Privacy & cookie policy.
This privacy and cookie policy explains how I process personal data in my business as per the General Data Protection Regulation (GDPR). Please note that this document is protected by copyright and you may not copy any text from it.
My contact details
Company name: Solveig Petch ENK, trading as Petchy
Organisation number: 917 283 311
Contact email address: hallo@petchy.no
Your data protection rights
Your rights of access and rectification: You may request access to or a copy of the information I process about you and ask me to rectify any incorrect data.
Your right to erasure or restriction: In some circumstances, you may ask me to delete and/or restrict our processing of your data, but I cannot delete any data we are required to process.
Your right to object to processing: In some circumstances, you may ask me to stop processing your data.
Your right to data portability: In some circumstances, you may ask me to transfer your data to you or to another organisation.
Also, if you’re unhappy about how I process your data, you have a right to complain to a national data authority. We hope, however, that you will contact me first so that we can try to resolve the matter for you in a satisfactory way.
Please contact me if you have any questions about or want to exercise one of your rights. You are entitled to a reply within 30 days.
Who I process information about and how I collect it
I typically process personal information about newsletter subscribers, potential and existing customers, vendors, partners, and website visitors. I process personal information when you:
buy my products or services
contact me via phone, text, email, social media or my website
subscribe to my newsletter or any other email list
opt in for my free content
use my website e.g. when submitting a contact form
respond to one of my surveys
It is voluntary to provide me with personal data, but if you choose not to, I may not be able to provide you with my services. I do not rent, buy or sell personal data from or to others, use automated decisions or profiling in the processing of your personal data or process special category data.
Type of information I process, why and the lawful bases
Under the GDPR Article 6-1, the lawful bases I rely on for processing your information are:
Your consent
I have a contractual obligation (contract)
I have a legal obligation
I have a legitimate interest
I process personal data when:
You communicate with me
When you contact me through e-mail, phone (call, text message), Voxer, social media and/or the website, I process personal data. Depending on where and how you contact me, this may include contact details, IP address and other information you choose to send to me.
The purpose is to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. The lawful basis is f), where the legitimate interests are to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims.
You purchase our products and services
When you purchase products and services from me, I process personal data such as contact details, order and payment details as well as purchase history. The purpose is to be able to fulfil my obligation to deliver products and services you have purchased and to manage the customer relationship. The lawful bases are b) contract and c) legal obligation.
You receive marketing as an existing customer
If I have an existing customer relationship with you as per the Norwegian Marketing Control Act § 15, I can send you marketing via e-mail and text messages. The purpose is to provide you with good customer service and the lawful basis is f), where the legitimate interest is to offer our relevant products and services. The lawful basis may also be a), where you have given me your consent.
You can opt out of the marketing at any time by unsubscribing in any marketing email or text message you receive.
You subscribe to my newsletter
I regularly send out email newsletters which sometimes contain information about my products and services. When you become a subscriber, I process personal data such as contact details, location data and IP address. The purpose is to share updates, articles, discounts, give-aways and other useful content. The lawful basis is a) consent and you can easily unsubscribe at any time by clicking the “unsubscribe” link in any such newsletter.
My email service provider has integrated analytics showing email opens and clicks. I use this data to analyse the performance of my newsletters and to tailor my content to you. The lawful basis is f), where the legitimate interest is to continuously improve our products and services.
You respond to my evaluations or surveys
Responding to my evaluations and surveys are voluntary. I process personal data such as contact details and other information you choose to share with me. When it’s anonymous, I don’t process any personal data.
The purpose is to gather your feedback so that I can continuously improve my products and services, as well as provide you with better customer service in the future. The lawful basis is a) consent.
You supply services to or collaborate with me
When you enter into an agreement with me either as a vendor, partner or data processor, I process personal data such as contact details and correspondence. The purpose is to be able to enter into this agreement and to respond to your inquiries and the lawful basis is b) contract.
You use my website
When you use my website, I process personal data such as IP address and other technical data collected via cookies and analytics tools. The purpose is to provide you with a good user experience and to analyse user behaviour so that I can continuously improve and develop my website and service offerings. The lawful basis is f), where my legitimate interests are to provide you with a good user experience, as well as continuously improve my website and service offerings.
How long I retain and when I delete your data
Your personal data is only retained for as long as I have a purpose and a lawful basis:
Until you withdraw your consent (e.g. for email and SMS marketing)
For as long as I have a contractual obligation, and, if applicable, in accordance with accounting and bookkeeping rules (e.g. for sales)
For as long as I have a legal obligation; in accordance with accounting and bookkeeping rules and/or other legal requirements (e.g. for employment)
For as long as I have a legitimate interest or until you ask me not to process your data in such a way (e.g. marketing to existing customers)
You can always withdraw your consent for any data processing based on consent, and you can reach out to me at any time if you’d like me to stop processing and/or ask me to delete any of your data.
I have routines in place to ensure that personal data is deleted from all relevant systems when we no longer have a purpose and/or legal basis to continue to process them.
Who we share personal data with
In order to run my business efficiently and securely, I will sometimes have to share your personal data with other parties such as:
Data processors: providers of various services that process your personal data on my behalf (e.g. for IT and administrative services, accounting, cloud storage, web hosting, e-mailing etc.)
Professional advisors from industries such as law, finance, accounting, auditing and insurance
IT and other systems support, e.g. for my website, course portal, cloud storage etc.
Public authorities I am obliged to report to
I require that all such recipients secure data in accordance with good information security and as per the requirements of this privacy notice. I enter into a data processing agreement with everyone who processes data on my behalf.
Transfer of personal data outside the EU/EEA
In some cases, your personal data will be transferred outside the EU/EEA, e.g. where I use data processors to manage cloud storage, email services, web hosting etc.
I only use data processors I trust, that are well known, and that I have entered into a data processing agreement with. We also make sure necessary safeguards are in place like Privacy Shield for American data processors and/or the EU Model Clauses.
Information security
I take information security seriously and will always do my utmost to safeguard your personal data in the best possible way. For example, I use strong passwords, data encryption, access control and two-factor authentication to secure my data and prevent unauthorised persons from accessing, altering, deleting, or in any way affecting the data I store, including your personal data.
I only allow others to access and/or process your personal data in accordance with my instructions, and only when strictly necessary (e.g. when I require IT support).
If I experience a personal data breach, i.e. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, and it poses a medium to high risk for the people affected, I will notify the national data authority (Datatilsynet) within 72 hours. If the risk is deemed high for the people affected, I will also notify them directly, if possible.
Cookie policy
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.
_____
Bedre Bedrift AS has helped me prepare this privacy notice, although they are in no way legally responsible for the content. If you need help preparing your own privacy notice, feel free to contact them directly.