Privacy Policy

BeatsbyF - Privacy 2022

Data controller: This privacy policy explains how I collect and use (process) personal data in my business. BeatsbyF, by general manager, is responsible for the processing.
This privacy policy is protected by copyright law (please do not copy any text).

Contact information:
Fredrik Hagen
Contact: fredrik.j.h@outlook.com, +47 48119983
Address:
Organization number:


I take your privacy seriously and have taken several steps to ensure that I provide you with clear information about how I process your data and what rights you have. If you feel that something is unclear or missing, please do not hesitate to contact me.

Your rights:
Please contact me if you have questions about or want to exercise one of your rights. You are entitled to a response within 30 days at the latest. Read more on the Norwegian Data Protection Authority's website.

• Access to and correction of your own information: You can request a copy of all information I process about you, and ask me to correct information that is incorrect.
• Deletion or restriction: In some situations, you can ask me to delete and/or limit the processing of information about yourself, but I cannot delete data that I am required to process, by law.
• Objecting to processing: If I process information about you on the basis of legitimate interest, you have the right to object to it.
• Data portability: If I process information about you based on consent or a contract, you can ask me to transfer information about you to you or to another data controller.
• You also have the right to withdraw your consent at any time.
• If you are not satisfied with the processing of your data, you can complain to the Norwegian Data Protection Authority, but I hope that you will tell me directly first so that I can try to resolve the matter for you in a good way.

About whom I process personal data
I process personal data about:
• Customers
• Potential customers
• Contacts at suppliers or partners
• Visitors to the website

How I collect personal data
It is voluntary to provide me with personal information, but in order to carry out a transaction, I do need some information from you. I neither rent, buy nor sell personal data from/to others. I do not use automated decisions or profiling in the processing of your personal data, and I do not process special categories of personal data beyond what applies in a normal employment relationship.
We process personal data when you:
• buys services
• contact us via phone, SMS, our website, e-mail or social media
• use our website

Purpose, legal basis and storage
According to Article 6 No. 1 of the Personal Data Protection Regulation, I process personal data on the basis of:
a. Your consent
b. An agreement we have entered into
c. A legal obligation we have
d. A legitimate interest we believe we have

As a general rule, personal data must not be processed and stored for longer than is necessary to fulfill the purpose of the processing. To comply with this, I have annual GDPR audits where I formally assess and review my privacy work. The purpose is to change, update and, if necessary, delete personal data. I retain data for as long as I am required to do so by applicable legal obligations, for example related to accounting, tax or employment legislation, and/or other relevant rules and regulations. You can contact me at any time if you want me to stop processing or delete your personal data, but please note that I cannot delete personal data that I am legally obliged to process.

I have routines to ensure that personal data is deleted from all relevant systems when I no longer have a purpose and/or a legal basis for continuing to process them.

This is how I process personal data
Here I describe in detail when and how I process your personal data, for what purposes, on what legal basis and for how long.

- I process personal data when: you communicate with me
When you give me your business card or contact me via the website (contact form), by e-mail, by phone (call, text message) or social media, I process personal data. Depending on where and how you send me a message, this can be your name, contact information, IP address and other information you choose to send to me. We use a CRM (Customer Relationship Management) and/or a customer support system to process personal data about potential and existing customers. The purpose is to be able to respond to inquiries from you, for history, and to have documentation in case I receive claims, complaints or legal claims. The legal basis is f), where the legitimate interests are to be able to respond to inquiries from you, for history, and to have documentation in case I receive claims, complaints or legal claims. I review, archive and delete inquiries as needed, but no less often than every 5 years. Accounting material is kept for up to five years, according to the rules in the Bookkeeping Act.

- I process personal data when: you buy my services
When you buy services from me, I process personal data such as name, contact information, order and payment information and purchase history.
The purpose is to be able to deliver products and services to you after ordering/purchase, to be able to have a history of sold products and services and otherwise to manage and follow up the customer relationship with you. The legal basis is b) agreement and c) legal obligation according to e.g. the Bookkeeping and Tax Act. Accounting material is kept for up to five years, according to the rules in the Bookkeeping Act.

