Privacy Policy

Your privacy is important to Anteo. We are committed to ensuring that you understand how we handle personal information about you. In this privacy policy, we explain to you, among other things, what personal information we collect and process, the purposes for which we process your information, and provide information about your rights.

1. WHAT IS PERSONAL INFORMATION?

Personal information is any information that can be directly or indirectly linked to an individual, such as name, postal address, email address, IP address, and mobile number.

2. WHAT RESPONSIBILITY DOES ANTEO HAVE UNDER GDPR?

Anteo AS, Industrivegen 12, 7900 Rørvik, is the data controller for all processing of personal data where we determine the purpose of the processing of the information and the means we use for this. In this privacy policy, you can read more about the processing activities for which Anteo is the data controller.

As the data controller, we must process your personal data in accordance with our obligations under applicable data protection laws, including the Personal Data Act and the EU General Data Protection Regulation ("GDPR").

As the provider of the Anteo SaaS Platform, Anteo acts as a data processor for the processing of personal data carried out on behalf of our customers in connection with the delivery and administration of the platform, including processing data in connection with the registration of a user account and further use of the platform. Our obligations as a data processor are regulated in a separate data processing agreement with our customers (who are considered data controllers).

3. WHO DO WE PROCESS PERSONAL INFORMATION ABOUT?

This privacy policy pertains to our processing of personal information about the following individuals:

Contacts at our customers

Visitors to our website

Individuals applying for positions with us or whom we otherwise recruit

Others who in any way come into contact with us

4. WHAT PERSONAL INFORMATION DO WE PROCESS?

The personal information that we collect and process can be categorized as follows:

Basic information, such as name and contact details, including phone number and email address.

Demographic information, such as date of birth and gender.

Information related to our customer relationships, such as service and order information, payment details, and inquiries to customer service.

Information about visits to our websites (including information about your IP address, date and time of visit, type of PC/mobile phone, operating system and browser you use, and which country you are located in, etc.).

Any other information collected based on your consent. In such cases, you will receive specific information about the information we collect and its purpose when we request your consent.

Information shared by candidates applying for jobs with us, including information provided in resumes and applications.

Any other information shared with us in connection with inquiries, such as inquiries to our customer service.

5. HOW DO WE RECEIVE PERSONAL INFORMATION ABOUT YOU?

We may receive your personal information in various ways:

We receive personal information directly from you when you, as an employee of our customers, order our services or otherwise contact us, or in connection with recruitment when you apply for a position with us. This information is necessary for us to be able to deliver the service you have ordered or to follow up on your inquiries and any job application.

We receive personal information indirectly from you when you use our services, such as our websites. This information is important for us to be able to improve and further develop the services we offer you.

We receive personal information from other sources, for example, if your information is available in public registers.

It is, of course, voluntary to share personal information with us. However, certain information may be necessary to complete any agreement with our customers, including, for example, information used in connection with billing.

6. WHY ARE WE ALLOWED TO PROCESS PERSONAL INFORMATION?

Under current data protection legislation, we are obligated to base our processing of personal information on a legal basis. Our processing of personal information is based on one or more of the following legal bases:

You have given your consent to the processing of your personal information for one or more specific purposes (GDPR Article 6(1)(a)).

The processing is necessary for the performance of a contract with you (GDPR Article 6(1)(b)).

The processing is necessary to comply with a legal obligation that applies to us, including, for example, retaining information in accordance with accounting legislation (GDPR Article 6(1)(c)).

The processing is necessary for purposes related to a legitimate interest pursued by us, provided that your interests or fundamental rights and freedoms do not override and require protection of your personal information (GDPR Article 6(1)(f)).

If our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time.

7. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL INFORMATION?

We collect and use your personal information for various purposes depending on your relationship with us and how we come into contact with you.

Below, you can read more about the personal information we process, what we use them for (purpose), and why we are allowed to do so (legal basis).

Anteo uses personal information for the following purposes:

Delivering our products and services: We process personal information to deliver our products and services to our customers, including entering into agreements and managing our customer relationships. For example, personal information is processed in connection with email correspondence and order placements. In this regard, we process the following categories of personal information: basic information related to employees of our customers, such as names and contact details, as well as other information that may be shared with us. The legal basis for processing personal information in connection with entering into customer agreements and managing our customer relationships is GDPR Article 6(1)(b).

Development, improvement, and analysis: We process personal information to understand the needs of our customers and to improve and further develop our products and services. Among other things, we process information to compile statistics for the purpose of improving and developing the offerings on our website. In this regard, we process the following categories of personal information: information about IP addresses, the number of visitors to various pages, the duration of visits, where users come from, date and time of visits, types of PCs/mobile phones, browsers used, and the country you are located in. When information is processed for statistical purposes, the information is processed in anonymized and aggregated form (in a larger group of information). The legal basis for processing is GDPR Article 6(1)(f) - our legitimate interest.

Sales, marketing, and communication: We use personal information for marketing purposes in accordance with applicable law. These activities include marketing of products and services, including sending out newsletters and other information you have requested. We may also use your personal information to communicate with you, including following up on your inquiries, such as inquiries you send us using our contact form on our websites. In this regard, we process the following categories of personal information: basic information related to employees of our customers and potential customers, such as names and contact details, as well as other information that you may share with us. The legal basis for processing is GDPR Article 6(1)(f) - our legitimate interest.

Job postings and hiring: We use personal information to assess candidates applying for positions with us, whether unsolicited or in response to a job posting. In this regard, we process the following categories of personal information: the personal information provided in CVs and applications, as well as other information that the candidate may share with us. The legal basis for processing is GDPR Article 6(1)(f) - our legitimate interest.

