Privacy Policy

 

We are dedicated to earning your trust and safeguarding your personal information. In this privacy statement, we outline the reasons we collect your data, how we use it, and how we protect your privacy.

Processing of Personal Data

 

 

Our processing as the data controller of personal data is based on the activities we conduct and the purpose of our business.

When Metzum AS collects personal data about you, we are responsible for processing it in accordance with data protection laws.

The data controller for the processing of your personal data is Metzum AS (org. no. 918 908 080), with CEO Johnny Vassbakk

Kontaktinformasjonen til Metzum er: 

Postadresse: Kalfarveien 74b, 5018 Bergen.
E-post: 
post@metzum.no

Why do we collect personal data?

 

We collect and use personal data for various purposes based on your identity and our interactions. The primary aim of this data collection, registration, and processing is to effectively manage and follow up with customers, users, and stakeholders.

All personal data processing complies with relevant data protection laws, including the Personal Data Act and the General Data Protection Regulation (GDPR). "Personal data" includes any information linked to an individual, while "processing" encompasses actions like collection, storage, use, and deletion of that data.

Personal data about candidates applying for jobs

 

 

When hiring for new roles, we collect personal information such as CVs, applications, references, and interview notes (GDPR Article 6(1)(a)), if such details are provided, or according to the bases mentioned below. The legal basis for processing personal data during recruitment is that it is necessary to take steps before potentially forming an employment contract with the applicant (GDPR Article 6(1)(b)).

If we conduct additional investigations beyond contacting the references provided, such as background checks, personal data is processed based on our legitimate interest to ensure the selection of the right candidate for the job (GDPR Article 6(1)(f)). We have assessed that our legitimate interest in hiring new employees outweighs individual privacy concerns. We recommend that you do not include special categories of personal data, such as health, religion, political opinions, union membership, etc., in your application.

Personal data is deleted once the recruitment process is completed, unless you have consented to a longer retention period.

 

Is information disclosed to third parties?

 

Personal data is not disclosed to third parties.

Storage Duration

 

We retain your personal data for as long as needed to fulfill the purposes for which it was collected, unless legal obligations require a longer retention period.

Personal data about visitors to our websites

When you visit our websites, we log your IP address as we use web and traffic analysis tools. This allows us to provide the most relevant information to our site visitors through web analysis.

Your Rights

 

 

You have the right to access, correct, or request deletion of your personal data. If processing is based on consent, you can revoke it anytime. You may restrict or object to processing under certain conditions, as per GDPR Article 21. You can request data portability for data provided to us. Automated processing with significant effects on you will not occur. If your rights are violated, you can file a complaint with the Data Protection Authority. Contact details are at datatilsynet.no.

 

Security for Processing

 

All personal data processing is safeguarded with the necessary technical and organizational measures.

We ensure that information is accurate, accessible, and managed based on its sensitivity. A variety of security technologies and procedures are employed to protect personal data from unauthorized access, use, or disclosure. Risk assessments are performed for personal data processing.

Access to personal data is limited to staff or third parties who need to process the information on our behalf, and these parties are bound by confidentiality obligations.

Procedures for managing information security and privacy breaches have been established. If a breach poses a risk to the privacy of the personal data involved, we will notify the Data Protection Authority as soon as possible, and no later than 72 hours after the breach is detected. If the breach is likely to result in a high risk to the privacy of the affected individuals, we will also inform those individuals.

 

Changes to the Privacy Policy and Contact Information

 

 

Our privacy policy may be revised periodically.  The most current version of our privacy policy is always available on our website.