Privacy Statement for Standards Norway and Standard Online and cookie information
This privacy statement outlines how we collect and use your personal data. When you use our site and/or are in contact with us, e.g ordering a standard or signing up for a course, we process personal details about you. This statement contains information about the personal data we collect, why we collect it, and your rights relating to how your personal data is used.
Those responsible for the personal data we process are the Managing Director of Standards Norway and the Managing Director of Standard Online.
Why do we collect personal data?
We collect and use your personal data for different purposes, depending on who you are and how we come into contact with you. Personal data is used on the basis of a balance of interests. We deem the use of personal data to be necessary to provide you with the best possible experience in a practical, efficient manner.
This is an overview of what information we can process about you:
- First name
- Last name
- Phone number
- E-mail address
- Billing addres
- Street address
- Account number
- IP address
- Information about which pages you have visited on the website
- Technical information about your browser and PC/mobile
The personal data is used in the following contexts:
- Processing orders of standards and/or related products and services
- Distributing marketing communication, newsletters and providing information about our business
- Registration as a participant in a standardization committee
- Registration for courses, Standard Morgen, conferences, lectures, launches and other events
- Responding to incoming inquiries
- Standard enquiry
- Recruitment for job vacancies. For recruitment, we collect more personal details than those mentioned above; this could be your application, CV, certificates/diplomas, personality/proficiency tests, internal assessments, interview reports, background checks and references.
- Reporting and analysis of traffic on the website
Disclosure of personal data to others (Data Handling Agreements)
We will not pass on your personal data to anyone else unless there is a legal foundation to do so. Such a foundation might typically be a contract with you, or a legal foundation which obliges us to pass on the information, such as the Accounting Act.
We use data processors and their tools to collect, store or otherwise process personal data on our behalf. In these cases we have entered into agreements to safeguard data security at all stages of processing. We currently use the following data processors:
Proviso (registration for events). The data is used to administer course registration and evaluation of events, and to invite people to attend new courses.
- Proviso (registration for events). The information is used to manage course registration and evaluation of the event and to send invites to new events.
- Survey Monkey (customer surveys). We generally conduct anonymous customer surveys, but may also request personal data on someone to track responses and request evaluation.
- Membership registration in Standards Norway: The data is used when an organization signs up with Standards Norway, so that it can be entered in our member registry.
- Enquiry system (standards for enquiry). The data is collected so that we know who has been granted access to draft standards for enquiry, who has submitted an enquiry response, and to follow up on enquiry responses where appropriate.
- ISO, Global Directory (international committee register) and ISOlution (international document archive). The data is collected so that we know who are members of international standardization committees, and so that we can provide access to relevant committee documents.
- ReachMee (human resource management)
- Business Central (financial system)
- Standards Digital
- Sarepta (national committee register). The data is collected so that we know who are members of national and international standardization committees.
- eForm system. The data is collected so that forms can be filled out online.
- Store (webshop system on online.standard.no). Purchase of goods or services: The data is necessary for us to send you products and receive payment.
- FrontCore/Kursguiden (course registration and administration): The data is used to manage course registrations for courses provided by Standard Online.
- Episerver / Optimizely (web publishing system).
- Customer feedback/comments on applicable standards: The data is used to deal with incoming comments.
- Newsletters: The data is used to distribute newsletters.
- SuperOffice (customer register). The data is used to handle all customers purchasing standards, courses, and related products.
- Kindly (chatbot functionality). Chat log is deleted after 90 days. Sensitive data is anonymised.
- Siteimprove. Used for website analytics to improve the user experience, checking content quality and accessibility.
- Information about visits to our websites is used in aggregated form so that we can better understand how the websites work and thus be able to constantly improve them. The information collected is linked to an anonymous ID number, which is stored in a cookie on your device. It is not possible for us to link the information back to you as a person, or to other information we have stored about you. The data is stored in the EU, is not shared with other third parties, and is not used for targeting advertising. Read more: https://help.siteimprove.com/support/solutions/articles/80000724285-siteimprove-analytics-data-flows-and-compliance
We store your personal data as long as necessary for the purpose the data was collected.
Personal data handled by us to fulfil an agreement with you is deleted once the agreement has been fulfilled and all obligations arising from the contractual relationship have been met.
Personal data handled by us based on your consent is deleted if you withdraw your consent. One exception to this is when other legislation requires us to retain the data.
We have our own deletion procedure which explains how data should be deleted in the various systems we use.
For certain types of personal data use where third parties are not involved, we retain the data for the following periods:
- Upon recruitment, the data is stored until consent is specifically withdrawn. Use of the data is based on a balance of interests in relation to future employment opportunities.
- Visitor list. This is deleted on an ongoing basis, usually at the end of a day or the following morning. During periods with few visits, the list may be stored until it is full.
- With general inquiries, the data is stored until consent is specifically withdrawn. Use of the data is based on a balance of interests in relation to subsequent inquiries and/or further inquiries on the same subject.
Your rights in our handling of your personal data
You have the right to request access to, or to correct or delete, the personal data we process about you. You also have the right to request limited use, to object to use of your personal data and to claim the right to data portability (i.e. you may receive the personal data about yourself and reuse it as you wish across different systems and services). You can read more about the content of these rights on the Norwegian Data Protection Authority website: www.datatilsynet.no.
To exercise your rights, you must contact Standards Norway or Standard Online. We will respond to your inquiry as soon as possible, and within no more than 30 days.
We will ask you to confirm your identity or provide further information before we allow you to exercise your rights in regard to us. We do this to ensure that we only grant access to your personal data to you, and not someone who is pretending to be you.
You may withdraw your consent for the handling of personal data by us at any time. The easiest way to do this is to contact us.
If you believe that our personal data handling does not comply with the above or that we are violating privacy laws in some other way, you can complain to the Norwegian Data Protection Authority. For information on how to contact the Data Protection Authority, go to www.datatilsynet.no.
Standard.no uses so-called "cookies". A cookie is a small text file that is stored on your hard drive by the website you visit. The file contains information and is used, among other things, to support you as a user and for statistics (see above).
You will find the following cookies in use on our website:
- ASP.NET_SessionId: This is necessary for the website to keep track of your visit, including for the shopping basket to function.
- nmstat: This is used by Siteimprove Analytics and contains your ID number
- AWSALBCORS: This is used by Siteimprove Analytics to tie together various information about your visit. Read more about Siteimprove's cookies: https://help.siteimprove.com/support/solutions/articles/80000863908-siteimprove-analytics-cookies
To handle logging in and shopping at the new online store (from May 2023) https://online.standard.no:
Information about cookies is being updated may/june 2023.
If you have any questions about the way we use your personal data, please contact us.
PO BOX 242
67 83 86 00
VAT registration number: 985 942 897
Standard Online AS
PO BOX 252
67 83 87 00
VAT registration number: 983 615 031