Privacy statement and cookie information
This privacy statement outlines how Standards Norway and Standard Online collect and use your personal data. When you use our site and/or are in contact with us, e.g ordering a standard or signing up for a course, we process personal details about you. This statement contains information about the personal data we collect, why we collect it, and your rights relating to how your personal data is used.
Those responsible for the personal data we process are the Managing Director of Standards Norway and the Managing Director of Standard Online.
Why do we collect personal data?
We collect and use your personal data for different purposes, depending on who you are and how we come into contact with you. Personal data is used on the basis of a balance of interests. We deem the use of personal data to be necessary to provide you with the best possible experience in a practical, efficient manner.
This is an overview of what information we can process about you:
- First name
- Last name
- Phone number
- E-mail address
- Billing address
- Street address
- Account number
- IP address
- Information about which pages you have visited on the website
- Technical information about your browser and PC/mobile
- Information about which standards you have opened in a subscription and the time of opening.
The personal data is used in the following contexts:
- Processing your orders of standards and/or related products and services
- Sending you marketing communication, newsletters and providing information about our business
- Processing your registration as a participant in a standardization committee
- Processing your registration for courses, Standard Morgen, conferences, lectures, launches and other events
- Responding to inquiries
- Manage your access to the enquiry system and administration of your input.
- Recruitment for job vacancies. For recruitment, we collect more personal details than those mentioned above; this could be your application, CV, certificates/diplomas, personality/proficiency tests, internal assessments, interview reports, background checks and references.
- Reporting and analysis of traffic on the website
- Information about your use of standards in a subscription may be disclosed to the administrator of the subscription. This information is used for administration, evaluation of which standards should be included in the subscription, access control, and similar purposes.
We use cookies to collect information about how our website is used. You can read more about cookies further down on this page.
Disclosure of personal data to others (Data Handling Agreements)
We will not pass on your personal data to anyone else unless there is a legal foundation to do so. Such a foundation might typically be a contract with you, or a legal foundation which obliges us to pass on the information, such as the Accounting Act.
We use data processors and their tools to collect, store or otherwise process personal data on our behalf. In these cases we have entered into agreements to safeguard data security at all stages of processing. We currently use the following data processors:
Proviso (registration for events). The data is used to administer course registration and evaluation of events, and to invite people to attend new courses.
- Proviso (registration for events). The information is used to manage course registration and evaluation of the event and to send invites to new events.
- Survey Monkey (customer surveys). We generally conduct anonymous customer surveys, but may also request personal data on someone to track responses and request evaluation.
- Membership registration in Standards Norway: The data is used when an organization signs up with Standards Norway, so that it can be entered in our member registry.
- Enquiry system (standards for enquiry). The data is collected so that we know who has been granted access to draft standards for enquiry, who has submitted an enquiry response, and to follow up on enquiry responses where appropriate.
- ISO, Global Directory (international committee register) and ISO Documents (international document archive). The data is collected so that we know who are members (organization) and participants (individuals) of international standardization committees, and so that we can provide access to relevant committee documents.
- ReachMee (recruitment system). For handling job applications and administration of recruitment processes.
- Business Central (financial system)
- Sarepta (national committee register). The data is collected so that we know who are members of national and international standardization committees.
- eForm system. The data is collected so that forms can be filled out online.
- Store (webshop and subscription solution at online.standard.no). The information is collected for processing purchases and delivery of goods or services in the webshop, as well as access to and management of subscriptions.
- FrontCore/Kursguiden (course registration and administration): The data is used to manage course registrations for courses provided by Standard Online.
- Easyfact (evaluation system). System for evaluating the consulting service to customers who have utilized this service.
- IMS PPM (project management system). Used for the consulting service and only affects customers utilizing this service.
- Optimizely (web publishing system).
- Customer feedback/comments on applicable standards: The data is used to deal with incoming comments.
- Newsletters: The data is used to distribute newsletters. - SuperOffice (customer register). The data is used to handle all customers purchasing standards, courses, and related products.
- Kindly (chatbot functionality). Messages are anonymous and sensitive data is anonymised. Chat log is deleted after 90 days.
- Siteimprove. Used for website analytics to improve the user experience, checking content quality and accessibility.
