Website Privacy Notice
Last updated 03.04.2023
Who we are and what does this Privacy Notice cover?
For the purpose of the General Data Protection Regulation (“GDPR”) the Data Controller is Amby AS, a Norwegian company registered in the register of the Norwegian Central Coordinating Register for Legal Entities under number 997901916 (“Amby” or “we” or “us” or “our”). As a recruitment company, we are committed to protecting the privacy of our candidates, clients, and users of our website.
This Privacy Notice explains how we collect, use, disclose, and safeguard your information when you visit our website www.amby.com and all its subdomains, including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the “site”). Please read this privacy notice carefully. If you do not agree with the terms of this privacy notice, please do not access the site.
Amby may change and update this notice from time to time to comply with any governmental or legal changes, as well as company policies. Any changes or modifications will be effective immediately upon posting the updated Privacy Notice. We will notify you of any changes by posting the new Privacy Notice on this page. You are advised to review this Privacy Notice periodically for any changes.
To learn more about how we process personal data of our suppliers, clients and candidates, please get familiar with our General Privacy Policy.
What kind of Personal Data do we collect?
Personal Data
If you contact us using the “Contact Us” form or when you download some of our resources, we may ask you to provide us with your personally identifiable information, such as your name, email address, and company name that you voluntarily give to us when you register with the site using contact forms or similar or when you choose to participate in various activities related to the site, such as meeting scheduling modules or similar. This information is necessary for us to properly provide our services to you. You are under no obligation to provide us with personal information of any kind, however, your refusal to do so may prevent you from using certain features of the site and the Amby services.
If you use the form for downloading materials that we publish on the site, we may ask you to consent to the processing of your personal data in the form of name, company and email address for marketing purposes. In this case, we will be permitted to send you personalized newsletters and other marketing information. You can manage your email subsriptions at any time.
Derivative Data
Information our servers automatically collect when you access the site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site.
Mobile Device Data
Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the site from a mobile device.
Third-Party Data
Information from third parties, such as personal information or network, if you connect your account to the third party and grant the site permission to access this information.
How and why do we process your Personal Data?
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the site to:
- Assist law enforcement and respond to subpoenas.
- Compile anonymous statistical data and analysis for use internally or with third parties.
- Deliver targeted advertising, newsletters, and other information regarding our services and the site to you.
- Generate a personal profile about you to make future visits to the site more personalized.
- Increase the efficiency and operation of the site.
- Monitor and analyze usage and trends to improve your experience with the site.
- Notify you of updates to the site.
- Offer new products, services, and/or recommendations to you.
- Perform other business activities as needed.
- Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
- Request feedback and contact you about your use of the site.
- Resolve disputes and troubleshoot problems.
- Respond to service, product, and customer service requests.
- Send you any newsletter that you have signed up to using any of our contact forms.
- Solicit support for the site.
What is our legal basis for Personal Data processing?
Legitimate interest
As long as our interests are not overridden by your interests or fundamental rights and freedoms, we rely on legitimate interest as the lawful basis on which we collect and use your personal data. We rely on our legitimate interest to analyze, develop, improve, and optimize our sites, facilities, products, and services, and to maintain the security of our sites, networks, and systems.
We also rely on our legitimate interest in processing contact and related information about you in order to communicate adequately with you and to respond to your requests.
We may also process your data to assert possible claims or defend against claims, which is our legitimate interest.
Consent
We process personal information for marketing and sales activities (including events) based on your consent where so indicated on our site at the time your personal information was collected, or further to our legitimate interest to keep you updated on developments around our products and services which may be of interest to you.
Compliance with a legal obligation
In case we need to process your personal data to comply with legal or regulatory obligations.
With whom do we share your Personal Data?
We may share information we have collected about you in certain situations. Your information may be disclosed as follows:
By Law or to Protect Rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
Third-Party Service Providers
We may share your information with third parties that perform services for us or on our behalf, including data analysis, email delivery, hosting services, customer service, and marketing assistance.
Marketing Communications
With your consent, we may share your information with third parties for marketing purposes, as permitted by law.
Online Postings
If we add such a possibility, when you post or submit comments, contributions, or other content to the site, your posts may be viewed by all users and may be publicly distributed outside the site in perpetuity.
