This privacy policy outlines the privacy practices of Scana ASA and any legal entities directly or indirectly owned by Scana ASA with more than 50% ownership (hereinafter referred to as “Scana,” “we,” or “us”), unless such entities have their own privacy policies. This privacy policy also applies to pswtechnology.no.
When you interact with us, we may need to process personal data about you. We take your privacy seriously and are committed to protecting it. This privacy policy provides information about how we process your personal data and your privacy rights.
Processing of personal data by Scana
Scana processes personal data as part of our business activities.
Our role as the data controller for personal data is based on our business activities and purposes. This policy describes the types of personal data we process, the legal basis for processing, the purposes for processing, the retention period, and other relevant details.
If you have questions or want more information about how we process personal data, please contact us using the details provided below.
Data controller
Scana acts as the data controller, determining why and how personal data is processed for the activities described in this policy.
Contact details for the data controller:
Address: Wernerholmvegen 49
Email: info@scana.no
Phone: +47 51 86 94 00
Organization number: 928 613 941
Why we collect personal data and what information we collect
We collect and use personal data for various purposes depending on who you are and how you interact with us.
The type of personal data collected, the purpose, and the legal basis for processing depend on our relationship with you and your interaction with us. An overview of our processing activities in different scenarios is provided below.
We do not engage in profiling or fully automated processing of your personal data.
Definition of processing:
“Processing” refers to any operation performed on personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or making available in other ways, alignment or combination, restriction, erasure, or destruction.
When you contact us
When you contact us, for example, in connection with media inquiries, via our website, or through other channels, we may process personal data about you.
The personal data we collect typically includes contact information such as your name, email address, and any other information you provide that is necessary to respond to your inquiry.
Legal basis: Our legitimate interest in responding to your inquiry.
Our business activities
If you are employed by one of our partners, suppliers, or customers, or if you contact us regarding investment or financing activities, we may process personal data about you.
The personal data processed in this context often includes contact details such as your name, email address, phone number, employer, and job title. Additionally, we process other information you provide or that arises during our interactions to the extent necessary for the specific process.
Legal basis: Our legitimate interest in conducting business activities, including collaboration with your employer.
Legal obligations
We may be required to process personal data in certain situations, such as to document compliance with tax, accounting, or legal obligations. This may include personal data about you, for example, if your name appears on an invoice or contract subject to record-keeping requirements.
Legal basis: Compliance with a legal obligation.
Information is deleted when the purpose of processing is fulfilled, such as when reporting obligations are met or we are no longer required to retain the information.
Due diligence
As part of our business activities, we may conduct due diligence processes on other companies (business partners). This may involve collecting personal statements, confidentiality agreements, and conducting background and security checks on employees of the relevant company.
Legal basis: Our legitimate interest in verifying business partners and maintaining necessary quality and security standards in our processes, services, deliveries, and facilities.
Job applications
When you apply for a job with us, we collect the personal data you provide, which typically includes your name, contact details, skills, experience, and a photo. During the recruitment process, we may also collect information about your country of residence, work and residence permits, salary information, and references you provide, including information shared by your references.
Purpose: To assess whether to offer you a position.
Legal basis: Necessary to take steps prior to entering into an employment agreement.
For candidates not offered a position, CVs and applications are deleted once a candidate is hired for the position you applied for, and no later than three months afterward. If we wish to retain your CV and application, we will ask for your consent to keep the documents for consideration for other relevant positions in the future.
Newsletter and stock market notifications
When you register to receive our newsletters and stock market notifications, we record your email address to send you the requested information.
Purpose: To send newsletters, stock market updates, or other information you have subscribed to.
Legal basis: Your consent when registering for the service.
You may withdraw your consent at any time by following the procedure described at the bottom of our newsletters. When you withdraw your consent, you will be removed from the recipient list..
Participation in events
If you register for one of our events, we may record personal data such as your name, contact details, and preferences regarding the event (e.g., dietary requirements, travel, or accommodation).
Legal basis: Your consent.
The information will be deleted after the event unless we have another legal basis to retain it..
Retention and deletion of personal data
We retain personal data for as long as necessary to fulfill the purpose for which it was collected and delete it in accordance with legal requirements. Specific retention periods are outlined in the sections above.
