Privacy Statement for Enin
We will process the data subject’s personal data only to the extent permissible under the applicable Norwegian data protection legislation, including the EU General Data Protection Regulation (GDPR).
1. Who is responsible for processing data?
Enin is the data controller and thus responsible for the processing of the data subject’s personal data. Enin has the following contact details:
Organisation number: 917 540 640
Address: Grundingen 2, 0250 Oslo, Norway
Our processing of personal data
Which personal data we collect, the purpose, and the legal basis for our processing activities depend on our relationship to the data subject and the data subject’s contact with us. An overview of how we process personal data in the various situations is found below.
2.1 Processing of personal data in “Enin AI”
Enin has developed AI technology which monitors and analyse a massive number of news and social media sources for insights into credit risks of companies, and the financial markets in general. Our technology makes it possible for our customers to do in-depth research on any given company within our database.
As a part of this service, it is necessary for us to process personal data about persons connected to the companies in our database. The personal data collected comes from publicly accessible sources, primarily the Norwegian Register of Business Enterprises. The personal data that is typically processed is name, position, and other information that the media or court documents produce about the company.
The legal basis for processing of personal data about persons connected to these companies is our legitimate interest in developing the database.
2.2 Performing our business activities and contact with the data subject
In order to conduct our business, it is necessary for us to process personal data about persons connected to customers, suppliers, partners, governments and others who we are in contact with.
The personal data we process in this context will most often be contact information such as name, email address and telephone number, as well as information about employer and position. Furthermore, we will process other information which the data subject provide to us, or which emerges from our contact with the data subject or from the data subject’s use of the service, to the degree deemed necessary for the specific process.
The legal basis for processing of personal data in relation to our business activities and our contact with the data subject is our legitimate interest in being able to perform tasks linked to our business activity.
2.3 Legal obligations
We are required by law to process personal data in certain cases, including in connection with documenting compliance with obligations in relation to tax, accounting or legal processes. In this connection, it may be necessary to process personal data about data subjects. This could, for example, be necessary if a name is listed on an invoice or contract subject to retention obligations.
The legal basis for such processing is the legal obligation to which we are subject.
The information will be erased when the purpose of the processing is fulfilled, such as for example where the reporting obligation is fulfilled, or we are no longer required to retain the information.
2.4 Job applicants
When applying for a job with us, we will typically collect a CV and application text, and thus information about previous employment, length, position category, percentage (full-time/part-time), area of responsibility and other information the data subject wish to share in the job application, or which otherwise emerges during the application process.
The legal basis for processing personal data in an application process is that the processing is necessary to potentially enter into an agreement with the data subject concerning a permanent or temporary position.
With candidates who are not hired, the CV and application will be erased when a person is employed in the position for which the data subject applied. If we wish to retain the CV and application, we will specifically request the data subject’s consent for this, and these documents will then be stored in our internal archive systems for assessment in relation to other relevant positions that may be of interest at a later date. The personal data will be stored for up to 3 years, if the data subject agrees to the application to be available in our archive system.
2.5 Marketing activities
We process personal data in order to send out information about our products and services using the following service providers:
When a data subject registers to receive our newsletters or event invitations, we will register the email address so that we can send out the newsletters. The basis for this processing is the consent given by the data subject when signing up to receive the newsletters.
The consent may be revoked at any time by unsubscribing to the newsletter or by contacting us at firstname.lastname@example.org. It is possible to unsubscribe to our newsletter by clicking the unsubscribe link in the footer of any email received from us. If the data subject withdraws their consent, we will remove the data subject from the list of recipients.
If a data subject signs up for any of our events, we can register personal data such as name, contact information and, if the data subject so desires, preferences related to implementation, food and beverage, travel and accommodation.
The basis for processing the personal data in relation to our events is that it is necessary in order to fulfil a potential agreement with the data subject. If we deem it necessary to obtain personal data about the data subject that is covered under a “special category” of personal data (e.g. information about allergies), the processing will be based on the attendees consent. The information will be erased after the event is completed, unless we have some other legal basis for retaining the information longer, such a legitimate interest as mentioned above or the data subject’s consent to keep the information for a longer period of time.
2.5.4 Profiles in social media
Enin has registered user profiles in the following social media:
We process information about visiting data subjects activities to administer the web page. This includes the fact that the data subject is visiting our web page, publishing content (for example text, pictures or videos) and reacting to our or other people’s content (for example likes and comments). Our basis for processing to this aim is our legitimate interest in making available content on social media and communicating with the data subject. We are also processing aggregated information about visits and activity on social media for aims of statistics and analysing. As we are not able to connect this information to an identified individual, it does not constitute personal data to us.
