Privacy policy


PRIVACY POLICY of Novum Økonomi AS - an authorized accounting office in Norway 

We take care of your privacy. We collect and process your data solely and exclusively if this is necessary to properly provide our services. 
 
Pursuant to the GDPR, we hereby present data processing principles applied by the Data Controller. 
 
I.               Who is the Data Controller?

 The Data Controller is Novum Økonomi AS with its registered office at Havnegata 10, 3040 Drammen, Norway. You can contact us by e-mail at office@novum.no or by phone at +47 32 22 67 70.
 
  
II.              What purpose do we collect your data? How long do we retain your data? 
 
We can process your data for the following purposes:
 
  1. Communication with you, including responses to your questions asked via our contact form, by e-mail, during online meetings, etc.

 The data will be processed on the basis of the Data Controller’s legitimate interest consisting in the communication with Users (Art. 6.1.f of the GDPR). Your data will be processed at the latest until your objection to the processing or the termination of the business purpose. The data are given voluntarily, but are necessary to communicate with you. The data may be processed for internal archiving purposes on the basis of the Data Controller’s legitimate interest (Art. 6.1.f of the GDPR) until your objection to the processing or the termination of the business purpose.
 
  1. Execution and performance of the agreement (the placement of the order).
 
  1. Identification, defence and pursuance of claims.     
 
  1. Fulfilment of the Data Controller’s legal obligations (including, without limitation, tax and archiving obligations, as well as obligations stemming from the Act on Counteracting Money Laundry and Financing of Terrorism).           
     
     The data necessary to execute and perform the agreement will be processed during the term of the agreement, including the time of exercise of rights stemming from the agreement, like for example the right to file complaints based on statutory warranty for defects (Art. 6.1.b and 6.1.f of the GDPR). You give your data voluntarily, although they are necessary to enter into and perform the agreement.
Additional data given, for example, to improve the performance of the agreement will be processed at the latest until your objection to the processing or the termination of the business purpose based on the legitimate interest consisting in customer service (Art. 6.1.f of the GDPR). 

Then, the data will be processed for the claims limitation period on the basis of the Data Controller’s legitimate interest to identify, defend and pursue claims (Art. 6.1.f of the GDPR). 

In the event the data are necessary to fulfil the Data Controller’s legal obligations (e.g. issuing and storing invoices), the data will be processed for that purpose for no more than 5 years (archiving obligations related to accounting documentation) or for 5 years from the end of economic relationships/occasional transactions (obligations stemming from the Act on Counteracting Money Laundry and Financing of Terrorism;  unless legal regulations provide for a longer period (Art. 6.1.c of the GDPR). 

The data may also be archived for internal and statistical purposes until your objection to the processing or the termination of the business purpose based on the Data Controller’s legitimate interest (Art. 6.1.f of the GDPR). 

 
  1. Delivery of marketing information (including, without limitation, newsletter and other information about services, products, promotions, free content).

 The data will be processed on the basis of the Data Controller’s legitimate interest connected with the marketing of the Data Controller’s products and services (Art. 6.1.f of the GDPR). Your data will be processed at the latest until your objection to the processing or the termination of the business purpose, whichever is earlier. Personal data are provided voluntarily, however they are necessary to receive a newsletter.
 
 For commercial communication purposes, I need your consent in accordance with Art. 10 of the Electronic Service Provision Act. You can withdraw your consent at any time by clicking the link in the footer of the e-mail or writing to us to the above address.
 
  1. Administration and management of the website and groups in social media platforms (including, without limitation, Facebook, Instagram, LinkedIn) if your data are processed in social media platforms, including communication with you, sending marketing contents to you. 

The data will be processed solely if you decide to like the site / join the group / choose the “Follow” option or otherwise give your data in the platform managed by the Data Controller, e.g. in the form of a post or comment. The data will be processed during the existence of the site/group or until your objection. You can object to the processing by de-clicking the option “Like” or “Follow” or by deleting your comment/post or otherwise as set out in the platform/site or by contacting the Data Controller.

Principles applicable to the site/fanpage/group are defined by the Data Controller and principles applicable to the use of the social media portal where the site/fanpage/group is published are defined by the entity managing those portals.
 
  1. Recruitment
 
The data will be processed for the period of recruitment and execution of agreements and, in the case of additional data given by you voluntarily, based on your consent; for the purpose of future recruitment, based on your consent, for no more than 3 years (from the end of the year in which the application was obtained). The personal data are given voluntarily, however certain data are necessary for the recruitment process and the execution of the agreement. In consequences, if the data are not given, those actions cannot be performed.
 