- Information about visits to our websites is used in aggregated form so that we can better understand how the websites work and thus be able to constantly improve them. The information collected is linked to an anonymous ID number, which is stored in a cookie on your device. It is not possible for us to link the information back to you as a person, or to other information we have stored about you. The data is stored in the EU, is not shared with other third parties, and is not used for targeting advertising. Read more: https://help.siteimprove.com/support/solutions/articles/80000724285-siteimprove-analytics-data-flows-and-compliance
Storage time
We store your personal data as long as necessary for the purpose the data was collected.
Personal data handled by us to fulfil an agreement with you is deleted once the agreement has been fulfilled and all obligations arising from the contractual relationship have been met.
Personal data handled by us based on your consent is deleted if you withdraw your consent. One exception to this is when other legislation requires us to retain the data.
We have our own deletion procedure which explains how data should be deleted in the various systems we use.
For certain types of personal data use where third parties are not involved, we retain the data for the following periods:
- Upon recruitment, the data is stored until consent is specifically withdrawn. Use of the data is based on a balance of interests in relation to future employment opportunities.
- Visitor list. This is deleted on an ongoing basis, usually at the end of a day or the following morning. During periods with few visits, the list may be stored until it is full.
- With general inquiries, the data is stored until consent is specifically withdrawn. Use of the data is based on a balance of interests in relation to subsequent inquiries and/or further inquiries on the same subject.
Your rights in our handling of your personal data
You have the right to request access to, or to correct or delete, the personal data we process about you. You also have the right to request limited use, to object to use of your personal data and to claim the right to data portability (i.e. you may receive the personal data about yourself and reuse it as you wish across different systems and services). You can read more about the content of these rights on the Norwegian Data Protection Authority website: www.datatilsynet.no.
To exercise your rights, you must contact Standards Norway or Standard Online. We will respond to your inquiry as soon as possible, and within no more than 30 days.
We will ask you to confirm your identity or provide further information before we allow you to exercise your rights in regard to us. We do this to ensure that we only grant access to your personal data to you, and not someone who is pretending to be you.
You may withdraw your consent for the handling of personal data by us at any time. The easiest way to do this is to contact us.
Complaints
If you believe that our personal data handling does not comply with the above or that we are violating privacy laws in some other way, you can complain to the Norwegian Data Protection Authority. For information on how to contact the Data Protection Authority, go to www.datatilsynet.no.
Changes
Should there be a change to our services or changes to the regulations on the processing of personal data, this may result in changes to the information in this text. If we have your contact details, we will make you aware of these changes.
Cookies
Standard.no uses so-called "cookies". A cookie is a small text file that is stored on your hard drive by the website you visit. The file contains information and is used, among other things, to support you as a user and for statistics (see above).
You will find the following cookies in use on our website:
- ASP.NET_SessionId: This is necessary for the website to keep track of your visit, including for the shopping basket to function.
- nmstat: This is used by Siteimprove Analytics and contains your ID number
- AWSALBCORS: This is used by Siteimprove Analytics to tie together various information about your visit. Read more about Siteimprove's cookies: https://help.siteimprove.com/support/solutions/articles/80000863908-siteimprove-analytics-cookies
- .Nope.Authentication: This is used in Store to manage log in sessions
- .Nop.Customer: This is mostly used when user is still Guest user (not logged in yet) so that it can remember to load previously loaded user data like previously added products in shopping cart, selected language, currency etc.
- ARRAffinity: This is a feature on Azure App Service that allows an end user to talk to the same Azure App Service worker instance until session finishes. They also help to direct requests to the correct instance in load-balanced environments.
- ARRAffinitySameSite: Technical Azure internal cookies for managing user sessions.
Contact
If you have any questions about the way we use your personal data, please contact us.
Standards Norway
PO BOX 242
1326 Lysaker
Norway
+47 67 83 86 00
e-mail: info@standard.no
VAT registration number: 985 942 897
Standard Online AS
PO BOX 252
1326 Lysaker
Norway
+ 47 67 83 87 00
e-mail: salg@standard.no
VAT registration number: 983 615 031
Visiting address for both organizations:
Lilleakerveien 2a
0283 Oslo
Norway