We do not store this information ourselves, but we have access to it as long as we maintain our web page on the social media platform. The data subject may delete the information at any time, for example by deleting content our reactions that have previously been published. Please note that the information is not deleted merely by unfollowing our page.
2.6 Developing new services and improving existing services
We are processing personal data to identify demand for new products and services and to improve already existing products and services.
Our legal basis is our legitimate interest in developing new services and improving existing services to meet the needs of our users.
Enin uses Google Analytics, a web analysis service from Google Inc., and LinkedIn Insight Tag, a sales campaign management system from LinkedIn Corporation. The information generated by these cookies, such as time, place and frequency of visits to our site, including IP address, is used for statistical purposes, such as to analyze the use of our site, compile reports on internet activity and to provide other services relating to our website. Google and LinkedIn are considered a data processor and follows the EU-US Privacy Shield - a framework for regulating transatlantic exchanges of personal data for commercial purposes between the EU and the US.
We have implemented the IP address anonymization of Google Analytics “anonymizeIP” on this website. The basis for processing the data subject’s IP address before it is anonymized is our legitimate interest in optimizing the use of our website.
Enin uses Pipedrive’s web visitor feature which is fully committed to GDPR compliance. The web visitor tracker collects data through Leadfeeder’s AWS infrastructure, where it is encrypted both in transit and rest. Behavioural data of all website visitors are collected, which includes pages viewed, visitor source, and time spent on the site. The visitor IP address is collected to detect the company and geographic location. Only company visits are shown and all user visiting from residential IP addresses are automatically filtered out.
4. Who do we share personal data with?
4.1 Data processors
When necessary, we share personal data with our data processors, which typically deliver IT or administrative services to us. In order to secure the data subject’s personal data and privacy, we have signed data processing agreements with these parties to ensure that the data is not used for any other purpose than what we have informed the data subject of. Our data processors have a corresponding duty to enter into data processing agreements with their service providers which ensures that they are under the same obligations as our data processors in relation to the data subject’s personal data.
Our use of processors does not result in personal data being transferred to data processors located outside the EU/EEA.
4.2 Other third-parties
We will only disclose the data subject’s personal data to other third parties if there is a legal basis for such disclosure. Examples of legal basis are if we have explicit consent from the data subject, if the disclosure is necessary for legitimate interests pursued by us or because we are required by law to share the data. In the event a third party is located outside the EU/EEA, the disclosure will only take place in accordance with the applicable data protection regulation, including GDPR.
5. The rights of the data subject
In connection with our processing of personal data, the data subject has, with some reservations, several rights. Please find a summary of these rights below.
The data subject has the right to:
Access the personal data we process about him or her, and receive information about the processing.
Demand rectification of personal data that are incorrect or incomplete.
Demand erasure of personal data if the applicable conditions are fulfilled.
Demand that the processing is restricted if the applicable conditions for such restriction are fulfilled.
Object to the processing of personal data on the basis of the data subject’s special situation, if the processing is based on our legitimate interest.
Demand data portability, which means that the data subject’s personal data is transferred to another data controller, if the applicable conditions for such transfer are fulfilled.
Complain to the supervisory authority (Nw: “Datatilsynet”) if the data subject is of the opinion that we are in breach of the personal data legislation. Please find information on how to reach the supervisory authority on their website: www.datatilsynet.no.
A more detailed description of the data subject’s rights is available here (currently only available in Norwegian): https://www.datatilsynet.no/rettigheter-og-plikter/den-registrertes-rettigheter/
If our processing is based on the consent of the data subject, it is voluntary to consent to our processing and the data subject may at any time withdraw the consent by sending us an email or message through our internet page.
We do not employ automatic decision-making, including profiling.
If you, as a data subject, have any questions or wish to use one of your rights, please contact us at email@example.com.
6. Erasure and retention of personal data
We erase the personal information we process concerning data subjects in accordance with the privacy rules for deleting information. This means that we erase the information about the data subject when it is no longer necessary to fulfil the objective for which such information was collected, and when we do not have a statutory obligation to store the data.
This means that if we e.g. base our processing on the data subject’s consent, we will erase the data if the consent is withdrawn. If the processing is based on legitimate interest, we will erase the data when the legitimate interest no longer exists.
7. Security measures
We are concerned with ensuring that the data subject’s personal data is processed in a secure and prudent manner. To prevent unauthorised parties from gaining access to personal data we therefore utilise several forms of security technology to ensure good protection against unauthorised access and abuse of personal data.
Any questions or comments on how Enin process personal data, possible changes etc., may be directed to firstname.lastname@example.org.