Privacy statement Biowater Technology AS

This privacy policy explains how Biowater Technology AS (hereinafter «Biowater» or «we»)  collects and uses personal data. Personal data is information that can be linked to you as a  person. All processing of personal data takes place in accordance with Norwegian law,  including the Personal Data Act, which includes the EU’s Personal Data Protection Regulation  (GDPR).  

The privacy policy applies to all visitors to our website and our pages in social media, contact  persons we have with our business customers and the public, suppliers and partners, in  addition to private individuals who participate in our events and people who otherwise contact  us, as well as for those who work with us or are looking for a job with us.  

Below you will find information about which personal data we process, the purpose and basis  for such processing, how we ensure safe and proper processing of the data and what rights  you have in connection with the processing.  

The controller for the personal data within Biowater by the general manager. Contact details  for inquiries related to the personal data we process appear in point 8 below.  

1 WHICH PERSONAL DATA WE PROCESS, THE PURPOSE AND ON WHAT LEGAL  BASIS IT IS PROCESSED  

We use cookies on the website, so that when you visit our website, some information is  automatically registered. They are both necessary. functional cookies and cookies for  statistical and marketing purposes depending on your consent settings. You can read more  about our use of cookies here .  

If you send us an inquiry using our contact form or email, we will record your name,  telephone number, email and any other personal information you provide. The processing  takes place on the basis of the consent you have given by sending us your inquiry, and our  legitimate interest in such processing to be able to help you with your request.  

In order to enter into and administer our customer agreements with  

municipalities/companies/organisations, as well as supplier and cooperation agreements, we  process the name, position, telephone number and e-mail address of the contact person(s),  as well as any correspondence relating to the conclusion and fulfillment of the agreement. The  processing takes place on the basis of consent or agreement with us, as well as our legitimate  interest in such processing in order to enter into and manage our agreements.  

In order to be able to manage inquiries relating to recruitment for new positions, we register  your name, contact information, your CV, application, certificates, references and other  submitted information about you. Processing takes place on the basis of the consent you have  given by applying for the position, as well as our legitimate interest in such processing in  order to manage our employment processes.  

We also have pages on the media platforms Linkedin, X, Youtube and Instagram. There we  post and share content, information and images regarding our projects, activities and the like.  We collect all communications, content and other information you provide us directly on our  social media pages, for example if you comment on our posts or send us a private message  via these media platforms. We are the data controller for this information. The platform  owners also record how you use these pages with the help of cookies and other similar  technology every time you visit one of their pages. Among other things, they use this to  provide us with usage analyses, so-called «Page Insights» analyses, which contain statistics  based on anonymised information about those who visit the company pages. This allows us to  optimize our pages and adapt to the interests and habits of the users of our social media  pages. If you have a profile, we can see what you post there, that is, your username and  other profile information in addition to what you post publicly. The various media platforms  also use your information for their own purposes, and further information about this can be  found in their respective privacy statements. 

2 DISCLOSURE TO OTHERS  

We will not disclose your personal data to others unless there is a legal basis for such  disclosure or it is stated in this privacy policy. Examples of such a basis are an agreement  with you or a statutory duty to hand over the information. Examples of relevant recipients are  payment intermediaries for carrying out your payment for purchases.  

We use data processors to store or otherwise process personal data on our behalf. Examples  of such data processors are our supplier who operates our IT systems. In such cases, we have  entered into agreements to safeguard information security at all stages of the processing and  ensure that they process the information in accordance with the regulations. Our data  processors cannot process your personal data in any other way than what has been agreed  with us and described in this privacy policy.  

3 STORAGE LOCATION  

We and our data processors store the personal data on servers in Norway and elsewhere  within the EEA area.  

4 STORAGE PERIOD AND DELETION  

We store your personal data for as long as is necessary to fulfill the purpose of the processing  as described in point 1, or statutory obligations, for example obligations under the  Bookkeeping Act.  

Contact information and other personal data will be kept up-to-date and correct as far as  possible, and deleted when they are no longer relevant.  

Personal data we process on the basis of your consent will be deleted when the consent  ceases or is withdrawn, unless it follows from legal requirements or other grounds for  processing that we still have to keep the relevant data for a certain period of time.  

Storage of anonymised information is not subject to the above-mentioned time limits or  deletion requirements. 

5 PROTECTION AND INFORMATION SECURITY  

Protecting your personal data is a high priority task for us, and we work continuously to  protect personal data and other confidential information. Our security work includes both  physical, technical and administrative measures.  

Access to your personal data is limited to employees and hired consultants who have a  legitimate need for such access. We will provide training to employees and third parties where  relevant, to promote awareness of our privacy policies and procedures.  

The security work also means that we regularly review various factors such as risk exposure,  available technology, business needs and legal requirements. This is to ensure that we have  sufficient security measures in place at all times, including to avoid personal data going  astray.  

6 YOUR RIGHTS  

You have the following rights with regard to the personal data we process about you:   Access: You can ask to know what personal data we have registered about you.  

 Correction: You have the right to have incorrect, incomplete or irrelevant information  about you corrected.  

 Withdraw consent: You can withdraw your consent to our processing of your personal  data at any time . 

 Data portability: You can request that the personal data you have provided to us be  provided in a format that can be transferred to another business  

 Deletion: You can demand that we delete personal data we have stored about you  without delay.  

 Restrict/object to the processing: You have the right to have the processing restricted in  certain cases, such as when:  

You dispute the correctness of the personal data – the processing is stopped for a period  that enables us to check the correctness of the personal data  

The processing is illegal, and you object to the deletion of the personal data and instead  request that the use of the personal data be restricted  

We no longer need the personal data for the purpose of the processing, but you need it  to determine, enforce or defend legal claims  

You can also object to processing according to GDPR article 21 no. 1 pending the check of  whether our legitimate interests take precedence over your privacy  

 Information in the event of a breach of personal data security: If a breach of personal  data security entails a high risk for your rights and freedoms, we are obliged to notify  you.  

To exercise your rights, you can contact us as described under point 8 below. We will respond  to your inquiry as soon as possible and within 30 days at the latest.  

If you believe that our processing of personal data does not comply with this privacy policy or  the privacy legislation, you have the right to complain to the Norwegian Data Protection  Authority. Feel free to contact us first, in case there is something we can rectify quickly. For  contact information at the Norwegian Data Protection Authority and further information on the  right to appeal, see www.datatilsynet.no .  

7 CHANGES  

Biowater will change this privacy policy if necessary. We therefore recommend that you read  through our privacy policy at regular intervals when you visit Biowater.  

8 CONTACT INFORMATION  

For questions about this privacy policy or our processing of your personal data, please contact us  using the following contact information:  

Biowater Technology AS  

Grev Wedels gt. 1  

3111 Tønsberg  

post@biowater.no  

(+47) 91 11 16 00