Last updated 2018.12.20
AFFILIATED WITH CUSTOMERS, SUPPLIERS AND BUSINESS PARTNERS
1Diamond AS (“1Diamond”) is committed to protecting the personal data processed by the company and thus the privacy of its data subjects. Pursuant to the General Data Protection Regulation (EU) 2016/679 and applicable laws, 1Diamond is obliged to provide you with information on its processing activities.
1Diamond has prepared this policy in order to provide you with information on how we process personal data in relation to our website users and natural persons affiliated with our customers, suppliers and business partners.
2 RESPONSIBILITY AND QUESTIONS
1Diamond acts as the data controller for the personal data it processes in connection with the use of our website and the personal data we collect and process on natural persons affiliated with our customers, suppliers and business partners. If you have any questions about how 1Diamond process your personal data or would like to make use of your rights as a data subject, please contact our Director of Operations, Stig Fjerdingen at:
Throughout this policy we use a number of terms that have the following meaning:
(1) “Personal data” means, briefly, any and all data which can be attributed to a (living) natural person, for example name, email, address, IP number, health data, or any combination of data which entails that a person can be identified.
(2) “Processing” means any and all measures performed on personal data such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(3) “Data controller” is the person who alone, or together with others, determines the purposes and means for the processing of the relevant personal data. The controller of personal data is the party with primary responsibility for ensuring that personal data is processed in accordance with the GDPR.
(4) “Data processor” is the person who processes personal data on behalf of the controller of personal data, for example a supplier of salary administration services.
(5) “Data subject” is the person whose personal data is processed by 1Diamond, i.e. employees/freelancers, job applicants, users of the website and contact persons at suppliers/business partners.
4 WHY AND WHAT PERSONAL DATA DO 1DIAMOND PROCESS CONCERNING YOU?
Below is an overview of the types of personal data 1Diamond process in relation to our website users and natural persons affiliated with our customers, suppliers or business partners.
Note that 1Diamond does not necessarily process all of the below types of personal data, as it will depend on individual circumstances, e.g. how the website is used, which communication method is selected or the nature of the communication between you and 1Diamond. Depending on the circumstances, 1Diamond may also process other personal data. If you would like to now more of which personal data 1Diamond process concerning you, please contact us by using the contact details in section 2 above.
In relation to our website users, we process cookies and data contained within cookies. Cookies are small text-based files that are placed on your device when you visit our site. The cookies contain information, which both 1Diamond and third parties (e.g. the cookie provider) may access when you visit our website.
There are a number of reasons for us using cookies. The main reasons are to enhance your user experience and to analyze the general use of our website (e.g. by seeing how long you view our pages). To do this, we rely on third party cookie providers such as Google Tag Manager and Google Analytics. The cookies we use may include us processing your personal data, such as automatically generated unique identifiers (for the purpose of distinguishing between users) and information about your use of our website. For more information about the cookies we use, please see
4.3 Natural persons affiliated with customers, suppliers or business partners
In relation to natural persons (that 1Diamond interact with) employed or in other ways affiliated with customers, suppliers or business partners, we process the following types of personal data:
- Contact details: Full name, e-mail address, address, phone number, work related e-mail, work related phone number.
- General information: Your job position/connection to the customer, supplier or business partner and CRM related information (e.g. our interactions with you and your company).
- Miscellaneous data: Personal data contained in our documents (e.g. protocols from meetings or contracts which is signed by you), e-mail correspondence etc.
The contact details and general information is processed so that we can maintain and develop the relation between 1Diamond, you and the company which you are employed in or in other ways affiliated with. The legal basis for the processing is that the processing is necessary for ensuring a legitimate interest.
Miscellaneous data is processed to ensure 1Diamond’s continued daily operations and to ensure that we fulfil legal obligations (e.g. in relation to the Bookkeeping Act). The legal basis for the processing will normally vary between i) that the processing is necessary for ensuring a legitimate interest that is not overridden by your data privacy, and ii) that the processing is necessary for fulfilling legal obligations.
5 DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
1Diamond rely on a number of third party service providers that we might end up sharing your personal data with:
- IT-system providers: We have third party service providers delivering storage and IT-systems services to us. In certain circumstances, e.g. if we need support from one of our providers, they might have access to your personal data.
