Privacy statement for FOSS AS
This Privacy Statement describes how FOSS AS Fiberoptisk Systemsalg, hereinafter referred to as FOSS, collects and uses personal data.
FOSS, through its General Manager, is the Data Controller for the company’s processing of personal data. It will be specified under each individual point where the daily responsibility is delegated. Delegation refers solely to tasks rather than the responsibility. The statement contains information that you require when data is collected from our website (§ 19 of the Personal Data Act) and general information about how we process personal data (§ 18, 1st paragraph of the Personal Data Act).
Processing of personal data on www.fossfiberoptikk.com
The Market Manager has daily responsibility for our processing of personal data at fossfiberoptikk.no. It is optional for visitors to the website to provide personal details in relation to services, such as receiving the newsletter. However, access to our e-commerce solution requires users to consent to providing certain personal data. The basis for processing is consent from the individual, unless otherwise specified.
FOSS uses an external supplier for our web and e-commerce solution (data processor). This supplier is responsible for the operation, development and maintenance of the website.
Data collected in connection with the operation of the website is stored on separate servers operated by the supplier. Only FOSS and the data processor have access to these data.
A separate data processing agreement between FOSS and the data processor regulates which information the supplier has access to and how it should be processed.
Contact Information
Email: firmapost@foss-as.no
Telephone: +47 32 21 08 00
Postal address: PO Box 3614, N-3007 Drammen, Norway
FOSS collects anonymous data about visitors to fossfiberoptikk.no. The aim of this is to prepare statistics that we use to improve and further develop information services on the website. Examples of what the statistics provide answers to are how many people visit different pages, how long their visit lasts, which websites users arrive from and which browsers they are using.
This data is processed anonymously. By anonymous is meant that we cannot trace the data we gather back to the individual user.
Cookies are small text files placed on your computer when you download a web page. Below is information about the use of cookies.
The storage and processing of this data is not permitted unless the user has both been informed and given their consent for processing to take place. The user should be informed of and should approve which data are processed, and should be informed what the purpose of processing is and who will process the data, cf. § 2-7b of the Electronic Communications Act.
By entering and retrieving information and/or using services on our websites, you consent to cookies being placed in your browser given that most browsers are set to automatically accept cookies. If you do not want to accept our use of cookies, you may withdraw your consent by changing the settings in your browser. However, please note that this may lead to services on our website performing sub-optimally.
For details about this, see the help guide for your own browser.
OUR WEBSITES USE THESE COOKIES:
Google Analytics
Google Analytics is a web analytics tool provided by Google, Inc. (‘Google’). Google Analytics uses cookies to analyse how users use the website. The information generated by a cookie like this when you use the website in question includes your IP address, which is sent to Google and stored on servers in the USA. We use anonymizeIP, a feature which means that individual users cannot be identified.
Google uses this information to evaluate use of the website, compile reports about activities on the website for the owner of the website, and to provide other services related to activities on the website and use of the Internet.
Google may also transfer this information to third parties if this is required by law or in cases where third parties process information on behalf of Google. Google will not connect your IP address to other data Google holds. Our websites use Google Analytics to analyse the use of the websites. We receive information about which pages are visited most, where users come from, at what time pages are visited the most, etc.
JSESSIONID is a standard Java cookie that allows the web server to improve your online experience by remembering your actions and choices on pages. This is a session cookies that is deleted when you close your browser.
FOSS sends out a newsletter 1-2 times per month by email. In order to send you emails, you must register an email address. We use external providers of email and CRM as data processors in connection with these newsletters. Email addresses are stored in a separate database and are not shared with other parties.
FOSS uses software for production management, for logistics including following up on orders, in its sales and marketing work, for dispatch, approval and archiving of invoices, and for scanning and approval of relevant incoming letters and invoices.
None of your sensitive personal data is stored in these systems. Only information related to orders, invoices, offers and other work-related data is stored.
