B2Holding is committed to protecting the privacy of personal data, as well as to the rights and freedoms of data subjects, according to the European General Data Protection Regulation (GDPR). The core principles of personal data processing: lawfulness, transparency, confidentiality, underlie our business activities.
- processes personal data in a secure manner and only on a valid legal basis
- keeps the data up-to-date and removes or corrects the inaccurate ones
- enables you to manage your consents and marketing choices at any time
- how B2Holding collects, processes, stores, and protects the personal data of its stakeholders: Clients, potential Clients, Partners, Providers, and Media Employees, and
- how to execute data subject rights regarding processed information.
Personal Data Processing
The data controller
PO Box 1726 Vika
Contact details for privacy matters
Stortingsgaten 22, 7th floor, Oslo
Tel: +47 22 83 39 50
Legal basis and purpose of personal data processing
The processing of personal data on the webpage is based on the consent given by the data subject, according to GDPR art. 6(1)a. Additionally, B2Holding, while performing business activities, processes the information about its clients, potential clients, partners providers, and media employees on the base:
- GDPR art. 6(1)b - performance of a contract or in order to take steps prior to entering into a contract,
- GDPR art. 6(1)c - the processing required for compliance with a legal obligation,
- GDPR art. 6(1)f - execution of the controller's legitimate interests to enable information exchange with parties interested or potentially interested in the services.
The purposes of personal data processing are to enable communication and cooperation with stakeholders. Nonetheless, the failure to provide personal data during the contract preparation stage may prevent a contract conclusion.
Categories of data subjects
The category of personal data processed by B2Holding consists of information required for business communication and cooperation, like:
- name and surname
- e-mail address
- telephone number
- company name and address
- position within the company
- industrial classification
- previous cooperation and communication
Personal data sources
Personal data are collected:
- indirectly from the publicly available sources, like websites or public registers
- directly from data subjects
Recipients of personal data
The processed data can be transferred to the service providers to process personal data on behalf of the B2Holding. In such cases, the B2Holding is responsible for ensuring the lawfulness of the processing. The data can also be transferred to other controllers on the basis of a legal obligation or the legitimate interest of B2Holding.
The categories of providers and potential providers used by B2Holding:
- IT services providers,
- webpage providers,
- accounting and HR providers,
- government authorities.
Transfer of data outside the EU or EEA
During the processing, personal data could be transferred outside the European Economic Area (EEA) to the third countries, which are not subject to the European Commission adequacy decision. Additionally, under certain conditions, processors, acting on behalf of B2Holding may transfer personal data outside the EEA, as well. In such cases, the personal data will be transferred in compliance with the General Data Protection Regulation articles 46, 47, or 49(1), especially, Standard Contractual Clauses with further security measures applied. The information about the transfers can be obtained through contact on the e-mail dpo@B2Holding.no.
Retention of personal data
The personal data will be processed:
- until the consent for the processing is not withdrawn, which can be done at any time, without affecting the lawfulness of processing based on consent before its withdrawal,
- for the time necessary for the establishment and management of a business relation,
- as long as required by the law, and
- to secure the legitimate interest of B2Holding.
B2Holding does not carry out profiling and does not apply automated decision-making for the purposes presented in the information notice.
Data Subjects Rights
Each data subject has the right to request from the controller:
- the information about processed personal data,
- the access to personal data stored,
- the rectification of personal data,
- the restriction of personal data processing until, for example, the controller has verified the accuracy of the data,
- the object to direct marketing,
- the erasure of personal data,
- the right to data portability.
Each data subjects have the right to file a complaint to the Norwegian Data Protection Authority (Datatilsynet) in case of issues related to the processing of their data.