Privacy policy

Ing. Westad AS protects the personal integrity of all its connections, and therefore strives for a high level of protection of personal data. For example, we will never hand over personal data to another company/third party, other than in the cases mentioned below. This protection applies to all Ing. Westad had to gain access to information about: potential and current customers and suppliers, own employees or casual connections.

This privacy policy contains information about how we collect and use your personal data. It also describes which rights you have and how you can exercise them. It is important that you read and understand the privacy policy and feel confident in the way we process your personal data. Feel free to get in touch if you have any questions.

What is personal data, and what is meant by processing personal data?

Personal data is all types of information that can be directly or indirectly linked to a natural person who is alive. Images and sound recordings that are processed in computers can e.g. be personal data, even if no names are mentioned. Encrypted information and various types of electronic identities (e.g. IP numbers) are personal data if they can be linked to natural persons.

Processing of personal data is everything that happens with the personal data. Everything that is done with personal data is considered processing, regardless of whether this is done automatically or not. Examples of common forms of processing are collection, registration, organisation, structuring, storage, processing, transfer and deletion.

Who is responsible for the personal data we collect?

Ing. Westad AS, reg. no. 918 535 055, with address Nesbruveien 82, 1394 Nesbru, is the data controller for the company's processing of personal data.

What contact information do we collect about you as a customer, and for what purpose (why)?

(The sales process)

Purpose 

Processing that is carried out

Categories of personal data

To be able to handle
offer/agreement.

Customer register, order documents, online services, time reporting, accounting. Project documentation.

Payment processing (including obtaining credit information from credit reporting companies).

Name.

Organization number.

Contact details (e.g. address, email address and telephone number).

Payment history.

Payment information.

Credit information from

credit reporting companies.

Legal basis: Fulfillment of agreement. This collection of contact information is required in order for us to be able to fulfill our obligations according to the agreement. 

How long is the information stored? As long as the agreement is valid and for 24 months thereafter to be able to handle any complaints.

What contact information do we collect about prospects, and for what purpose (why)?

(The sales process)

Purpose 

Processing that is carried out

Categories of personal data

Marketing, recruiting new customers.

List of prospects, newsletters, fair contacts.

Name. Contact details (e.g. address, e-mail address and telephone number).

Legal basis: Legitimate interest. The processing is necessary to safeguard our and any new customers' legitimate interest in expanding contact.

How long is the information stored? As long as there is interest. Deregistration at the person's request is done on an ongoing basis.

What contact information do we collect about you as a supplier, and for what purpose (why)?

(The purchasing process)

Purpose

To be able to fulfill the company's purchasing routines and the requirements that the ISO certification imposes on the company.

Processing that is carried out

Necessary handling to fulfill the company's obligations in accordance with legal requirements or authority decisions.

Categories of personal data

Name.

Contact details (e.g. address, email address and telephone number).

Legal basis: Fulfillment of agreement.

This collection of contact information is required in order for us to be able to fulfill our obligations according to the agreement.

How long is the information stored?

Until the purchase is completed (incl. delivery and payment) and for 36 months thereafter.

From which sources do we obtain your personal data?

In addition to the information you provide us yourself, we may also collect personal information from others (a so-called third party). The information we collect from third parties is the following:

1) Address information from public registers to make sure we have correct address information about you.

2) Information on creditworthiness from credit rating companies, banks or information companies.

3) Information from social media and websites you visit for marketing purposes.

Who can we share your personal data with?

Data processors. If it is necessary for us to be able to offer our services, we share your personal data with companies that are so-called data processors for us. A data processor is a company that processes the information on our behalf and in accordance with our instructions. We have data processors who help us with:

1) Accounting.

2) Marketing (print and distribution, social media, media agencies or advertising agencies).

3) IT services (companies that handle the necessary operation, technical support and maintenance of our IT solutions).

When your personal data is shared with data processors, it only happens for purposes that are compatible with the purposes for which we collected the data (e.g. to be able to fulfill our obligations under the purchase agreement). We check all data processors to ensure that they provide adequate guarantees with regard to the security and confidentiality of the personal data. We have written agreements with all data processors in which they guarantee the security of the personal data that is processed, and undertake to follow our security requirements as well as restrictions and requirements regarding the international transfer of personal data.

Companies that are independent data controllers. We also share your personal data with certain companies that are independent data controllers. The fact that the company is an independent data controller means that it is not us who control how the information provided to the company is to be processed.

Independent data controllers with whom we share your personal data are:

1) State authorities (police, tax authorities or other authorities) if we are obliged to do so

in accordance with the law or on suspicion of an offence.

2) Companies that take care of general goods transport (logistics companies and freight forwarders).

3) Companies that offer payment solutions (card acquiring companies, banks and other payment service providers).

When your personal data is shared with a company that is independently responsible for processing, the relevant company's privacy policy and handling of personal data apply.

Where do we process your personal data?

We always do our utmost to ensure that your personal data will be processed in the EU/EEA, and all our own IT systems are located in the EU/EEA. For system-related support and maintenance, however, we may have to transfer the information to a country outside the EU/EEA, e.g. if we share your personal data with a data processor that is either itself or through a subcontractor established or stores information in a country outside the EU/EEA. In such cases, the data processor only gets access to the information that is relevant for the purpose (e.g. log files).

Regardless of the country in which your personal data is processed, we take all reasonable legal, technical and organizational measures to ensure that the level of protection is the same as in the EU/EEA. If personal data is processed outside the EU/EEA, the level of protection is guaranteed either through a decision from the European Commission that the country in question ensures an adequate level of protection, or through the use of so-called suitable protection measures. Examples of suitable protection measures are approved standards of conduct in the recipient country, standard contract terms, binding business rules or the Privacy Shield. If you would like a copy of the protective measures we have taken, or information on where these are available, please contact us.

How long do we store your personal data?

We never store your personal data for longer than is necessary for the respective purposes.

More information about the specific storage periods can be found under the respective purposes.

What rights do you have as a registered user?

Right to access (so-called register extract). We are always open and transparent with how we process your personal data, and if you would like to know more about which personal data we process about you, you can request access to the data (the information is provided in the form of a register extract indicating purpose, categories of personal data, categories of recipients, storage periods, information about where the information was collected from, and the occurrence of automated decisions).

Scroll to top