For example:
- Personal data processed based on your consent will be deleted if you withdraw your consent.
- Data processed to fulfill a contract will be deleted once the contract is completed, including obligations such as accounting or warranty follow-ups.
- Data processed due to legal obligations will be deleted as soon as the obligation no longer applies.
- Sharing personal data
We do not share your personal data with third parties unless there is a legal basis for such disclosure. Examples include agreements with you or legal obligations requiring disclosure.
Service providers
We engage service providers to perform various tasks on our behalf, such as: website administration, software and data storage, content management, database administration, technical integration, marketing automation, analytics, website optimization, conducting customer surveys, and payment processing.
In some cases, service providers may collect data directly from you, and their privacy policies may also apply in such situations.
If you have any questions about how we process personal data or if you want more information about our data processors, please contact us.
Security of processing
All processing of personal data is secured with the necessary technical and organizational measures.
We manage information to ensure its accuracy, availability, and handling according to the sensitivity level of the data. We also use various security technologies and information security procedures to protect personal data from unauthorized access, use, or disclosure. Risk assessments are conducted for the processing of personal data.
We have entered into data processing agreements with all our service providers who process personal data on our behalf, ensuring that they adhere to the same level of security as we do in our data processing.
Access to personal data is restricted to personnel or third parties who need to process the data on our behalf. These parties are subject to confidentiality obligations.
We have established routines for handling breaches of information security (data breaches), and if a breach occurs that poses a risk to the privacy of affected individuals, we will report the breach to the Norwegian Data Protection Authority (Datatilsynet) as quickly as possible and no later than 72 hours after the breach is discovered. If the breach poses a high risk to the privacy of affected individuals, we will also notify them.
Your rights
Below are your rights regarding the processing of personal data. To exercise your rights, you must contact us using the contact information provided above.
We will respond to your inquiry as soon as possible, and no later than within one month. If it takes longer than one month, you will be informed.
We may ask you to confirm your identity or provide additional information before allowing you to exercise your rights with us. This is to ensure that access to your personal data is granted only to you and not to anyone impersonating you.
Information
You have the right to obtain information about the personal data we process about you. This privacy policy provides details about how we process personal data. You can also contact us if you would like further information.
Access
You have the right to request access to the personal data we process about you. Please contact us if you wish to exercise this right.
Correction and deletion
You also have the right to ask us to correct any incorrect information we hold about you or to request the deletion of personal data. We will accommodate requests for deletion to the extent possible, but we may not be able to delete the data if it is still needed.
Processing based on consent
If we process personal data based on your consent, you may withdraw your consent at any time. The easiest way to do this is to follow the instructions provided when you gave your consent or to contact us directly.Rett til å begrense eller protestere mot behandlingen.
You have the right to restrict processing in certain situations, as outlined in GDPR Article 21, such as:
a) You dispute the accuracy of the personal data — processing will be paused for a period allowing us to verify the accuracy of the data.
b) The processing is unlawful, and you object to the deletion of the personal data, requesting instead that its use be restricted.
c) We no longer need the personal data for the purposes of the processing, but you require it to establish, exercise, or defend legal claims.
You may also object to processing under GDPR Article 21(1) while we assess whether our legitimate interests override your privacy rights.
Right to data portability
For information you have provided to us that is necessary to fulfill an agreement with us and is processed automatically (i.e., not manually), you can request that the personal data be delivered to you or transferred to another provider in a structured, commonly used, and machine-readable format (data portability).
Automated processing, including profiling
No automated processing, including profiling, based on your personal data will be carried out if it has legal effects or significantly affects you. See GDPR Article 22(1) and (4).
Complaints
If you believe that our processing of personal data does not comply with what is described here or that we are otherwise violating data protection laws, you can file a complaint with the Norwegian Data Protection Authority (Datatilsynet).
You can find information about your rights and how to contact Datatilsynet on their website: www.datatilsynet.no.
Changes
If there are changes to our services or to regulations governing the processing of personal data, this may result in changes to the information provided here. If we have your contact details, we will notify you of these changes. Otherwise, updated information will always be readily available on our website.