Privacy policy
Privacy policy for Gudbrandsdalens Uldvarefabrik AS
1. Introduction
When you are in contact with us, for example, by visiting our website or our factory, whether as a private individual or as a contact person on behalf of a customer, Gudbrandsdalens Uldvarefabrik AS processes personal data about you. Below you will find information about what type of personal data that is collected, why we do this and your rights related to the processing of personal data.
2. Controller
Controller for the personal data is Gudbrandsdalens Uldvarefabrik AS (here after GU) represented by the general manager. Our contact information is:
Address: PO Box 836, 2626 LILLEHAMMER
Email: gu@gu.no
Telephone: +47 61 22 15 00
Org.no.: 996 131 491
For questions you may have regarding our processing of personal data, please contact gu@gu.no.
3. Information that is collected and processed
We collect and use your personal information for different purposes, depending on the relationship and type of interaction. We collect the following personal data for the purposes stated here:
Customer Relationship Management and handling of inquiries. In this regard we process contact information such as name, telephone number, email and possibly other personal information such as postal address and date of birth. The processing takes place based on GDPR Article 6 (1) (f) (necessary for the purposes of our legitimate interests) for contact persons of former, current and potential customers and suppliers. We have an interest in getting in touch with the right person at our customers and suppliers, as well as being able to verify that it is the correct person that contacts us.
E-commerce – B2B online store. The customer’s purchasing manager may have created a user profile in our e-commerce solution. Registered information is the customer's company name and corporate identity number as well as the purchasing manager’s name, email address and mobile number. There is also an order history related to the user profile. The user profile is personal, and the contact person must take precautions so that others cannot access the user account. Login information must be kept hidden for others. The processing is based on GDPR Article 6 (1) (f) (necessary for the purposes of our legitimate interests) for contact persons for our customers. We have an interest in getting in touch with the right person of our customers as well as being able to verify that it is the correct person that contacts us and order goods.
Marketing, newsletters and other relevant information about our business. In this context, the name and e-mail address are processed. The processing is based on the consent of the person receiving the marketing pursuant to Section 15 of the Norwegian Marketing Act.
Accounting, invoice etc. We typically need to process the contact person’s name on invoices, delivery note, etc. The processing is based on GDPR Article 6 (1) (f) (necessary for the purposes of our legitimate interests). We and recipients are interested in associating the document with the correct person at the recipient.
Recruitment. In this context, CVs, applications, certificates, diplomas, statements from references, internal assessments / interviews, cf. personality tests and ability tests. Processing of personal data is done based on an agreement with the applicant, ie GDPR Article 6 (1) (b). If we hold application documentation after a recruitment process has ended, this is done based on the consent of the applicant, cf. GDPR Article 6 (1) letter a.
Access control and camera monitoring. When visiting our premises and our factory, information will be recorded about you. You will also be monitored by camera. The treatment is done based on GDPR Article 6 (1) (f) (necessary for the purposes of our legitimate interests). We have considered that such processing is necessary to safeguard our and your safety.
Security. In this connection, logs are processed on servers, disclosure, clarification and follow-up of security events, etc. The processing is done on the basis of GDPR Article 6 (1) (f) (necessary for the purposes of our legitimate interests). We have considered that this processing is necessary to ensure information security and prevent unauthorized disclosure of personal data.
4. Disclosure of personal data to others
Personal data will not be disclosed or transferred to others unless there is a legal basis or legal order for such disclosure. Examples of such a basis will typically be an agreement with you or a legal basis that instructs us to disclose the information.
In order to provide our services safely, GU must, to some extent, use third parties to process personal data on our behalf (data processor). When necessary, we ensure that these third parties, through a data processing agreement, comply with our and current legal requirements for processing and using personal data.
All of our processing of personal data is done within the EU / EEA area.
5. Period of storage
We store your personal data as long as it is necessary for the purpose for which your personal data was collected.
The table below provides an overview of how long we process personal data for different purposes:
Purpose |
Period of storage |
Customer relationship management |
Until 3 years after the end of the relation |
Accounting, invoice etc. |
Until 5 years after end of accounting year |
Recruitment |
Until 3 months after expired application deadline or withdrawn consent. |
Security logs |
Until 1 year |
Backup |
Until 3 years |
7. Rights when processing personal data
The person to whom we process personal data has the right to require access, rectification or deletion of personal data. This person also has the right to demand limited processing and, on certain terms, object to the processing. More information about these rights is available on the Data Inspectorate's website: www.datatilsynet.no.
To make use of the rights, the person must contact us by e-mail or telephone. We will respond to inquiries as soon as possible and no later than one month.
It is a prerequisite that the identity of the requesting person can be verified, to ensure that we only provide access to the personal data of the person entitled to the information.
8. Complaints
If you find that we process personal data in a way that does not match what we have described here or that we otherwise violate privacy legislation, you may complain to us or to the Data Inspectorate. More information on how to contact the Data Inspectorate can be found on the Data Inspectorate's website: www.datatilsynet.no.
9. Changes
In the event of a change of our services or changes to the Privacy Policy, this may change the information provided herein. We will then inform about these changes. In addition, updated information will always be readily available on our website.