Additionally, contact details such as email addresses, role and phone numbers are stored, and, if you have given consent, information about which product areas you wish to receive details of.
FOSS maintains this type of information in order to provide you with the best possible follow up and service, and to ensure that we comply with our statutory obligations (including accounting in accordance with accountancy regulations).
Data processor agreements have been established with the suppliers set out above and they do not disclose data to third parties.
For security reasons, we have chosen not to state which supplies this applies to here, but this information is available upon request.
Foss uses email, chat and phone as part of its daily work to follow up on our obligations to customers and suppliers, and with other internal and external contacts. Daily responsibility for processing personal data in relation to the use of email, 'chat’ or phone calls lies with the individual manager of any department in which these methods are in use. Relevant details that emerge from telephone calls, emails or ‘chat’ exchanges that occur as part of case management are archived. This data is processed in accordance with the description above (see ‘Operational information and archiving’).
Individual employees are responsible for deleting messages that are no longer relevant, should review and delete unnecessary content from their email inbox at least once per year. When an employee leaves their job, their email accounts are deleted but relevant emails will normally be transferred to colleagues or stored in our CRM system (see ‘Operational information and archiving’).
Sensitive personal data should not be sent by email or ‘chat’.
Please note that personal data you send directly via email or ‘chat’ is not encrypted. Therefore, we do not encourage you to send secret, sensitive or other confidential details via email.
We do not log telephone calls. However, the employee you have been in contact with will be able to see an overview of their last calls on their phone. If a telephone call is connected to an individual case, a memo of the call may be written and stored in our CRM system. This is to allow us to follow up on the case and provide you with a relevant response to your inquiry. There is no systematic registration of telephone calls where the caller can be identified.
LIST OF COURSE PARTICIPANTS
When you register for a course, information is stored for use in course administration, to levy course fees, for the production and issuance of course certificates, etc. FOSS is the data controller for the processing of personal data in relation to this.
LIST OF VISITORS
Visitors to FOSS’ premises will be added to a list. The list will be kept for a maximum of two years after the visit. This is done to ensure that we know who is on the premises from a fire and safety perspective, and to enable us to see who was on the premises retrospectively.
Foss administers the privacy ombudsman scheme in accordance with § 7-12 of the Personal Data Regulation, and our CFO holds daily responsibility for this area. The scheme is voluntary and aims to increase expertise relating to personal data privacy in different parts of companies. FOSS’ processing of personal data in connection with this scheme is consent-based.
One of the privacy ombudsman’s tasks is to assist in the protection of rights for those whose data is registered with the company.
The principles for handling personal data by email and telephone also apply to communication with the representatives (see ‘Email, chat and phone’).
Foss processes personal data about its employees in order to administer salaries and dispense its HR duties. This is pursuant to § 8, first paragraph of the Personal Data Act and § 8 a), b) or f), as well as § 9 a), b) and f). The head of administration has daily responsibility for this. Necessary details will be registered for the payment of salaries, including basic data such as salary level, registered hours, tax rate, tax municipality and union membership. Other details about employees are related to their work instructions and facilitation of their work.
Furthermore, information is also recorded in relation to key administration of entry and exit stamping, and details of access control in the IT system, as well as information obtained from the employees themselves. This information will only be disclosed in connection with salary payments and other lawful disclosures. Deletion procedures for personal data comply with the Accounting Act and the Archives Act. Names, positions and work areas are considered to be public information and may be published on fossfiberoptikk.no, and on our intranet.
All job applications will be stored in our electronic archive for approx. two years before being destroyed. All other documents, including applicant lists and reports, will be retained. It is the relevant department manager who is responsible for this. Record data is not deleted, but is protected in a separate electronic and/or manual archive.
Exception:
- All previous and current employees have their own staff file in our archive system.
Job applications are archived/stored here. Staff files are cleared upon termination of employment. Staff files are archived to allow for future reference checks and in the event of inquiries from the public authorities. Access is limited to service needs.