1. THE PURPOSES OF PROCESSING PERSONAL DATA
Føyen is obliged to carry out customer due diligence in accordance with the Money Laundering Act. As a new customer, we ask you, for example, for personal data such as name, birth number, e-mail address and telephone number. Furthermore, additional information may be required to keep the data up to date or to check that the data we collect is correct. Before we accept assignments from clients, we use clients and potential clients contact information to perform an independence check (conflict or interest).
2. DATA WE COLLECT AND THE SOURCES
We collect personal data directly from you, or it is collected in connection with the use of our services and the services we provide. In other cases, data can also be obtained from publicly available registers such as the Register of Business Enterprises (Foretaksregisteret), the Brønnøysund Register Center etc.
As the data controller, we process personal data about people who are involved in matters we work with (for example clients, contacts with clients and other parties), contacts with suppliers and partners, participants in events and webinars, newsletters, and users of our services.
In the case of certain legal services, we will have access to personal data about parties or other persons who are part of the case. Other information about counter parties and employees of counter parties can also be processed in connection with cases.
3. HOW WE PROCESS PERSONAL DATA
3.1. PROCESSING PERSONAL DATA RELATED TO OUR SERVICES
3.1.1. WHICH PERSONAL DATA WE PROCESS
In connection with case work, we may receive various information, including the client’s employees, owners, counter parties, witnesses, the other party’s lawyers, employees of the other party and others who are affected by the case. Related to our services, we collect the following personal data about you:
- Name / contact name
- Date of birth / social security number
- Phone number
We also collect very general information about you that is related to and necessary for the services we provide to our clients. In some cases, we may also receive special categories of personaldata such as health information or information about union membership, either directly from the client himself or from a doctor/ insurance company etc.
We use your personal data to fulfill legal and contractual obligations, as well as to provide advice and services within our business areas.
3.1.3. LEGAL BASIS FOR PROCESSING
Føyen processes personal data when we provide our services based on:
That it is necessary for the performance of a contract to which the data subject is party, (cf. GDPR Article 6 (1) b.)
For compliance with a legal obligation to which Føyen is subject, (cf. GDPR Article 6 (1) c.),
The legitimate interests pursued by Føyen or a third party, unless the person concerned holds interests, rights or freedoms that take precedence and require the protection of personal data (cf. GDPR Article 6 (1) f.) The legitimate interests in this context are to provide legal services and establish client relationships.
GDPR article 9 no. 2 letter f (the processing is necessary to determine, assert or defend a legal claim), cf. the Personal Data Act of 15 June 2018 § 11. Processing of special categories of personal data will have this as a processing basis in those cases where is current.
3.2. PERSONAL DATA RELATED TO JOB APPLICANTS
3.2.1. PERSONAL DATA WE PROCESS
Related to job applications, we collect the following personal data:
- Name and address
- Social security number
- Telephone number
The purpose of processing personal data in a recruitment context is to be able to evaluate and recruit new suitable employees for the company. In addition, the data is collected to assess whether the candidate is relevant to the position in question.
3.2.3. LEGAL BASIS FOR PROCESSING
Føyen processes personal data in connection with job applications and trainee stays based on:
For the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, cf. GDPR Article 6 (1) b.
Consent from the person applying for the job position or a trainee position, cf. GDPR Article 6 (1) a.
3.3. PROCESSING OF PERSONAL DATA FOR MARKETING, INFORMATION AND STATISTICAL PURPOSES
3.3.1. WHICH PEROSNAL DATA WE PROCESS
In connection with webinars, events, and newsletters, we process personal data. We process the following data:
- Contact information, name, e-mail address, telephone number, position, and place of work.
- For students, we also collect information about place of study and study progression.
126.96.36.199. NEWSLETTER, SEMINAR INVITATIONS AND OTHER INFORMATION
Føyen regularly sends out newsletters, seminar invitations and other relevant news via e-mail to its customers and contacts who have agreed to this. In order for us to be able to send e-mail, we ask for contact information in the form of name, employer and e-mail address. Data is collected through regular customer contact, as part of delivering our services, and that people themselves sign up for our newsletters, or through participation in our seminars, and give consent to receive these.
It is voluntary to receive newsletters and other information from Føyen. You can therefore unsubscribe from our newsletters and seminar invitations at any time. In all newsletters and seminar invitations, there is a link to the unsubscribe page where you can unsubscribe.
Apsis is the data processor for Føyen’s newsletter and seminar invitations. All contact information provided upon registration is stored in a separate database. We always treat the data confidentially and never share the information with others. The personal data is deleted when you unsubscribe from our e-mails and/ or if we receive feedback that the e-mail is no longer active. This is done so that we only send relevant information.
Føyen uses the registration solution for Apsis when registering for seminars and courses under our auspices. In this solution, you can sign up for our seminars and courses by providing your name, employer, job title and e-mail. This is information we collect for purposes in courses and seminar administration/coordination, for example by sending out registration confirmations or course material, production of name tags and to be able to collect course fees. For paid seminars and courses, we will also ask for an invoice address when registering. Personal data collected and stored to administer seminars and courses is stored and processed for as long as the client relation exists or until the consent has been withdrawn. We consider a client relation to exist when you have participated in one of our events or if you have received legal advice from us the last years.
