2 Controllers of Personal Data
2.1 For the purpose of compliance with the data protection legislation, the data controller is Cutting Room AS (hereinafter referred to as “CuttingRoom”, “we”, “us” or “our”). This means that we are responsible for your personal data.
3 Purpose of the Collection of Personal Data and Legal Basis
3.1 We will ensure that personal data is collected and processed only in accordance with one of the following purposes:
(a) to facilitate the provision of goods and/or services ordered by you;
(b) to answer your questions or complaints;
(c) to provide you with our newsletter;
(d) to provide you with marketing information about other goods and services we offer that are similar to those that you have already ordered or enquired about;
(e) to notify you about changes to our services;
(f) to facilitate our understanding of how to improve our websites, products, and services;
(g) to provide you with the opportunity to apply for employment/positions within CuttingRoom.
3.2 We will be processing your personal data based on our legitimate interests as stated above in order to provide you with the services.
3.3 Our legal basis for processing is your consent. Please note that you have the right to withdraw your consent at any time.
3.4 We keep your data for only for so long as is relevant for the purpose.
4 What kind of Personal Data is used
4.1 We will use and store personally identifiable data about you such as name, address, telephone number, e-mail address, IP addresses, your CV/resumes or other identifiable personal data which is voluntarily submitted by you when you are using this website.
5 Right to Access and Rectify your Personal Data
5.1 If you have any questions regarding our processing of your personal data please contact us using the contact details described below under section 11.
5.2 As per your request, we will provide you with a summary of the personal data that relates to you and is being processed by us. This summary can include what kind of personal data is being processed, the purpose of the processing, how the personal data was collected and the category of recipients. We will endeavor to provide this summary within one month after the request. If this is not possible, we will inform you hereof. You may also request access to your personal information.
5.3 You can request that any false or misleading personal data, processed by us is deleted, changed or rectified by contacting us. Please use the contact details described below under section 11. You may also request restriction, data portability or object to us processing your data.
5.4 Furthermore, if you have any complaints about our processing of your personal data, you may contact the Norwegian Data Protection Authority (Datatilsynet).
6 Personal Data of Minors
6.1 We do not knowingly process personal data of minors (children under 13) unless we have the explicit consent of a parent or guardian. In case we are informed that we process personal data of minors we will delete that data.
7 Type of Personal Data
7.1 We use personal data including:
(a) Identifiable personal data that you provide to us through the website by filling in forms on our website, including information you provide when you register to use the website or place an order on the website.
(b) Identifiable personal data that you provided to us though corresponding with us by phone, email or otherwise.
7.2 When we finish processing your personal data for the stated purpose referred to in section 3 above, we will anonymize and/or delete it from our system to ensure your privacy. We will only store this information for as long as is necessary and we will in any case only ask for your personal data where there is a clear requirement for that information.
8 Transfer of Personal Data
8.1 We may transfer personal data to affiliate or subsidiary companies, as well as professional advisors in accordance with applicable data protection laws.
8.2 Furthermore, we may transfer personal data to employees, agents, business partners, vendors and/or suppliers in order to deliver a service to us or on our behalf in accordance with applicable data protection laws.
8.3 We will transfer personal data in order to comply with legal requirements, including when necessary to investigate fraud.
8.4 Transfer of personal data is conducted in compliance with legal requirements, including that transfers are guarded by data processor agreements, to ensure that personal data is not processed for other purposes than clearly stated and to ensure adequate security measures.
8.5 The personal data that we collect from you may be transferred to and stored at a destination outside the European Economic Area (“EEA”). If personal data is transferred outside of the EEA we ensure an adequate level of security by transferring to countries approved by the European Commission as having an adequate level of protection, or by entering into contracts between us and the non-EEA entity receiving the personal data.
9 Securing your Personal Data
9.1 We will ensure appropriate security measures to protect personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, abuse etc. We apply technical security measures. Furthermore, we apply organizational security measures hereunder and ensure that only few of our personnel process the personal data.
10 Updates of this Privacy
11 Contact details
Data Protection Officer: firstname.lastname@example.org