Privacy notice
Updated April 12, 2024
Sonair AS will, as part of our business, process personal data. We will do our best to ensure that personal data is handled and processed reassuringly and trustworthily.
If you have questions about the processing of your personal data, you can contact us, see our contact details below.
1 RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
Sonair AS is responsible for processing personal data described here, i.e. decides why and how the personal data is processed (the data controller). We may also process personal data in other ways mentioned below, but we will inform the personal data that applies in other ways than through this notice. Our processing as a data controller of personal data is based on the business we run and the purpose of our business, i.e., developing technology solutions and providing solutions for the electronics, manufacturing and robotics industries. See more below about the purpose of processing the individual personal data.
Contact details for us as data controller:
Sonair AS
Gullhaug Torg 2
0484 Oslo
Norway
For questions you may have about our processing of your personal data, please direct them to hello@sonair.com.
2 WHY AND WHAT KIND OF PERSONAL DATA WE COLLECT AND USE
We collect and use your personal data for different purposes depending on who you are and how we get in touch with you.
All processing of personal data will be in accordance with this Privacy Notice, the privacy regulation in force at any given time, including the local privacy regulation and the General Data Protection Regulation (GDPR).
You will find information on the personal data we process about you, the purpose and the legal basis of the processing, how long we process the personal data, etc., in this section.
“Personal data” is any information related to a natural person, such as you.
“Processing” means anything that is done with personal data, such as collection, registration, organization, structuring, storage, adaptation or change, retrieval, consultation, use, disclosure by transfer, dissemination, or any other form of making available, compilation or alignment, limitation, deletion or destruction.
If we are a data processor, i.e. we process personal data on behalf of others, such as our customers (which is the data controller), you may request information about the processing from the data controller. You can still contact us about the processing of your personal data, and we will refer you to the data controller. See also below about our role as a data processor.
2.1 Communication and contact We process personal data about those who contact us to answer and document the communication and contact others not covered by the processing elsewhere in the Privacy Notice, which applies to all forms of communication, physical and digital, written, and oral.
In such cases, we process the name, telephone number, email address and any personal data that may result from the communication, including history/logs about the inquiry.
The processing is based on what we consider having a necessary legitimate interest in processing related to the above (see GDPR Article 6 (1) f). Our legitimate interest is to have contact with others as part of our business and in documenting our business, as well as replying to those who contact us and registering such contact. We have assessed that this is necessary for us to handle inquiries we receive and that the data subjects’ privacy does not override these interests.
It is voluntary to provide us with personal data, but it will be necessary to provide us with the information to answer inquiries.
We process the personal data until we expect that there will be no further follow-up of the contact, typically for two years.
2.2 Email and other business solutions We use email as a communication solution and other business solutions, such as document storage, collaboration tools etc., that will contain personal data. The processing is based on that we consider having a necessary legitimate interest in processing personal data via email (see GDPR Article 6 (1) f) in order to have a work tool and communication solution, and that the data subjects’ privacy does not override these interests. The personal data processing depends on the purpose of the email and what is included in it.
2.3 Communications and information on services We may send you information on the services you or your organization have purchased or are using such as updates about changes to the services, technical conditions, upgrades, new functionality, etc., and emails that may be automatically generated by our services. This information is part of the services we provide and may be important to you.
The information will be provided regardless of whether you have consented, and the personal data will then be processed in accordance with GDPR Article 6 (1) b by us to fulfill an agreement with you, or if you are a business customer, our necessary legitimate interest to inform our former customers (GDPR Article 6 (1) f). The purpose of the processing is to keep you updated about the services. Consequently, you may not be able to unsubscribe to the information. However, if you do not want to receive the information, please contact us at hello@sonair.com.
We only process personal data that allows us to send information which is your email address and your telephone number. The email address and your telephone number are not used for anything other than sending out the information, and we will not share, transfer or provide the information with anyone else. The personal data is processed as long as you receive our services.
2.4 Newsletter If you request information or sign up for our newsletters or are an existing customer, we may send you information about our products and services, products for partners, newsletters and other information with updates about the company, the latest blog posts, etc. As a consequence, we will process your name and email address.
The processing of personal data based on your consent (GDPR Article 6 (1) a) or that you are an existing customer with us (based on fulfilling an agreement with you (GDPR Article 6 (1) b). You can withdraw your consent at any time by using the link in the newsletter or contacting us to stop receiving newsletters.
The processing of personal data takes place until you have received the requested information, have withdrawn your consent, are no longer a customer of ours or if you object to receiving such information. Your personal data will then be deleted.
2.5 Recruitment When recruiting for new positions with us, e.g. CV, application, certificates and references are processed. Processing of personal data takes place on the basis of consent that you have given if processing takes place through, e.g. recruitment solution, or on the basis that it is necessary and within our legitimate interest to recruit new employees.