Information security and abuse of services: We may process personal and traffic data to ensure good security in all our services. We may also process personal information to detect or prevent various types of fraud and abuse. In this regard, we process the following categories of personal information: log data, IP addresses, metadata, etc., and other information that you may share with us. The legal basis for processing is GDPR Article 6(1)(f) - our legitimate interest.

Compliance with legal requirements: We process personal information to fulfill our statutory obligations, such as in connection with accounting or providing information to competent authorities when required by applicable law. In this regard, we process the following categories of personal information: The categories of personal information processed depend on legal requirements. The legal basis for processing is GDPR Article 6(1)(c) - our legal obligations.

8. HOW DO WE ENSURE THE SECURITY OF YOUR PERSONAL INFORMATION?

We have established procedures and measures to ensure that unauthorized individuals do not access your personal information and that all processing of the information is in accordance with applicable laws. These measures include risk assessments, technical systems, and physical procedures to maintain information security.

9. WHO DO WE SHARE PERSONAL INFORMATION WITH?

We may share personal information with our technical subcontractors or other companies that perform tasks on our behalf. A company that processes your personal information on our behalf is called a data processor. If we engage a data processor, we enter into a data processing agreement that regulates how the data processor can process the information they have access to and their obligations in this regard, including the purposes for which the personal information can be used.

We may also share personal information with public authorities where there is a legal obligation to do so.

10. DO WE TRANSFER PERSONAL DATA TO OTHER COUNTRIES?

Anteo primarily uses subcontractors in the EU/EEA, but may also utilize suppliers outside the EU/EEA (so-called third countries), such as the USA. The personal data transferred includes the following categories of personal information: Basic information, such as name and contact details, including phone number and email address, information related to our customer relationships, such as service and order information, payment information, and inquiries to customer service, any other information shared with us in connection with inquiries, e.g., inquiries to our customer service.

If your personal data is transferred to third countries, we will ensure prior to the transfer that it takes place in accordance with the requirements set out in GDPR Chapter V.

Our transfer of your personal data to third countries is based on a prior decision by the EU Commission regarding an adequate level of protection (such as the EU-U.S. Data Privacy Framework for transfers to the USA) or that we enter into an agreement based on EU's standard contractual clauses (SCC) with the recipient of the personal data.

11. HOW LONG DO WE STORE PERSONAL DATA?

We store your personal data for as long as necessary to fulfill the above-mentioned purposes of processing the information. However, this does not apply if storage is legally required for a longer period than the purpose indicates.

For example, this means that personal data processed based on your consent will be deleted if you withdraw your consent. 

If the legal basis for processing is our legitimate interest, the information will be deleted when such legitimate interest no longer exists. Information stored in accordance with legal obligations will be deleted when the obligation ceases. For instance, we have retention obligations according to accounting legislation. Furthermore, accounting legislation requires us to store certain accounting documents for a specified period, typically 3.5 years or 5 years. Information shared by job applicants who did not get the job, including information provided in CVs and applications, will be deleted unless we have obtained consent for further storage.

Any other information shared with us in connection with inquiries, e.g., inquiries to our customer service, may, according to our internal routine, be retained for up to 2 years, depending on the purpose of the inquiry and the need for any further follow-up and assessments.

12. WHAT RIGHTS DO YOU HAVE?

Data privacy legislation grants you several rights, including the right to access, correct, and delete the personal data we have stored about you.

We are committed to ensuring that the personal data we have stored about you is accurate and up to date. If you discover that the information about you is incorrect, we encourage you to contact us. This also applies if you wish for information to be deleted.

Regarding the requirement for deletion, there is an exception for information that is necessary for us to provide a service that you still want access to, or if it is legally required to retain the information for a specific period.

You also have the right to data portability. This means that you have the opportunity to take your personal data with you in a machine-readable format.

Furthermore, you have the right to object to the processing of personal data and the right to object to personal profiling and automated decision-making. This means that you can demand that your personal data not be analyzed to uncover your behavior, preferences, abilities, or needs. However, this does not apply if the processing is necessary to fulfill an agreement you have entered into with us or if you have previously given your explicit consent to the processing.

You also have the right to receive a copy of the personal data we have registered about you, as long as confidentiality does not prevent this. To ensure that personal data is disclosed to the correct person, we may require requests for access to be made in writing and that identity be verified in another way.

In some situations, you can also ask us to limit the processing of information about you.

If you believe that we are not following what we inform about in this privacy statement or applicable legislation, you can file a complaint with us. You can also complain to the Data Protection Authority.

You can read more about your rights on the Data Protection Authority's website: www.datatilsynet.no.

13. INFORMATION ABOUT COOKIES

Anteo AS is responsible for the collection and processing of personal data in connection with the operation and maintenance of anteo.no. The purpose of collecting personal data via the website is to log the use of anteo.no in order to develop and improve the website.

Cookies are not used on anteo.no. When you use our website, we only collect the information outlined in section 7 regarding development, improvement, and analysis above."

14. HOW DO WE TELL YOU ABOUT CHANGES TO THIS PRIVACY POLICY?

Our services are in continuous development. Therefore, we may need to update our privacy statement. If the privacy statement is subject to an update, the updated privacy statement will be made available on our website: https://www.anteo.no/personvern.  

15. HOW DO YOU GET IN TOUCH WITH US?

If you have questions related to how we process your personal data or wish to exercise your rights, you can contact us by sending an email to support@anteo.no.