All use of personal data is considered processing. This can be, for example, collection, registration, compilation, storage, and extradition or a combination of these actions. HySpex is the data processor, and we are responsible for the personal data processed in connection with the use of our services and in customer relations. Our role as data processor primarily implies that we are responsible and we must comply with the current law regarding privacy (GDPR).
Inquiries and relations
In order for us to answer your inquiries we need some information to reach you. This is the information you provide in the various contact forms on our website, or by contacting us via e-mail. You can choose if you wish to be contacted by e-mail or phone by filling in the respective fields. Your personal information will not be used for any purpose other than responding to your inquiry and possibly adding you as a customer. If your inquiry is answered and it does not lead to anything else, we will delete your email within 1 month.
In some cases, we would like to enter your information in our Customer Relations Management (CRM) system if you want to become a customer. This will be the information you have provided through a form on our website, through e-mail or if you've been in contact with us by phone. The system has access control, and your information is only available to select employees who need access to this information. Should the customer relations end at a later time, we will delete your information from our system within 5 years, which is the amount of time we are required by Norwegian law to keep certain information about our business and sales.
Deletion of personal data and right of access
Once you no longer have any business with us, we will still need to keep your personal information and relevant records regarding your customer relations with us. This information is deleted from our systems when other laws requiring storage and/or archiving expire after 5 years. Personal data and records regarding customers will not be deleted if disclosure of criminal offenses or litigation is in progress.
The Norwegian Data Inspectorate states that: "The maximum deadline for deletion for all information is 5 years after registration. The Data Inspectorate cannot see that there is a legal basis for storage beyond this."
Right of access to, editing or deletion of information
If you are a customer or have been in contact with us, you have the right to access our records of your personal data, and we also have to inform you about our processing activities. If you wish to use your right of access to your data or to edit or delete certain data, you need to contact us so we can help you further.
Suspected unauthorized access
You must contact us directly if you suspect that unauthorized access to your personal data has been made by one of our employees. We will assist you when ordering an investigation. If it is found that your suspicion is justified, you will be notified. You will receive information that the case is handled by Hyspex and reported to the Data Inspectorate.