Telenor Eiendom Holding AS PRIVACY NOTICE
Updated March 5th, 2019
This privacy notice applies for services offered to users provided by Telenor Eiendom Holding (hereafter «Telenor Eiendom») as part of managing buildings Telenor Eiendom owns or rents out. Examples of services are visitor registration, access control and CCTV. The purpose of our privacy notice is to inform you about how Telenor Eiendom processes your personal data and which rights you have in this regard.
The purpose of the services provided by Telenor Eiendom is mainly to ensure a simpler and safer workday for you as an employee or a visitor to a Telenor Eiendom site.
Telenor Eiendom is a data controller when processing personal data collected through the use of services we provide employees, tenants and users of our buildings. The daily data controller responsibility is mainly exercised by our partner and data processor ISS.
Please spend some time to make yourself familiar with our guidelines for privacy. Feel free to contact us if you have any questions. Contact information can be found under bullet point 3.
- Personal data about you; handled by us
In the following we will give a general explanation regarding which personal data we collect, for which purposes and services this personal data is used and also the categories of third parties who have access to this information. We will also give an overview of deletion routines related to personal data.
Telenor Eiendom NEVER processes any of the following categories of personal data: Special categories of personal data, including data related to race or ethnical background, or political, philosophic or religious opinion, information about legal offences, health information, sexual relationships or labor union trade memberships.
2.2. The purpose and legality of the personal data processing
We process your personal data to the extent necessary for you to be able to enjoy the services we offer employees, tenants and users of our buildings, and also to maintain and protect our provided services. The legal grounds for our processing are fulfilment of contract, legal obligation or legitimate interest, cf. Personal Data Act article 6.
2.3. Sharing personal data with others
We only share your personal data when we have legal grounds for sharing. We can share data with IT-vendors, tenants, Norwegian authorities, internal companies and credit rating companies. See further information in the table below.
2.4. Schematic overview of processing
The table below gives a generic overview of the personal data collected and processed, whether data is shared with a third party and how long the data is kept before deletion.
|Name of processing activity||Processing purpose||Categories of personal data||Legal ground for processing||Deletion routines||Third party categories|
|Access control||Administer and secure safe access to all properties||Contact information, picture and registered information||Legitimate interest||Registered information on access card is deleted after 90 days, access order information is deleted 1 year after end of employment||Securitas, ISS, tenants, authorities, IT-vendors|
|Canteen/ lunch settlement||Administer lunch and cafe services to employees and tenants||Contact information and location of work||Contract||Deletion routines must be followed up, we have requested that information about who has bought what must be deleted||ISS, IT-vendors|
|Visitor registration||Administer and secure safe access to buildings for visitors||Contact information and location of work||Legitimate interest||Deleted 24 hours after visitation||ISS, IT-vendors, tenants|
|CCTV/Camera surveillance||Physical security of property and buildings||Video surveillance recordings and pictures||Legitimate interest||Deleted 7 days after recorded, or after 30 days if requested or possible police investigation||ISS, Securitas, authorities, tenants, IT-vendors|
|Mail distribution||Administer mail and package delivery to tenants||Contact information and location of work||Legitimate interest||Deleted 3 months after end of employment||ISS, IT-vendors, tenants|
|Archiving||Information handling in regard to tenants||Contact information and contract location||Legitimate interest||Personal data is deleted when the contract is terminated, except the content of the contract||IT-vendors|
|Compliance||Secure compliance in cases of whistleblowing||Contact information and employee information||Legal obligation||Data is deleted locally when the case is completed||IT-vendors, internal companies|
|Lease contracts/rent out||Administration of leasing contracts||Contact information and credit rating information||Legitimate interest||Personal data is deleted when the contract is terminated, except the content of the contract||Credit rating companies, IT-vendors|
|Invoicing||Invoicing services||Contact information, payment information||Legitimate interest||Deletion according to legal obligations in «Bokføringsloven»||GSS|
|Payments||Accomplishment of payment||Contact information, payment information||Legitimate interest||Deletion according to legal obligation in «Bokføringsloven»||GSS|
|Jeløy Radio kurs og konferanse-senter||Arrangement of conferences, events and courses, including accommodation and food services||Contact information, preferences, allergies and payment information||Contract||All data is deleted one year after the completion of the arrangement/event||IT-vendors|
|Parking||Administration and security related to parking garage at Fornebu||Contact information, payment information, parking admission||Contract||Data is deleted immediately after entrance and control against parking admission. For further information please see One Park personvern og cookies||Onepark and tenants|
- Your rights regarding management of personal data
You have the following rights according to the Personal Data Act when we process your personal data:
- You have the right to request access to your personal data according to the Personal Data Act, article 15.
- You have the right to request correction, deletion or restrict the management of your personal data according to The Personal Data Act articles 16, 17 and 18.
- You have the right to data portability wherever this is available according to The Personal Data Act article 20.
- You have the right to protest to our processing of your personal data according to The Personal Data Act article 21. This will for Telenor Eiendom’s case be relevant for the activities based on legitimate interest.
- On request you have the right to get information regarding the balancing of interest done where treatment of personal data is based on legitimate interest. You may contact Telenor Eiendom at GDPReiendom@telenor.com if you wish to exercise your rights as described above, or if you have other questions related to management of your personal data.
You also have the right to complain to The Norwegian Data Protection Authority if you think your rights have been violated by our processing of your personal data. Contact information to The Norwegian Data Protection Authority is: Datatilsynet, Postboks 8177, Dep 0034 Oslo, Email: firstname.lastname@example.org, Phone: +47 22 39 69 00.
Telenor Eiendom takes the security of personal data processing very seriously and protects the personal data we handle. When Telenor Eiendom stores personal data, we use IT systems with limited access placed in facilities with measurement of physical security. Telenor Eiendom has gone through organizational, technical and administrative actions to protect personal data in the organization. Telenor Eiendom has taken the necessary steps to secure your personal data from loss, misuse, unauthorized access, change and publication.