Privacy Policy Notice

I. Introduction

ASTRUP FEARNLEY AS has developed this Privacy Policy to explain how we, and our fully owned subsidiaries (“Group” or “Astrup Fearnley”), may collect, retain, use, process, share and transfer your personal data when you visit our websites, use our services, or visit us in person. This Privacy Policy is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our websites, products and services.

As part of this commitment, we comply with the Norwegian Personal Data Act, EU General Data Protection Regulation (GDPR), and the UK Data Protection Act 2018 (“Data Protection Rules and Regulations”).

II. Our Commitment to Privacy

Our privacy commitments are fundamental to the way we run our business. Unless otherwise noted or governed by law, these commitments apply to everyone who has a relationship with us - including customers, partners and website visitors. ASTRUP FEARNLEY is committed to providing you with the best overall experiences in all of our products and services. We strive to strike the right balance between using your data to ensure the quality of those experiences and protecting your privacy.

III. Scope

This policy applies to all information we collect about you, information we collect directly from you, information we automatically collect and information we collect from third parties.

IV. Personal

Personal data, also referred to as PII or personally identifiable information is information that identifies or reasonably can be used to identify you. Examples of personal data include your: (i) Name, (ii) Mailing address, (iii) Email address, (iv) Phone number, (v) Date of birth or age, (vi) How you use our sites and mobile applications and (vii) Geo-location related information.

V. The Personal Data We Use

Subject to limitations explained in this policy, ASTRUP FEARNLEY may collect and use the following personal data:

-Your name
-Information about the service usage
-Subscription preferences
-Any other information you upload or provide to us.

VI. How We Use Personal Data

We use your information, including personal data, to provide you with superior products and service. We also may use your information for the following purposes: to contact you and to provide market and research information to you. We also use your personal data to support our business functions, such as fraud prevention, marketing and legal functions. To do this, we combine personal and non-personal data, collected online and offline, including information from third party sources.

VII. Opting Out of Data Usage

We process personal data to deliver a service (e.g. employment assessment during the hiring process) or with consent during market activities. Consent explicitly granted by you can easily be revoked through self-service links in our emails.

VIII. Legal Basis for Processing

We will only collect, use and share your personal data where we possess a legal basis to do so. In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights.

IX. Third-Party Processing

We do not share, sell, or license your personal data with third parties without your explicit consent.

X. Retention of Personal Data

We follow all applicable Data Protection Rules and Regulations governing the retention of your data. The factors that influence how long we retain your data include:
(1) which information is needed to provide products, services and experiences to you,
(2) which information is needed to ensure secure payment, contact you and the data needed to serve any advertising based on personal interests and preferences.

We retain the data we collect from you for different periods of time depending on your applicable preferences and the purposes we use it for. Data of yours that we retain falls into the following categories:
(i) Information retained until you remove it - we keep this data until you ask us to delete it.
(ii) Information that we delete after a specific period of time or in response to an event – we store this data for a predetermined period of time. We set retention timeframes based on the reason for its collection and compliance with Data Protection Rules and Regulations.
(iii) Information retained for specific business or legal purposes - Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. For example, when we process a payment for you, or when you make a payment to us, we will retain this data for longer periods of time as required for tax or accounting purposes.
(iv) Based on the applicable laws of your region, you may have the right to request deletion of personal information we collect from you. You can submit a request to delete your personal information by emailing us here.

XI. Adequate Protection

ASTRUP FEARNLEY will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests. Furthermore, transfers will be limited to countries which are recognized as providing an adequate level of legal protection, or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.

XII. Impact of Automated Decisions

You will not be subject to any action that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

XIII. Information Sharing with Authorities

ASTRUP FEARNLEY AS will comply with legitimate requests by legal and regulatory authorities. In such a case, ASTRUP FEARNLEY AS will disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as well as data breach notification requirements.

XIV. Getting in Touch With Us

If you send us sensitive personal data, we will only use that information for the purposes that you sent it. If there is an unanticipated use for the collected information not previously disclosed in this Policy, we will post the Policy changes on this website to keep you notified. You will then have the option to opt out of these new uses.

XV. Complaints

If you have any questions, concerns or complaints regarding our compliance with this Policy and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us here.

or by post to:

Astrup Fearnley Solutions AS

Dronning Eufemias gate 8, 0191 Oslo, Norway

Attention: Compliance Department

If you believe that we have not complied with the data protection laws, you have the right to lodge a complaint with the data protection authority in Norway, the Norwegian Data Protection Authority (Datatilsynet). You can find more information on how to file a complaint on their website: Contact us | Datatilsynet

XVI. Complying with this Policy

The Group ensures compliance with this Policy through a comprehensive audit and enforcement plan. This audit and enforcement plan ensures that the policies set forth are consistently and accurately implemented. Additionally, we undertake periodic reviews of this Policy to determine whether provisions should be updated.

XVII. Automatic Collection During Website Session

The data collected during the course of browsing our websites will be analyzed and used to generate statistics that help us improve our website, products and services to you.

XVIII. Your Right to Your Data

You can contact us and ask to know what information we have about you. For certain types of data, you can also ask us to update incorrect information, delete it, object to our use of it, or get a copy of it. In certain jurisdictions, you may have the right to take your case to a privacy regulator if you do not find our response satisfactory.

XIX. Your Right to Correct or Amend Personal Data

You have a right to request that we rectify certain inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it.

XX. Transfer of Data withing the Group

ASTRUP FEARNLEY AS may share customer information within our Group of companies for a variety of purposes, such as providing you with the latest information about our products and services and offering you our latest market and research information. To facilitate our global operations, ASTRUP FEARNLEY AS may transfer personal data to other locations where we are present. To protect your personal data, we will only transfer data to countries that provide an adequate level of personal data protection. If the data is transferred to countries without adequate protection, we will use additional safeguards to ensure your data is protected.

XXI. GDPR Rights

You have the following rights under GDPR: (i) request access to your personal data, (ii) request rectification of your personal data, (iii) request erasure of your personal data, (iv) request restriction of processing of your personal data, (v) request data portability, (vi) object to the processing of your personal data (including objection to profiling) and (vii) withdrawal of your consent at any time. Please note that these rights might be limited under the applicable local data protection law.

Appendix I

- “Consent” is any freely given, specific and transparently, unambiguous, well-informed indication of the will of the individual, whereby the individual agrees that his or her personal data may be processed. Particular requirements about consent can arise from the respective national laws. Where possible, consent is obtained in an explicit manner (unambiguously).

- “Personal data”, “personal information”, or "PII" means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly — in particular, by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.