Privacy statement for NG Group

Your privacy is important to NG Group AS and the other companies in the NG Group.

We will process personal data in accordance with the applicable privacy regulations at any given time, including the General Data Protection Regulation (GDPR). These rules contain, among other things, requirements for confidentiality, integrity and availability of the information processed.

We only collect personal data to the extent necessary and relevant, and proportionality assessments are carried out to ensure that the collection and processing of personal data is not carried out to a greater extent than necessary for the purpose it was collected for.

This privacy statement provides supplementary information about what personal data is collected, how the information is collected and what rights you have when personal information about you is registered with us.

If you have any questions about this privacy statement or assessments we have made, please contact us at: personvern@ngn.no.

The controller of the personal data is the relevant NG Group company with which you have your customer and/or supplier relationship. For this website, the controller is NG Group AS.

We mainly process information about you in the following cases:

• You have sent us an inquiry.
• You are a representative of one of our suppliers.
• You have applied for a job with us.
• You are a journalist and have contacted us for a statement.
• You are visiting our website.
• You have created an account on our website or one of our customer portals.

We may also receive information about you from others in the following cases:

• A job seeker has provided you as a reference.
• Your name will be mentioned in connection with an inquiry to us.

The following are examples of categories of personal data we process:

• Basic information, such as name, employer, job title, and supplier contact details
• Information about contacting customer support.
• Information generated in connection with the use of our digital channels, such as technical information about the device you use when you visit our digital channels (including date and time, what kind of PC/mobile phone, operating system and browser you use, IP addresses, screen size, etc.).
• Information you provide to us as a job seeker, through, among other things, your application, CV, diplomas and certificates. In addition, we may conduct our own research, typically conduct conversations with references, etc.
• Any other information stored on the basis of your consent. In this case, you will receive specific information about what information we store and what it is used for when we ask for your consent.

Our digital channels are not intended for, or aimed at, children. We do not knowingly store information about children. If you believe we have stored information about a child under the age of 18, please contact us in writing so that we can delete the information.

Visits to our website

Cookies

We use cookies on our website. These are small text files that are placed on your computer when you download a web page. Some of these are necessary for the functionality of various services on our website. In addition, cookies help us determine which parts of our digital channels are the most popular, including which pages users visit and for how long. The information is used, for example, for development and analysis of services.

The basis for the generation of anonymous statistics is Article 6 (1) (f) of the General Data Protection Regulation, which allows us to process information necessary to safeguard a legitimate interest that outweighs the consideration of the individual's privacy. The legitimate interest is to improve and further develop information on our websites.

In some cases, we will use cookies for profiling and targeted advertising via 3rd parties, where this is the case, the processing will be based on your consent that you give via a cookie banner on your first visit to our websites.  It will be stated in the cookie banner which processing you consent to. 

You can find up-to-date information on how we use cookies here.

 Our websites may also contain links to other websites, to products and services belonging to others, including social media (e.g. Facebook/LinkedIn, etc.). Such services or applications available on our websites are subject to the privacy policy of those providers. We encourage you to familiarize yourself with these actors' privacy practices.

 Information about your device's specifications, software and your visit are automatically collected on our systems. This information may include, for example, your IP address, type of browser, domain name, internet service provider, files viewed (HTML pages, graphics, etc.), operating system, access time and where you arrived at our digital channels from. This data is processed based on our legitimate interest to ensure the security and availability of our websites.

Tracking pixels (e.g. clear gifs, web beacons, web bugs)We use tracking pixels (also called clear gifs, web beacons, web bugs), which help us improve our digital channels by telling us what content is being shown. Tracking pixels are small graphic elements with a unique identifier, similar to the function of cookies, and are used to track the behaviour of users online. Unlike cookies stored on the user's hard drive, tracking pixels are invisibly baked into our digital channels or in emails. This allows us to measure the impact of our marketing. We link the information we collect from emails to customer personal information.

 Social Media

We have profiles/pages in social media. When you visit these pages, such as our company page on Facebook, the social media, such as Facebook, will process your personal data and use cookies. More information about how the social media processes personal data and how they use cookies can be found in the respective social media, such as Facebook's Privacy  and Cookie pages.