  1. Recovery of rejected baskets.
 
If you do not complete placing your order, you can be notified of the commenced and uncompleted order. The data will be processed on the basis of the Data Controller’s legitimate interest consisting in the service for potential and existing Customers. The data will be processed for the period necessary to meet business goals or object to the processing. 
 
  1. Posting comments.

 The data visible on our website at the comment will be processed by use to administer and operate the site and communicate with you on the basis of the Data Controller’s legitimate interest (Art. 6.1.f) for the time necessary to meet business goals or object to the processing.
 
10.  Collection of sensitive data
 
If you give your consent and this is necessary for purposes related to the proper performance of the agreement or for the fulfilment of the Data Controller’s legal obligations, we will also process sensitive data (Art. 9.2.a and 9.2.b of the GDPR). The data will be collected until the business goal terminates or the consent is withdrawn or for the period required by law. The data are given voluntarily, however they are necessary to properly perform the agreement.
 
 
III.            Whom can we transfer your data to?
 
We only transfer your data to other entities if this is necessary to achieve the purpose of the processing referred to in Section II.
 
If necessary, your data can be transferred to entities we cooperate with to achieve the above goals, including: hosting company, IT company/entity managing the website, company providing newsletter services, company providing cloud services, advertising agency, subcontractors, lawyers, couriers and post operators, training platform, customer service platform, Norwegian offices and banks to enable the performance of services ordered to them or other entities supporting us in the achievement of our goals. 
 
As a rule, the data will not be transferred outside the EEA. However, if the data are transferred outside the EEA, this will be subject to your consent, standard contractual clauses or another security provided for by the GDPR upon the fulfilment, among others, of the information obligation. Your data can be transferred to DigitalOcean LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013. The data processed by DigitalOcean LLC are hosted within the EEA area.
 
IV.            What are your rights?

Pursuant to the GDPR, you have the right to:


●      access your personal data;
●      rectify your personal data;
●      erase your personal data;
●      restrict the personal data processing;
●      object to the personal data processing
●      data portability;
●      withdraw your consent; the withdrawal of the consent is without prejudice to the compliance of processing performed before such withdrawal.

 If you believe that your personal data are processed otherwise than in compliance with applicable legal regulations, you have the right to lodge a complaint to the Chairman of the Personal Data Protection Office. In that case, I encourage you, however, to contact us in order to clarify your doubts.
 
V.             Legal regulations on personal data

All matters not provided for herein are governed by Norwegian and European legal regulations, including in particular the GDPR.
 
VI.            Cookies Policy
 
The data controller uses certain technologies to follow actions taken by the User on the website:

a)    Facebook conversion pixel: to manage advertisements in Facebook and carry out remarketing actions;
b)    Google Analytics code: to analyse website statistics. Google Analytics uses its own cookies to analyse website users’ actions and behaviour. Those files are used to store information, e.g. which website the user was referred from to the analysed website. They also help to improve the website;
c)     Google LLC
d)    Vimeo Inc.
e)    YouTube 
 
The website does not collect any information automatically, except for information contained in cookies.

Cookies are IT data, in particular text files, which are stored in the website user’s device to enable the use of the website. Cookies usually contain the name of a website they come from, time they are stored in the user device, and a unique number.

Cookies are used to adjust the website to the user’s preferences and optimise the use of the website, as well as to prepare statistics that help to understand how the users use the website in order to improve website structure and content.

You can change the settings of cookies on your own. The Internet browsing browser usually allows for cookies storing in the user’s device on a default basis. Detailed information about the operation of cookies is available in the software (Internet browser) settings.

Without consent to use cookies, certain functionalities of the website may be limited.
 
VII.          Social media plug-ins

 The website uses plugs and other social media tools made available by such portals like Facebook or Linkedin. Personal data processing rules are described on websites of services providers of those social media portals.
 
VIII.         DATA CONTROLLER
 
 
The data controller of data processed for the purpose of statistics collected via Facebook is Novum Økonomi AS, hereinafter referred to as the Data Controller, and Facebook Ireland Limited, with its registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to the Joint Controller. The data are processed jointly by both of those entities. Detailed principles for joint data control, including information about your rights, are described in Information about website statistics .
 
The Data Controller processes the data on the basis of its legitimate interest in analysing the activity and preferences of users to improve the existing functionalities and services. For matters related to personal data, you can contact both the Data Controller and Joint Controller.