Privacy Policy for Enivest AS
Powered by SIGNATU  
Published: a few seconds ago (July 14, 2022)
When is our Privacy Policy published and effective?

When

Our privacy policy is:

  • effective as of: 01.07.2018

What and where

Our policy applies to:

Who is responsible for processing your personal data?

Responsibility and role

We decide why and how your personal data are processed. We are responsible for processing your personal data.

From which source do we collect your personal data?

Source

We collect your personal data from the following sources:

  • a publicly accessible source: Matrikkel Kartverket
  • directly from you: Namn, postadresse, tlf-nummer, e-postadresse, fødselsdato.

How we collect

We collect your personal data in the following ways:

  • manually:
  • electronically with the use of a web form:
  • electronic tracking technologies: Google Analytics: Vi nyttar analyseverktøyet Google Analytics for å studere trafikk, bruksmønstre og trendar på denne nettstaden. Data som blir samla inn blir brukt for å optimalisere brukaropplevinga og å tilpasse innhaldet på nettsida. I samsvar med Google sine retningslinjer for bruk av Google Analytics, blir det ikkje samla inn personleg informasjon om deg som brukar. Innsamla data blir lagra på Google sine servere. Ønsker du å deaktivere innsamling av data for Google Analytics kan du det via linken her: Opt-out

    CraftSessionId: Blir nytta ved utfylling av skjema for å bekrefte at skjemaet blei sendt frå våre nettstadar. Dette motverkar tilfelle der ein tredjepart forsøker å lure brukaren med eit cross-site request forgery-angrep.

Whether you must provide personal data

These are the personal data you:

  • have permission to give us, and of your own free will give us (voluntary data): E-postadresse
  • have permission to give us, and we require that you give us (obligatory data): Adresse, fødselsdato, navn, telefonnummer/mobilnummer

No consequence for not providing personal data that are voluntary to give

There are no consequences for not giving us the voluntary personal data above.

Consequence for not providing personal data that are obligatory to give

The consequences for not giving us the obligatory personal data above are: Noko informasjon er obligatorisk å oppgi, for at vi skal kunne levere våre tenester.

Giving us the above personal data is obligatory because of:

  • a contractual requirement.
  • a requirement that is necessary for the entry into a contract.
What are our legal grounds for processing your personal data?

Regular and/or "sensitive" personal data

We process your:

  • regular personal data.

Our legal ground for processing your regular personal data is:

  • your consent.

    Personal data we process based on this legal ground is: Namn, telefon nummer, e-post adresse.

  • a contract to which you are a party.

    Personal data we process based on this legal ground is: Namn, fødselsdato, postadresse, telefon nummer, e-post adresse, IP-adresse, mac-adresse, datagrunnlag som kva for einingar som har vore tilkopla ditt trådlause nettverk.

  • the necessity to comply with a legal obligation to which we are subject.

    Personal data we process based on this legal ground is: Namn, postadresse, ip adresse.

  • the necessity to perform a task carried out in the public interest, or the necessity to perform a task in the exercise of official authority that is vested in us.

    Personal data we process based on this legal ground is: Namn, postadresse, ip adresse.

In which situations do we process your personal data?

Categories of individuals

We collect personal data:

  • of customers and/or clients.
  • of contractors.

Our role

We are:

  • a recipient of your personal data.
  • a third party who

    • is authorised to process personal data under the direct authority of the controller, or
    • is authorised to process personal data under the direct authority of the processor.
  • an enterprise.
  • an enterprise that controls an undertaking or we are a member of an undertaking.

Sector

We process your personal data in the:

  • private sector.
  • public sector.

