In association with the new rules that come in to force in the EU and EEA on Data protection, we would like to inform you about the implementation of these new rules at Hatteland Technology and EMBRON Group and what affects this can have for our business relation.
In Norway, the new rules are called "Personvernforordningen" also referred to as "GDPR", which is the term that we will continue using throughout this letter. The rules come in to force on May 25, 2018.
We handle the protection of customer data and follow up on privacy law with high priority. We received questions about how Hatteland Technology addresses the GDPR, and therefore, we hope by writing this orientation letter it will clarify these questions.
In accordance with the new rules, we will, in a certain context, be seen as the data processors. Among other things, this applies when we process personal information about contacts, or others that we need to communicate with directly. This will only be relevant when personal information is necessary for us to fulfil our obligations.
For all the processing of personal information in Hatteland Technology and EMBRON Group, we will:
- Implement satisfactory technical and organizational measures to protect personal information and make sure our subcontractors do the same.
- Have necessary guidelines for how long we keep personal information, to ensure they are not
stored longer than necessary.
Examples of information we collect:
- Company Name
- Contact person
- Company Address / Billing Address
- Phone number and e-mail address
- Information about the use of our website, such as visits, browser settings and IP address.
Example of why we collect this information:
- Order confirmation
- Delivery confirmation
- Customer survey
We do not collect information such as birthdates and social security numbers.
As a data processor, we will:
Only process personal information according to the instructions we receive from our customers
and Under law:
Notify those of our customers who will be affected by a possible security breach concerning
Personal Data Security.
You are, as us, subject to data protection laws by processing personal information. We must ask that:
You do not send us personal information that we do not need to fulfil our obligations (it will be illegal of you to do so and it will be illegal for us to process them).
We ask you therefore:
To ensure that the registered person gave the necessary consent to share personal information. This applies for both, data that has been send and the purpose of the submission / processing (according to The Personal Data Act).
We would like to express that you are acting as a data processor in the same way as we do, when it comes to personal information about your customer contacts and other persons you are in contact with at Hatteland Technology or the EMBRON Group.
Should there be any questions regarding the above, we ask you to contact the undersigned; our GDPR team answers any inquiries as soon as possible.
With best regards,
Vice President Operations & Quality
TEL: +47 9572 6677 (Aksdal, Norway)
Hatteland Technology AS