Privacy Policy

1. Contact person for inquiries

Inquiries regarding requests for access, rectification, and erasure should be directed to the Data Protection Officer or to K.A. Rasmussen AS c/o Data Protection Officer, P.O. Box 4455, 2326 Hamar, Norway.

2. What are the legal bases and purposes for processing personal data?

The basis for processing personal data is K.A. Rasmussen AS’s legitimate interest based on a customer relationship and identification of the customer, employment relationship, or other factual basis.

The purpose of processing customer data is to: Deliver and develop our products and services in the precious metals industry,
manage our customer relationships and fulfill our agreements, analyze and maintain statistics on our customers’ purchasing patterns, perform direct marketing and market research, and comply with the Act on Measures against Money Laundering and Terrorist Financing, etc. We process personal data personally and may use subcontractors in the processing of personal data. Where K.A. Rasmussen AS uses subcontractors for the processing of personal data, this will be regulated through data processor agreements.

3. What kind of information do we process?

In connection with the customer and direct marketing register, we process the following personal data from our customers or other data subjects (e.g., the customer’s representative):

The data subject’s basic and contact information, such as first and last name*, national identity number*, customer number, username and/or other form of identification, password, language, email address*, telephone number*, and address details.*

Information about a potential customer company and its contact persons, such as organization number*, and names, titles, and contact information of the contact persons*
Other identifying information about the customer in connection with anti-money laundering legislation*, such as the routine used for identity verification, nationality of a foreign customer and information in travel documents, name, date of birth, and nationality of the legal entity’s board members or members of other decision-making bodies, the customer’s political influence, as well as information about the customer’s financial position and other necessary identifying information required by law.

Information about the customer relationship and the agreement, such as information about previous and current agreements and orders, other information such as correspondence with the customer, information about cookies, user information about network services including the last login time, the last IP address and statistical information about usage, information about billing and debt collection, and any information provided by the customer themselves. The submitted personal data marked with an asterisk is a prerequisite for our contractual relationship. Without this necessary personal data, we cannot deliver the product (goods) and/or service.

In connection with the direct marketing register, we process the following personal data of the customer or other object of direct marketing;
name, title, date of birth, gender, language, address and other contact information, contact preferences, reactions to marketing measures, consent or refusal regarding direct marketing.

In connection with personnel administration, we process, among other things, the following information about our employees and job applicants: personal details, salary information, evaluations, information about next of kin, and education/position level.

4. Where do we receive information from?

We receive information primarily from the following sources: the data subject themselves, the National Population Register, the Central Coordinating Register for Legal Entities, authorities, credit reference agencies, providers of contact information services such as Bring, and from other similarly reliable sources.

For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities and third parties, within the framework of applicable legislation. This type of information update is carried out regularly, either manually or automatically.

As an important part of the effort to create a user-friendly website, we look at the usage patterns of those who visit the site. To analyze the information, we use the analysis tool Google Analytics.

Google Analytics uses cookies, which register users’ IP addresses and provide information about individual users’ movements on the web. Examples of what the statistics tell us include: how many people visit different pages, how long the visit lasts, which websites users come from, and which browsers are used. IP addresses and general movement patterns on the web are aggregated by Google before we gain access to them. This means that none of the cookies allow us to link information about your use of the website to you as an individual.

5. To whom do we provide information and do we transfer data outside the EU or EEA?

We transfer personal information to our auditors to fulfill their duties and to debt collection agencies to carry out any debt collection assignments. We may also provide information to the authorities if this is authorized by law.

Data may also be provided for third-party direct marketing, provided that the customer has given consent for this.

We do not deliver personal data outside the EU/EEA.

6. How do we protect the information and how long do we store it?

Only those of our employees or employees of our subcontractors mentioned under point 4, who through their work have the right to process personal data, have the right to use the system containing the customer and direct marketing register. Each individual user has a personal username and password for the system. The data is collected in databases protected by firewalls, passwords, and other technical measures. The databases and backups are located in locked locations, and only certain pre-selected persons have access to these locations.

We store the information for as long as is necessary for the purpose of the processing. Information required by the Act on Measures against Money Laundering and Terrorist Financing, etc., is stored for five years after a permanent customer relationship has ended, and in the case of temporary transactions, for five years after completion of the transaction.

Personal data related to personnel administration is kept for as long as the person is employed by K.A. Rasmussen AS and is deleted no later than one year after the person has left. Exceptions apply to information that requires a longer retention period according to law.

Personal data about applicants for positions is deleted no later than 4 months after the person applied for a position at K.A. Rasmussen AS, unless the person is employed or consents to the information being kept longer. It is specified that job applicants can have their information deleted whenever they wish.

We regularly review the need to store data, taking into account applicable legislation such as the Anti-Money Laundering Act. In addition, we take all reasonable steps to ensure that no incorrect, outdated, or inaccurate personal data about the data subjects is stored in the register in light of the purpose of the processing. We correct or delete data as soon as it is discovered.

7. What are your rights as a data subject?

As a data subject, you have the right to access personal information concerning you. As a data subject, you also have the right to demand rectification or erasure of personal data, as well as the right to refuse or withdraw your consent for direct marketing.

As a data subject, you have the right under the Personal Data Act to object to or restrict the processing of your personal data, as well as the right to lodge a complaint about the processing with the Norwegian Data Protection Authority (Datatilsynet). Contact information can be found on their website www.datatilsynet.no

8. Data Protection Officer

K.A. Rasmussen AS has its own Data Protection Officer who assists with guidance so that personal data is processed in a good manner and in line with the regulations. The Data Protection Officer is a voluntary scheme and is administered by the Norwegian Data Protection Authority.

9. Who can you contact?

All questions regarding this description should be sent in writing to the address mentioned in point no. 1.

10. Changes to this privacy policy

Should we make changes to this privacy policy, we will place the amended description on our website and indicate the date of the change. If the changes are extensive, we may also inform you of the changes in other ways, for example by sending an email or posting a bulletin on our website. We recommend that you visit our website from time to time to become aware of any changes.

Last updated 17.11.2022