General Data Protection Regulation
General Data Protection Regulation Policy for NRCI
NRCI is a private company registered in Norway, and therefore NRCI abides by Norwegian law and regulations.
NRCI AS, through the Chief Executive Office, Arne Elias Corneliussen, is responsible for the company’s processing of personal data. The declaration contains information you are entitled to when information is collected from our website (Personal Data Act § 19) and general information about how we process personal data (Personal Data Act § 18 subsection 1).
NRCI AS’ basis for processing personal data vary, but in accordance with the Personal Data Act § 8 letters a and b will consist of consent from the registered or because it is required by law. Furthermore, it may be necessary to process personal data to fulfill an agreement with the data subject or to fulfill a legal obligation.
Consent to the processing of personal data can be withdrawn at any time in accordance with GDPR article 13 (2) letter c.
- About personal data and the regulations
Personal data is information and assessments that can be linked to an identifiable individual. This can be name, address, telephone number, e-mail address, IP address and purchase and behavior history.
All processing of personal data, such as collection, registration, storage and disclosure, is subject to special rules, including in the Personal Data Act. It is NRCI´s CEO who is responsible for the processing taking place in accordance with the rules of the law. The Norwegian Data Protection Authority supervises that the law is complied with.
- What kind of information do we collect?
In order to deliver the best services possible, we depend on collecting various types of information, including personal data about you. Below you find an overview of how we typically collect personal data and what information this typically is. We do not collect sensitive information.
- a) Information you provide to us by yourself when you register on our website for a subscription, newsletter, analyses, NRCI’s global risk database, or participation in NRCI´s annual geopolitical conference Norwegian Risk Forum, webinars, master classes, workshops, retreats, or other types of events published on NRCI´s website. To register for these analyses, services and events you must provide information that is stored by us, such as name, e-mail address, invoice address, company name, location, and mobile number. We will also store information when you contact us later. The information you provide can also be enriched using search services or social media you give us access to.
- b) Information we obtain through the use of our services. When you use our services, we record information about which services you use and how you use them. We collect, among other things, information about:
- i) Your device and internet connection: We can register information about the device you use, for example mobile/PC manufacturer, operating system and browser version. We may also collect information about the connection to our services, such as IP addresses, network ID, cookies and unique identification files.
- ii) Use of the services or purchases: We record information about your use of the services, such as which pages you are on, when you are on the pages and which functions you have used on the pages.
iii) Information about location: We may also register your geographical location when you use our services or order NRCI’s risk analyses and advisory services.
- c) Information we obtain from other sources we also collaborate with third parties (e.g. business partners, subcontractors of technical services, payment and delivery services, advertising networks, analytics companies, search engine services and credit reference agencies) and may receive information about you from them. This also includes information that is publicly available. When obtaining information for due diligence assignments, we will also be able to obtain information from closed databases through various partners in Norway and internationally.
- d) Cookies and other content that is stored locally when you use our services or our website, cookies and other data are stored that can later be read by us.
- e) Through analysis of your purchases and behavior, automatic categorization of you as a customer can be derived.
- What is the information used for?
We use personal data for the following purposes:
- a) To provide and improve our services
We use personal data to deliver our services to you. For example, we need personal data so that you can log into analyses, webinars, NRCI’s global risk database and, if relevant, to be able to pay for services. We also use personal data to ensure the best possible user experience for you, including by adapting the display of the content to your screen/device and ensuring the fastest possible loading of the pages.
- b) To customize services, provide you with recommendations and relevant marketing
We want to provide you with recommendations, product information and service adaptations that are as relevant as possible to you. This will both be given on the basis of your own behaviour, e.g. on the basis of which products and services you used or bought, social media updates you clicked on, or articles or analyses you read, and on the or basis of the behavior of other users with similar usage patterns to you.
- c) To improve digital communication and advertising, we use your personal data to improve our advertising. By creating a profile with us, you accept targeted advertising through programmed purchases and targeted advertising through social media where your personal data will be used to purchase such advertising.
- d) To prepare statistics and understand market trends
We prepare statistics and map market trends. We do this in order to be able to improve and further develop our product offerings and services. As far as is practically possible, we try to do this with anonymous information, without us knowing that the information is linked specifically to you.
- e) To prevent misuse of our services
We use personal data to prevent misuse of our services. Abuse can be attempts to log into other people’s accounts, attempts at fraud, “spamming”, incitement, harassment and other actions prohibited by Norwegian law. NRCI also works purposefully with IT security so that our users’ personal data remains protected in NRCI’s systems.
- Sharing of information
In principle, we do not share personal information with other companies, with the exception of our partners who need the information to be able to deliver services to us. If we provide personal information, we enter into agreements with the relevant third parties that limit their opportunity to use the information.
We will also be able to hand over information in individual cases required by law, for example to public authorities if there is a suspicion of an offence or crime.
- Transfer of personal data abroad
- a) Within the EU/EEA
Your personal data may be transferred abroad. Transfer of personal data within the EU/EEA area may take place freely in accordance with the applicable privacy legislation.
- b) Outside the EU/EEA
If we transfer personal data outside the EU/EEA area, we will make sure that the transfer takes place in accordance with the applicable legislation. This means that we will obtain your consent to carry out the transfer, or use other mechanisms to carry out a legal transfer.
- Administration of personal data
You can influence which personal data we have about you and how we use this. You can do this by contacting us at firstname.lastname@example.org.
If you discover errors in the information we have about you, you can change this yourself in the settings or by contacting us so that we can correct this.
You have the right to request access to the personal data in accordance with § 18 of the Personal Data Act and GDPR art. 15.
You also have the right to have the processing limited in certain cases in accordance with GDPR article 18.
If you have any questions regarding your personal data, you can contact us at email@example.com at any time
- Deletion of personal data
You have the right to have all our information about you deleted on request, without traceability, as long as we are not required by law to store this. You can contact us regarding this and cancel your customer relationship via e-mail to firstname.lastname@example.org
We also reserve our right to end your customer relationship with NRCI, and if so delete all information about you in our systems. If NRCI decides to end our customer relationship with a client, then NRCI is not obliged to provide a reason for this decision.
- Protection of personal data
We use appropriate security measures to protect personal data under our control against unauthorized access, collection, use, disclosure, disclosure, copying, modification or disposal.
- Especially regarding marketing in e-mail, newsletters, social media and SMS
If you have an active customer relationship with us, we can send you marketing by e-mail or with other electronic communication methods in accordance with Section 15 of the Marketing Act. This includes newsletters and other enquiries regarding content, services, offers, campaigns and events from us, our collaborators and partners via e-mail, telephone, SMS, post/letter and social media.
If, on the other hand, you do not have an active customer relationship, we will only send such marketing if you have given us your consent to this. Your personal data can also be used to customize this communication. You can easily and free of charge unsubscribe from marketing inquiries at any time by sending an e-mail to email@example.com and asking not to receive further marketing from NRCI.
- Right to complain
You have the right to complain to a supervisory authority, here the Data Protection Authority in Norway, in accordance with GDPR article 13 (2) letter d.
- Contact information
The data controller in NRCI AS is general manager Arne Elias Corneliussen.
Then please contact us at firstname.lastname@example.org