The basis for processing personal data when recruiting is that the processing is necessary to make assessments of possible job seekers prior to entering into a possible employment agreement (GDPR Article 6 (1) b). If assessments are made in this regard, such as contacting persons who are not listed as a reference, examining when searching for background, etc., personal data is processed on the basis of our necessary legitimate interest in ensuring that the correct candidate for the position (GDPR Article 6 (1) f). For the latter, we have considered that the individual data subject’s privacy does not override our legitimate interest in recruiting new employees. We recommend you not to enter special categories of personal data, such as health, religion, political opinion, union membership, etc., in your application.
Information in the service is deleted as soon as the recruitment is done if you have not agreed to further storage.
2.6 Use of websites, cookies etc. We may use cookies or similar technology to collect information when you visit or interact with our website. We use the information collected to improve the customer experience on websites and services, to adapt and develop the website, and to offer functionality in the services. We also use the information to provide visitors with recommendations and service adjustments that are as relevant to you as possible. This will both be given on the basis of visitors’ behavior, e.g. on the basis of services used, links clicked on, or information read, and on the basis of the behavior of other users with similar usage patterns.
The information collected will be your IP address, the type of browser you use, your internet provider, operating system, date and time of website visits and services etc. The information is stored in your browser’s internal memory or related to a series of numbers/digits that can identify your browser or device that uses the website (referred to as cookies below for simplicity). The information will then be related to other information collected.
You have the ability to prevent us from placing cookies in your browser. Many browsers or devices are set to accept cookies automatically, but you can choose to change the settings yourself so that the cookies are not accepted. The disadvantage of disabling cookies in your browser is that the web pages may not work optimally. The reason is that the purpose of most cookies we use is to provide just functionality on the services.
Personal data is also used to improve our websites, compile statistics and understand the use of the pages. As far as practicable, we try to do this with anonymous information without knowing that the information is specifically related to the individual visitor.
We process the personal data mentioned above on the basis of our necessary legitimate interest (GDPR Article 6 (1) f) to adapt the website to our users, and we consider that this interest is not overridden by the data subject’s privacy. However, we safeguard the privacy of visitors to the website by only using the information for statistics where individuals are not identified. The information will be processed for as long as it is necessary for the purposes mentioned above.
The cookies etc., we use are listed at the end of this Privacy Notice.
3 RETENTION AND DELETION OF PERSONAL DATA
We keep and store personal data for as long as is necessary for the purpose for which the personal data was collected, and we delete the data under requirements in regulations. The timeframe for how long we keep and store personal data is covered above where the usage areas are covered.
Instead of deleting the personal data, it may be relevant to anonymise the personal data in some cases. By anonymization, all data that may identify or potentially identify data subjects (individual persons) are removed from data sets.
This means, for example, that personal data that we process based on your consent will be deleted if you withdraw your consent. Personal data that we process in connection with sales or purchase agreements you have with us is deleted when the agreement is fulfilled, and all obligations arising from the contractual relationship are fulfilled, such as legal obligations related to accounting, follow-up of the customer related to complaints, etc. Personal data related to our fulfillment of legal obligations is deleted as soon as the legal obligations have been fulfilled, such as the obligation to keep accounts.
4 PROCESSING PERSONAL DATA AS PART OF SERVICES
Customers who use our services are data controllers for the personal data processed by use of the services and are then responsible for the processing of the personal data processed when using the services. We will then process personal data on behalf of the customer and are then the data processor. A data processor agreement has been entered into between the customers and us to regulate our processing of personal data on behalf of the customers.
As it is our customers whocare then responsible for the processing (data controller), and you must contact our customer to enforce your rights, see below.
The information in this privacy notice will also apply to our processing of personal data about our customers’ customers with regard to the disclosure and transfer of personal data and security/technical matters. For deletion of personal data, it depends on when our customer chooses to delete the information. We will never use information or information from our services without this being instructed or approved by our customers.
5 DISCLOSURE OR TRANSFER OF PERSONAL DATA
We do not disclose or transfer personal data to others in cases other than those mentioned in this notice and unless there is a legal basis for such disclosure/transfer. Examples of such a basis will typically be an agreement with or consent from the data subject or a legal basis that requires us to publish the information. The latter applies to public activities such as tax collection (if necessary), accountant/auditor, as well as others that we need in our business as a bank connection.
We use data processors to process personal data on our behalf. In such cases, we have entered into data processing agreements with the data processors to safeguard your rights and security for your personal data at all stages of the processing.
If it is required by law or there is a suspicion that a crime has been committed in connection with the use of our services, personal data may be disclosed to public authorities.
