EVRY process personal data only for purposes that are objectively justified by EVRY’s services and to perform the processing in accordance with privacy rights and regulations, including the need to protect personal integrity and private life and to ensure that personal data are of adequate quality.
Further it is the policy of EVRY to adhere to local data privacy legislation as well as corporate policies and procedures and applicable privacy directives, including the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Personal Data Directive).
Processing may include collection, recording, alignment, storage, transfer and disclosure or a combination of this. EVRY may use resources from subsidiaries outside EU-/EEA-area in a way that is considered as transfer of personal data for carrying out tasks (inter alia support services) based on EU standard contractual clauses. EVRY processes personal data both as a processor and as a controller, as defined in the Personal Data Directive.
The personal data are related to employees, customers, and customers of the customers, suppliers, complainants, correspondence, enquiries, visitors on EVRY’s webpages, and data subjects whose personal data is controlled by any of those listed.
1. Personal data on behalf of EVRY’s customers and
2. Personal data where EVRY is data controller, which may include:
a. Personal data on employees
b. Information and assessments connected to other categories of personal data. It is the policy of EVRY to limit these data only to include contact details, strictly professional information and information related to the activities EVRY has performed in relation to the persons concerned. EVRY may collect, store, use and transfer personal data for specifically expressed purposes when the user visits EVRY’s internet page. Such purposes are in general daily operation of the system and communication.
When processing personal data EVRY will fulfil obligations:
1. towards the data subjects;
2. towards public authorities; and
3. towards customers and other controllers than EVRY
with regard to how the processing is carried out.
The obligations are further detailed below.
1. In relation to the data subject there are provisions in the applicable personal data act stipulating conditions for authorizing the processing. Consent from the data subject is normally a sufficient authorization. Dependent upon the data being sensitive or not, other conditions may authorize the processing. Furthermore, EVRY has an obligation to provide information to the data subject and upon request to provide access to the data. To ensure that personal data are of adequate quality, deficient personal data may be rectified.
2. In relation to the public authorities the applicable Personal Data Act contains an obligation to give notification and - for some processing - an obligation to obtain a license.
3. When EVRY is providing services to customers that include processing of personal data, such processing can only take place when there is a contractual basis for such processing. The transfer of personal data to EVRY companies in countries outside EU/EEA can only take place when the data subject or the customer has approved the transfer. A legal basis is required for such transfer, for example a specific export agreement.
4. As regards the processing itself there are obligations with regard to data security and internal control. Organizational, physical and technical security measures shall be implemented to ensure adequate level of data security. The measures shall be in proportion to the probability and consequences of any breaches of security in order to prevent loss of life or health, economical loss or loss of reputation and personal integrity. The use of external resources to process personal data may be subject to specific provision of applicable Personal Data Act, as well as the transfer of data to other countries. EVRY will delete personal data when all purposes of the processing of the personal data are fulfilled. The retention time of each category of personal data is assessed in light of practical, technical and other considerations.
In order to verify that EVRYs processing meets data protection and privacy requirements, EVRY and its companies will conduct audits according to EVRY’s standard audit regime.
Complaints may be addressed to firstname.lastname@example.org