Privacy Policy for Europris AS
Powered by SIGNATU  
Published: a few seconds ago (August 23, 2018)

Europris AS

Hjalmar Bjørges vei 105, 1604 Fredrikstad
NORWAY
Org. ID986 762 469
Email personvern@europris.no
Phone +47 69 39 66 00
When is our Privacy Policy published and effective?

When

Our privacy policy is:

  • effective as of:

    15.07.2018

  • published:

    15.07.2018

What and where

Our policy applies to:

Who is responsible for processing your personal data?

Responsibility

We decide why and how your personal data are processed.
We are responsible for processing your personal data.

  • Data protection officer

    We have a data protection officer.

    Contact

    The contact details are:
    Lars Ove Davidsen - personvern@europris.no

From which source do we collect your personal data?

Source

We collect your personal data from the following sources:

  • a publicly accessible source:
    Bisnode
  • directly from you:
  • from a third party:
    Bisnode

How we collect

We collect your personal data in the following ways:

  • electronically with the use of a web form:
  • electronic tracking technologies:

    • Google Analytics (Analyse)
    • Facebook Connect (Sosial)
  • with a camera that monitors you:

Whether you must provide personal data

These are the personal data you

  • have permission to give us, and of your own free will give us (voluntary data):

    • fødselsdato
    • kjønn
  • have permission to give us, and we require that you give us (obligatory data):

    • Navn,
    • adresse,
    • Mobilnummer
    • E-post

Consequence for not providing personal data that are obligatory to give

The consequences for not giving us the obligatory personal data above are:
Du vil ikke kunne kjøpe varer hos Europris.

Giving us the above personal data is obligatory because of:

  • a contractual requirement.
  • a requirement that is necessary for the entry into a contract.
What are our legal grounds for processing your personal data?

Regular and/or "sensitive" personal data

We process your:

  • regular personal data.

Our legal ground for processing your regular personal data is:

  • a contract to which you are a party.

    Personal data we process based on this legal ground is:

  • a request from you before the entry into a contract.

    Personal data we process based on this legal ground is:

In which situations do we process your personal data?

Categories of individuals

We collect personal data:

  • of customers and/or clients.

Our role

We are:

  • a recipient of your personal data.
  • a third party who

    • is authorised to process personal data under the direct authority of the controller, or
    • is authorised to process personal data under the direct authority of the processor.
  • an enterprise.

Sector

We process your personal data in the:

  • private sector.

Situation

We process your personal data in a situation that concerns:

  • an activity that is professional, or commercial.
  • the offering of goods, or services.
  • an online activity.
  • your personal data that we receive from you as our customer or client.
Do we perform automated decision-making and automated profiling?

Automatic profiling

We use your personal data to automatically evaluate aspects of your personality.

This automatic profiling:

  • can include analysis of your characteristics.
  • can include predictions of your behaviour.
  • are made by a computer solely.
  • are without a human influence.

No automatic decision-making

We do not use your personal data to make automatic decisions about you.

About our processing purposes

Purposes

We process your personal data for the purposes that are described in Section 3.

Our processing purposes are:

  • real,
  • present, and
  • legitimate.

New purposes

We do not process your personal data for secondary purposes that are inconsistent with the primary purposes for which your personal data is collected initially,

  • without your prior consent,
  • without a legitimate interest, and
  • without legal ground.

Information about new purposes

We inform you before we process your personal data for secondary purposes

  • if we in the first instance collect your personal data initially for a primary purpose, and
  • if our secondary purpose is inconsistent with the primary purpose.
How long do we keep your personal data?

  • Storage limitation

    We limit the duration we store your personal data to what is necessary for our processing purposes.

  • Storage review

    We continuously review the necessity of our continued storage of your personal data:
    En gang pr. år gjør vi en vurdering om vi skal beholde dine personopplysninger

  • Storage periods

    We delete your personal data within a specified time-limit:
    Vi sletter personopplysninger straks etter du har avsluttet ditt kundeforhold med oss.

Storage required by law

If the further retention of your personal data is necessary for the purposes that are specified by law, we can further retain your personal data.

Do we share your personal data?

