Processing of personal data
ScanBio is responsible for the processing of the personal data described in this privacy statement. Our contact information is:
Org.no. 996 920 933
Address: Brattørkaia 17B, 7010 Trondheim
v/ CEO Kamel Gabriel El Khaloui
Phone: (+47) 72 520 700
For other questions or inquires regarding our treatment of your personal data, contact our CEO by e-mail or telephone.
Purpose, types of personal information and legal basis
In the subsequent paragraphs we provide an overview of our purposes when treating personal data, what kind of personal data we process and the legal basis for the processing.
Establishing client relationships
The necessary contact information of customers who contact us may be registered in our customer relationship management (CRM) system, including: Name, address, e-mail, company name and telephone number.
For business customers, the registration of contact information is based on a balance of interests. cf. GDPR article 6 no.1 letter f.
IT-operations and security
Personal data stored in our IT-system might be available to us and to our suppliers when updating our systems, implementing or following up security measures, correcting errors and for other maintenance. The basis for processing is GDPR article 6 No. 1f (balancing of interests, cf. our legitimate interest related to the mentioned activities) and our legal obligation to have satisfactory information security, cv. GDPR articles 32 and 6 No. 1 letter c.
We distribute newsletters to email-addresses registered to customers to whom we regularly provide services, and to others who have requested our newsletter. Recipients can easily unsubscribe from the service by clicking a link included in each newsletter. The basis for processing is GDPR article 6 no. 1 letter f (balancing of interests) which applies when we have received the e-mail address in relation to a mission for our customer. Furthermore, the basis for processing is ScanBio’s legitimate interest in sending information and marketing inquiries to clients, partners and others who have voluntarily agreed to receive information about news and events that may be of interest to the recipient.
Should a customer relationship already exist, the marketing will take place in accordance with the Norwegian law of marketing § 15(3). In other cases, the marketing is based on the consent of the person in question, cf. the Norwegian law of marketing § 15(1) and GDPR article 6 nr. 1 a.
Sharing of personal data
Our suppliers of IT-, marketing, and other administrative services have access to personal data which is necessary to fulfill the data processing agreement signed between ScanBio and the provider of the service. The suppliers act in accordance with the data processing agreement and under our instructions. The suppliers may only use the personal data for those purposes decided upon by ScanBio and which are described in this privacy statement.
We never disclose personal information in cases other than those described in this privacy statement, unless the client explicitly encourages or consents to it, or the disclosure is required by law.
Storing personal data
We store personal data for 10 years, or for as long as deemed necessary.
Moreover, accounting legislation requires us to store certain accounting documents for a specific period. When a specific purpose requires storage in a given period of time, we ensure that the personal data is used exclusively for the relevant explicit purpose in this period.
Withdrawal of consent
You may at any given time withdraw your given consent to receive newsletters from ScanBio. You can easily make reservations against this type of content by clicking the unsubscribe link included in all newsletters. If you have given consent to the processing of personal data, you may withdraw this consent at any time by contacting us.
You have a right to insight into what personal data vi have registered to you. To ensure that personal information is delivered to the correct person, we may demand that a petition of insight is provided in writing or that your identity is verified in another sufficient way.
Request correction or deletion
You may ask us to correct erroneous information we have registered on you or delete personal data.
Complaint to the supervisory authority
If you disagree with how we process your personal data, you can submit a complaint to the Norwegian Data Protection Authority.
We have established procedures which ensures that we handle personal data in a suitable and organizationally secure manner. We regular assess all vital systems which are used to handle personal data. We have signed agreements which imposes suppliers of these systems to ensure satisfactory information security.
Access to personal data (and customer-/case-information) is limited to personnel who need access to perform their tasks.
We regularly train employees in safety measures and the use of IT-systems.
We may make minor changes to this privacy statement. You will always find the latest version on our website. In the event of significant changes, you will be given notice.