Back

Privacy policy SG

Skip to

1. Purpose of the policy

SG Armaturen AS ("SG") is committed to protecting your personal data and processes all personal data in accordance with data protection regulations. This privacy policy provides you with information about how we collect, use and protect your personal data, and what rights you have in this regard.

2. Data controller

SG is the data controller for the processing of your personal data.

Contact details:

Address: Skytterheia 25, 4790 Lillesand
E-mail: firma-post@sg-as.no
Telephone: +47 37 500 300
Organization number: 958 560 931

3. Definitions and terms

Personal data regulations
Regulation 2016/679 ("General Data Protection Regulation" or "GDPR") and other relevant national data protection legislation, including the Personal Data Act.

Personal data
All information relating to an identified or identifiable natural person. Ex: name, email, address, social security number, account information, etc.

Processing
Any operation performed on personal data, e.g.: collection, storage, use, modification and transfer.

Processor
A person, business or public authority that processes personal data on behalf of the controller. This can for example be an IT service provider.

4. Who do we process personal data about?

We process personal data about the following persons:

  • Private customers
  • Contact persons at business customers and wholesalers
  • End users
  • Recipients of newsletters or other communication
  • Users on social media

5. How do we collect personal data?

SG collects personal data directly from you when you register a user account, place an order, take out a subscription or log in and use our services. In such situations, we receive the information you provide in the registration, ordering or usage processes.

Secondly, we use cookies and similar technologies that are activated when you use our websites or applications. These tools enable us to record technical information about your device, service usage and preferences to help improve functionality and user experience, as further described in our Cookie Policy.

Third, we may receive information from third parties to the extent that you have consented to such sharing, or if we are otherwise legally authorized to collect or receive this information, such as from public registers or partners who provide services on our behalf.

6. Purpose and basis for our processing of your personal data

a. Customer administration

In order to manage and keep an updated overview of existing and potential customer relationships, we collect information about name, telephone number, e-mail address and postal address. In addition, we collect information about the employer if the data subject represents a company. Our basis for processing is to fulfill an agreement with you if you are an existing customer (GDPR Article 6(1)(b)), or our legitimate interest in contacting potential customers (GDPR Article 6(1)(f)). The personal data is stored in our CRM registers and deleted within five years of the data being received.

b. Providing services and products, invoicing and payment

When you or your company order a service or product from SG, we process personal data such as your name, telephone number, email address, postal address and information about your employer if you represent a company. The purpose of the processing is to be able to deliver our services and products, send you an invoice and receive payment and any refunds from you. The legal basis for processing personal data about business customers is our legitimate interest in being able to provide our services and receive payment for our services (GDPR Article 6(1)(f)). For private customers, the legal basis for processing is an agreement with you (GDPR Article 6(1)(b)). Personal data is stored for up to five years. Invoice information is stored for five years after the end of the financial year to which it relates in accordance with section 13 of the Bookkeeping Act.

c. Information sharing and targeted marketing

In order to keep you updated on relevant news, promotions, events and other changes to our products and services, we process certain personal data such as e-mail address, mobile number and IP address if you click on links in messages. In order to provide personalized communication, we may also collect information about your position/role, which industry you belong to, and whether you represent yourself as a private individual or whether you act on behalf of a company. In this way, you receive content that better matches your preferences.

For existing customers, the basis for processing is our legitimate interest in informing you about products and services (GDPR Article 6(1)(f)). For other recipients who sign up for newsletters, SMS alerts or similar, the processing is based on your explicit consent (GDPR Article 6(1)(a)). The personal data will be stored until you withdraw your consent, or for up to five years. You can opt out of further mailings at any time by using the unsubscribe link included in each message.

d. Age segmentation

We may ask for your date or year of birth in order to segment users by age so that we can offer communications and services tailored to different age groups. We only collect such information if you consent to this (GDPR Article 6(1)(a)). The data is deleted if you withdraw your consent or no later than five years after the consent was given.

e. Conduct of competitions and games

We run competitions and games at several of our events, where participants voluntarily scan a QR code and register their contact information. In connection with the competitions, we register scores, completion frequency and conduct performance analysis. By participating, the participants agree that the information can be used for personal communication and follow-up (GDPR article 6 no. 1 letter a).

f. Behavioral analysis and campaign optimization

We collect personal data about your digital behavior across our channels, such as newsletters, SMS, games/contests, websites, apps and push notifications. The purpose is to ensure good and targeted communication to you as a customer or user. We achieve this by establishing a comprehensive customer profile that captures interests and activities, analyzing user behavior, optimizing campaigns and customizing communication and content.