Disclosure to recipients

We disclose your personal data to the following recipients:

  • Google Analytics for å måle endebruker interaksjon med på våre webside
  • Facebook Connect, slik at endebrukere kan gi "likes" på produker og artikler
  • Fullstory for feilsøking og feilretting av våre websider
  • Amazon Web Services for drifting og lagring av våre tjenester

Til reklame benytter vi følgende coockies:

  • AdAction Interactive
  • Adform
  • AOL Advertising
  • AppNexus
  • BidSwitch
  • Delta Projects
  • DoubleClick
  • Fyber
  • Google AdWords
  • Improve Digital
  • Mark & Mini
  • OpenX
  • Performancewerk
  • Pubmatic
  • Rubicon Project
  • Smaato
  • Smartclip
  • SpotX
  • WideOrbit

Til markedsføring benytter vi følgende cookies:

  • Google Tag Manager
  • Unruly

Our legal grounds for disclosing your personal data to the recipients are:

  • Databehandleravtale

Information about future disclosures will be available

If we in the future disclose your personal data to a recipient, then we inform you of:

  • the time we disclose the personal data, and
  • the names of the recipients.
Do we transfer your personal data outside the EU or EEA?

Transfers to countries outside the EU and EEA

We transfer your personal data to:

  • countries outside the EU and EEA, or
  • an international organization.

The personal data are transferred to:
USA

Our legal ground for transferring your personal data is:

Are your personal data secure?

Security

We secure your personal data:

  • with appropriate technical measures,
  • with appropriate organisational measures,
  • with an appropriate level of security,
  • against unauthorised processing,
  • against unlawful processing,
  • against accidental or unlawful loss,
  • against accidental or unlawful destruction, and
  • against accidental or unlawful damage.

Actions when security breach is discovered

If we have a reasonable degree of certainty of a breach of the security of the processing of your personal data, then we will:

  • report the security breach to the management.
  • assign a person with responsibility to

    • assess whether the security breach can have unfavourable effects for you,
    • inform relevant persons in our organisation,
    • determine whether it is necessary to notify the Supervisory Authority of the security breach, and
    • determine whether it is necessary to communicate information about the security breach to you.
  • investigate the security breach.
  • seek to prevent that a breach of security leads to:

    • accidental or unlawful destruction of the personal data,
    • accidental or unlawful loss of control of the personal data,
    • accidental or unlawful loss of access to the personal data,
    • accidental or unlawful alteration of the personal data,
    • unauthorised disclosure of the personal data, or
    • unauthorised access to the personal data.
  • mitigate the immediate risk of a damage.
  • notify the Supervisory Authority about the security breach, if the personal data breach is likely to lead to a risk for your rights and freedoms.
  • notify you of the security breach

    • if the breach is likely to lead to a high risk for your rights and freedoms,
    • as soon as possible,
    • via appropriate contact channels, e.g. via email, SMS, prominent banners on our website, postal communications, prominent advertisements in media etc.

    We are not obliged to notify you directly if

    • we have taken measures that render your personal data unintelligible to any person who is not authorised to access them,
    • we immediately after the security breach took steps to ensure that the high risk to your rights and freedom no longer is likely to happen, or
    • it would involve disproportionate effort. In such a case, we will inform you via public channels.
What are your rights?

Promise to fulfil rights

We fulfil your rights that concern the protection of your personal data.

Right to access

You have the right to access your personal data.

If you request that we confirm whether or not we process your personal data, then you have a right that obliges us to confirm that we

  • process your personal data, or
  • do not process your personal data.

Your right to obtain confirmation from us that we process (or do not process) your personal data

  • does not include data that is anonymous.
  • includes the personal data that concern you.
  • does not include personal data that does not concern you.
  • includes pseudonymous data that can be clearly linked to you.

We must give you access to your personal data if

  • you request that we confirm whether or not we process your personal data, and
  • we process your personal data, and
  • you request to access your personal data.

We must provide you with a copy of your personal data if

  • you request that we confirm whether or not we process your personal data , and
  • we process your personal data, and
  • you request a copy of your personal data.

If you request further copies of your personal data, then we can charge you with a reasonable fee that we base on the administrative costs.

You have the right to the information about our safeguards for the transfer of your personal data to a country that is outside the EU and the EEA if

  • you request that we confirm whether or not we process your personal data , and
  • we transfer your personal data to a country that is outside the EU and the EEA.

Right to rectification

You have the right to the rectification of your personal data.

Your right to obtain rectification of personal data that are inaccurate

  • does not include data that is anonymous.
  • includes only the personal data that concern you.
  • includes pseudonymous data that can be clearly linked to you.

We must rectify your personal data if

  • we process your personal data, and
  • your personal data are inaccurate, and
  • you request to obtain the rectification of your personal data.

We must complete your personal data if

  • we process your personal data, and
  • your personal data are incomplete, and
  • you request to obtain the completion of your personal data.

You have the right to provide us with a supplementary statement.

We must communicate the rectification of your personal data to recipients of your personal data (if any).

We do not communicate the rectification of your personal data to recipients of your personal data if the communication to the recipient

  • is impossible, or
  • involves a disproportionate effort.

