Last updated: 25th of October 2023
We, Intility, collect and process your personal data when you visit our website, use our services, or contact us for other reasons. This privacy statement sets out how and why we collect, handle, store and protect your personal data when you:
- visit our website,
- use our servies or
- contact us for other reasons.
The statement also contains your rights in relation to your personal data and other information you are entitled to receive when data about you is collected.
Intility is committed to protecting your privacy and handling your data in a fair, open, and transparent manner. We will not process your personal data unless we have a specified, explicit, and legitimate purpose, or as required by law. We take the security of your personal data seriously, and we ensure appropriate information security related to confidentiality, integrity, and availability. For more information about how we work with information security, please visit Intility Trust Center.
Third party service providers may process personal data on behalf of Intility within various areas. Intility has implemented adequate safeguards in accordance with applicable law to protect your personal data processed by third party service providers.
We may modify or amend this privacy statement from time to time. To let you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.
2. Intility as a data controller
Intility AS is the data controller for the personal data we collect about you. If you have any concerns or questions, you can email our Privacy Team at firstname.lastname@example.org or write to us at Intility AS, Schweigaards gate 39, 0191 Oslo, Norway. We can also be reached by telephone: +47 24 10 33 00.
Our business register number is 981 967 070.
3. Our objectives
- Prevent data loss and misuse of personal data
- Secure identity and access control
- Install and maintain robust, available and secure systems and services
- Establish clear roles and responsibilities for information security and privacy
- Ensure expertise and awareness about privacy in the organization
- Limit the processing of personal data to what is necessary in relation to the purposes for which they are processed
4. Intility’s processing of personal data
Intility processes personal data about subjects that are not employed or engaged by Intility in these various situations:
4.1. Our websites
We use the information we collect to improve the content and user experience on our websites.
4.2. Intility Webshop
When you place an order in our Webshop, we collect your name, phone number, e-mail address and details about your employer (name and business address). This information is necessary to enable us to manage the purchase order, i.e. to send the order to the correct address and to contact you if necessary. If you order a mobile subscription, we will also register your date of birth.
We have an obligation to store the order information to meet accounting requirements, submit reports to the tax authorities and be able to handle claims of guarantees and returns. The data will be deleted after a five (5) year file retention period.
We cooperate with third-party vendors to deliver our Webshop service. I certain situations we may disclose personal data relating to you to a third party that reasonably require access to the data. For instance, a carrier firm will need your name, (business) address, phone number and desired place of delivery in order to deliver the goods to you or your employer. In such a situation, the vendor is also a data controller for the data we disclose.
4.3. Customer service
Dersom du er involvert i et prosjekt med eller en leveranse til en kunde av Intility, vil din kontaktinformasjon, som navn, arbeidsgiver/ selskap, e-postadresse og telefonnummer, bli registrert til bruk i prosjektet/ leveransen. Opplysningene samles inn på forespørsel i ulike planleggings- og samhandlingsverktøy som Intility benytter. Denne informasjonen er nødvendig for samhandling mellom involverte parter og omfatter eksempelvis utarbeidelse av prosjektplaner, tilordning av oppgaver mv.
4.4. Participation in customer projects - processing of personal data about third parties
Intility processes personal data on behalf of our customers. All such processing is necessary to perform the agreement between Intility and our customers. We have entered into separate data processor agreements that regulate this processing.
If you are an employee/user of an Intility customer, Intility will receive or collect personal data directly from you or your employer. The personal data are processed for several purposes, e.g. customer administration, establishing of user accounts, access control, security and functionality advice and user surveys to improve our services, in accordance with the agreements between us and your employer.
Your employer is data controller for your personal information. Intility assumes that your employer has the right to disclose the personal information to us.
We collect participants’ email addresses, names, and phone numbers in connection with registration for courses and seminars. The information is used to get an overview of who is participating, which industry they come from, what kind of positions they have, and to prepare statistics. We do this to improve the courses and seminars we hold. The information is also used to prepare statistics and may be used to contact the respective participants for feedback on the course/seminar and for marketing purposes.
