Bits AS protects your individual rights and personal data.
In this privacy policy, we describe Bits’ processing, such as the collection, storage and sharing of personal data.
Bits AS contact information is:
Address: PO Box 2644, 0253 Oslo
Email: post@bits.no
Telephone: 23 28 45 10
Organization number: 916 960 190
1. What personal data we collect
We will process personal data you provided directly to us, for example by contacting us, by attending our events or by visiting our website.
In some cases, we will also collect personal data about you from publicly available sources, collaborative actors and through businesses that are affiliated with Bits through agreements.
The personal data we collect will mainly be:
• Name
• Contact details
• Position/function, and employer.
In special cases we will collect:
• Social Security Number
• Address
• Registration number for your vehicle
We do not process special categories of (sensitive) personal data unless we in accordance with law or based on consent can process the personal data.
2. How we process personal data and the legal basis for processing
We process your personal data based on our legitimate interest, to fulfil agreements with you, legal obligations and consent.
OUR LEGAL INTEREST (Article 6 (1) (f) General Data Protection Regulation)
Our main purpose for processing personal data is to convey our assessments and our views to various groups in the Norwegian society; consumer authorities, national and international business partners, decision makers and consumers. This also means that we process personal data about employees and other representatives of our affiliated companies. Our processing of personal data for these purposes is based on our legitimate interest.
Examples of our legitimate interest:
• Contact with decision makers
• Dialogue with employees of banks in Norway affiliated to Bits, as well as employees of companies participating in processes run by Bits
• Managing businesses joining Bits and NICS (Norwegian interbank clearing system)
• Provide service to businesses associated with Bits
• Manage boards, committees and working groups under the administration of Bits
• Broadcasting / information dispatch
• Marketing courses, seminars and conferences for employees of banks in Norway affiliated with Bits.
• Support for users of products offered through DSOP (Digital Samhandling Offentlig og Privat Sektor)
AGREEMENT (Article 6 (1) (b) General Data Protection Regulation)
In addition to safeguarding our legitimate interest, we also process personal data to fulfill our agreements.
Examples of fulfillment of agreement:
• Courses, seminars and conferences
CONSENT (Article 6 (1) (a) General Data Protection Regulation)
In some cases, we ask for your consent to process your personal data. We do this, for example, to send you information and offers about courses and conferences we arrange. Our consent shall include information on the specific processing. You may withdraw your consent to the processing of personal data at any time.
LEGAL OBLIGATION (Article 6 (1) (c) General Data Protection Regulation)
We process personal data to fulfill our legal obligations under laws, regulations or governmental decisions.
3. Who we can disclose your personal data to
We only disclose your personal data with your consent or where permitted by law.
We can share your personal data with others, such as our affiliates, our partners, and Bits affiliates.
Transfer to third country
In some cases, we will transfer personal data outside the EEA area provided that there is a sufficient transfer basis:
• The EU Commission has decided that there is sufficient level of protection in the country in question,
• other appropriate security measures have been taken (EU standard clauses, BCR, Privacy Shield), or
• you have agreed to the particular transfer.
4. How we protect your personal data
We process your personal data safely and securely. We use appropriate technical, organizational, and administrative safeguards to protect the data from loss, misuse, accidental access, disclosure, alteration, or destruction.
5. Data processors
We use data processors to collect, store or otherwise process personal data on our behalf. We enter into agreements with the data processor to ensure that the processing of the data is in accordance with the GDPR and our requirements for the processing of personal data.
More information about our use of data processors can be obtained by contacting us.
For Digital Samhandling Offentlig og Privat Sektor (DSOP) and Norwegian Interbank Clearing System (NICS), Bits acts as a data processor for some personal data.
6. Your privacy rights
As a data subject, you have rights related to the personal data we have collected about you.
Rights of access to your personal data
You have the right to gain access to the personal data we have collected and processed about you. However, the right of access may be limited by legislation, protection of other persons' privacy, business relationships, and internal assessments.
Correction of incorrect or incomplete data
If the personal data is incorrect, you have the right to request the data to be corrected, subject to the limitations of the law.
Deletion
You have the right to request that your personal data be deleted in the following cases:
• you withdraw your consent to the processing and there is no other justified reason to continue the processing,
• you object to the processing and there is no justified reason to continue the processing,
• you object to processing for direct marketing,
• the processing is illegal
Limitation of processing of personal data
You may ask us to limit the processing of personal data if you dispute the accuracy, legality or objection to the processing. The processing will then be limited to storage only until the data is corrected or it can be established that our legitimate interest goes ahead of your interest.
Opposition to processing
You can object to our processing based on legitimate interest and you can always object to the processing of your personal data for direct marketing and promotion in connection with such marketing.
Data portability
You have the right to receive, in a machine-readable format, personal data that you have given us yourself if our processing is based on consent or fulfillment of the contract and is processed automatically with us. You can also ask us to transfer your personal data directly to another data controller if it is technically feasible.
If you want to use your rights (mentioned above) you must contact us. We will then evaluate your request and you will receive a response from us.
7. Cookies
We collect, process and analyze personal data about use on our website and newsletter.
We use cookies and similar technology to deliver better services to you, increase security, manage marketing, and provide a good user experience. We also use this technology to keep track of web site visits and evaluate website performance.
You can set or change your browser settings to accept or reject cookies. If you choose to reject cookies, you can still use our website, but this may result in access and functionality being limited.
More information about our cookies (will be published later)
8. How long we process your personal data
We will delete the personal data we hold about you when we no longer have a purpose for processing the data and the processing is lawful.
This means, for example, that we will no longer process personal data processed in our legitimate interest when we can no longer document that our legitimate interest is more important than your interest. This can be, for example, because the need to process data is no longer as strong or because the data becomes obsolete after a while.
We will delete personal data we process on the basis of an agreement upon termination of the agreement and the agreement being fulfilled, unless we have other legitimate reasons to keep the data.
We disclose personal data we process on the basis of your consent if you withdraw your consent and we have no other reason to process the data.
If we process data to fulfill a legal obligation, we will delete the data as soon as the obligation is met, unless we have other legitimate reasons to keep the data. For compliance with the accounting rules, this will entail storage for up to 5 years.
9. How this privacy statement and our use of cookies can be changed
If there are changes to our services or changes to the regulations on the processing of personal data, this may result in changes in the privacy policy. Updated information will always be readily available on our website.
10. Contact us or Datatilsynet
If you have questions or views on our processing of personal data, you can always contact us at post@bits.no or by sending us a letter.
Out Data Protection Office can be contacted by email to Thea.Aarseth@bits.no or Bits AS c/o Data Protection Officer, PO Box 2644, 0203 Oslo.