Here you can read about how we process your personal data.
At CoFounder, we take security seriously — this also applies to the protection of your personal data. CoFounder works to ensure good data protection for the individual and is committed to ensuring that the processing of personal data is done in accordance with applicable data protection legislation.
This Data Protection Declaration gives you information about how CoFounder processes personal information. The Data Protection Declaration also describes your rights and how you can exercise these rights in relation to CoFounder.
Based on the services we provide, in some contexts CoFounder processes personal data on behalf of customers and acts as data processor on behalf of customers. We also collect and process personal data as described in this Data Protection Declaration. In these cases, we act as data controller for your personal data.
Data protection principles
CoFounder wishes to contribute to good data protection and shall safeguard the security of individuals’ personal data. Personal data means any information about an identified or identifiable natural person.
Within the framework of our activities, we work to ensure that personal data is:
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes and not shared in a way that is incompatible with these purposes
- adequate, relevant, and limited to what is necessary in the context of the purposes for which it is processed
- accurate and, if necessary, corrected or kept up to date
- deleted or stored in a format that prevents the identification of individuals when it is no longer needed for the purpose for which it was processed
- processed in a manner that ensures the security of the data, using appropriate technical or organisational measures. This includes protection against unauthorised or unlawful processing, as well as accidental loss, destruction, or damage.
Processing of your personal data will only be done to achieve defined and legitimate purposes and when it is justified on legal grounds.
What information do we collect?
You can give us information by:
- Communicating with us by telephone, e-mail or other means. We ask you to only give us the information that is necessary to provide you with our services or to submit a question/suggestion/comment with respect to our website or services.
- Filling out and submitting any form on www.cofounder.no. The type of information you give is your name, address, e-mail address and telephone number. We ask that you do not disclose sensitive personal information unless this is necessary.
- Visiting our offices, where we need your name, telephone number and company name to establish an evacuation list in case of fire, accident or another sudden unforeseen event or to otherwise help you.
We may receive your personal data directly from you as mentioned above, but also from another company in the CoFounder Group, from a business partner or from publicly available information. CoFounder will only disclose personal data to or receive personal data from a third party in accordance with applicable data protection legislation. For more information about this, please refer to the section “Who do we share information with?”
Why do we collect this information?
The collection and processing of the personal data listed above is necessary for us to be able to achieve defined and legitimate purposes in the performance of our business activities. We process your personal data for the following purposes:
- for customer and supplier administration: for example, to respond to customer enquiries or questions, customer satisfaction surveys or complaints about a particular product or service
- when we talk to you about projects that we deliver to or for you
- for job seekers, we will create a candidate profile about you for any recruitment
- to administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistics, and survey purposes
- as part of our efforts to keep our website safe and secure
- to provide information about our products and services, where you have subscribed to receive this
- to comply with our legal obligations to the authorities or in connection with litigation
- for backup or archiving
The legal grounds for processing personal data are:
- processing necessary for the performance of a contract that customers have entered with us or to process a request from you prior to entering into a contract
- processing necessary to comply with a legal obligation to which we are subject
- processing necessary for legitimate interests that we pursue in providing you with offers and suggestions about our services prior to the contract, where such interests are not exceeded by your interests or fundamental rights or freedoms that require the protection of your information
- processing necessary to protect a person’s vital interests (e.g. in the event of accidents or incidents) or because it is necessary for the performance of a task performed in the public interest
- your personal data may also be processed based on your consent. In such cases, we ensure that you have given your free, specific, informed, and unambiguous consent.
CoFounder undertakes not to process or share your personal data in any manner that is incompatible with the above purposes.
Who do we share information with?
Please note that CoFounder may share your personal information with another entity in the CoFounder Group or its representatives to achieve one of the above purposes.
Other recipients of your personal data may also include our service providers or business partners, such as:
- IT service and operations providers
- service providers for handling insurance cases and claims
- technical system consultants
- if CoFounder or a significant proportion of CoFounder’s assets are acquired by a third party, your personal data may be disclosed to the buyer
In some special circumstances, we may also disclose your personal data to the government, public authorities, statutory or regulatory bodies when we are required to do so.
CoFounder will only give your personal data to parties who provide adequate guarantees to ensure the protection of your data and compliance with your rights as a data subject.
Transfer of your personal data outside the EU/EEA
CoFounder endeavours to process your personal data within the EU/EEA. To achieve one of the above purposes of the processing of the personal data, we must in some cases transfer to countries outside the EU/EEA area.
CoFounder only transfers your data to a third party located in countries outside the EU/EEA after careful checks and/or signing a defined agreement to ensure that the third party:
- provides adequate guarantees for the level of protection of your personal data
- informs the data subject correctly about this
- ensures the enforcement of your rights as a data subject, and
- provides effective remedies for you
How long do we store your personal data?
CoFounder undertakes to comply with the principle of limitation for storing personal data. We will not store personal data for longer than necessary for the performance of our contract and/or for as long as necessary for the purposes for which the personal data was collected. Please note that CoFounder may also be legally obliged to store your personal data for a minimum period to comply with statutory requirements.
We perform regular checks to identify personal data that no longer serves any purpose, to delete it or otherwise anonymise it.
What are your rights?
CoFounder will do its utmost to ensure respect for and fulfilment of your rights as a data subject, which are noted below.
Your rights as a data subject consist of:
- Knowing what information we have registered about you (with the limitations that follow from applicable legislation)
- Correction or supplementation if the data is incorrect or incomplete.
- Demanding that incorrect, unnecessary, inadequate, or outdated personal data is corrected or removed
- Withdrawing any consents to process personal data that you have given us. Please note, however, that this may result in us no longer being able to provide some of our services to you
- Requesting receipt of your data in a format or, where technically feasible, that we transfer this information to another provider, if this does not infringe the rights of other individuals
- Withdrawing your consent if you have given this to us as a basis for processing
When you contact us to exercise one of the above rights, you must present or attach a copy of a valid ID or passport so that we can check that the request is actually from you.
With the issue of your personal data or other personal data, you can also send a complaint to the Norwegian Data Protection Authority.
Please note that your rights may be limited in any particular case by conditions or requirements that we are required to comply with by law/regulation or equivalent legal basis. We will consider this specifically and inform you about this on a case-by-case basis when you contact us to exercise your rights.
How we safeguard your personal data
CoFounder values the security of your data. We take all necessary administrative, technical, and organisational measures to safeguard the security and confidentiality of your personal data, as well as to protect your personal data from unauthorised or unintended access, loss, misuse, disclosure, alteration or destruction.
Before we share your personal data with any third party/data processor, we will always ensure that this third party/data processor offers and can provide an adequate level of security.
All CoFounder employees are subject to our code of conduct and our confidentiality obligations apply to all employees.
CoFounder as Data Processor
This Data Protection Declaration applies to CoFounder AS in Norway. The Data Protection Declaration may be subject to changes from time to time. You can view or request the latest version by visiting our website or by writing to our Data Protection Officer at firstname.lastname@example.org.
If you have any other questions or requests regarding the processing of your personal data, you may contact us at any time by writing to the e-mail address above or by post to:
CoFounder AS, Att: Data Protection Officer
CoFounder Management AS
7010 Trondheim, Norway