If personal data may be subject to transfer to another organization in connection with a merger, financing, reorganization or dissolution transaction of all or part of us, we will only do so if the parties involved have entered into an agreement where the collection, use and sharing of personal data is limited to the purposes of the transaction, including a provision as to whether or not the transaction will proceed, and the personal data shall only be used by the parties involved to complete and complete the transaction. If another company buys our business or assets, this company will have access to the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this privacy notice.
6 TRANSFER OF PERSONAL DATA TO RECIPIENTS IN COUNTRIES OUTSIDE THE EEA
It is an objective that all processing of personal data shall be carried out within the EEA, but it may be that we use suppliers or process personal data outside the EEA, see above. In such cases, transfer and processing outside the EEA will take place in countries approved by the EU Commission or under a valid legal basis for the transfer of personal data under GDPR Chapter V. If transfer to countries approved by the EU Commission does not take place, the transfer will only take place after guarantees set out in Article 46 (2) of the GDPR. You can get information on the lawful basis used for the transfer if you contact us.
7 SECURITY OF PROCESSING
We prioritize the security of personal data in our business and will implement all required technical and organizational measures to secure your personal data. All processing will, if possible, be encrypted and not available to anyone other than those who need personal data for performing their tasks (“need-to-know”).
We ensure that the personal data is correct, accessible and handled according to the degree of sensitivity of the information. We also use a variety of security technologies and information security procedures to protect your personal data from unauthorized access, use or disclosure. Where necessary, risk assessments are carried out.
We have entered into data processor agreements with all our suppliers who process personal data, where they assume the same degree of security as we ensure in our processing of personal data.
We restrict access to personal data to the staff or third parties who process the personal data on our behalf. These parties are subject to a duty of confidentiality.
Routines have been established for handling breaches of information security and routines, and we will, if there are breaches that pose a risk for personal data, notify the supervisory authority (Datatilsynet) as soon as possible and no later than 72 hours after the breach is discovered. If the breach entails a high probability of the privacy of the data subjects affected by the breach, they will also be notified.
8 YOUR RIGHTS WHEN WE PROCESS PERSONAL DATA ABOUT YOU
You will find a description of your rights when we process personal data about you. To exercise your rights, you must contact us, see contact information above.
We strive to respond to your inquiry as soon as possible and no later than 30 days. If it takes longer than 30 days, you will be notified.
In some cases, we will request you to confirm your identity or provide additional information before you can exercise your rights to make sure that we only give access to your personal data to you - and not someone who pretends to be you.
Your rights set forth below apply where we are responsible for the processing. If we are a data processor for our customers, and you use services from one of our customers, the customer is responsible for the processing of personal data (data controller). You must then contact the one you receive the services from in order to exercise your rights related to the processing of your personal data. Your rights will then essentially be as described below.
8.1 Information You have the right to get information about the personal data we process about you. Through this policy, you get information on the processing of personal data. You can also contact us if you want more information.
8.2 Access to your personal data You have the right to request access to the personal data we processed about you. Contact us if you want such access.
8.3 Correction and deletion You can also ask us to correct any personal data or ask us to delete personal data. We will as far as possible accommodate a request to delete personal data, but we cannot do this if the data is necessary for us.
8.4 Processing based on your consent If we process personal data based on your consent, you can withdraw the consent at any time. The easiest way to withdraw your consent is as informed to you when you gave your consent or to contact us.
8.5 Right to protest or restrict the processing You have the right to have your processing restricted or stopped in certain cases, see further in Article 21 of the GDPR.
8.6 The right to data portability For personal data that you have provided to us, which is necessary to carry out an agreement with us, and which is processed automatically (i.e. not manually by us), you can request that the personal data be disclosed or transferred to another provider in a structured, commonly used and machine-readable format (data portability).
8.7 Automated processing, including profiling There will be no automated processing, including profiling, based on your personal data that may have legal effects or that significantly affect those to whom personal data applies. See GDPR Article 22 no. 1 and 4.
9 COMPLAINTS
If you suspect that our processing of personal data is not in accordance with what we have described here or that we, in other ways, violate the privacy legislation. In that case, you can complain to the Norwegian Data Protection Authority. However, we ask you to contact us first to correct the matter as soon as possible.
We use the Norwegian Supervisory Authority (Datatilsynet) in Norway as the leading supervisory authority for cross-border processing under GDPR Article 56. You can therefore direct any complaint to the Norwegian Data Protection Authority.
You will find information about your rights and how to contact the Norwegian Data Protection Authority on their website: https://www.datatilsynet.no.
10 AMENDMENTS
Should there be a change in our services or changes in the regulations on the processing of personal data, it may change the information you have provided here. You will find the updated privacy notice readily available on our website.
You can opt-out of having made your activity on the website available to Google Analytics by disabling cookies in your browser, see above for instructions.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://www.google.com/intl/en/policies/privacy/