Right to erasure

You have the right to the erasure of your personal data.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • we process your personal data, and
  • your personal data are not necessary to the purposes for our processing of your personal data.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • we process your personal data, and
  • you withdraw your consent on which we base the processing of your personal data, and
  • another legal ground does not exist for our processing of your personal data.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • we process your personal data, and
  • our processing of your personal data is necessary for the performance of a task that we carry out in the public interest, or
  • our processing of your personal data is necessary in the exercise of an official authority that is vested in us, and
  • our processing is necessary for the purposes of the legitimate interests that we pursue, or
  • our processing is necessary for the purposes of the legitimate interests that a third party pursues, and
  • you object to our processing of your personal data, and
  • our processing of your personal data have a legitimate ground that does not override your objection.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • we process your personal data, and
  • you object to our processing of your personal data for the purposes of direct marketing to you, and
  • our processing of your personal data have a legitimate ground that does not override your objection.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • our processing of your personal data are unlawful.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • the personal data needs to be erased in order to comply with a legal obligation in Union or Member State law.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • your personal data is collected in relation to the offer of information society services.

We must communicate the erasure of your personal data to the recipients to which we disclose the personal data (if any).

We do not communicate the erasure of your personal data to recipients of your personal data if the communication to the recipient

  • is impossible, or
  • involves a disproportionate effort.

Right to restriction

You have the right to obtain from us the restriction of our processing of your personal data.

Your right to obtain restriction of our processing of your personal data

  • does not include data that is anonymous.
  • includes only the personal data that concern you.
  • includes pseudonymous data that can be clearly linked to you.

We must restrict the processing of your personal data for a period to verify the accuracy of your personal data if

  • you request to obtain the restriction of the processing of your personal data, and
  • you contest the accuracy of your personal data.

We must restrict the processing of your personal data if

  • you request to obtain the restriction of the processing of your personal data, and
  • the processing of your personal data are unlawful, and
  • you oppose the erasure of your personal data.

We must restrict the processing of your personal data if

  • you request to obtain the restriction of the processing of your personal data, and
  • we do not need your personal data for the purposes of our processing, and
  • you require your personal data to establish a legal claim, or
  • you require your personal data to exercise a legal claim, or
  • you require your personal data to defend against a legal claim.

We must restrict the processing of your personal data if

  • you request to obtain the restriction of the processing of your personal data, and
  • you object to our processing of your personal data that are necessary for the performance of a task that we carry out in the public interest, or
  • you object to our processing of your personal data that are necessary in the exercise of an official authority that is vested in us, and
  • you object to our processing of your personal data that are necessary for the purposes of the legitimate interests that we pursue, and
  • you wait to verify that our processing of your personal data have a legitimate ground that does not override your objection.

We must communicate the restriction of processing of your personal data to recipients of your personal data (if any).

We do not communicate the restriction of processing of your personal data to recipients of your personal data if the communication to the recipient

  • is impossible, or
  • involves a disproportionate effort.

If we restrict our processing of your personal data, then we can

  • store your personal data,
  • process your personal data on the basis of your consent,
  • process your personal data to establish a legal claim,
  • process your personal data to exercise a legal claim,
  • process your personal data to defend ourselves against a legal claim,
  • process your personal data to protect the rights of a person,
  • process your personal data for the reasons of a public interest of the Union or of a Member State.

If you obtain a restriction of our processing of your personal data, then we must inform you before a lift of the restriction.

Right to object to direct marketing

If we process your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, then you have the the right to object to our processing of your personal data for such purposes.

Your right to object to our processing of your personal data for direct marketing purposes

  • is a right you have at any time.
  • does not include data that is anonymous.
  • includes the personal data that concern you.
  • does not include personal data that does not concern you.
  • includes pseudonymous data that can be clearly linked to you.

If you object to our processing of your personal data for direct marketing purposes, then we must omit our processing of your personal data for such purposes.

If we process your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, then

  • we must explicitly bring this right to your attention at the latest at the time of the first communication with you, and
  • we must present this right clearly and separately from any other information.
How can you exercise your rights?

Communication about rights available

We invite you to communicate with us about the exercise of your rights concerning the protection of your personal data.

Written requests

We only accept written requests since we cannot deal with verbal requests immediately without first

  • analysing the content of the request, and
  • identifying you.

Describe right to exercise

Your request should contain a detailed, accurate description of which right you want to exercise.

Identification document

You must provide us with a copy of an identification document to confirm your identity, for example,

  • an ID card or
  • a passport.

