GDPR stands for General Data Protection Regulation (Regulation (EU) 2016/679) and specifies how personal data should be lawfully processed (including how it’s collected, used, protected or interacted with in general). Based on GDPR this policy describe how ResQ processes your personal data when using our services.
To comply with laws and regulations ResQ will always process your personal data in the manner described in these guidelines and always in accordance with applicable laws. In Norway, this primarily relates to the Personal Data Act of 2018, which incorporates GDPR into Norwegian law.
What information is recorded about you?
The personal information you provide as a customer / course participant that are delivered or collected, to manage your orders or comply with our obligations to you, is processed by ResQ for the purposes stated.
Personal data processed:
Regarding registered personal information in our systems, you are entitled to:
- Name, address, birth number, phone number, e-mail address, purchase, payment, order history.
Why do we process information about you and what is the information used for?
- Insight, correction, deletion, data portability, requiring the processing of personal data to be limited, and to oppose certain forms of treatment.
We will only use your contact details to communicate with you about circumstances that are relevant to the service and your use therein. We process personal information to fulfill our obligations to you and to fulfill our legal obligations.
By submitting your personal information to us as a customer / course participant, you agree that your personal information is incorporated into our customer registration / booking system and is used for, and provides the basis for, identification, customer follow-up and the issue of course certificates. Personal information is also used for mail, SMS and e-mail regarding information prior to course completion, follow-up and e-learning implementation. On behalf of, and in some cases, by claims from, payment or mortgage companies, your social security number will be processed.
Deletion of personal data. How long is your information stored?
Personal data will not be stored longer than necessary to fulfill the purpose of the processing. Personal data that it is no longer necessary to store will be deleted or anonymised in a secure and permanent manner.
In addition, at any time, you may ask us to delete information relating to you as a customer, unless it is required by law to keep the information for a certain period (for example, certain information relating to the purchase of services in accordance with the Accounting Act).
Deletion of special categories of personal information ((sensitive personal information)
It is a requirement that course participants present health certificates before physical tests and participation on specific courses. Health certificates will be deleted after course and physical tests are completed
Right to access, correction and deletion, etc.
You are entitled at any time to access your personal data that we process. If we process incorrect personal data on you, you have the right to have the data corrected. Similarly, you have the right to have incomplete personal data completed. You have the right to have your personal data deleted. However, it should be noted that deleting personal data will mean that we can no longer provide the service to you. Even if you require your personal data to be deleted, we may continue to process your personal data to the extent permitted by law. You also have the right to receive your personal data in a structured, commonly used and machine-readable format and to transfer the personal data to another controller.
If you wish to exercise any of the above rights, please contact us at: firstname.lastname@example.org
Sharing of information with third parties
We only share your personal data with third parties (subcontractors) in the following cases:
Security and Confidentiality
- We share your payment data with our finance partners who deal with payments, and when we hire third parties to perform services for us regarding operation of the service and the technical part of data processing. In such cases, we will still be responsible for your personal data and ensure that data will be processed in accordance with these guidelines and applicable laws.
- When required by law or by a statutory legal order. We will never sell your personal data to third parties or give third parties access to your personal data for their own purposes beyond what is described above.
We store your personal data on secure servers with access restrictions. Only a limited number of persons have physical access to this equipment and only those who need it have access to your personal data. Your personal data will not be transferred unless you have given your consent to this. Access to personal data is limited by confidentiality rules.
Processing of personal data for other purposes
Personal data will not be used for purposes other than those specified.
We do not provide registered information about you to other organizations or businesses without your voluntary, explicit and informed consent. If you give such consent, we will only disclose the information within the purpose of the consent.
Particularly about children's privacy
ResQ does not wish to collect or otherwise treat personal data about children under 15 years of age. However if children under 15 have nevertheless provided us with personal information, we will delete the information as soon as we become aware of it.
Deviations are reported and followed up in ResQ electronic deviation systems.
It is defined as the deviation if:
- Personal information is handled in violation of established routines
- There is a suspected or documented breach of information security
- If unauthorized extradition is done
Serious discrepancies must be reported to the Data Inspectorate. If you believe that our processing of your personal data is illegal, you can appeal to the Norwegian Data Protection Authority. The contact details for the Authority can be found on their website: www.datatilsynet.no.
The service is subject to ongoing improvements and future changes can affect the way we process your personal data. These guidelines will be updated to reflect such changes, amendments to laws and regulations, and other changes in the way we handle personal data. The current version of the guidelines is available at the home page of www.resq.no