Privacy and cookies statement for Seaweed Solutions AS
When you are in contact with Seaweed Solutions AS (hereinafter referred to as “we” or “us”) it may be necessary for us to process personal data about you. We care about your privacy and take this seriously. We have therefore prepared this privacy statement to provide you with information on how we handle your personal data and what rights you have pursuant to the Norwegian data protection regulations, including the General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (hereinafter the "applicable data protection regulation").
Who is the controller?
Seaweed Solutions AS is the controller and thus responsible for the personal data that is processed in connection with providing you with information and offering you services on our website (www.seaweedsolutions.com) (hereinafter the "Services"). Further, we act as the data controller for any processing of personal data in connection with an existing or potential contract with the company you represent.
Our contact information:
Business registration no.: 993 491 780
Address: Bynesveien 50C, 7018 Trondheim
Telephone: +47 976 56 695
Seaweed Solutions AS consists of multiple business areas. Each of these business areas may have websites and services that necessitate further specification beyond that which emerges in this privacy statement. In such cases, specific privacy statements will come in addition to this privacy statement. Where this is relevant, you will be informed.
Our processing of personal data
Which personal data we collect and process, the purpose, and the legal basis for such processing depend on our relationship to you and your contact with us. An overview of our processing in the various situations is found below.
We do not undertake profiling or fully automated processing of your personal data.
In general, we do not process any special categories of personal data about you, such as sexual orientation or health data. Further, we only process your personal data to the extent that it is necessary for the performance of the Services described in this privacy statement or any other contractual obligation, including as required by legal obligations, for pursuing our legitimate interests, or to the extent you have consented to any processing.
We collect certain information from your computer or internet connection when you visit our website and use our digital services, such as IP address, the type of browser used, and the date and time of the visit.
We collect this information to uphold our legitimate interests in being able to display our website to you, measuring and improving the performance of our digital channels, as well as marketing our products and services (ref. GDPR art. 6(1) letter f).
If you contact us
When you contact us, for example in relation to media, through the contact form on our website or in other ways, we will process personal data about you.
The personal data we collect about you will typically be your name, email address, company name, the nature of your inquiry, and other information you wish to share with us, and which is regarded as being necessary to respond to your inquiry.
We collect and process this personal data to uphold the legitimate interest we have in replying to your requests or questions (ref. GDPR art.6(1) letter f).
Our business activity
It may be necessary for us to process personal data about you if you are employed with one of our customers, suppliers or partners, or if we are contacted regarding our investment activity or financing.
The personal data we process in this context will most often be contact information such as your name, email address and telephone number, as well as information about your employer and your position. Furthermore, we will process other information which you provide to us, or which emerges from our contact with you, to the degree deemed necessary for the specific process.
We collect and process this personal data to be able to carry out our contract with the company you act on behalf on and to be able to perform tasks linked to our business activity (ref. GDPR art.6(1) letter f), including for example enabling cooperation with your employer.
We are required by law to process personal data in certain cases, including in connection with documenting compliance with obligations in relation to tax, accounting or legal processes. In this connection, it may be necessary to process personal data about you. This could, for example, be necessary if your name is listed on an invoice or contract subject to retention obligations.
The legal basis for such processing is for compliance with a legal obligation to which we, as the data controller, are subject (ref. GDPR art. 6(1) letter c).
The information will be deleted when the purpose of the processing is fulfilled, such as for example where the reporting obligation is fulfilled or we are no longer required to retain the information.
In connection with our business activity, we may perform a due diligence process (company review) of other companies (business partners). This work will include obtaining personal statements, non-disclosure agreements and background checks and security assessments of employees in the relevant company.
Personal data such as name, gender, position and information available to the general public which we deem necessary for the company review.
The legal basis for our processing of personal data in a due diligence process is our legitimate interest in verifying our business partners, and maintaining the necessary levels of quality and security in our processes, services, deliveries and premises (ref. GDPR art. 6(1) letter f).
If the necessary processing is of such a character that it cannot be warranted by our legitimate interest, we will obtain your explicit consent (ref. GDPR art. 6(1) letter a).
In connection with job applications
When you apply for a job with us, we will typically collect your CV and application text, and thus information about previous employment, length, position category, percentage (full-time/part-time), area of responsibility and other information you wish to share in your job application, or which otherwise emerges during the application process.
Our basis for processing personal data about you in an application process, is that this is necessary in order for us to enter into a potential agreement with you concerning a permanent or temporary position (ref. GDPR art. 6(1) letter b).
As regards candidates who are not hired, the CV and application will be deleted when a person is employed in the position for which you applied. If we wish to retain your CV and application, we will specifically request your consent for this, and these documents will then be stored in our internal archive systems for assessment in relation to other relevant positions that may be of interest at a later date (ref. GDPR art. 6(1) letter a). Your personal data will be stored for up to 3 years, if you want your application to be available in our archive system. You may withdraw your consent to further storage of your CV and application at any time.
