Privacy notice

This privacy notice explains how we processpersonal data in Be Your Best as per the General Data Protection Regulation (GDPR).

Please note that this entire document is protected bycopyright and you may not copy any text from it.

 

Ourcontact details are:
Company name:Be Your Best  
Organisation number: 915 224 628
Country: Norway
Contact email address: contact@beyourbest.com

Your data protectionrights

●      Yourrights of access and rectification: You may request access to or a copy of the information we processabout you and ask us to rectify any incorrect data.

●      Yourright to erasure or restriction:In some circumstances, you may ask us to delete and/or restrict our processingof your data, but we cannot delete any data we are required to process.

●      Yourright to object to processing:In some circumstances, you may ask us to stop processing your data.

●      Yourright to data portability: Insome circumstances, you may ask us to transfer your data to you or to anotherorganisation.

●      Also, if you’re unhappy about how we processyour data, you have a right to complainto a national data authority.We hope, however, that you will contact us first so that we can try to resolvethe matter for you in a satisfactory way.

Please contact us if you have any questionsabout or want to exercise one of your rights. You are entitled to a replywithin 30 days.

Who we process information about and how we collect it

We typically process personal data about:

●      Customers

●      Clients

●      Prospects

●      Leads

●      Partners

●      Website visitors

●      Job applicants

●      Employees

●      Former employees

We process personal data when you:

●      buy our products or services

●      provide us with your contact details, e.g. giveus your business card

●      contact us via phone, text, email, social media,or our website

●      otherwise use our website, e.g. leave a comment (cf.our cookie policy provider)

It is voluntary to provide us with personaldata, but if you choose not to, we may not be able to provide you with ourservices. We do not rent, buy or sell personal data from or to others, useautomated decisions or profiling in the processing of your personal data, orprocess special category data.

Type of information we process, why and the lawful bases

Under the GDPR Article 6-1, the lawfulbases we rely on for processing your information are:

a)    Yourconsent

b)    We have acontractual obligation (contract)

c)    We have alegal obligation

f)     We have alegitimate interest

We process personal data when:

You communicate with us

When you contact us through the website(contact form), e-mail, phone (call, text message), social media and/or give usyour business card, we process personal data. Depending on where and how youcontact us, this may include contact details, IP address and other informationyou choose to send to us. We use a CRM (Customer Relationship Management)and/or a customer support system to process personal data on customers andleads.

The purpose is to be able to respond toyour inquiries and, on some occasions, to keep records in case of complaints orlegal claims. The lawful basis is f), where the legitimate interests are to beable to respond to your inquiries and, on some occasions, to keep records incase of complaints or legal claims.

You purchase our products and services

When you purchase products and servicesfrom us, we process personal data such as contact details, order and paymentdetails as well as purchase history. The purpose is to be able to fulfil ourobligation to deliver products and services you have purchased and to managethe customer relationship. The lawful bases are b) contract and c) legalobligation.

You receive marketing as an existing customer

If we have an existing customerrelationship with you as per the Norwegian Marketing Control Act § 15, we cansend you marketing via email and text messages. The purpose is to provide youwith good customer service and the lawful basis is f), where the legitimateinterest is to offer our relevant products and services. The lawful basis mayalso be a), where you have given us your consent.

You can opt out of the marketing at anytime by unsubscribing in any marketing email or text message you receive.

You apply for a job or work at our company

When applying for a job with us, we processpersonal data such as contact details, CVs, references and other relevantinformation. The purpose is to be able to evaluate your application. The lawfulbasis is b) (necessary for theperformance of a) contract, and possibly GDPR Article 9 (2) b) and h) ifyour application contains special categories of personal data.

For employees, we process personal data asmentioned above, in addition to other general employment data (for payroll,insurance, sick leaves etc.). The purpose is to be able to manage theemployment relationship. The lawful basis for this is b) contract, and possiblyArticle 9 (2) (b) and (h) for special categories of personal data.

You supply services to or collaborate with us

When you enter into an agreement with useither as a vendor, partner or data processor, we process personal data such ascontact details and correspondence. The purpose is to be able to enter intothis agreement and to respond to your inquiries and the lawful basis is b)contract.

You use our website

When you use our website, we processpersonal data such as IP address and other technical data collected via cookiesand analytics tools. The purpose is to provide you with a good user experienceand to analyse user behaviour so that we can continuously improve and developour website and service offerings. The lawful basis is f), where our legitimateinterests are to provide you with a good user experience, as well ascontinuously improve our website and service offerings. Read more in our cookiepolicy, here.

Howlong we retain and when we delete your data

Your personal data is only retained for aslong as we have a purpose and a lawful basis:

●      Until you withdraw your consent (e.g. for emailand SMS marketing)

●      For as long as we have a contractual obligation,and, if applicable, in accordance with accounting and bookkeeping rules (e.g.for sales)

●      For as long as we have a legal obligation; inaccordance with accounting and bookkeeping rules and/or other legalrequirements (e.g. for employment)

●      For as long as we have a legitimate interest oruntil you ask us not to process your data in such a way (e.g. marketing toexisting customers)

As a rule, employee information is deletedwhen the employment relationship ends, unless exceptional reasons (such as adismissal or dismissal dispute) make it necessary to keep it longer. Jobapplicants can ask us to retain their data for other applications in the future,otherwise the information is deleted when a candidate has been selected.

You can always withdraw your consent forany data processing based on consent, and you can reach out to us at any timeif you’d like us to stop processing and/or ask us to delete any of your data.

We have routines in place to ensure thatpersonal data is deleted from all relevant systems when we no longer have apurpose and/or legal basis to continue to process them.

Whowe share personal data with

In order to run our business efficientlyand securely, we sometimes will have to share your personal data with otherparties such as:

●      Data processors: providers of various servicesthat process your personal data on our behalf (e.g. for IT and administrativeservices, accounting, cloud storage, web hosting, e-mailing etc.)

●      Professional advisors from industries such aslaw, finance, accounting, auditing and insurance

●      IT and other systems support, e.g. for ourwebsite, course portal, cloud storage etc.

●      Public authorities we are obliged to report to

We require that all such recipients securedata in accordance with good information security and as per the requirementsof this Privacy notice. We enter into a data processing agreement with everyonewho processes data on our behalf.

Transferof personal data outside the EU/EEA

In some cases, your personal data will betransferred outside the EU/EEA, e.g. where we use data processors to managecloud storage, email services, web hosting etc.

We only use data processors we trust, thatare well known and that we have entered into a data processing agreement with.We also make sure necessary safeguards are in place like Privacy Shield forAmerican data processors and/or the EU Model Clauses.

Informationsecurity

We take information security seriously andwe will always do our utmost to safeguard your personal data in the bestpossible way. For example, we use strong passwords, data encryption, accesscontrol and two-factor authentication to secure our data and preventunauthorized persons from accessing, altering, deleting, or in any wayaffecting the data we store, including your personal data.

We only allow others to access and/orprocess your personal data in accordance with our instructions, and only whenstrictly necessary (e.g. when we require IT support).

We have implemented a policy for technicaland organisational measures and a routine for managing data breaches. If weexperience a personal data breach, i.e. a breach of security leading to theaccidental or unlawful destruction, loss, alteration, unauthorised disclosureof, or access to, personal data, and it poses a medium to high risk for thepeople affected, we will notify the national data authority (Datatilsynet)within 72 hours. If the risk is deemed high for the people affected, we willalso notify them directly, if possible.

Please note that this entire document is protected bycopyright and you may not copy any text from it.