Situation

We process your personal data in a situation that concerns:

  • an activity that is professional or commercial. Sal av tenester, leveranse og kundeservice av fiber- og breibandstenester, teletenester.
  • the offering of goods or services. Anbodskonkurransar, fiberutbygging, salsaktivitetar.
  • an online activity. Bestilling via nettside, informasjon via nettside, nettprat
  • a contract or that concerns an entry into a contract. Kundeavtaler
  • when you are contractor of us. Samarbeid med underleverandørar/kontraktørar
  • Enivest handsamer dine personopplysningar, inkludert trafikkdata og signaleringsdata nytta til overføring av data, herunder også signaleringsdata frå ditt wifi-nettverk. Desse opplysningane vil bli registrert, lagra og brukt av Enivest, i nokre tilfelle også av underleverandørar, for å kunne tilby ei betre og meir relevant brukaroppleving av tenestene vi leverer. Denne behandlinga inneberer at vi brukar eit verktøy som samanstiller detaljert datatrafikk på ditt heimenettverk og gjer analyser basert på denne datainnsamlinga. Desse analysane blir brukt som grunnlag for å kunne gi deg som kunde gode råd og anbefalingar om tiltak, både ved proaktiv utgåande aktivitet, og som verktøy for våre kundehandsamarar når du sjølv tek kontakt med oss. Analysane kan også bli brukt til marknadsføring-og salgsføremål.

    Datagrunnlag blir innsamla, lagra og analysert basert på dei 7 siste dagars aktivitet på kundens heimenettverk.

Do we perform automated decision-making and automated profiling?

Profiling

We use your personal data to automatically evaluate aspects of your personality.

This profiling:

  • can include analysis of your characteristics.
  • can include predictions of your behaviour.
  • are made solely by automated means are without a human influence.

No automated decision-making

We do not use your personal data to make automated decisions about you.

Communication about safeguards available

We make it possible for you to express concerns about the safeguards that are related to the “wholly automated decisions” via our:

  • postal address: Postboks 123, 6801 Førde
About our processing purposes

Purposes

We process your personal data for the purposes that are described in Section 3.

Our processing purposes are:

  • real,
  • present, and
  • legitimate.

New purposes

We do not process your personal data for secondary purposes that are inconsistent with the primary purposes for which your personal data is collected initially,

  • without your prior consent,
  • without a legitimate interest, and
  • without legal ground.

Information about new purposes

We inform you before we process your personal data for secondary purposes

  • if we in the first instance collect your personal data initially for a primary purpose, and
  • if our secondary purpose is inconsistent with the primary purpose.
How long do we keep your personal data?
  • Storage limitation

    We limit the duration we store your personal data to what is necessary for our processing purposes.

  • Storage review

    We continuously review the necessity of our continued storage of your personal data: Ein gong per kvartal tar personverngruppa opp kva personinformasjon vi har behov for å lagre.

  • Storage periods

    We delete your personal data within a specified time-limit: Vi har interne rutinar for sletting. For nærmare informasjon er det mogleg å ta kontakt på kundeservice@enivest.no

Storage required by law

If the further retention of your personal data is necessary for the purposes that are specified by law, we can further retain your personal data.

Do we share your personal data?

Disclosure to recipients

We disclose your personal data to the following recipients: Vi delar persondata med underleverandørar og samarbeidspartnarar for: Utbygging, leveranse av tenester, feilretting og sal av tenester.

Our legal grounds for disclosing your personal data to the recipients are:

  • your consent.
  • a court order that is binding and enforceable.
  • Behandlinga er nødvendig for å oppfylle ein avtale som den registrerte er part i (GDPR art. 6 1b) Behandlinga er nødvendig til formål knytta til ei berettiga interesse (interesseavveining - GDPR art. 6 1f)

Information about future disclosures will be available

If we in the future disclose your personal data to a recipient, then we inform you of:

  • the time we disclose the personal data, and
  • the names of the recipients.
Do we transfer your personal data outside the EU or EEA?

No transfers to countries outside the EU and EEA

We do not transfer your personal data to:

  • countries outside the EU and EEA, or
  • an international organization.
Are your personal data secure?

Security

We secure your personal data:

  • with appropriate technical measures,
  • with appropriate organisational measures,
  • with an appropriate level of security,
  • against unauthorised processing,
  • against unlawful processing,
  • against accidental or unlawful loss,
  • against accidental or unlawful destruction, and
  • against accidental or unlawful damage.

