal obligations.

8. HOW DO WE SECURE YOUR PERSONAL DATA?

We have established routines and measures to ensure that unauthorized persons do not gain access to your personal data and that all processing of the data otherwise takes place in accordance with applicable legislation. These measures include risk assessments, technical systems and physical procedures to ensure information security.

9. WHO DO WE SHARE PERSONAL DATA WITH?

We may share personal data with our technical subcontractors or other companies that perform assignments on our behalf. A company that processes your personal data on our behalf is called a data processor. If we engage a data processor, we enter into a data processing agreement that regulates how the data processor may process the data they are given access to and their obligations in this regard, including the purposes for which the personal data may be used.

We may also share personal data with public authorities where there is a statutory duty of disclosure.

10. DO WE TRANSFER PERSONAL DATA TO OTHER COUNTRIES?

Anteo mainly uses subcontractors in the EU/EEA, but may also use suppliers outside the EU/EEA (so-called third countries), such as the USA. The personal data transferred includes the following categories of personal data: Basic information, such as name and contact details, including telephone number and e-mail address, information related to our customer relationships, such as service and order information, payment information and customer service inquiries, any other information shared with us in connection with inquiries, e.g. inquiries to our customer service.

If your personal data is transferred to a third country, we will ensure prior to the transfer that it is in line with the requirements set out in Chapter V of the GDPR.

Our transfer of your personal data to third countries is based on a prior decision by the European Commission on an adequate level of protection (such as the E.U. - U.S. Data Privacy Framework for transfers to the United States) or that we enter into an agreement based on the EU Standard Contractual Clauses (SCC) with the recipient of the personal data.

11. HOW LONG DO WE STORE PERSONAL DATA?

We store your personal data for as long as necessary to fulfill the above-mentioned purposes for processing the data. However, this does not apply if storage is required by law for a longer period than the purpose indicates.

This means, for example, that any personal data processed on the basis of your consent will be deleted if you withdraw your consent.

If the basis for processing is our legitimate interest, the data will be deleted when such legitimate interest no longer exists. Data stored in accordance with statutory obligations will be deleted when the obligation ceases. For example, we have storage obligations in accordance with bookkeeping legislation. Furthermore, accounting legislation requires us to store certain accounting documents for a specified period of time, generally 3.5 years or 5 years. Information shared by candidates who applied for a job with us but did not get the job, including information provided in CVs and applications, is deleted unless we have collected consent for further storage.

Any other information shared with us in connection with inquiries, e.g. inquiries to our customer service, may, in accordance with our internal routines, be stored for up to 2 years, depending on the purpose of the inquiry and the need for any further follow-up and assessments.

12. WHAT RIGHTS DO YOU HAVE?

The data protection legislation gives you a number of rights, including the right to access, correct and delete the personal data we have stored about you.

We are committed to ensuring that the personal data we have stored about you is correct and up to date. If you discover that your data is incorrect, we encourage you to contact us. This also applies if you want your data to be deleted.

Regarding the requirement for erasure, there is an exception for the data that is necessary for us to provide a service that you still wish to have access to, or it is required by law to retain the data for a specific period of time.

You also have the right to data portability. This means that you have the opportunity to take your personal data with you in a machine-readable format.  

Furthermore, you have the right to object to the processing of personal data and the right to object to personal profiling and automated decision-making. This means that you can demand that your personal data is not analyzed to reveal your behavior, preferences, abilities or needs. However, this does not apply if the processing is necessary to fulfill an agreement that you have entered into with us or if you have previously given your explicit consent to the processing.  

You also have the right to receive a copy of the personal data we have registered about you, insofar as the duty of confidentiality does not prevent this. To ensure that personal data is disclosed to the right person, we may require that requests for access are made in writing and that identity is verified in some other way.

In some situations, you can also ask us to restrict the processing of your data.  

If you believe that we are not following what we inform you about in this privacy statement or applicable legislation, you can send us a complaint. You can also complain to the Norwegian Data Protection Authority.

You can read more about your rights on the Norwegian Data Protection Authority's website: www.datatilsynet.no.

13. INFORMATION ABOUT COOKIES

Anteo AS is the data controller for the collection and processing of personal data in connection with the operation and maintenance of anteo.no. The purpose of collecting personal data via the website is to log the use of anteo.no in order to develop and improve the website.

Cookies are not used on anteo.no. When you use our website, we only collect the information stated in section 7 regarding development, improvement and analysis above.  

14. HOW DO WE NOTIFY YOU OF CHANGES TO THIS PRIVACY POLICY?

Our services are constantly evolving. We may therefore need to update our privacy policy. If the privacy policy is subject to update, the updated privacy policy will be made available on our website: https://www.anteo.no/personvern.  

15. HOW DO YOU GET IN TOUCH WITH US?

If you have any questions about how we process your personal data or wish to exercise your rights, please contact us by sending an email to support@anteo.no.