CYCC NORWAY org.nr. 924 042 400 will process personal data in connection with our operations.
Our role as a data controller involves processing personal data based on the activities we engage in and the purposes of our business. Information about the personal data we process about you, the legal basis for the processing, the purpose of the processing, how long we process the personal data, etc., is provided below.
If you have any questions or would like to know more about how we process personal data, please contact us – see contact details below.
Responsible for Processing Personal Data
CYCC NORWAY is the data controller, i.e., we determine why and how personal data should be processed, as described below.
Contact details for the data controller:
For questions you may have about our processing of your personal data, you can also contact Beckhan Saiew at beckhan@cycc.eu
Why We Collect Personal Data and What Information We Collect
We collect and use personal data for various purposes depending on who you are and how we come into contact with you.
All processing of personal data is carried out in accordance with the applicable data protection regulations, including the Personal Data Act and the General Data Protection Regulation (GDPR).
“Personal data” means any information that can be linked to an individual (referred to as “data subject”).
“Processing” refers to any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Examples of processing information include:
• Description of the type of processing and who it concerns, e.g., We process contact information for customers for …
• The purpose of the processing (why the processing occurs), e.g., … to perform the services described in …
• Legal basis for processing under GDPR Article 6, and possibly Article 9 if special categories of personal data are processed.
• Whom the data is collected from; the data subject or others
• How long the data is processed, or the criteria used to determine this duration
Other examples of processing information:
Communication and Contact
We process personal data about those who contact us to respond and document the communication and to contact others. This applies to all forms of communication, physical and digital, written and oral.
In such cases, we process names, phone numbers, email addresses, and any personal data that may arise from the inquiry, including history/logs of the inquiry.
The processing of information is based on our legitimate interest in processing personal data related to the above (see GDPR Article 6 (1) f). Therefore, we have assessed that our legitimate interest in being in contact with the outside world is part of our business and in documenting the business we operate, as well as responding to those who contact us and registering such contact. We have determined that this is necessary for us to handle inquiries we receive, and that the data subjects’ privacy does not override these interests.
Providing us with personal data is voluntary, but it will be necessary for us to respond to inquiries.
We process the information until we anticipate that there will be no further follow-up of the contact, normally within [one] year.
Recruitment
For recruitment to new positions with us, personal data such as CVs, applications, certificates, notes from interviews, results from reference checks, etc., will be processed.
Optionally: We use the job application service […] to manage submitted applications, and this service is then our data processor. If you register with the job application service with your own profile, the service will be the data controller, and you are referred to its privacy statement for information on processing personal data in the service. Processing of personal data is based on your consent given in the job application service (GDPR Article 6 (1) a), if such is obtained, or the grounds described below.
The basis for processing personal data in recruitment is that it is necessary to carry out measures before an employment contract with the job applicant is potentially concluded (GDPR Article 6 (1) b).
If investigations are conducted by us beyond contacting persons listed as references, researching history, etc., then personal data is processed based on our legitimate interest in ensuring that the right candidate for the position is selected (GDPR Article 6 (1) f). For the latter, we have assessed that our legitimate interest in recruiting new employees outweighs the individual’s privacy. We encourage you not to include special categories of personal data, such as health, religion, political opinions, trade union membership, etc., in your application.
Personal data is deleted as soon as the recruitment is completed unless you have consented to longer retention.
Storage and Deletion (Erasure) of Personal Data
We store personal data as long as it is necessary for the purpose for which the personal data was collected, and delete the data in accordance with the regulations. How long we process the various types of data we handle is included above where the individual processing activities are described.
This means, for example, that personal data that we process based on your consent is deleted if you withdraw your consent. Personal data we process to fulfill an agreement with you is deleted when the agreement is fulfilled and all obligations arising from the contractual relationship are met, such as legal obligations related to accounting, follow-up of customer relationships related to complaints, etc. Personal data we process as a result of a legal obligation will be deleted as soon as we are no longer obligated to retain the data.
Disclosure of Personal Data to Others
We do not share your personal data with others unless there is a legal basis for doing so. Typical examples of such a basis would be an agreement with you or a legal obligation that requires us to disclose the information.
We use data processors to collect, store, or otherwise process personal data on our behalf. In such cases, we have entered into agreements to ensure information security at all stages of processing. We currently use the following data processors:
All processing of personal data that we undertake occurs within the EU/EEA area.