Affiliates
We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Notice. Affiliates include our portfolio company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
Business Partners
We may share your information with our business partners to offer you certain products, services, or promotions.
Other Third Parties
We may share your information with advertisers and investors for the purpose of conducting general business analysis. We may also share your information with such third parties for marketing purposes, as permitted by law.
Tracking technologies
Cookies and Web Beacons
We may use cookies, web beacons, tracking pixels, and other tracking technologies on the site to help customize the site and improve your experience. When you access the site, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the site. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.
We may use cookies, web beacons, tracking pixels, and other tracking technologies on the site to help customize the site and improve your experience. For more information on how we use cookies, please refer to the cookie settings available when you visit our website.
Internet-Based Advertising
Additionally, we may use third-party software to serve ads on the site, implement email marketing campaigns, and manage other interactive marketing initiatives. This third-party software may use cookies or similar tracking technology to help manage and optimize your online experience with us.
Website Analytics
We may also partner with selected third-party vendors to allow tracking technologies and remarketing services on the site through the use of first-party cookies and third-party cookies, to, among other things, analyze and track users’ use of the site, determine the popularity of certain content and better understand online activity. By accessing the site, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors. You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.
Third-party websites
The site may contain links to third-party websites (like Workable, Facebook, Instagram) and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the site, any information you provide to these third parties is not covered by this Privacy Notice, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services, or applications that may be linked to or from the site.
Controls for do-not-track features
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice. Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. If you set the DNT signal on your browser, we will respond to such DNT browser signals.
Where do we store your Personal Data?
Where we store your personal data in our own systems, it is stored in Norway.
The data that we collect from you and process using third-party service providers for employment or business-related administrative purposes may be transferred to, and stored at, a destination outside of the country in which you are located or outside of the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfillment of your orders, the processing of your payment details, and the provision of support services. Some recipients located outside the EEA are certified under the EU-U.S. Privacy Shield and others may be located in countries for which the European Commission has issued adequacy decisions. In each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective. Where necessary we establish (e.g. by implementing Standard Contractual Clauses) that recipients of Employee Data located outside the EEA provide an adequate level of data protection for the Employee Data and that appropriate technical and organizational security measures are in place to protect Employee Data. By submitting your personal data, you agree to this transfer, storage, or processing.
If you would like further information please contact us (see ‘How to contact us?’ below). We will not otherwise transfer your personal data outside of the United Kingdom or EEA or to any organization (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
How long do we store your Personal Data?
We generally keep your personal data only as long as needed to fulfill the purpose we collected it for, which may be an ongoing purpose and/or for our essential business purposes such as complying with our legal obligations, resolving disputes, and maintaining the performance of our services.
We hold your personal data compliant with the legal retention periods or, if applicable, the duration of your engagement. The retention period for all the data in our organization is 60 months. We will retain your information as necessary to comply with legal, accounting, or regulatory requirements.
Security and Safety
We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.
Options regarding your information
Under the General Data Protection Regulation, you may have a number of important rights free of charge. Those include rights to:
- withdraw consent to processing at any time (where relevant);
- request access to your personal data and to certain other supplementary information;
- request correction of the personal data that we hold about you;
- request erasure of your personal data in certain situations;
- object to the processing of your personal data in certain situations, including where we are relying on legitimate interest;
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- object at any time to processing of personal data concerning you for direct marketing;
- request the restriction of processing of your personal data in certain situations;
- receive personal data that we hold about you, in a structured, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations;
- claim compensation for damages caused by our breach of any data protection laws.
Upon your request to terminate your contact information, we will deactivate or delete your information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.
If you no longer wish to receive correspondence, emails, or other communications from us, you may opt out by:
- Noting your preferences at the time you register your information with the site.
- Contacting us using the contact information provided below.
If you would like to exercise any of these rights, please contact us using our contact information below and let us know what information your request concerns. If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.
Policy for children
We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.
How to contact us?
All questions, comments, and requests regarding your rights, our processing of your personal data, and this Privacy Notice should be addressed to dpo@amby.com.
How to contact a supervisory authority?
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred. The supervisory authority in Norway is the Norwegian Data Protection Authority who may be contacted at https://www.datatilsynet.no/en/about-us/contact-us/.
Amby AS
Thorvald Meyers gate 7
0555 Oslo, Norway