The document should contain:

  • an identification number,
  • country of issue,
  • period of validity,
  • your name,
  • your address, and
  • your date of birth.

Any other data contained in the copy of the identification document such as a photo or any personal characteristics, may be masked out.

We will not accept other means of assuring your identity.

If you wish to propose alternatives, we will assess them on a case-by-case basis.

Our use of the information on your identification document

  • is limited to verify your identity, and
  • will not be stored for longer than needed for this purpose.

Where send request

You can send your request that concerns the protection of your personal data to:

Answer to request

You receive our answer to your request that concerns the protection of your personal data at:

  • your email address.
  • Telefon eller oppmøte i en av våre butikker eller på vårt hovedkontor

Person to handle request

We have a person who is responsible for handling of your request that concerns the protection of your personal data.

Policy for handling request

We have policies that ensure that your requests concerning the protection of your personal data are

  • recognized, and
  • handled within the time-limits of the law.

Time to respond to request

We inform you of our handling of your request that we exercise your rights (regarding the protection of your personal) within:

  • a month of the reception of your request.
Do you have a right to complain?

Complain to a supervisory authority

You can lodge a complaint to a supervisory authority

  • where you usually live in the EU and the EEA.
  • at the place of your work in the EU and the EEA.
  • at the place of the alleged infringement in the EU and the EEA.

The Supervisory Authority should within a reasonable period inform you of

  • the progress of the complaint, and
  • the outcome of the complaint.

Mandate an organization to complain

You can mandate that an organization lodges a complaint on your behalf with a Supervisory Authority.

The Supervisory Authority should within a reasonable period inform you of

  • the progress of the complaint, and
  • the outcome of the complaint.

Judicial remedy

You can seek a judicial remedy in the EU and the EEA against

  • a controller,
  • a processor, and
  • a Supervisory Authority.

Mandate an organization to exercise your right

You can mandate that an organization exercises your right

  • to a judicial remedy on your behalf.
  • to a compensation for a damage as a result of a breach of the law on the protection of the personal data on your behalf.
Can you choose your privacy settings?

Privacy settings

You can choose why and how we process your personal data in your privacy settings:
https://www.europris.no/login/index/login/

Will you be informed about our privacy policy changes?

New Privacy Policy

If we change our privacy policy, then we publish a new version of it.

Explanation of words and expressions in this Privacy Policy
Unless otherwise defined this Privacy Policy, all terms used in this Privacy Policy will have the meanings given to them below:

  • Personal data

    Personal data means any information relating to an identified or identifiable natural person (data subject).

    An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as:

    • a name
    • an identification number
    • location data
    • an online identifier
    • the physical identity of a natural person
    • the physiological identity of a natural person
    • the genetic identity of a natural person
    • the mental identity of a natural person
    • the identity of a natural person
    • the economic identity of a natural person
    • the cultural identity of a natural person
    • the social identity of a natural person

  • Regular personal data

    Regular personal data are - in the GDPR - personal data that are not special categories of personal data. There is no exhaustive list of such personal data.

  • Processing

    Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as

    • collection
    • recording
    • organisation
    • structuring
    • storage
    • adaptation
    • alteration
    • retrieval
    • consultation
    • use
    • erasure or destruction
    • etc.

  • Processing Purpose

    Processing Purpose means the reason why you process personal data.

  • Profiling

    Profiling

    • 1) has to be an automated form of processing, which includes:
      • wholly automated processing (which is referred to in GDPR Article 22) and
      • partially automated processing (that a natural person also is involved in processing the personal data does not necessarily qualify the processing as not-profiling)
    • 2) has to be carried out on personal data; and
    • 3) the objective of the profiling must be to evaluate personal aspects about a natural person, in particular to analyse or make predictions about individuals.

    Note that simply assessing or classifying individuals automatically based on characteristics such as their age, sex, and height could be considered automatic profiling, regardless of any predictive purpose.

  • Controller

    Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for in Union or Member State law.

  • Recipient

    Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

  • Third Party

    Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

  • Supervisory Authority

    Supervisory Authority means an independent public authority which is established by a Member State pursuant to Article 51 GDPR.

  • Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  • EU-U.S. Privacy Shield Framework

    The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce, and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law.

  • Adequacy Decision by the Commission

    The European Commission has the power to determine, on the basis of article 45 GDPR, whether a country outside the EU offers an adequate level of data protection, whether by its domestic legislation or of the international commitments it has entered into.

    The effect of such a decision is that personal data can flow from the EEA (EU and Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary.

    The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations - PIPEDA), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework) as providing adequate protection.

  • Personal Data Breach

    Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

  • Enterprise

    Enterprise means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.