SG Armaturen (“SG”) is subject to national privacy and data protection laws, which includes EU’s General Data Protection Regulation, which protects the integrity and confidentiality of a person’s personal data. Personal data means any information, directly or indirectly, relating to an identified or identifiable natural person (data subject). This Policy is primarily aimed at our customers and visitors to our platforms.

We are committed to protecting the privacy and data protection rights of everyone’s personal data we process, so it is important that we explain and give you an overview of how SG collects and process personal data. We will only process personal data for appropriate purposes and in accordance with applicable data protection regulations.

In addition to this Policy, SG has privacy policies for SG Smart (available in the application) and for its employees (available in the personnel handbook). For information about how we use cookies, please see our Cookie Policy.

SG is the controller in terms of the personal data we process as part of our customer relationship and of the personal data generated from those using our website. 

SG commits to always process personal data lawfully and fairly, and which is only collected for specified, explicit and legitimate purposes as required by law. Therefore, we will only process personal data when such processing is necessary to manage our business operations, contractual obligations or other legitimate business interests we may have, and to comply with legal obligations or, in some cases, after having received consent from the data subject.

SG will ensure that the personal data is adequate, relevant and limited to what is necessary for the purpose and that the personal data is retained only for the period required to serve the purpose. We strive to keep the personal data accurate and up to date, and ensure that inaccurate data is erased or rectified.

SG will ensure that the personal data is processed in a manner that ensures appropriate security with respect to integrity and confidentiality of the personal data.

In a number of areas, SG may use third party service providers that process personal data on behalf of SG. In such circumstances, SG has implemented adequate safeguards in accordance with applicable law to regulate the service providers’ processing of personal data on our behalf, such as the conclusion of a Data Processing Agreement.

SG does not disclose personal information to other companies outside of our group, neither in Norway nor abroad. However, this does not limit any statutory disclosure of personal data to public authorities.

SG stores and processes personal data on servers located in the EU/EEA.

SG may on occasion use third party service providers located outside the EEA (third countries). In such circumstances, the transfer of personal data to third countries will rely on Standard Contractual Clauses or other lawful basis for the transfer of personal data.

CRM system (administration of customers and potential customers)

SG processes personal data to facilitate the administration of customers and potential customers, such as their name, telephone number, email address, postal address, employer if the data subject represents a company (contact person), agreement and/or order and purchase order.

The purpose of this processing activity is to manage customer relationships, including keeping track of current, past and potential customer relationships. Our legal basis for processing is either to fulfil an agreement with you as a customer (existing customer relationship), or our legitimate interest in contacting potential customers.

The data is stored in our CRM register and deleted five years after the last activity.

When you or your company orders a product from SG, we process certain types of personal data, such as your name, telephone number, email address, address, employer if you represent a company (contact person), as well as the time and content of the order. The processing also covers the invoice we send you and the payment we receive from you, as well as any refunds. The orders are processed in our CRM system and the invoices in our invoicing system.

The purpose of this processing activity is to provide services and products to you as a customer and our legal basis is the customer agreement.

SG is required by law to store invoice information for 10 years after the end of the financial year.

Customers and other interested parties can sign up to receive SG’s newsletter. If you receive our newsletter, you will regularly receive an email with tips, news and other information about our products and services. On these occasions, SG processes personal data, such as your name, email address, IP address if you clicked on the information link, and your company name (employer) and job title if you are acting as a contact person for a company.

The purpose of sending out newsletters is to market our products and services to existing and potential customers. For existing customers (contact persons for companies), the legal basis is SG’s legitimate interest, whilst for others, the legal basis is consent. All recipients of the newsletter are free to unsubscribe from the newsletter by clicking “unsubscribe”. SG processes the data for as long as you choose to receive newsletters.

SG has a company account with various social media (Facebook, LinkedIn and Instagram), which is freely available to other users of the services. SG has access to the public profile data of its followers, which is individuals enter when creating a profile on the relevant social media. This also includes comments users make regarding SG’s posts.

SG’s purpose for using social media is to assess interest in the updates shared on SG’s corporate page with a view to optimising the content to match the recipients’ interest.

Our legal basis for processing personal data on social media platforms is our legitimate interest to be visible and accessible to our customers and others on social media platforms. SG may process the public profile data of its followers for as long as the user follows or refers to our company account with, for example likes, comments or messages.

If you are interested in knowing how social networks process your personal data, please refer to read the privacy policies available via your social network profile(s).

When SG processes personal data about you, you are conferred data privacy rights, which we explain below. There may be exceptions to these rights.

If you wish to enforce your rights, or have questions related to your rights, please contact the responsible person named below (see contact information). We are obliged to answer your enquiry without undue delay and within one month at the latest.

Right to information
The right to information means that you can contact us and request information about how we process personal data about you.

Right to access
The right of access means that you are entitled to receive a copy of the data that we have stored about you.

Right to rectification
The right to rectification means that you are entitled to have incorrect or incomplete personal data about yourself corrected or updated.

Right to erasure (‘right to be forgotten’)
The right to erasure means that you have the right to have data about yourself deleted, if the personal data is no longer necessary for the purpose for which it is processed, if you withdraw your consent or if you protest against the legality of the processing.

Right to restriction of processing
The right to restriction of processing means that you are entitled to restrict the processing, if you dispute the accuracy of the personal data, the processing is illegal, or the personal data is no longer necessary for the purpose for which it was obtained.

Right to object
The right to object against the processing of personal data means that you can oppose processing based on SG's legitimate interest, if there are justified reasons for this.

Right to withdraw consent
If you have given us your consent to process personal data, you can withdraw this consent at any time.

Complaints
We hope you will inform us if you believe we are not complying with data protection legislation. You have the right to lodge a complaint to local Data Protection Authority, if you consider that we have breached data protection legislation. You may always contact us directly if you have any questions.

SG AS (organisational number 958 560 931) is the controller in terms of the personal data we process. The company’s CEO has ultimate responsibility for the company’s compliance with the data protection regulations.

The day-to-day responsibility for processing personal data about our customers is delegated to Unni Isaksen, whom you can also contact, if you want to exercise your data privacy rights.

You can also contact SG by:

• Phone: +47 37 500 300

• Email: firmapost@sg-as.no

• Post: Skytterheia 25, N-4790, Norway

We may update this Policy from time to time without posting specific notice of the changes on the website. However, if changes are material and/or affect your rights, we will post specific notice of the changes on the website.