Actions when security breach is discovered

If we have a reasonable degree of certainty of a breach of the security of the processing of your personal data, then we will:

  • report the security breach to the management.
  • assign a person with responsibility to

    • assess whether the security breach can have unfavourable effects for you,
    • inform relevant persons in our organisation,
    • determine whether it is necessary to notify the Supervisory Authority of the security breach, and
    • determine whether it is necessary to communicate information about the security breach to you.
  • investigate the security breach.
  • seek to prevent that a breach of security leads to:

    • accidental or unlawful destruction of the personal data,
    • accidental or unlawful loss of control of the personal data,
    • accidental or unlawful loss of access to the personal data,
    • accidental or unlawful alteration of the personal data,
    • unauthorised disclosure of the personal data, or
    • unauthorised access to the personal data.
  • mitigate the immediate risk of a damage.
  • notify the Supervisory Authority about the security breach, if the personal data breach is likely to lead to a risk for your rights and freedoms.
  • notify you of the security breach

    • if the breach is likely to lead to a high risk for your rights and freedoms,
    • as soon as possible,
    • via appropriate contact channels, e.g. via email, SMS, prominent banners on our website, postal communications, prominent advertisements in media etc.

    We are not obliged to notify you directly if

    • we have taken measures that render your personal data unintelligible to any person who is not authorised to access them,
    • we immediately after the security breach took steps to ensure that the high risk to your rights and freedom no longer is likely to happen, or
    • it would involve disproportionate effort. In such a case, we will inform you via public channels.
Are we certified and do we follow a code of conduct?
  • Self-assessment of correctness of this policy

    We self-assess that the:

    • attestations in this policy are true, and
    • assertions in this policy are true.
What are your rights?

Promise to fulfil rights

You have specific legal rights relating to the personal data we collect from you.

We will respect your individual rights and will deal with your concerns adequately.

Where you have given consent for the processing of your personal data, you have the right to withdraw your consent at any moment.

Right to access

You may ask from us information regarding personal data that we hold about you, including:

  • information as to which categories of personal data we have in our possession or control,
  • what your personal data are being used for,
  • where we collect your personal data, if not from you directly, and
  • to whom your personal data have been disclosed, if applicable.

We will provide you with a copy of your personal data upon your request.

If you ask for further copies of your personal data, then we can charge you with a reasonable fee that we base on the administrative costs.

Right to rectification

You have the right to obtain from us rectification of your personal data, that are inaccurate or incomplete, in the latter case provided you supply the corrected or supplementary information.

Right to erasure

You have the right to request that we delete the personal data we process about you.

We must comply with this request if we process your personal data, and if:

  • the personal data is no longer necessary for the fulfilment of the purposes for which they have been collected;
  • you object to the processing based on our legitimate interest or withdraw your consent;
  • the personal data has been processed unlawfully;
  • the personal data must be deleted in order to observe a legal obligation incumbent on us.

We must not comply with this request your personal data is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation that binds us;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or
  • for the establishment, exercise or defence of legal claims.

Right to restriction

You have the right to obtain from us restriction of processing of your personal data, if:

  • you contest the accuracy of your personal data, for the period we need to verify the accuracy,
  • the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,
  • we no longer need your personal data but you require them for the establishment, exercise or defense of legal claims, or
  • you object to the processing while we verify whether our legitimate grounds override yours.

Right to object to direct marketing

You have the right to always object to the processing of your personal data for direct marketing that was based on our legitimate interest, regardless of any reason.

If the marketing was based on your consent, you can withdraw consent.

Right to receive personal data (“data portability”)

You have the right:

  • to receive your personal data that you have provided to us, and,
  • to request that we transfer your personal data (that you have provided to us) to another organization, only if the transfer is technically feasible.

These two rights are rights you have if:

  • we process your personal data by automated means,
  • we base the processing of your personal data on your consent, or our processing of your personal data are necessary for the execution or performance of a contract to which you are a party,
  • your personal data are provided to us by you, and
  • the transmission of your personal data does not adversely affect the rights and the freedoms of other persons.

