Privacy
Privacy Statement
Last updated: 29th of November 2024
1. Introduction
We, Intility, collect and process your personal data when you visit our website, use our services, or contact us for other reasons. This privacy statement sets out how and why we collect, handle, store and protect your personal data when you:
- visit our website,
- use our servies or
- contact us for other reasons.
The statement also contains your rights in relation to your personal data and other information you are entitled to receive when data about you is collected.
Intility is committed to protecting your privacy and handling your data in a fair, open, and transparent manner. We will not process your personal data unless we have a specified, explicit, and legitimate purpose, or as required by law. We take the security of your personal data seriously, and we ensure appropriate information security related to confidentiality, integrity, and availability. For more information about how we work with information security, please visit Intility Trust Center.
Third party service providers may process personal data on behalf of Intility within various areas. Intility has implemented adequate safeguards in accordance with applicable law to protect your personal data processed by third party service providers.
We may modify or amend this privacy statement from time to time. To let you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.
2. Intility as a data controller
Intility AS is the data controller for the personal data we collect about you. If you have any concerns or questions, you can email our Privacy Team at privacy@intility.no or write to us at:
Intility AS, Schweigaards gate 39, 0191 Oslo, Norway
Tlf: +47 24 10 33 00
Our business register number is 981 967 070.
3. Our objectives
- Prevent data loss and misuse of personal data
- Secure identity and access control
- Install and maintain robust, available and secure systems and services
- Establish clear roles and responsibilities for information security and privacy
- Ensure expertise and awareness about privacy in the organization
- Limit the processing of personal data to what is necessary in relation to the purposes for which they are processed
4. Intility’s processing of personal data
4.1. Our websites
On intility.com, we use cookies. These are small text files that are placed on your computer when you load a website. Some cookies are necessary for various services on our website to function. Whether websites are allowed to store cookies in your browser can be turned on and off in most browsers by going into the security settings of the browser. Intility only uses necessary cookies. None of the cookies we use store personal information about you as a visitor. The information we collect is used to improve the content and user experience on our websites.
Intility uses Fathom Analytics to collect information when you visit our website. Fathom Analytics has developed a way to perform website analysis that preserves the anonymity of the visitors and protects their privacy. Fathom Analytics does not use any cookies or pixels for the data collection they perform. In short, we load a script from Fathom that runs on our pages and sends a “pageview request” to their servers (which are located in the EU). Read more about how their solution works, and what data they collect here.
We also use Hotjar to map user patterns on our pages. We have turned off a number of features in Hotjar so that the software does not collect personal data such as location and the like. Hotjar provides us with information about which pages users navigate from and to, which buttons are most used, how far down visitors scroll on the page, and the like. The data we see is aggregated, and we will never be able to find out who you are based on how you use our website. Hotjar uses cookies for data collection, but they do not store any personal information about you as a visitor. Read more about Hotjar and how they work with privacy here.
4.2. Intility Webshop
When you place an order in our Webshop, we collect your name, phone number, e-mail address and details about your employer (name and business address). This information is necessary to enable us to manage the purchase order, i.e. to send the order to the correct address and to contact you if necessary. If you order a mobile subscription, we will also register your date of birth.
We have an obligation to store the order information to meet accounting requirements, submit reports to the tax authorities and be able to handle claims of guarantees and returns. The data will be deleted after a five (5) year file retention period.
We cooperate with third-party vendors to deliver our Webshop service. I certain situations we may disclose personal data relating to you to a third party that reasonably require access to the data. For instance, a carrier firm will need your name, (business) address, phone number and desired place of delivery in order to deliver the goods to you or your employer. In such a situation, the vendor is also a data controller for the data we disclose.
4.3. Customer services
Intility processes personal data on behalf of our customers. All such processing is necessary to perform the agreement between Intility and our customers. We have entered into separate data processor agreements that regulate this processing.
If you are an employee/user of an Intility customer, Intility will receive or collect personal data directly from you or your employer. The personal data are processed for several purposes, e.g. customer administration, establishing of user accounts, access control, security and functionality advice and user surveys to improve our services, in accordance with the agreements between us and your employer.
Your employer is data controller for your personal information. Intility assumes that your employer has the right to disclose the personal information to us.
If you participate in projects organized by Intility, such as onboarding or operational projects, Intility may in some cases process your personal data in the role of data controller. Intility uses its own collaboration and project tool for this purpose. See section 4.4 for a more detailed description of the processing.
4.4. Participation in customer projects – processing of personal data about third parties
If you are involved in a project with or a delivery to a customer of Intility, your contact information, such as name, employer/company, email address, and phone number, will be registered for use in the project/delivery. The information is collected upon request in various planning and collaboration tools used by Intility. This information is necessary for collaboration between involved parties and includes, for example, the preparation of project plans, assignment of tasks, etc. The personal data is deleted when the purpose of the processing is fulfilled, normally 12 months after the project or delivery is completed.
4.5 Seminars
We collect participants’ email addresses, names, and phone numbers in connection with registration for courses and seminars. The information is used to get an overview of who is participating, which industry they come from, what kind of positions they have, and to prepare statistics. We do this to improve the courses and seminars we hold. The information is also used to prepare statistics and may be used to contact the respective participants for feedback on the course/seminar and for marketing purposes.
4.6 When you visit our offices or contact us
When you visit our headquarters in Schweigaards gate 39, Oslo, you are asked to sign in with full name and phone number, and to state the person you are visiting. The registration is confirmed with a SMS. You will be given a generic visitor badge which you must wear throughout your visit. The purpose of the registration is to notify the person you are visiting and for security reasons. We do not retain the the personal data collected.
