Last updated: 25th of August 2022
We, Intility, collect and process your personal data when you visit our website, use our services, or contact us for other reasons. This privacy statement sets out how and why we collect, handle, store and protect your personal data when you:
- visit our website,
- use our services, or
- contact us for other reasons.
The statement also contains your rights in relation to your personal data and other information you are entitled to receive when data about you is collected.
Intility is committed to protecting your privacy and handling your data in a fair, open, and transparent manner. We will not process your personal data unless we have a specified, explicit, and legitimate purpose, or as required by law. We take the security of your personal data seriously, and we ensure appropriate information security related to confidentiality, integrity, and availability. For more information about how we work with information security, please visit Intility Trust Center.
Third party service providers may process personal data on behalf of Intility within various areas. Intility has implemented adequate safeguards in accordance with applicable law to protect your personal data processed by third party service providers.
We may modify or amend this privacy statement from time to time. To let you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.
1.2 Intility as a Data Controller
Intility AS is the data controller for the personal data we collect about you. If you have any concerns or questions, you can email our Privacy Team at firstname.lastname@example.org or write to us at:
Intility AS, Schweigaards gate 39, 0109 Oslo, Norway
Tlf: +47 24 10 33 00
Our business register number is 981 967 070.
1.3 Our objectives
- Prevent data loss and misuse of personal data
- Secure identity and access control
- Install and maintain robust, available and secure systems and services
- Establish clear roles and responsibilities for information security and privacy
- Ensure expertise and awareness about privacy in the organization
- Limit the processing of personal data to what is necessary in relation to the purposes for which they are processed
1.4 Intility's processing of personal data
1.4.1 Our websites
We process the collected data for statistics to improve our web pages, functionality, user experience and content. The collected data contains information such as number of visitors on the page, number of page views, average visit time, what web page and country the visitor arrives from, type of web browser and timestamp of the session. Neither Intility or Fathom can trace the information back to you as an end user.
1.4.2 Intility Webshop
When you place an order in our Webshop, we collect your name, phone number, e-mail address and details about your employer (name and business address). This information is necessary to enable us to manage the purchase order, i.e. to send the order to the correct address and to contact you if necessary. If you order a mobile subscription, we will also register your date of birth.
We have an obligation to store the order information to meet accounting requirements, submit reports to the tax authorities and be able to handle claims of guarantees and returns. The data will be deleted after a five (5) year file retention period.
We cooperate with third-party vendors to deliver our Webshop service. I certain situations we may disclose personal data relating to you to a third party that reasonably require access to the data. For instance, a carrier firm will need your name, (business) address, phone number and desired place of delivery in order to deliver the goods to you or your employer. In such a situation, the vendor is also a data controller for the data we disclose.
1.4.3 Customer services
Intility processes personal data on behalf of our customers. All such processing is necessary to perform the agreement between Intility and our customers. We have entered into separate data processor agreements that regulate this processing.
If you are an employee/user of an Intility customer, Intility will receive or collect personal data directly from you or your employer. The personal data are processed for several purposes, e.g. customer administration, establishing of user accounts, access control, security and functionality advice and user surveys to improve our services, in accordance with the agreements between us and your employer.
Your employer is data controller for your personal information. Intility assumes that your employer has the right to disclose the personal information to us.
1.4.4 Sales and marketing
We use depersonalized data about you for marketing purposes, e.g. to create target groups for marketing and market analysis. These activities are performed to make our marketing activities more effective and to avoid targeting persons outside the targeting group.
When you sign up for a seminar, webinar, talk, etc., we collect your name, employer, position, e-mail address and phone number. The data is stored in our case management system and is used to creating an overview of attendees to the seminars, which business sector they come from, and which positions they have. We also use the data to prepare statistics, to improve our seminars and we may use it to contact you to get your feedback on the seminar and/or for other marketing purposes.
Intility has a legitimate business interest in in this processing activity.
1.4.6 When you visit our offices or contact us
When you visit our headquarters in Schweigaards gate 39, Oslo, you are asked to sign in with full name and phone number, and to state the person you are visiting. The registration is confirmed with a SMS. You will be given a generic visitor badge which you must wear throughout your visit. The purpose of the registration is to notify the person you are visiting and for security reasons. We do not retain the the personal data collected.