You have the right to receive your personal data in a structured, commonly used and machine-readable format.

Your right to receive your personal data must not adversely affect the rights and the freedoms of other persons. This may be the case if a transfer of your personal data to another organization also involves the transfer of the personal data of other (non-consenting) individuals.

Right not to be subject to automatic decisions

You have the right not to be subject to automatic decision when the decision:

  • is taken solely by automated means, ie without human intervention; and
  • produces an adverse legal effect on you or otherwise significantly affects you.

You do not have the right not to be subject to automatic decision when the decision is:

  • necessary for the entry into or performance of a contract between us and you, or
  • authorised by law, or
  • based on your explicit consent.

If we fall under one of those exceptions, you are able to:

  • obtain human intervention;
  • express your point of view, and
  • obtain an explanation of the decision and challenge it.
How can you exercise your rights?

Communication about rights available

We invite you to communicate with us about the exercise of your rights concerning the protection of your personal data.

Written requests

We only accept written requests since we cannot deal with verbal requests immediately without first:

  • analysing the content of the request, and
  • identifying you.

Describe right to exercise

Your request should contain a detailed, accurate description of which right you want to exercise.

Identification document

You must provide us with a copy of an identification document to confirm your identity, for example:

  • an ID card or
  • a passport.

The document should contain:

  • an identification number,
  • country of issue,
  • period of validity,
  • your name,
  • your address, and
  • your date of birth.

Any other data contained in the copy of the identification document such as a photo or any personal characteristics, may be masked out.

We will not accept other means of assuring your identity.

If you wish to propose alternatives, we will assess them on a case-by-case basis.

Our use of the information on your identification document:

  • is limited to verify your identity, and
  • will not be stored for longer than needed for this purpose.

Where send request

You can send your request that concerns the protection of your personal data to:

Answer to request

You receive our answer to your request that concerns the protection of your personal data at:

  • your postal address.
  • your email address.

No specific person to handle request

We do not have a person who is responsible for handling of your request that concerns the protection of your personal data.

Policy for handling request

We have policies that ensure that your requests concerning the protection of your personal data are

  • recognized, and
  • handled within the time-limits of the law.

Time to respond to request

We inform you of our handling of your request that we exercise your rights (regarding the protection of your personal) within:

  • a month of the reception of your request.
Do you have a right to complain?

Complain to a supervisory authority

You can lodge a complaint to a supervisory authority:

  • where you usually live in the EU and the EEA.
  • at the place of your work in the EU and the EEA.
  • at the place of the alleged infringement in the EU and the EEA.

The Supervisory Authority should within a reasonable period inform you of:

  • the progress of the complaint, and
  • the outcome of the complaint.

Mandate an organization to complain

You can mandate that an organization lodges a complaint on your behalf with a Supervisory Authority.

The Supervisory Authority should within a reasonable period inform you of:

  • the progress of the complaint, and
  • the outcome of the complaint.

Judicial remedy

You can seek a judicial remedy in the EU and the EEA against:

  • a controller,
  • a processor, and
  • a Supervisory Authority.

Mandate an organization to exercise your right

You can mandate that an organization exercises your right:

  • to a judicial remedy on your behalf.
  • to a compensation for a damage as a result of a breach of the law on the protection of the personal data on your behalf.
Can you choose your privacy settings?

Privacy settings

You can choose why and how we process your personal data in your privacy settings: Det er mogleg å ta kontakt med kundeservice for spørsmål.

Options

In your privacy settings options you can:

  • withdraw the consent to the processing of your personal data.
  • access your personal data.
  • edit your personal data.
  • delete your personal data.
  • restrict the processing of your personal data.
  • control the direct marketing towards you.

Where

We enable you to choose why and how we process your personal data via our:

Communication of choice to recipients

We make sure to communicate your choice about the processing of your personal data to the recipients that we disclose the personal data to.

Will you be informed about our privacy policy changes?

New Privacy Policy

If we change our privacy policy, then we publish a new version of it.

No publication of prior Privacy Policies

We do not make available the prior versions of our privacy policy.