Personal data is information that can be linked to an individual. For example: name, address, telephone number and e-mail address. You have the right to decide over this information.
Posten Norge AS is responsible for processing personal data stored with us. We think it is important that you know what information we collect and what we do to maintain your privacy.
Below you will see what information we collect and use, why and how we collect it and how we protect it.
1. About Posten and the Posten Norge group
Post Norge is a postal and logistics group that develops and supplies postal, communications and logistics services in Norway and the Nordic region. The group consists of a number of subsidiaries in Norway and abroad. The group meets the market with two brands: Posten and Bring. Posten serves private customers in the Norwegian market and is responsible for daily postal distribution and the nationwide post office network. Bring targets business customers within mail and logistics in the Nordic region and consists of business areas with different expertise. In the review below of the rules for Posten's processing of personal data, "Posten Norge" is used as a common name for all Norwegian companies in the Group.
2. Posten's processing of personal data
Our processing of personal data takes within the ramifications of current legislation and regulations. Personal data is collected so that the company can carry out the tasks and services that we are obliged to carry out in accordance with the law and/or agreements. Posten Norge's foreign subsidiaries relate to the privacy legislation in the country in which the concerned company is established.
Personal data is information and assessments that can be linked directly or indirectly to an individual. Examples of typical personal information processed within Post Norge, including name, address, telephone number and e-mail address.
Processing personal data means, according to the Personal Data Act, any use of personal data, such as collection, registration, compiling, storage and delivery, or a combination of such uses. Posten Norge AS is the parent company in the Post Norge group and will, in most cases, be responsible for processing and/or data processor in relation to the data that we process.
If there is no other legal basis, Posten Norge's processing of personal data will be based on voluntary, explicit and informed consent from the customer. Consent is not, however, necessary for personal information that is registered and used to conduct an agreement or perform a client assignment.
3. Purpose of processing personal data
The purpose of Posten Norge's processing of personal data is primarily to manage customer relations and other processing necessary to fullfill the obligations Posten Norge has committed to the individual customer and/or postal addressee. Posten Norge also treats personal data to the extent that the law requires or gives access to it, or in cases where the customer has agreed to the current processing.
In addition, Posten Norge processes personal data in connection with customer follow-up and marketing (see point 7), prevention and detection of criminal offences (see point 8), video and image surveillance (see point 9) and regular testing and updating of operational and security systems in Posten Norge's customer and computer systems (see point 10).
4. About what personal data is being processed
In essence, personal information processed by Posten Norge will be received directly from the customer. If it is necessary to collect personal data from third parties (for example from credit information agencies), the customer will be notified unless the collection is legally determined, or notification is impossible or disproportionately difficult, or if the customer already knows the information the notice should contain.
If Posten Norge wishes to process personal information that is not required for the contractual relationship with the customer, the customer will first be informed that disclosure is voluntary and will be informed about the purpose of Posten Norge's processing of the personal data and how the information will be used.
5. Disclosure of personal information to third parties
If there is legally determined information duty to public authorities, the relevant registered personal data will be handed over in accordance with the Authority's requirements. Relevant personal information may also be provided to companies/organizations that Posten Norge cooperate with, both inside and outside the EEA and EU area, in order for us to perform the tasks and services we are required to perform in accordance with law or agreement. Transfer of personal data to Posten Norge's own data processors is not considered as disclosure.
6. Corporate customer register
In Posten Norge, several of the group companies have access to a common corporate customer register. The purpose is to manage customer relationships as best as possible and to coordinate the services and advice from the various companies in the group.
The business customer register contains information about the customer such as company name, address and contact information of the customer, information about which company in Posten Norge they are customer in and what services and products the business customer has agreed upon.
7. Customer care and marketing
Posten Norge informs the customer about products within the service categories where there is already an agreement with the customer. Without the consent of the customer, Posten Norge will be able to use the following information for customer follow-up and marketing: customer's name, contact details, what services or products the customer has agreed upon. This type of neutral information, Posten Norge will, if necessary, obtain from a common corporate customer register.
If products and services are marketed within another service category than what the customer has signed an agreement about, the customer's consent is required to use other information than the general customer information.
When receiving marketing requests via e-mail and SMS, the customer will have the opportunity to unsubscribe.
If the customer wishes, the customer may require his/her name to be blocked for use for marketing purposes by contacting Posten customer service.
8. Prevention and disclosure of criminal offenses/report on money laundering
Posten Norge processes among other things personal data to fullfill the investigation and reporting obligation for suspicious transactions under the Money Laundering Act. This is primarily relevant in relation to banking services offered through post office and Post in Store. Posten Norge is required to report suspicious information and transactions to ØKOKRIM.
The individual customer is not entitled to access personal data registered for the purpose above, cf. the Personal Data Act § 23, first paragraph, letter b) and letter f).
9. Video and image recording/TV surveillance
Posten Norge makes video and image recordings, for example through television surveillance of post offices to prevent and detect criminal offences. Video recording is deleted within three months after the recording date, unless the video has been handed over to the police or Posten Norge on other grounds is entitled to process the video recording for a longer period.
10. System testing and quality assurance
Personal data processed in Posten Norge, is handled by several IT systems, all developed for specific and necessary operational purposes. In order to ensure both satisfactory operating stability and, in particular, information security, it is necessary to make regular updates, testing, troubleshooting, etc. For this purpose, cloning of data and duplication of single systems may be required. This will take place in a secured, dedicated environment, so that operations do not affect the daily operation of the main system. All information that Posten Norge processes as part of internal system testing and quality assurance or the like is subject to the same requirements for information security and rigorous procedures as when the information is processed otherwise. No copies or backups of personal data will be stored longer than necessary.
11. Access and correction
Pursuant to Section 18 of the Personal Data Act, individuals have the right to access the information registered about them. Access is granted by sending a written application to Customer Service, Posten Norge AS, Postbox 1883, 4686 Kristiansand. If the data registered is incorrect or incomplete, you can demand them corrected, pursuant to Section 27 of the Personal Data Act.
12. Storage and deletion
Pursuant to Section 28 of the Personal Data Act, information that is no longer needed, based on the purpose for which it was stored, is deleted. Posten stores personal data about its customers in accordance to current legislation.