Privacy Statement for Standards Norway and Standard Online
This privacy statement outlines how we collect and use your personal data. When you use our site and/or are in contact with us, e.g ordering a standard or signing up for a course, we process personal details about you. This statement contains information about the personal data we collect, why we collect it, and your rights relating to how your personal data is used.
The people responsible for personal data handling are the Managing Director of Standards Norway and the Managing Director of Standard Online.
Why do we collect personal data?
We collect and use your personal data for different purposes, depending on who you are and how we come into contact with you. Personal data is used on the basis of a balance of interests. We deem the use of personal data to be necessary to provide you with the best possible experience in a practical, efficient manner.
The personal data we may handle:
- First name
- Last name
- Phone number
- E-mail address
- Billing address
- Street address
- IP address
- Account number
The personal data is used in the following contexts:
- Processing orders of standards and/or related products
- Distributing marketing communication, newsletters and providing information about our business
- Registration as a participant in a standardization committee
- Registration for courses, Standard Morgen, conferences, lectures, launches and other events
- Responding to incoming inquiries
- Recruitment for job vacancies. For recruitment, we collect more personal details than those mentioned above; this could be your application, CV, certificates/diplomas, personality/proficiency tests, internal assessments, interview reports, background checks and references.
Disclosure of personal data to others (Data Handling Agreements)
We will not pass on your personal data to anyone else unless there is a legal foundation to do so. Such a foundation might typically be a contract with you, or a legal foundation which obliges us to pass on the information, such as the Accounting Act.
We use data processors and their tools to collect, store or otherwise process personal data on our behalf. In these cases we have entered into agreements to safeguard data security at all stages of processing. We currently use the following data processors:
Proviso (registration for events). The data is used to administer course registration and evaluation of events, and to invite people to attend new courses.
- Survey Monkey and Questback (customer surveys). We generally conduct anonymous customer surveys, but may also request personal data on someone to track responses and request evaluation.
- 67 Bricks, REVO (standards for enquiry). The data is collected so that we know who has been granted access to draft standards for enquiry, who has submitted an enquiry response, and to follow up on enquiry responses where appropriate.
- ISO, Global Directory (international committee register) and ISOlution (international document archive). The data is collected so that we know who are members of international standardization committees, and so that we can provide access to relevant committee documents.
- OpenText/LiveLink (filing system for member management). The data is used to manage the members of Standards Norway, to know who is a member representative, and to distribute relevant member information.
- Standards Digital
- NS base (national committee register). The data is collected so that we know who are members of national standardization committees.
- Sarepta (national committee register). The data is collected so that we know who are members of national and international standardization committees.
- Microsoft Dynamics (ERP system)
- E-forms. The data is collected so that forms can be filled out online.
- Episerver (web publishing system).
- Purchase of goods or services: The data is necessary for us to send you products and receive payment.
- Membership registration in Standards Norway: The data is used when an organization signs up with Standards Norway, so that it can be entered in our member registry.
- Customer feedback/comments on applicable standards: The data is used to deal with incoming comments.
- Newsletters: The data is used to distribute newsletters.
- SuperOffice (customer register). The data is used to handle all customers purchasing standards, courses, and related products.
We store your personal data as long as necessary for the purpose the data was collected.
Personal data handled by us to fulfil an agreement with you is deleted once the agreement has been fulfilled and all obligations arising from the contractual relationship have been met.
Personal data handled by us based on your consent is deleted if you withdraw your consent. One exception to this is when other legislation requires us to retain the data.
We have our own deletion procedure which explains how data should be deleted in the various systems we use.
For certain types of personal data use where third parties are not involved, we retain the data for the following periods:
- Upon recruitment, the data is stored until consent is specifically withdrawn. Use of the data is based on a balance of interests in relation to future employment opportunities.
- Visitor list. This is deleted on an ongoing basis, usually at the end of a day or the following morning. During periods with few visits, the list may be stored until it is full.
- With general inquiries, the data is stored until consent is specifically withdrawn. Use of the data is based on a balance of interests in relation to subsequent inquiries and/or further inquiries on the same subject.
Your rights in our handling of your personal data
You have the right to request access to, or to correct or delete, the personal data we process about you. You also have the right to request limited use, to object to use of your personal data and to claim the right to data portability (i.e. you may receive the personal data about yourself and reuse it as you wish across different systems and services). You can read more about the content of these rights on the Norwegian Data Protection Authority website: www.datatilsynet.no.
To exercise your rights, you must contact Standards Norway or Standard Online. We will respond to your inquiry as soon as possible, and within no more than 30 days.
We will ask you to confirm your identity or provide further information before we allow you to exercise your rights in regard to us. We do this to ensure that we only grant access to your personal data to you, and not someone who is pretending to be you.
You may withdraw your consent for the handling of personal data by us at any time. The easiest way to do this is to contact us.
If you believe that our personal data handling does not comply with the above or that we are violating privacy laws in some other way, you can complain to the Norwegian Data Protection Authority. For information on how to contact the Data Protection Authority, go to www.datatilsynet.no.
Standard.no uses so-called ‘cookies’. A cookie is a small text file that is stored on your hard drive by the website you are visiting. The file contains information and is used to support users, and for statistics, among other things. It is not possible to identify you as an individual from these statistics. Cookies entail no security risk for you and allow us to provide you with the best possible service. The feature can be turned off in most browsers via a menu option such as ‘Settings’, ‘Security’ and so on. This will, however, have an effect on the use of the site generally, and the online store in particular. For example, you will not be able to search for standards and other products, or log in, and items will not be held in your shopping cart. Information we collect via cookies on our web site will not be stored.
If you have any questions about the way we use your personal data, please contact us.
PO BOX 242
67 83 86 00
VAT registration number: 985 942 897
Standard Online AS
PO BOX 252
67 83 87 00
VAT registration number: 983 615 031
Mustads vei 1