Braathe AS is responsible for the processing of personal data we have registered and process in connection with your customer relationship with the business. We also process personal data in connection with previous customers and potential customers.
If you have any questions about how we process your personal information, you are welcome to contact us. See the contact information at the very bottom of this privacy statement.
What personal data has Braathe AS about you?
Personal information is all information that can be linked to you as an individual. We register information such as the name, telephone number and email address of our customers' contact persons. Braathes customer base is mainly businesses, but in cases where a private person is a customer, the address will also be registered.
In our customer's user accounts; username, first name, last name, telephone number, email address, as well as which customer the user is associated with may be registered.
In order to provide our customers with efficient and good service, all inquiries are documented in our case system. only Information that is relevant to the nature of the case will be stored in these cases.
What user Braathe AS personal information to?
Braathes personal data is mainly used to carry out work in connection with our services and fulfill the contractual relationship. Personal information about our customers' contact persons is necessary to have a contact surface for good dialogue between us and the customer.
Personal information associated with our clients' user accounts is required to have a clear identity in the user accounts to which we may grant access and rights. User accounts are required to fulfill the service delivery agreement. Contact information such as email address and telephone number is necessary for the services to function on a technical level, but also to assist users with support functions. Mobile numbers are also used for authenticating users.
Individuals' contact information will in some cases be used to notify of operational disruptions or relevant changes to the services. Customers' registered contact persons will also receive information and marketing material related to the services offered up to 2 times per month. We depend on your feedback to work on continuous improvement of our services. This is a central part of our systems for quality management and information security. Therefore, we will use your name, telephone number and email address to send you user and customer surveys up to 2 times a year, in accordance with The Personal Data Act, cf. GDPR article. 6.1f).
With whom do we share your information?
The personal data, for which we are responsible for processing, is mainly used to fulfill the contractual relationship. In cases where third party providers assist; contact and user information may be exchanged. No personal information will be shared with 3rd parties for marketing purposes.
Geographical storage of personal data
Your personal information is stored in our own systems in Norway. The systems are run in our data centers in Rygge and Oslo. In those cases Microsoft Azure AD, or other Azure services or any of Microsoft's services included in the Office 365 packages (Exchange Online/Sharepoint Online/Onedrive/Teams, etc.) are used as an integrated part of the services, a limited set of user information such as name and mobile number be synchronized with systems running in Microsoft's Norwegian data centres. If data is stored in e.g. Exchange Online, Sharepoint Online or Onedrive, this data will be located in Microsoft's Norwegian data centres. Braathe can offer backup of this data stored in our own Norwegian data centres.
For how long do we store personal information about you?
In accordance with the Personal Data Act, cf. GDPR article 17, we will not store your personal data for longer than is necessary to carry out the purpose of the processing.
Personal information related to users is stored as long as the user is active. A user account will be disabled upon termination, either by the entire customer relationship or by the individual user, and the personal information associated with the user is quarantined for 30 days after deactivation before the user is deleted.
In our case system, information about completed cases relating to individuals is stored as long as the customer relationship is active. Our CRM and ERP systems also store information about customers' contact persons.
At the end of the customer relationship, registered personal data in the case system will be anonymised or deleted after 3 years, in line with the general limitation period. In the CRM and ERP systems, personal data is stored in line with §13 of the Accounting Act. This information is anonymised or deleted when the mandatory retention period of 5 years has expired.
You have a number of rights in connection to our holding of your personal data.
You have, among other things:
If you believe that we are processing your personal data without a legal basis or wish to make use of your rights in other ways, please contact us. See contact information below. We will respond to your inquiry as soon as possible, and normally within 30 days.
You may also complain to the Data Protection Authority, but we kindly request that you contact us first, so that any misunderstandings can be clarified in the best way.
We are available for any questions you may have - use contact information below:
Bård Eirik Lyche
Tel: 69 01 30 00
Nærumveien 241580 Rygge