Processing of customers’ personal information
We in FARA take care of the privacy of our employees, customers, suppliers, partners and their employees. In this document we provide information about when, why and how we handle personal information related to our customers. We also inform about the rights you as a customer have in connection with this.
1- WHY DO WE PROCESS YOUR PERSONAL INFORMATION?
Personal information about our customers and their employees will primarily be used to administer and manage the customer relationship, including communicating with and following up the customer, carry out deliveries, and otherwise fulfilling agreements with the customer, invoicing the customer, handling complaints and disputes, as well as investigating customer satisfaction.
Information about the customer’s use of our products can also be used in our work of product and service improvement and related statistics. We may also use the Personal Information to send out information about offers and marketing materials, as well as to evaluate when it would be appropriate to send out what kind of material to the individual customer.
We also need to process the personal information of the end customer (the traveler) to fulfill the agreement with the customer. The treatment will be performed according to data processor agreement.
2- WHAT PERSONAL INFORMATION DO WE PROCESS?
In general, we will only process the personal information about our customers that is necessary to manage the customer relationship and other purposes. Specifically, this may include processing information about the customer, such as name, address, telephone number and other contact information for the employees of the customer, position and role, employer, customer relationship history (what has been purchased when etc.), trade patterns and preferences, information about customer history of our competitors, correspondence with the company’s representatives, login and activity on our webpages, complaints and disputes, payment history and credit check.
We fundamentally do not process sensitive personal information about our customers.
When we act as data processor on behalf of our customers, it is the customer as controller who defines what personal data is stored and the purpose of processing them. This will include personal information about the end customer (travelers) such as name, picture, address, phone number, email, date of birth, unique user identifiable ID, travel card ID (card number), purchase history for sales transactions that require customer information and travel history in connection with customer care.
3- HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
The source of the information we have about our customers, including customers’ employees, will usually be the customer himself, because the customer himself provides information on online registration or personal contact, either when the customer relationship is established or later. Information may also be generated through the customer’s activity in relation to the customer relationship, including e.g. when the customer buys something or communicates with us. In certain cases, we may supplement this information with information from external sources, such as in connection with credit checks, obtaining additional information from the internet, etc. We can also obtain lists of potential customers and information about these from market players who offer this.
The source of the information we have about the end customer is what our customers give us access to, according to data processor agreement.
4- WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL INFORMATION?
In some cases, we will obtain the consent from our customers for processing personal data, but we will also process information without requesting specific consent where this is necessary to fulfill our agreement with the customer or to act at the customer’s request before an agreement is in place.
5- WHO IN FARA HAS ACCESS TO YOUR PERSONAL INFORMATION?
We will limit access to personal information about our customers to those persons in FARA AS who need such access for the purposes mentioned in paragraph 1 above. We may also share this information internally with the FARA Group, with our subcontractors and other collaborators, and in special cases also our advisors, accountants, lawyers, IT consultants and others. In such cases, we will ensure that all information is fully processed in accordance with the purpose and that our subcontractors assume responsibility for safeguarding information security in accordance with the requirements and rules that apply at any time.
6- DO SUBCONTRACTORS PROCESS YOUR PERSONAL INFORMATION?
We may use subcontractors who assist us in processing personal information about our customers. This will typically be suppliers of storage services and communications solutions that are part of our customer and supplier systems.
Some of our subcontractors may run their business abroad. We may transfer personal information about our customers to the location where the subcontractor is located or where the subcontractor has located their storage services, that be countries within the EU/EEA.
The transfer of personal information to foreign countries may also be due to the fact that we are part of the FARA Group and that other parts of this group assist with the processing.
7- HOW AND HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?
Personal information about our customers shall only be retained if they are required based on the purpose of the processing. This is justified by the current requirements for keeping accounting documentation but is also necessary to safeguard the customer’s interests in connection with possible complaints, as well as the need to have access to the history of contacts and deliveries at the customer’s request.
Personal data we collect in connection with the use of our services are stored mainly unidentified and electronic with data security in local IT. For non-anonymous paper-based personal information, these are stored in locked cabinets, where only those who need access to them to perform their tasks have access. The file cabinets are placed in offices that are locked except during regular working hours.
You may at any time ask us to delete information related to you as a customer, unless it is required by law to keep the information for a certain period of time (e.g. legal requirements, accounting laws, etc.).
8- HOW DO WE USE INQUIRIES?
We may send different types of inquiries to you as a customer as long as the customer relationship exists, including marketing requests. For any marketing inquiry via e-mail or SMS it will be possible to cancel further such inquiries.
9- WHAT RIGHTS DO YOU HAVE?
Our customers shall be informed about the processing of personal data relating to them. This letter shall therefore be available to the customers on our website, and it shall be referred to this by link on the pages where the customer can register information about himself or place orders. Customers who are in contact with us otherwise shall be informed that the information about our handling of personal information is available on our website.
If registered you are entitled to:
- contact us if you have any input or questions related to our processing of personal data,
- to receive access to the personal information we treat about you,
- to correct or remove incorrect, unnecessary, inadequate or outdated personal information,
- to protest against processing your personal information obtained from direct marketing, as well as knowing about any profiling,
- to withdraw consent for processing the personal information you have provided,
- to receive the personal information about yourself that you have given us and transfer them to another processor (data portability),
- to complain to the Data Inspectorate directly if you believe that processing of your personal information is in violation of applicable law.
10- HOW DO WE SECURE THE PROCESSING OF YOUR PERSONAL INFORMATION?
We have established procedures and measures at different levels to ensure that unauthorized persons do not gain access to our customers’ personal data and that all processing of the information is otherwise in accordance with applicable laws. The actions include regular risk assessments, technical systems and physical procedures to safeguard information security and routines to verify inspection and rectification requests.
11- HOW CAN YOU CONTACT US?
Customers who have questions or requirements regarding our processing of personal information can contact us by using: https://fara.no/contact-us/