Itera Privacy Policy

Data controller responsibility

Itera is the data controller for all processing of personal data where we ourselves determine the purpose of the processing and the means used. This Privacy Policy provides more information on the processing operations for which Itera is the data controller.

Itera, acting through its CEO, is the data controller for the organisation’s processing of personal data. Each individual section below provides information on any day-to-day responsibilities that have been delegated at Itera. The CEO only delegates the tasks involved, not the responsibility. This Privacy Policy contains the information to which you have a right when data is collected by our website (the Norwegian Personal Data Act, Section 19), as well as general information regarding how we process personal data (the Norwegian Personal Data Act, Section 18, first paragraph).

If you have any questions regarding the Itera Group Privacy Policy or any of the approaches we have adopted, please contact us by email using dpo@itera.no.

Contacting our Data Protection Officer

You can contact our Data Protection Officer, although not with all types of question. Enquiries sent to our Data Protection Officer must concern Itera’s processing of personal data (situations in which Itera is either the data controller or the data processor, cf. GDPR), and they must also mainly relate to personal data about you or a group that you represent. Examples of such enquiries might be questions related to your rights, accessing your own data etc, cf. GDPR, Article 15. It is important for us to make clear that you can always consult our Data Protection Officer. If you feel that the Data Protection Officer is unable to provide you with sufficient help, we ask that you contact Itera - see https://www.itera.com/en/contact

Itera’s Data Protection Officer is Tor-Ståle Hansen, and he can be contacted by email on dpo@itera.no.

Itera’s Data Protection Officer is a member of the Norwegian Association of Data Protection Officers, and he is a PECB-certified Data Protection Officer (DPCDPO1029037-2018-04).

If you would like to send your enquiry by post, please use the following address:

Itera ASA
PO Box 4814 Nydalen
0422 Oslo, Norway

Attn: Data Protection Officer (Personvernombud)

For all other enquiries, please see the following page on Itera’s website: www.itera.com/en/contact

When does Itera process personal data?

Itera mainly processes data about you in the following situations:

  • You have sent us an enquiry, question or complaint by post or email or in another format
  • You have signed up for an event, competition etc.
  • You subscribe to our newsletters
  • You have applied for a job at Itera
  • You have a business relationship with Itera as a partner or customer
  • You are a journalist and have contacted us for a statement
  • You have visited our website or used other communications media operated by Itera

We may also process personal data about you as a result of other processes and from other information flows.

 

What is personal data processing?

Personal data processing means any type or form of operation which is performed on/with personal data, with or without automated means, directly and/or indirectly. Examples of such operations include:

  • Collection and recording
  • Organisation, structuring and storage
  • Adaptation and alteration
  • Retrieval and consultation
  • Use and disclosure
  • Alignment and combination
  • Restriction, erasure and destruction

What is a personal data breach?

As a data controller, Itera is responsible for preventing personal data breaches when your personal data is being processed at our organisation.

Personal data breaches can occur in a range of ways, for example if:

  • A third party gains unlawful access to your personal data
  • Data on employees, customers or partners that is registered in Itera’s IT systems is out-of-date, incorrect or significantly incomplete
  • Data on employees, customers or partners is used for purposes that are entirely different from those for which it was collected
  • Data on employees, customers or parties is recorded, changed or erased in Itera’s IT systems without Itera having the permission to do so.

More information on personal data is available on the website of the data protection authority for your country. We have provided links to the data protection authorities for the countries in which Itera currently has offices/activities (as at March 2021).

The Norwegian Data Protection Authority: https://www.datatilsynet.no

The Danish Data Protection Agency: https://datatilsynet.dk

The Office for Personal Data Protection of the Slovak Republic: https://dataprotection.gov.sk/uoou/

The Ukrainian Parliamentary Commissioner for Human Rights: http://www.ombudsman.gov.ua/en/page/secretariat/

The Swedish Authority for Privacy Protection: https://www.imy.se

The Icelandic Data Protection Authority: https://www.personuvernd.is

For an English language website, see the website of the UK’s Information Commissioner’s Office: https://ico.org.uk

When Itera processes your data

Your rights

You can exercise your rights by sending an email to our Data Protection Officer using dpo@itera.no, or by sending a letter to:

Itera ASA

PO Box 4814 Nydalen

0422 Oslo, Norway

 

Attn: Data Protection Officer

You have a right to receive a response without undue delay and within one month at the latest. If you do not receive a response or you disagree with the response or otherwise feel that Itera has not fulfilled its obligations, we ask that you contact the Norwegian Data Protection Authority for assistance with your case.

 

Right of access to your own data

You can ask for a copy of all the data we process about you.

 

Rectification of your personal data

You can ask us to correct or add to any data that is incorrect or misleading.

 

Erasure of personal data

In given situations, you can ask that we erase data about you.

 

Restriction of processing of personal data

In some situations, you can ask us to restrict our processing of data about you.

 

Objecting to the processing of personal data

If we process data about you on the basis of our tasks or following an assessment of the balance of interests, you have the right to object to our processing of data about you.

 

Data portability

If we process data about you on the basis of consent or a contract, you can ask us to transfer the data about you to you or to another data controller.

More information on your rights can be found on the website of your local data protection authority.

 

You can complain about our processing of personal data

We hope that you will tell us if you think that we are not complying with the rules of the Norwegian Personal Data Act. In the first instance please tell us via your contact person or the channel you already use to contact us. You can also contact our Data Protection Officer to ask for advice and guidance. Our Data Protection Officer is subject to a duty of confidentiality if you want to report a matter in confidence.

 

You can also complain about our processing of personal data. You can do this by contacting your local data protection authority.