The processing takes place on the basis of your consent (GDPR Article 6(1)(a)), and the data is stored for up to 12 months or until the consent is withdrawn.

g. Social media

SG has a corporate account on various social media platforms (Facebook, LinkedIn and Instagram), which is available to all users of the services. SG processes data on its followers' names, usernames and any information that individuals leave in comment fields or on messages. The purpose of the processing is to assess the interest in the updates shared on SG's company page with a view to optimizing the content to match the interest of the recipients. The legal basis for the processing of personal data on social media is our legitimate interest (GDPR Article 6(1)(f)).

7. Data processors

SG uses data processors who process personal data on our behalf. This includes cooperation with both consulting companies and technology providers that assist us in fulfilling our obligations and delivering high-quality services. The purpose of using data processors is to ensure that we can provide relevant, efficient and scalable services to our customers and partners.

When a data processor processes personal data on our behalf, we enter into a data processing agreement that safeguards your privacy and ensures that we still have control over the personal data.

At present, we only use data processors within the EEA. We therefore do not transfer personal data to third countries. Should there be a need to transfer personal data to service providers outside the EEA in the future, we will ensure that there is a valid transfer basis in accordance with Chapter 5 of the GDPR.

8. Your rights

The GDPR gives you rights that you can invoke when SG processes your personal data. The rights you can invoke depend on the purpose of the processing of the personal data, as well as any exemptions that apply to the processing activities we carry out. When you exercise your rights, we will inform you of the measures we have taken without undue delay and no later than one month after we have received the request. You can exercise your rights by sending an email to firma-post@sg-as.no.

a. Right of access

You have the right to request access to the personal data that we process about you. This means that you have the right to obtain confirmation that SG is processing your personal data and, if so, how the personal data is processed, as well as a copy of the data. There are some exceptions to this right. This means that there may be cases where you are not given access to all the information that we process about you.

b. Right to rectification

You have the right to demand that SG corrects incorrect or supplements incomplete information about you. SG will ensure that your personal data is updated and correct.

c. Right to erasure

You have the right to request deletion of personal data that we have collected about you in the following situations:

  • The personal data is no longer necessary for the purpose for which it was collected or otherwise processed.
  • You withdraw the consent on which the processing is based and there is no other legal basis for the processing.
  • The personal data has been processed unlawfully (for example, without a legal basis).
  • Personal data must be erased in order to comply with a legal obligation.

d. Right to restriction of processing

You may demand that SG restricts the processing of your personal data if one of the following circumstances applies:

  • You dispute the accuracy of the Personal Data. While SG verifies the data, the processing may be restricted for a period of time.
  • The processing is unlawful and the personal data should be erased, but you wish to restrict its use instead of erasing it.
  • SG shall delete the data because it is no longer necessary for the purpose for which it was collected, but you need it for the establishment, exercise or defense of legal claims and therefore want it to be retained.

e. Right to data portability

You have the right to receive personal data that you have provided to SG, and to transfer it to another data controller, without SG preventing this. The right to data portability can be invoked when the processing of personal data is based on consent or an agreement between you and SG. The right can also be invoked when the processing is carried out automatically.

f. Right to object

You have the right to object to the processing of your personal data if SG processes the personal data based on our legitimate interest (GDPR art. 6 (1) (f)). If you invoke this right, we will stop processing your personal data unless we have compelling legitimate grounds for processing the data that override your privacy.

g. Right to withdraw consent

You have the right to withdraw your consent to the processing of your personal data at any time. SG will then delete the personal data collected on the basis of the consent. Withdrawal of consent will not affect the lawfulness of processing that has taken place before the consent was withdrawn.

h. Right to complain to the local data protection authority

You have the right to complain to the local data protection authority if you believe that we are processing your personal data in violation of data protection legislation. However, we would appreciate it if you contact us first so that we can try to resolve the situation. Our contact information can be found in section 2 of the privacy policy.

9. Security of your personal data

SG has established an information security management system that includes technical and organizational measures to ensure the protection of your personal data when it is processed by us. We also set strict information security requirements for our processors in order to protect your personal data when we share it with others.