Personal data is a piece of information or assessment that can be connected to you as a person, such as name, address, telephone number and e-mail address. Information about a company and other legal entities is not personal data.
The Controller for the personal data we process, is Sotra Anchor & Chain AS represented by General Manager Åge Vindenes.
Processing personal data requires legal basis. The basis for our processing of personal data is authorized in GDPR art. 6 first paragraph letter a, b, c and f.
Collected personal data is only used for the purpose for which it is collected.
The purpose of our collecting personal data is to be able to carry out agreements with our customers and suppliers.
From time to time, we will also collect and process personal data about potential customers and suppliers, normally because we receive a request for a quote, etc. Our basis for processing personal data in connection with quote requests will be authorized in GDPR art. 6 first paragraph letter a) or b).
We also process personal data to the extent required or allowed by law, such as taxes, fees, product responsibilities and similar, or where you have agreed to the processing in question.
We collect personal data about contacts for our customers and suppliers.
The collected personal data is normally received directly from you. In some cases, the information is publicly available, such as for example name, telephone number, etc.
Data collected about customer and supplier contacts is normally the following:
Our customers are mainly companies. Information about the company is not personal data.
Personal data is only shared with others whenever necessary for the purposes described in this policy.
If there is any statutory duty to provide information to public authorities, the relevant personal data will be handed over to the authorities according to the statutory requirements.
If our agreement with customers requires goods to be delivered, the necessary personal data will be delivered to the relevant carrier. Data shared with the carrier is limited to name, telephone and address.
We will process your personal data for as long as necessary to fulfil the purposes of collecting the data.
When the purpose of each processing is fulfilled, we will delete your personal data. Exceptions apply if we have a legal duty to store the data for a longer period of time, for example according to the Bookkeeping Act § 13. We will also be able to store personal data to defend any legal claims.
Necessary information on our customers and contacts will be stored for 13 years from the completion of our latest delivery.
If our processing is based on consent, we will delete the personal data once the consent is withdrawn.
We store personal data in a safe and secure manner to maintain the GDPR requirements for confidentiality and integrity.
If we store any of your personal data, you have the right to access which of your personal data that we process. If the processing of personal data is based on your consent, you can withdraw your consent at any time.
You can also ask us to correct incomplete or incorrect information, and you can ask us to delete personal data we no longer are entitled to store, see point 7 above.
You can read more about the content of these rights on the website of the Norwegian Data Protection Authority: www.datatilsynet.no.
If you think that our processing of personal data does not match what we have described here, or that we violate privacy law in other ways, we ask you to contact our controller about this.
If you, after contacting us, still are of the opinion that our processing of your personal data is not consistent with applicable regulations, you can complain to the Norwegian Data Protection Authority. You can find information on how to contact the Norwegian Data Protection Authority on their website: www.datatilsynet.no.
If you have questions for how we process personal data, or wish to request corrections, deletion, etc., please contact us at firstname.lastname@example.org.