Inquiries by e-mail

We use e-mail to carry out our tasks. Emails we have received will be deleted when it is no longer needed for our task. We ask that personal information which is not necessary, including sensitive personal data, is not sent unencrypted by e-mail.

Job seekers

If you apply for a job with us, we need to process information about you to consider your application. The company uses the recruitment tool ReachMee to manage submitted applications for our vacancies.

 In order to assess submitted documentation, conduct interviews and call references, the basis for processing is Article 6 (1) (b) of the General Data Protection Regulation. This provision allows us to process personal data when it is necessary to take steps at the request of the job applicant prior to entering into an agreement. By applying for the position and uploading documents, we consider that the job applicant asks us to review the submitted documentation, conduct interviews and call references with a view to concluding an employment contract.

 If we carry out our own investigations beyond this, for example contacting someone who has issued a certificate, but who is not provided as a reference, the basis for such surveys is Article 6 (1) (f) of the General Data Protection Regulation, which allows us to process information necessary to fulfil a legitimate interest that outweighs consideration of the individual's interests or fundamental rights and freedoms. The legitimate interest is to find the right candidate for the position.

 Applications are stored in the recruitment tool and deleted within one year.

We also try to ensure that personal data and other customer information is up-to-date and correct, and that we do not store information that is unnecessary in relation to the purposes for which personal data is processed.

If you no longer have an active relationship with us, your information will be deleted no later than 24 months after your last contact. The storage of anonymised data is not subject to such limitations.

Within the Company, access to your personal data is restricted to people who have a professional need to access it.

In some cases, personal data is exchanged between the companies in the NG Group and with the Group's IT company, Adact AS. The group data processing agreement governs the contractual relationship between the companies.

We may also provide personal data to:

• Data processors who work as a subcontractor for us and process your information on our behalf. Such subcontractors may not use the personal data for any purpose other than to provide the service agreed with us and in accordance with our instructions. We take special precautions to ensure that subcontractors act in accordance with these terms, Norwegian privacy legislation and the GDPR. If the Company uses subcontractors established outside the EU/EEA, we will ensure that the processing is subject to a protection equivalent to that which applies within the EU/EEA, such as the EU Commission's decisions on an adequate level of protection for the country, transfer with necessary guarantees, EU standard data protection clauses or other equivalent arrangement.
• Other parties with your consent

We may also disclose information:

• By instructions from authorities, for example by order of the courts, police or other public authorities, according to strict predefined processes
• In connection with a business transfer, e.g., as part of a merger, acquisition, sale of our assets or transfer of services to another company. In this case, you will be notified via email and/or see a notice in our digital channels of any changes in ownership, use of your personal information, and choices you may have regarding your personal information.

The protection of your personal data is a high priority for us, we work continuously to protect personal data and other confidential information through our security work. Security work includes physical, technical and administrative measures, including protection of personnel, information, IT infrastructure, internal and public networks, as well as office buildings and technical facilities.

 Our security measures also include that we carry out risk assessments on a regular basis, audits of subcontractors and review various factors such as available technology, business needs and legal requirements. This will ensure that we always have adequate security measures in place, so that we can, for example, prevent data breaches or unintended disclosure of your personal data.

In accordance with applicable privacy legislation, including the GDPR, you have the right to access, correct and delete the personal data we process about you. Furthermore, you have the right to demand that processing be restricted, object to the processing, and the right to receive personal data about yourself that you have provided to us and transfer these to another controller without us hindering this (data portability).

We will delete personal data about you if you ask us to, unless we have a legal basis or a legal obligation to keep the personal data further.

If you wish to exercise these rights, have general questions about the processing of personal data or if you receive a request from a data subject, please contact us via the email address: personvern@ngn.no

You also have the right to complain about the processing to the supervisory authority. Complaints to the Data Inspectorate can be sent to the following address:

The Norwegian Data Protection Authority (Datatilsynet)

P.O. Box 458 Sentrum

NO-0105 Oslo

Norway

For more information about complaints to the Data Inspectorate, see the Data Inspectorate's website: How to complain to the Norwegian Data Protection Authority

If we make changes to this privacy statement, the changes will be published on our website. We encourage you to periodically review this Privacy Statement.  In the event of significant changes, the registered persons will be notified of this via e-mail.

 This Privacy Policy was last amended on 11.04.2024.