Alternatively: It may be that we use suppliers or process personal data outside the EEA. In such cases, transfer and processing outside the EEA (third countries) will take place in countries approved by the EU Commission or in accordance with a valid legal basis for the transfer of personal data under GDPR Chapter V. If the transfer is not to a country approved by the EU Commission, it will only occur after the guarantees set out in GDPR Article 46 (2). The basis used for the transfer can be disclosed if you contact us.
Security of Processing
All processing of personal data is secured with the required technical and organizational measures.
We handle information so that it is accurate, accessible, and handled according to the degree of sensitivity of the data. We also use a variety of security technologies and information security procedures to protect personal data from unauthorized access, use, or disclosure. Risk assessments are conducted for the processing of personal data.
We have entered into data processor agreements with all our suppliers who process personal data, where they undertake the same level of security as we have for our processing of personal data.
We restrict access to personal data to the personnel or third parties who will process the data on our behalf. These parties are subject to confidentiality obligations.
Procedures have been established for handling breaches of information security and procedures (data breaches), and we will, if there is a breach that entails a risk to the privacy of the personal data concerned, send a deviation report to the Data Protection Authority as soon as possible and no later than 72 hours after the breach was discovered. If the breach entails a high probability of affecting the privacy of those the breach concerns, we will also notify these individuals.
Your Rights When We Process Personal Data About You
Below are your rights regarding the processing of personal data. To exercise your rights, you must [fill in how the data subject must proceed, e.g., contact us, see contact information above], or otherwise as follows below.
We will respond to your inquiry to us as soon as possible, and no later than one month. If it takes longer than one month, you will be informed.
We will ask you to confirm your identity or to provide additional information before we allow you to exercise your rights over us. We do this to be sure that we only provide access to your personal data to you – and not someone pretending to be you.
Information
You have the right to receive information about the personal data we process about you. Through this statement, we inform you about our processing of personal data. You can also contact us if you want more information.
Insight
You have the right to request insight into the personal data processed about you. Contact us if you want insight.
Amendment and Deletion
You can also ask us to correct inaccurate information we have about you or ask us to delete personal data. We will accommodate a request to delete personal data as far as possible, but we cannot do this if we still need the information.
Processing Based on Consent
If we process personal data based on your consent, you can withdraw your consent at any time. The easiest way to do this is to use the method that was informed when you gave your consent or to contact us.
Right to Limit or Object to Processing
You have the right to have the processing limited in certain cases, see GDPR Article 21, such as:
a) You dispute the accuracy of the personal data – processing is paused for a period that allows us to verify the accuracy of the personal data.
b) The processing is unlawful, and you oppose the deletion of the personal data and instead request that the use of the personal data be limited.
c) We no longer need the personal data for the purpose of the processing, but you need them to establish, assert, or defend legal claims.
You can also object to processing under GDPR Article 21 no. 1 pending the verification of whether our legitimate interests override your privacy.
Right to Data Portability
For data that you have provided to us and is necessary to fulfill an agreement with us, and which is processed automatically (i.e., not manually by us), you can request that the personal data about you be delivered or transferred to another provider in a structured, commonly used, and machine-readable format (data portability).
Automated Processing, Including Profiling
There will be no automated processing, including profiling, based on your personal data that has legal effects or significantly affects those the personal data concerns. See GDPR Article 22 nos. 1 and 4.
Optionally: Automated processing, including profiling, will be conducted based on your personal data that has legal effects or significantly affects those the personal data concerns (see GDPR Article 22 nos. 1 and 4).
These decisions include [include].
You have the right to refuse that exclusively automated processing or profiling affecting you be conducted by contacting us.
Complaints
If you experience that our processing of personal data does not comply with what we have described here or that we otherwise violate data protection legislation, you can complain to the Data Protection Authority.
You can find information about your rights and how to contact the Data Protection Authority on the Data Protection Authority’s website: www.datatilsynet.no.
Changes
If there are changes in our services or changes in the regulations on the processing of personal data, this may result in changes to the information you have been given here. If we have your contact details, we will make you aware of these changes. Otherwise, updated information will always be available on our websites.
Â
Â
Â
© 2024 CYCCMarket – All rights reserved