TheVIT AS is committed to processing all personal data in a responsible manner.

Processing of personal data

TheVIT is the data controller for all processing of personal data where we ourselves determine the purpose of the processing, and the means we use for this.

TheVIT is obliged to process all personal data in a responsible manner. Here you can read about how we collect, use and protect personal data.

 

What information do we process on our websites?

TheVIT collects information about visitors to thevit.no for the purpose of preparing statistics to improve and further develop the information offered on the website. The statistics show, for example, how many people visit different pages, how long the visit lasts, which websites the users come from and which browsers are used. TheVIT cannot trace the information back to the individual user.

The basis for the processing for generating anonymous statistics is Article 6(1)(f) of the General Data Protection Regulation, which allows us to process information that is necessary to safeguard a legitimate interest that outweighs the consideration for the individual's privacy. The legitimate interest is to improve and further develop information on our websites.

When you share posts from TheVIT on other websites, information is entered into that online community. How the relevant online community further handles the data is regulated by your agreement with the online community.

The basis for processing personal data in the event that you share or comment on a post is GDPR Article 6 No. 1 Letter a – consent.

 

Processing of information about our customers and partners

TheVIT processes information about customers and partners to fulfill our assignment agreements with customers.

The information that is registered depends on the individual customer relationship. We usually only register personal data of our contact persons at the customer, and these consist of name, company address, role/job title, email address and telephone number. The legal basis for such processing is GDPR Article 6 Letters b, c and f, as well as GDPR Article 9 Letters a and b. Personal data is stored in a separate database and deleted five years after the end of the customer relationship.

TheVIT seeks, as far as is compatible with the obligations we have undertaken in agreements with customers, to avoid processing personal data in customer relationships. To the extent that it is necessary to process personal data to fulfill the assignment agreement, the processing takes place in accordance with applicable data protection regulations. For customers where TheVIT handles all or part of the accounting and/or payroll, personal data such as name, social security number, bank account number and payroll and withholding information is processed. In these cases, personal data is collected either directly from the customer, or in some cases from a third party (e.g. Altinn).

In accounting and/or payroll assignments, TheVIT is a data processor, and a data processing agreement is always entered into with the customer as the data controller. The data processing agreement is based on guidelines from the Norwegian Accounting Standards Board and the Norwegian Data Protection Authority, and sets the framework for the processing of personal data, security measures and deletion deadlines.

All information about customers and partners is archived in an access-controlled, cloud-based archive system and handled in TheVIT's customer and order processing system. The daily handling of customer data is carried out by the customer and assignment manager and their customer team.

The basis for the processing of personal data in a customer relationship is Article 6, paragraph 1, letters b and c of the General Data Protection Regulation, which allows us to process information that is necessary to fulfill an agreement and a legal obligation.

 

Processing of personal data in connection with customer control measures

TheVIT is an authorized accounting firm, and thus subject to the rules of the Money Laundering Act. We are required to conduct customer due diligence for all our customers pursuant to Chapter 4 of the Money Laundering Act, and to conduct further investigations if there is a suspicion that a transaction may be related to the proceeds of a criminal act.

In connection with customer due diligence, TheVIT collects personal information about the beneficial owners, including name/company name, birth registration number/organization number, permanent address and family circumstances (connection to politically exposed persons). Processing of personal data related to customer due diligence and a possible duty to investigate may involve processing of sensitive personal data, including related to criminal offences.

Pursuant to Section 30 of the Money Laundering Act, TheVIT is required to retain documents used in connection with customer due diligence for at least five years after the customer relationship has ended or the transaction has been completed, unless longer periods are provided for by other laws or regulations. Such documentation is stored in access-controlled databases.

If there is a suspicion of money laundering, TheVIT's money laundering officer may, after further investigation, consider it appropriate for Økokrim to contact s, and relevant information is disclosed pursuant to §26 of the Money Laundering Act.

 

Processing of information about our employees

TheVIT processes personal data as part of personnel administration. The personal data processed in this connection include personal data, salary information, evaluations, information about relatives, and education/position level.

The legal basis for this processing is fulfillment of the employment contract, cf. GDPR Article 6 letters b and c.

Personal data related to personnel administration is stored as long as the person concerned is employed. Information is anonymized after termination of employment, but the history is retained as TheVIT has a legitimate interest in knowing such history.

The CEO and HR administration have the daily responsibility for processing personal data about TheVIT's own employees.

 

Newsletter

It is possible to voluntarily subscribe to newsletters and other professional materials. If there is no existing customer relationship, you must consent to regularly receiving e-mails, and the legal basis for this processing is GDPR Article 6 letter a – consent. The data subject may withdraw consent for the storage of contact information at any time, and TheVIT will then delete the person concerned from the newsletter list.

TheVIT has a legitimate interest in marketing itself to its customers. The legal basis for this processing is GDPR Article 6 letter f – necessary for purposes related to the legitimate interests. As a customer, you can still request to be deleted from our newsletter list at any time.

 

Use of e-mail and telephone

TheVIT's employees mainly use telephone and e-mail in general dialogue with internal and external contacts. We would like to point out that regular e-mail is unencrypted. Relevant information arising from telephone conversations and e-mail exchanges, which occur as part of our customer dialogue, is archived and processed as described above in the section on the processing of information about our customers and partners. Our employees are responsible for deleting messages that are no longer relevant and at least annually reviewing and deleting unnecessary content in the email inbox and on storage devices on the PC according to the current checklist. Upon resignation, the email accounts are deleted, but some relevant emails will normally be transferred to colleagues.

Personal information, sensitive information, confidential or other confidential information should not be sent by email.

 

How can you manage information that concerns you?

You are the "data subject" if TheVIT stores and processes your personal information, either in the role of data controller (in relation to its own employees), or as a data processor (in relation to customers and other partners).

As the data subject, you have the right to request access to the personal information that TheVIT stores about you, and to receive information about the processing of this information. In line with this, you can demand that the information be corrected and/or supplemented if it is incorrect, or deleted, e.g. in cases where you no longer wish to receive newsletters (the right to be forgotten).

The data subject also has the right to data portability in accordance with applicable legislation. This means that you can request to have personal data about you provided and reuse it as you wish across different systems and services. The data must be provided in a machine-readable and commonly used file format. Your right to data portability only applies if the data you wish to have provided has been collected on the basis of consent or contract, and the right only applies to information that you yourself have provided to the company. This applies, for example, to information that you have proven and actively provided, for example in connection with signing a contract and establishing a customer relationship.

To exercise your rights, please contact TheVIT's data protection officer. Requests from the data subject must be answered within 30 days at the latest.