Privacy Policy

This Privacy Policy (the "Privacy Policy") describes the processing of your personal data by Petoro AS ("Petoro").

This Privacy Policy (the "Privacy Policy") describes the processing of your personal data by Petoro AS ("Petoro").
 
By contacting us regarding our business or for other inquiries, Petoro will process personal data about you. In this regard, Petoro will be a controller for the processing of personal data according to the General Data Protection Regulation (GDPR) Article 4. Below you will find information about what personal data we process, the purposes for which we process your personal data, and information regarding your rights related to the processing.

We collect and process your personal data for different purposes, depending on who you are and how we come into contact with you. We collect the following personal information for the purposes stated here:

1. In order to fulfill an agreement we have with you and/or with a company or institution you represent, we will have a legitimate interest to process your name and e-mail address, and, if applicable, your telephone number, street address and other information you provide to us.
    
2. In order to answer any inquiries to us, we will have a legitimate interest in processing your name and e-mail address, and, if applicable, your telephone number, street address and other information you provide to us.   

Petoro uses data processors to collect, store or otherwise process personal data on their behalf. In such cases, we have entered into an agreement with the data processor to ensure legality and data security at all stages of the processing. We use the following categories of data processors:

• Suppliers operating IT systems
• Suppliers delivering and developing IT systems
• Suppliers assisting with security measures, for example access control

We will not share your personal data with other third parties unless there is a legal basis for such disclosure. Such legal basis will typically be that the law requires us to provide such information (e.g. to public authorities).

Our use of your personal information may entail transfer to countries outside the EEA Area. In such cases, we will implement appropriate measures, in accordance with GDPR, Chapter V, to ensure that such transfers take place in a lawful manner. This includes use of EU Standard Contractual Clauses and data processor agreements. For more information regarding the security measures, please use the contact information at the bottom of the document.

We do not store your personal data any longer than necessary to fulfill the purpose of the processing, and otherwise as long as we are required by law.

Personal data we process to fulfill an agreement with you or a company or institution you represent will be deleted when the agreement is fulfilled and all obligations arising from the agreement are fulfilled. We will nevertheless store data as long as we are required by law, and also if a special need arises, for example if we need the information to establish, exercise or defend complaints or legal claims directed against us or by us.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
 
We have put in place procedures to deal with any suspected data security incident and will notify you and any applicable data authority of a suspected breach where we are legally required to do so or if it is appropriate to do so.

Privacy laws and regulations give you a variety of rights related to the processing of your personal data.

While this Privacy Policy provides a lot of information about our processing of your personal data, you may ask for more in-depth information on how we process your data. Furthermore, you have the right to access the personal data we process about you. If your personal data is incorrect, you have the right to have them rectified. If we do not have the legal basis to process personal data, the data should be erased, and you may require this to be done if we have not deleted it on our own initiative. You may request that we restrict the use of your personal data. You are entitled to so-called data portability and may request that your personal data be transferred to you or to another business in a structured, commonly used and machine-readable format. You may oppose our processing of your data. You may also object to be subject to completely automated individual judicial decision-making, including profiling. If you believe that we process your personal data without a legal basis, you may complain to the Norwegian Data Authority ("Datatilsynet"), but we ask you to contact us first in order for us to address your objections and resolve any misunderstandings.

Privacy legislation has extensive provisions on the above and there may be exemptions from certain rights. If you wish to exercise your rights, please contact us using the contact information at the bottom of the document, and we will answer your inquiry as soon as possible and usually within 30 days.

This Privacy Policy might be amended. Petoro will have a copy of each version this Privacy Policy, so that you always know which Privacy Policy was applicable at what time. If we have your contact information, we will notify you of such changes. Otherwise, an updated version of this Privacy Policy will always be available on our website.

If you have questions or enquiries about our processing of your personal data, you may contact us by sending an e-mail to post@petoro.no marked "Inquiry – Petoro Privacy Statement", or through the provided contact information below: 

HR Manager, Petoro AS
Address: Sverdrups gate 27, 4002 Stavanger, Norway
E-mail address: gisella.gomez@petoro.no
Organization number: 983 382 355