- 1Diamond LLC (intercompany service agreement): 1Diamond has entered into an intercompany service agreement with 1Diamond LLC. 1Diamond LLC provides 1Diamond with services such as executive functions, accounting functions, human resources and benefits functions, tax management functions, procurement services, marketing, legal etc. Several of these services require 1Diamond to disclose your personal data with 1Diamond LLC, e.g. your general HR-data and, where required, sensitive HR-data. 1Diamond has entered into EU Model Clauses to ensure the protection of your personal data when transferred to 1Diamond LLC.
1Diamond will take the necessary steps to ensure the protection of your personal data, e.g. by entering into data processor agreements with
6 HOW LONG DO WE PROCESS YOUR PERSONAL DATA?
Generally, 1Diamond will delete or anonymize your personal data when it is no longer necessary to process the data for the purpose it was collected for.
Below we have set out some general information about our retention guidelines in relation to the use of our website and in relation to the natural persons we interact with affiliated with our customers, suppliers or business partners. We note that the below is general guidelines and that 1Diamond may retain the personal data for a prolonged period of time in certain circumstances, e.g. if personal data is necessary to fulfil legal obligations.
1Diamond only retain and use the personal data we collect in and through the cookies for a limited time (usually only when you are visiting the website or during your session). When you revisit our website we might access the cookies and the personal data stored on these. The cookies we place on your device is placed for a limited period varying from 30 seconds to several years.
6.3 Natural persons affiliated with customers, suppliers or business partners
1Diamond will retain the contact details and general information concerning natural persons (that we interact with) employed or in other ways affiliated with our customers, suppliers or business partners, for two years following our last interaction with the individual. However, in certain circumstances where we believe it to be in the interest of all parties that we continue retaining the contact details and general information, we may continue retaining such data for a prolonged period of time (e.g. where 1Diamond has developed a relationship with an individual that is not limited to him/her holding a position at one of our customers, suppliers or business partners).
With regards to miscellaneous data we will retain these for as long as is necessary for complying with legal obligations and ensuring our legitimate interests.
7 YOUR RIGHTS AS A DATA SUBJECT
As a data subject you have certain rights that you may make use of in relation to 1Diamond’s processing of your personal data:
- Right to access: As a data subject, you have a right to request us to confirm whether we process personal data concerning you, and if so, to give you access to the personal data and more detailed information about the processing activity.
- Right to data portability: If the processing is carried out by automated means and the legal basis for the processing activity is consent or performance of a contract, you may be entitled to request us to provide you with a subset of your personal data in a structured, commonly used and machine-readable format. In certain circumstances, you may also ask us to send the subset of your personal data directly to another data controller (e.g. another company).
- Right to rectification: 1Diamond has a constant obligation to ensure that the personal data it is processing is accurate and up to date. If you discover that the personal data we process about you is inaccurate or incomplete, you may require us to rectify or complete the personal data.
- Right to erasure: 1Diamond has an obligation to delete or anonymize your personal data when it is no longer necessary to process the data for the purpose it was collected for. Additionally, you have a right to request us to delete your personal data in the following situations:
- The processing is based on your consent and this consent is withdrawn (and there is no other legal basis for the processing).
- You object to the processing and there are no overriding legitimate interests for continuing the processing.
- The personal data was unlawfully processed.
- The personal data has to be erased in order to comply with a legal obligation.
We note that the right of erasure does not apply if further retention of the data in question is necessary for compliance with a legal obligation (e.g. bookkeeping obligations), or for the establishment, exercise or defense of legal claims.
- Right to restriction: Under the GDPR, you have a right to require that we (temporarily) restrict the processing of your personal data in certain situations, e.g. if you contest the accuracy of your personal data which we process or are of the opinion that 1Diamond do not have a sufficient legitimate interest for a processing activity.
- Right to objection: In certain circumstances, e.g. where the legal basis for processing is a legitimate interest, you may object to the continued processing. If you do so, 1Diamond will re-evaluate the legitimate interest and the interest of your data privacy. We will only continue the processing activity if i) there are compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms; or ii) the processing is necessary to establish, enforce or defend against legal claims.
If you would like to make use of your rights as a data subject or have questions concerning our processing activities, please contact us using the contact details in section 2 above.