The purpose of the processing of personal data in connection with marketing activities is to be able to follow up clients, students and those who have agreed to receive information from us via our channels. The data is also used for the purpose of being able to provide information.
3.3.3. LEGAL BASIS FOR PROCESSING:
Føyen processes personal data for marketing activities based on:
Consent to receive newsletters invitations to seminars and other information, cf. GDPR Article 6 (1) a.
Legitimate interests in following up clients, employees of clients and students by providing relevant information regarding our services, as well as news and events, cf. GDPR article 6 (1) f.
Cookies we collect are:
- wordpress_test_cookie: WordPress sets this cookie when you enter the site. The cookie is used to check whether the browser is set to accept or reject cookies. This cookie is technical and is deleted after you leave the website.
- wp-settings-1, wp-settings-time-1: WordPress uses this Cookie to customize how the user views the user interface on the page. This cookie is technical and is deleted after 1 year.
By accessing and retrieving information and/ or using services on foyen.no, you agree that cookies are placed in your browser – in that most browsers are set so that they automatically accept cookies. No personal data is collected when using our cookies. If you want to delete cookies from your browser, you can read more about this here.
Føyen uses Questback to conduct surveys. We will always inform about the purpose of the survey, and any answer is processed only against the stated purpose. The surveys that are sent out are basically never anonymous unless this is stated specifically. If the survey is anonymous, Føyen will not collect any data that can be linked to you as an individual.
3.6 SOCIAL MEDIA
We have a user and a page on Facebook. Through the Facebook page, we receive information about the activity on the page. On Føyen’s Facebook page, personal data is collected via what the registered person writes, likes and data Facebook observes about the data subject’s use of the pages. The data is analyzed through Facebook’s page Insight and presented to Føyen as statistics. See more information about Page Insights here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
Page insight can give Føyen information about how many people have seen posts, who has liked, shared, and commented, reactions to posts, demographics and are presented as statistics. The user is created in accordance with the guidelines of Facebook and Føyen does not have access to data that is processed as part of the events, only the aggregated page insight.
3.6.2. JOINT RESPONSIBILITY WITH FACEBOOK
Føyen has joint processing responsibility with Facebook Ireland for the processing of personal data necessary for Page insight on the Facebook pages. The responsibility for processing is exercised in an agreement between Føyen and Facebook which can be read here: https://www.facebook.com/legal/terms/page_controller_addendum.
3.6.3. PURPOSE AND LEGAL BASIS FOR PROCESSING
The purpose for the processing is Føyen’s interest in using the data and statistics to reach out as widely as possible and to those who follow Føyen’s activities. The basis for processing is the legitimate interest in communicating with users of Facebook and Føyen’s Facebook pages, cf. GDPR article 6 (1) f. that the data subject has published, cf. GDPR Article 9 (2) e.
Føyen does not store personal data that is processed through Facebook’s page insight. Through Facebook’s Data Policy: https://www.facebook.com/about/privacy/update you will find information about the rights you as a Facebook user have, including the right to access, correct, delete, the right to protest, the right to request on restriction, the right to data portability and the right to appeal to the supervisory authority.
4. SHARING OF DATA TO THIRD PARTIES
Personal data for which Føyen is responsible for processing is not shared with third parties, except for disclosure that follows from a statutory obligation to which Føyen is subject, such as tax authorities and supervisory authorities.
5. DATA SECURITY AND STORAGE TIME
Føyen has implemented organizational and technical measures to ensure that your personal data is processed securely and in accordance with requirements for integrity, confidentiality, and availability in current privacy legislation. The personal data we hold about you is deleted now that it is no longer needed based on the purposes for which it was collected.
All employees in Føyen are subject to a duty of confidentiality in accordance with the employment contract.
Personal data for which Føyen is responsible for processing is stored as long as you have a relationship with Føyen. Upon termination of the customer relationship, Føyen will delete the personal data. We may still retain your personal data for as long as is necessary to fulfill our obligations, and in accordance with the requirements for retention in laws and regulations.
6. YOUR RIGHTS
You can request access to the personal data we have registered about you, as long as the duty of confidentiality does not prevent this. You can also request correction, deletion, and restrictions in the processing of personal data in accordance with current privacy legislation. In addition, you can withdraw a consent to the processing of personal data, if the processing is based on consent. You can withdraw your consent at any time by contacting us about this. You also have the right to data portability and will in some cases have the right to have access to the personal data you have given us.
Requests for rights mentioned above are sent by e-mail to: email@example.com. Føyen must respond as soon as possible and no later than 30 days after receiving the inquiry. If special circumstances make it impossible to respond within 30 days, Føyen shall provide feedback that includes reasons for the delay and information on the expected time for response. Føyen may retain your personal data to fulfill our legal obligations and enforce our agreements.
If you believe that Føyen has not complied with your rights in accordance with personal data legislation, you have the right to send a complaint to the Norwegian Data Protection Authority as the supervisory authority.
7. CHANGES TO THE PRIVACY STATEMENT