4.6 When you visit our offices or contact us
When you visit our headquarters in Schweigaards gate 39, Oslo, you are asked to sign in with full name and phone number, and to state the person you are visiting. The registration is confirmed with a SMS. You will be given a generic visitor badge which you must wear throughout your visit. The purpose of the registration is to notify the person you are visiting and for security reasons. We do not retain the the personal data collected.
We have security measures in place at our offices, including CCTV and building access controls. The installation is done according to the Norwegian Data Protection Authority’s guidelines, and recordings are deleted after seven (7) days.
We also process personal data when you contact us via our contact forms or by email.
4.7 When you apply for a job
If you apply as a part of a group, for instance through your bachelor group, Intility will process personal data of all group members. This includes name, address, phone number and e-mail, which will be collected from CV, application and other relevant information sources. If relevant, we will also store e-mail correspondence between you and us relating to the application process. To assess your group’s application, the personal data mentioned above may be viewed by Intility staff and/or Intility’s subsidiaries’ staff, especially HR-personnel and managers.
4.8 User surveys
5. Who we share your personal data with
In some cases, we have legitimate grounds for sharing your personal data with other parties, such as the authorities, suppliers or business partners.
When Intility outsources tasks that call for a service provider to process personal data on behalf of Intility rather than for its own purposes, the service provider will normally be a data processor. In such cases, the processing activity is regulated in the data processor agreement between Intility and our customers. We are also required to enter into a data processor agreement with the applicable sub-processors.
Intility also has business partners that we convey services on behalf of. If, for example, your company chooses to lease hardware, and you carry out the order on behalf of the company, we will share your contact information with the leasing company. In such a situation, the leasing company processes the personal data for their own purposes and is therefore considered an independent data controller for the personal data we share with them. The same apply to our broadband and telecom vendors and to delivery services.
6. Your rights
You have the right to access and inspect the data that we have stored about you. This applies to data you have provided yourself, data we have obtained from external sources and information about the processing of this data.
If the data we have about you is inaccurate or incomplete, you are entitled to request rectification of the data (within the limits that follow from legislation).
If you find that Intility is storing your personal data unlawfully, you are entitled to instruct us to delete it (“the right to be forgotten”). Please note that we may be required by law to store certain data, including personal data, for purposes such as accounting and reporting to the authorities.
Furthermore, you have the right to object to any processing of your personal data that is carried out to protect legitimate interests, unless such interests take priority over your basic rights or freedoms. You may also ask us to limit the processing, and to have the personal data you have given to us transferred to you or another data controller (data portability). For more information about your rights, see GDPR.EU.
If you would like us to update your personal data, or to exercise your rights, please contact us by email at email@example.com. We are happy to help and will get back to you as soon as possible. Remember that you at any time may withdraw your consent to process personal data. Please let us know about the withdrawal by emailing us at firstname.lastname@example.org.
7. Protection of your personal data
Intility continuously seek to ensure that your personal data is protected against loss, destruction, corruption or unauthorized access. We have Intility continuously seek to ensure that your personal data is protected against loss, destruction, corruption or unauthorized access. Our security framework is based on internationally recognized audit standards and is updated regularly in line with technical developments. implemented a range of technical and organizational security measures to protect your personal data. These measures include education and training of relevant staff, administrative and technical controls to restrict access to personal data, technological and physical security measures. Our security framework is based on internationally recognized audit standards and is updated regularly in line with technical developments.
For more information about how we work with information security, see Intility Trust Center.
8. How long we keep your information
We will hold your personal information on our systems for the longest of the following periods: (i) as stated above); (ii) any retention period that is required by law; (iii) as long as necessary for the relevant activity or services.
If you have given us your explicit consent to process data, e.g. to send you newsletters, we will hold your information until you withdraw your consent, until we change/close down the activity/services or for as long as necessary for the relevant activity or services.
9. How to exercise your rights
If you have questions or concerns regarding our processing of personal data, please contact Intility’s privacy team (email@example.com). You also have a right to complain to the Norwegian Data Protection Authority if you consider that we have breached the data protection legislation. Before filing such a complaint, we encourage you to first contact our privacy team. If you do choose to contact the Data Protection Authority, please see their webpages for more information: www.datatilsynet.no.
Andreas Hisdal, 26th of October 2023
Chief Executive Officer