- I process personal data when: I do marketing in existing customer relationships
When you become a customer of mine, I process personal data as mentioned above. If you have an existing customer relationship with me, I will be able to send you marketing by e-mail and SMS, in line with section 15 of the Marketing Act.
The purpose is to be able to provide good customer service. The legal basis is f), where the legitimate interests are to be able to offer you relevant products and services. The legal basis can also be a), where you have given us your consent. You can unsubscribe from e-mail and SMS marketing at any time. Information on how to unsubscribe is set out in all emails and SMS I send that are linked to marketing. The information is stored as long as the customer relationship exists, until you unsubscribe or until you object to the processing, if necessary.

- I process personal data when: you are applying for a job or working with me
When you apply for a job with me, I process personal data such as name, contact information, CV and other information I need to be able to assess your application. The legal basis is b) agreement, and possibly article 9 no. 2 b) and h) if your application contains special categories of personal data. The information is deleted after a person has been selected for the job, unless you have consented to me storing your information for longer in the event that you wish to apply for a job at a later time. In that case, the consent will be renewed annually.
For employees, I process personal data as mentioned above, in addition to information that is necessary to be able to pay salaries and otherwise administer the employment relationship. The legal basis for this is b) agreement, c) legal obligations according to applicable laws for employment relationships and possibly article 9 no. 2 b) and h) in the case of special categories of personal data. Information about employees is deleted as a general rule when the employment relationship ends, unless special reasons (such as a dispute about dismissal or dismissal) make it necessary to keep them longer. Information related to salary administration is kept for up to five years, according to the rules in the Bookkeeping Act.

- I process personal data when: you are a supplier or partner with me
When you enter into an agreement with me either as a supplier, partner or data processor, I process personal data such as name, contact information and correspondence. The purpose is to be able to enter into an agreement with you and the legal basis is b) agreement. The information is kept for up to five years according to the rules in the Bookkeeping Act. I process personal data related to general correspondence and communication as described above.

With whom I share personal data
In order to run our business efficiently and securely, I sometimes need to share your personal data with parties such as:
• Data processors: providers of various services who process your personal data on our behalf*
• Professional advisers from industries such as lawyers, finance, accounting, auditing and insurance
• User support for IT and administration systems
• Public authorities we are obliged to report to

I require that everyone I share your personal data with secures your data in accordance with good information security and the requirements of the Personal Data Protection Regulation. I enter into a data processing agreement with everyone who processes data on our behalf, and non-disclosure agreements as necessary.

* I use data processors for:
• E-mail, calendar and digital meetings
• Bookkeeping, accounting and invoicing
• Cloud storage
• Electronic signing
• Surveys

For security reasons, I have not specified these by name, but feel free to contact me if you want to know more.

Transfer of personal data outside the EU/EEA
In some cases, your personal data is transferred outside the EU/EEA, for example where I use suppliers outside the EU/EEA to handle the sending of newsletters, to process customer data, to make products and services available on my website, to enable payment, for security on my website and otherwise to be able to run my business in a safe and efficient way. The transfer of personal data to outside the EU/EEA is only permitted to countries approved by the European Commission, or under the necessary guarantees according to the Personal Data Protection Regulation. This could be, for example, the EU's standard contracts. For security reasons, I have not specified these by name. Feel free to get in touch if you want to know more about which data processors I use, what kind of necessary guarantees apply to such a transfer and what extra security measures we have implemented.

Safety
I take information security seriously, and I will always do my utmost to safeguard your personal information in the best possible way. Among other things, I use strong passwords, encryption of data, access control, backups and two-factor authentication to secure my data and prevent unauthorized persons from gaining access to view, change, delete or in any way influence the data I store, including your personal data.
I only use reputable providers of IT and administration services such as web hosting, website and PC security, virus software, email provider, backup, and more. I only allow others to access and/or process your personal data in accordance with our instructions, and only where strictly necessary (e.g. for IT support).
I have established routines for handling breaches of data security, and I will, in the event of a discrepancy, send a notification of non-compliance to the Norwegian Data Protection Authority within 72 hours of the discovery of a breach. If the breach entails a high privacy risk, I will also notify the affected data subjects.

This privacy policy was last updated: 13.10.22