Who is collecting your personal data?
Personal Data: This term covers “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (Art.4 §1 GDPR).
Sensitive Personal Data: This term covers a subset of data for which even greater care should be taken, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data (processing for the purpose of uniquely identifying a natural person), data concerning health or data concerning a natural person’s sex life or sexual orientation (Art. 9 §1 GDPR).
Processing Data: This term means any set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art.4 §2 GDPR).
Data Subject: This term covers individuals that are identifiable or identified by the processed personal data (Art.4 §1 GDPR).
Data Controller: The Data Controller decides how and why data is processed and ensures that legal obligations are met (Art.4 §7 GDPR).
Data Processor: Anyone processing data on behalf of the Data Controller (Art.4 §8 GDPR).
Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data (Art.4 §10 GDPR).
What personal data do we process?
We may obtain personal data via our online forms on our website or via any other personal contact we may get with you.
We may process the following personal data:
- Identification data, e.g. names, telephone numbers, email addresses, business contact information;
- And any other data you may write in the message section of our contact form
Is your data shared with third parties?
We do not pass on your personal data, except as described here or at the time of collection:
- We may share personal data within the Gunvor Group, in compliance with applicable data protection legislation.
- Where a transfer of data may be necessary, we will take the necessary steps to ensure that your personal data receives the level of protection required by applicable legislation. We will inform you of this and seek your consent to the processing, in each case as required.
- We may perform certain operations with the assistance of third parties as suppliers. In the course of the performance of their tasks, your personal data may be shared with them. The suppliers are obliged to process the information received exclusively for the respective services on our behalf and according to our instructions and are obliged to comply with the applicable data protection legislation.
- We may disclose personal data about you (1) if we are required or permitted to do so by applicable legislation or legal process (court order or subpoena), (2) to legal authorities or other government officials in order to comply with a lawful legal request, (3) as part of an investigation into suspected fraud or illegal activity, or (4) in any other case, with your permission.
For what purpose do we collect your personal data?
We may use the personal data we collect to:
- Optimize certain features or displays of our websites;
- Communicate with you, respond to your questions;
- Fulfil our legal obligations.
How long do we keep your data?
We delete personal data from our systems as soon as it is no longer needed, in accordance with our guidelines on how long important information should remain available for future use or reference, and when and how data may be destroyed when it is no longer needed.
The retention period for each category of data will vary depending on how long it is needed for processing, the purpose for which it was collected and legal requirements. After this period, the data will either be permanently deleted or we may keep a secure, anonymized record for research and analysis purposes.
You may at any time exercise your right to have your personal data deleted, see the sections below “What data privacy rights do you have?” and “Contact us”.
What data privacy rights do you have?
You have the right, subject to applicable data protection legislation, to:
- be informed of any personal data we process about you;
- request access to, and receive a copy of, the personal data we hold (‘Right to access’, Art. 15 GDPR);
- if appropriate, request rectification or erasure of the personal data that are inaccurate (‘Right to rectification’, (Art. 16 GDPR);
- request the erasure of the personal data, subject however to applicable retention periods (‘Right to be forgotten’, Art. 17 GDPR)
- request a restriction of processing of personal data where the accuracy of the personal data is contested, the processing is unlawful, or if the data subjects have objected to the processing (‘Right to restriction of processing’, (Art. 18 GDPR);
- object to the processing of personal data, in which case we will no longer process the personal data (‘Right to object’, Art. 21);
- receive the personal data in structured, commonly used and machine-readable format (‘Right to data portability’, Art. 20);
- complain in relation to the processing of personal data and, absent a satisfactory resolution of the matter, file a complaint in relation to the processing of personal data with the relevant data protection supervisory authority.
Subject to the limitations set forth herein and/or in applicable local data protection legislation, you can exercise the above rights free of charge by contacting us at the address found in the last section of this document (“Contact us”).
How do we protect personal data?
We provide administrative, technical and physical safeguards, consistent with legal requirements, whenever we collect personal data, designed to protect against the unlawful destruction, loss, alteration, use or disclosure of, or unauthorized access to, the personal data you provide us with.
We provide security in accordance with the principles of the GDPR. The measures taken are technical and organizational data security measures to ensure an adequate level of protection with respect to confidentiality, integrity, availability of data and resilience of systems.
These measures are part of the life cycle of our organization and are implemented at all levels of the system. Furthermore, security is an ongoing process, not a static element. From this perspective, technical and organizational measures are subject to technical progress and further development, as are risks and threats.