image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1image1

NEW RULES FOR DATA PROTECTION

In association with the new rules that come in to force in the EU and EEA on Data protection, we would like to inform you about the implementation of these new rules at Hatteland Technology AS and EMBRON Group AS and what affects this can have for our business relation.

In Norway, the new rules are called «Personvernforordningen» also referred to as "GDPR", which is the term that we will continue using throughout this letter. The rules come in to force on May 25 this year.

We handle the protection of customer data and follow up on privacy law with high priority. We received questions about how Hatteland Technology AS addresses the GDPR, and therefore, we hope by writing this orientation letter it will clarify these questions.

In accordance with the new rules, we will, in a certain context, be seen as the data processors. Among other things, this applies when we process personal information about contacts, or others that we need to communicate with directly. This will only be relevant when personal information is necessary for us to fulfil our obligations.

All contacts in our Customer Relation Management database are customers, partners, vendors, prospective customers or similar, with legitimate interest in our company, products, and solutions. This represents a lawful basis for communicating with our contacts without an explicit consent for receiving B2B marketing mails and other types of communication.

We regard all the contacts in our CRM database to be business contacts, and we do not store any personal information. In cases where a business contact can be personally identifiable by using first name and last name in email addresses, we regard this as the business contacts way of identifying them as a business contact. Even though this could be regarded as personal information, we regard the impact of storing first name and last name are regarded as very low. As a representative for their company, we have legitimate interest as a lawful basis for storing this information and to exchange communications.

All communications we send has a clear and easy to use opt-out link where business contacts easily can notify us that they no longer are interested in receiving communications from us. Whenever a contact fills in a form on our website or downloads any content we ask for an update of the business contacts communication preferences.

For all the processing of personal information in Hatteland Technology AS and EMBRON Group AS, we will:
• Implement satisfactory technical and organizational measures to protect personal information and make sure our subcontractors do the same.
• Have necessary guidelines for how long we keep personal information, to ensure they are not stored longer than necessary.

Examples of information we collect:
• Company Name
• Contact person
• Company Address / Billing Address
• Phone number and e-mail address
• Information about the use of our website, such as visits, browser settings and IP address

Example of why we collect this information:
• Order confirmation
• Support
• Delivery confirmation
• Customer survey

We do not collect information such as birthdates and social security numbers.

As a data processor, we will:
• Only process personal information according to the instructions we receive from our customers and

Under law:
• Notify those of our customers who will be affected by a possible security breach concerning Personal Data Security.

You are, as us, subject to data protection laws by processing personal information. We must ask that:
• You do not send us personal information that we do not need to fulfil our obligations (it will be illegal of you to do so and it will be illegal for us to process them).

We ask you therefore:
• To ensure that the registered person gave the necessary consent to share personal information. This applies for both, data that has been send and the purpose of the submission / processing (according to The Personal Data Act).

We would like to express that you are acting as a data processor in the same way as we do, when it comes to personal information about your customer contacts and other persons you are in contact with at Hatteland Technology AS or the EMBRON Group.
Should there be any questions regarding the above, we ask you to contact the undersigned; our GDPR team answers any inquiries as soon as possible.

With best regards,
Hatteland Technology AS

 

: First published date: Tuesday, June 19, 2018
: Revised Tuesday, January 26, 2021.