Sharing personal data
In certain cases, it is necessary for us to share your personal data with our data processors. These are typically our service providers within operations, security, maintenance and IT that provide technical solutions such as storage services. We will not share your personal data with others unless you either give us your consent to do so (ref. GDPR art. 6(1) letter a), or if we have legal basis to share your data, e.g. if it is necessary to provide you with a contractual service (ref. GDPR art. 6(1) letter b), if we are required by law to disclose your personal data (ref. GDPR art. 6(1) letter c), or it can be justified on the basis of our legitimate interest in doing so (ref. GDPR art. 6(1) letter f).
To safeguard your rights, we have entered into data processing agreements with all our data processors pursuant to GDPR article 28, which e.g. entails that your personal data cannot be used for any other purpose than what we have agreed with you.
Our use of data processors may entail that your personal data will be transferred to data processors located in countries outside the EU/EEA. This means that personal data may be transferred to a country with regulations that do not provide the same degree of protection of personal data as the rules in Norway/EU/EEA. In order to ensure your privacy, such transfers will only take place in accordance with the prevailing data protection legislation, hereunder GDPR chapter 5, for example via contractual systems approved under applicable data protection legislation, such as agreements including EU standard contractual clauses (SCC).
In this link you will find an up-to-date list of Seaweed Solutions' existing data processors that process personal data on our behalf.
Other third parties
We do not pass on your personal data to other third parties unless there is a lawful basis for such disclosure of data or you give us your consent to do so (ref. GDPR art. 6(1) letter a). Examples of such lawful basis are that it is necessary to provide you with a contractual service (ref. GDPR art. 6(1) letter b), we are required by law to disclose your personal data (ref. GDPR art. 6(1) letter c), or it can be justified on the basis of our legitimate interest in doing so (ref. GDPR art. 6(1) letter f).
Disclosure of personal data may entail that your personal data is transferred to third parties located in countries outside the EU/EEA. In order to ensure your privacy, such transfers will only take place in accordance with the applicable data protection legislation, hereunder GDPR chapter 5, such as agreements including EU standard contractual clauses (SCC).
Securing our IT solutions
Both our data processors and we have implemented appropriate technical and organizational measures to ensure a sufficient level of security when processing your personal data and to prevent loss or unlawful processing (ref. GDPR art. 32). Such measures include, for example, protection of infrastructure and office buildings, technical facilities and stipulating requirements for our personnel and subcontractors, including security measures prescribed in GDPR. Our IT solutions are made up of systems in our own data center, as well as in cloud solutions.
Deleting personal data
We comply with the applicable data protection legislation, including the rules relating to deleting personal data. This means that we delete or anonymize your personal data when it is no longer necessary to store this data to fulfill the purpose for which the personal data was collected.
This means that if the processing, for example, is based on your consent, we will delete the personal data if you revoke your consent, unless there is some other valid basis for continuing to process the personal data.
For example, we will also delete your personal data when we have answered your inquiry, or we are informed that the cooperation with your employer has ceased.
If our legitimate interest in processing your personal data has lapsed, for example if we are informed that you are no longer employed with our partner, we will delete your personal data.
If a statutory storage obligation exists, the personal data will be deleted when this storage obligation ceases.
With certain reservations, you have the right to demand access, correction or deletion of the personal data we process concerning you. You also have the right to demand restricted processing and the right to request transfer of your personal data (data portability) in a common, machine-readable format if certain conditions are fulfilled. Further, you have the right to object to our processing of your personal data if this is justified by special circumstances on your part.
If our basis for processing rests on your consent, consent is voluntary and you can revoke such consent at any time.
You can read more about what your rights entail and when they apply, see the (Norwegian) Data Protection Authority’s website: www.datatilsynet.no .
Note that demands for deletion of data may be restricted due to our statutory obligations, for example as a consequence of the Accounting Act and the Bookkeeping Act, or if this can come at the expense of other persons’ rights to privacy.
If you wish to assert one or more of your rights, contact us as described below under “contact information”. We will respond to your inquiry as soon as possible, but no later than a month after the receipt of your inquiry.
Appeal concerning processing of information
If you believe that we are processing information unlawfully, you have the right to appeal to the Data Protection Authority. We hope that you will contact us first, so that we can assess your objections and clear up any misunderstandings.
Visiting https://seaweedsolutions.com/ and cookies
The personal data collected through the cookies is, among others, IP address, the type of browser used, the date and time of the visit. The information is not used to identify the user.
The information collected through Google Analytics is stored on Google's server in the US. Google is regarded as a data processor. Please see the section on "Data processors" above for more information on our use of data processors.
Feel free to contact us if you have questions, comments or if you wish to exercise your rights or complain regarding how we process your information.
You can use the following contact information:
Contact: E-mail: firstname.lastname@example.org
You can also contact the Data Protection Authority, see www.datatilsynet.no .
Changes in the privacy statement
We may update the privacy statement from time to time if, for example, we change our guidelines, or in connection with changes in legislation. You will be notified if we make any significant changes. You can always find the latest version of our privacy statement on our website, https://seaweedsolutions.com/ .
Last updated: April 2023