We have security measures in place at our offices, including CCTV and building access controls. The installation is done according to the Norwegian Data Protection Authority’s guidelines, and recordings are deleted after seven (7) days.
We also process personal data when you contact us via our contact forms or by email.
4.7 When you apply for a job
Intility uses a dedicated recruitment tool delivered by Teamtailor for processing and managing job applications. A dedicated privacy and cookie policy adapted to the recruitment process must be accepted upon applying.
If you apply as a part of a group, for instance through your bachelor group, Intility will process personal data of all group members. This includes name, address, phone number and e-mail, which will be collected from CV, application and other relevant information sources. If relevant, we will also store e-mail correspondence between you and us relating to the application process. To assess your group’s application, the personal data mentioned above may be viewed by Intility staff and/or Intility’s subsidiaries’ staff, especially HR-personnel and managers.
We store the personal data for as long as it is necessary to complete the recruitment process. However, personal data stored in the recruitment tool will be deleted within a year from the date of submission of the application. If your group gets picked out for a bachelor project, the personal data collected during the application process will be transferred to Intility’s HR-system, in which our privacy policy for employees is applicable.
4.8 User surveys
Intility regularly sends surveys to our customers to improve our services. We use the third-party vendor Questback AS for this purpose. Participation in the surveys are voluntary and requires your consent. If you choose to reply to a survey, you are required to state your full name and your employer. The personal data is stored at Questback AS for up to 4 years (standard contract period) before they are automatically deleted.
5. Who we share your personal data with
In some cases, we have legitimate grounds for sharing your personal data with other parties, such as the authorities, suppliers or business partners.
When Intility outsources tasks that call for a service provider to process personal data on behalf of Intility rather than for its own purposes, the service provider will normally be a data processor. In such cases, the processing activity is regulated in the data processor agreement between Intility and our customers. We are also required to enter into a data processor agreement with the applicable sub-processors.
Intility also has business partners that we convey services on behalf of. If, for example, your company chooses to lease hardware, and you carry out the order on behalf of the company, we will share your contact information with the leasing company. In such a situation, the leasing company processes the personal data for their own purposes and is therefore considered an independent data controller for the personal data we share with them. The same apply to our broadband and telecom vendors and to delivery services.
6. Your rights
You have the right to access and inspect the data that we have stored about you. This applies to data you have provided yourself, data we have obtained from external sources and information about the processing of this data.
If the data we have about you is inaccurate or incomplete, you are entitled to request rectification of the data (within the limits that follow from legislation).
If you find that Intility is storing your personal data unlawfully, you are entitled to instruct us to delete it (“the right to be forgotten”). Please note that we may be required by law to store certain data, including personal data, for purposes such as accounting and reporting to the authorities.
Furthermore, you have the right to object to any processing of your personal data that is carried out to protect legitimate interests, unless such interests take priority over your basic rights or freedoms. You may also ask us to limit the processing, and to have the personal data you have given to us transferred to you or another data controller (data portability). For more information about your rights, see GDPR.EU.
If you would like us to update your personal data, or to exercise your rights, please contact us by email at privacy@intility.no. We are happy to help and will get back to you as soon as possible. Remember that you at any time may withdraw your consent to process personal data. Please let us know about the withdrawal by emailing us at privacy@intility.no.
7. Protection of your personal data
Intility continuously seek to ensure that your personal data is protected against loss, destruction, corruption or unauthorized access. We have Intility continuously seek to ensure that your personal data is protected against loss, destruction, corruption or unauthorized access. Our security framework is based on internationally recognized audit standards and is updated regularly in line with technical developments. implemented a range of technical and organizational security measures to protect your personal data. These measures include education and training of relevant staff, administrative and technical controls to restrict access to personal data, technological and physical security measures. Our security framework is based on internationally recognized audit standards and is updated regularly in line with technical developments
For more information about how we work with information security, see Intility Trust Center.
8. How long we keep your information
We will hold your personal information on our systems for the longest of the following periods: (i) as stated above); (ii) any retention period that is required by law; (iii) as long as necessary for the relevant activity or services.
If you have given us your explicit consent to process data, e.g. to send you newsletters, we will hold your information until you withdraw your consent, until we change/close down the activity/services or for as long as necessary for the relevant activity or services.
9. How to exercise your rights
If you have questions or concerns regarding our processing of personal data, please contact Intility’s privacy team (privacy@intility.no). You also have a right to complain to the Norwegian Data Protection Authority if you consider that we have breached the data protection legislation. Before filing such a complaint, we encourage you to first contact our privacy team. If you do choose to contact the Data Protection Authority, please see their webpages for more information: www.datatilsynet.no.
Policy Approval
Andreas Hisdal, 29th of November 2024
Chief Executive Officer
Intility AS
Whistleblowing
Intility is committed to maintaining an open culture of communication with high ethical standards. We aim to promote sustainability, ethics, and social responsibility among our employees and other stakeholders.
The whistleblowing service enables employees, customers, business partners, and other stakeholders to confidentially report any critical concerns or behaviors that contravene Intility’s ethical guidelines, the law, or other unethical practices: https://report.whistleb.com/intility-external
This service acts as both an early warning system to mitigate risks and a mechanism to address actual incidents. We believe it is an important tool for promoting ethical business practices and maintaining the trust of our customers and the public. All reports are treated confidentially.
For questions or additional contact options, please reach out via email at compliance@intility.no.
Your report will be handled securely
The reporting channel is provided by an external partner, WhistleB Whistleblowing Centre, to ensure the anonymity of those who report. The whistleblowing process is encrypted and password-protected.