We have security measures in place at our offices, including CCTV and building access controls. The installation is done according to the Norwegian Data Protection Authority’s guidelines, and recordings are deleted after seven (7) days.
We also process personal data when you contact us via our contact forms or by email.
1.4.7 School visits
When you participate in a school visit, we will ask for your consent to send you information about how to apply for internships and apprenticeship programs. If you consent, we will collect your name, e-mail address and school. The data will be used to send you 2-3 e-mails with information which will be deleted after 12 months. You may withdraw your consent to process personal data at any time. Please use email@example.com for this purpose.
Subsection 1.4.5 also apply to school visits. Students and teachers will be preregistered based on name lists sent from the school.
1.4.8 When you apply for a job
If you apply as a part of a group, for instance through your bachelor group, Intility will process personal data of all group members. This includes name, address, phone number and e-mail, which will be collected from CV, application and other relevant information sources. If relevant, we will also store e-mail correspondence between you and us relating to the application process. To assess your group’s application, the personal data mentioned above may be viewed by Intility staff and/or Intility’s subsidiaries’ staff, especially HR-personnel and managers.
1.4.9 User surveys
Intility regularly sends surveys to our customers to improve our services. We use the third-party vendor Questback AS for this purpose. Participation in the surveys are voluntary and requires your consent. If you choose to reply to a survey, you are required to state your full name and your employer. The personal data is stored at Questback AS for up to 4 years (standard contract period) before they are automatically deleted.
1.5 Who we share your personal data with
In some cases, we have legitimate grounds for sharing your personal data with other parties, such as the authorities, suppliers or business partners.
When Intility outsources tasks that call for a service provider to process personal data on behalf of Intility rather than for its own purposes, the service provider will normally be a data processor. In such cases, the processing activity is regulated in the data processor agreement between Intility and our customers. We are also required to enter into a data processor agreement with the applicable sub-processors.
Intility also has business partners that we convey services on behalf of. If, for example, your company chooses to lease hardware, and you carry out the order on behalf of the company, we will share your contact information with the leasing company. In such a situation, the leasing company processes the personal data for their own purposes and is therefore considered an independent data controller for the personal data we share with them. The same apply to our broadband and telecom vendors and to delivery services.
1.6 Your rights
You have the right to access and inspect the data that we have stored about you. This applies to data you have provided yourself, data we have obtained from external sources and information about the processing of this data.
If the data we have about you is inaccurate or incomplete, you are entitled to request rectification of the data (within the limits that follow from legislation).
If you find that Intility is storing your personal data unlawfully, you are entitled to instruct us to delete it (“the right to be forgotten”). Please note that we may be required by law to store certain data, including personal data, for purposes such as accounting and reporting to the authorities.
Furthermore, you have the right to object to any processing of your personal data that is carried out to protect legitimate interests, unless such interests take priority over your basic rights or freedoms. You may also ask us to limit the processing, and to have the personal data you have given to us transferred to you or another data controller (data portability). For more information about your rights, see GDPR.EU.
If you would like us to update your personal data, or to exercise your rights, please contact us by email at firstname.lastname@example.org. We are happy to help and will get back to you as soon as possible. Remember that you at any time may withdraw your consent to process personal data. Please let us know about the withdrawal by emailing us at email@example.com.
1.7 Protection of your personal data
Intility continuously seek to ensure that your personal data is protected against loss, destruction, corruption or unauthorized access. We have Intility continuously seek to ensure that your personal data is protected against loss, destruction, corruption or unauthorized access. Our security framework is based on internationally recognized audit standards and is updated regularly in line with technical developments. implemented a range of technical and organizational security measures to protect your personal data. These measures include education and training of relevant staff, administrative and technical controls to restrict access to personal data, technological and physical security measures. Our security framework is based on internationally recognized audit standards and is updated regularly in line with technical developments
For more information about how we work with information security, see Intility Trust Center.
1.8 How long we keep your information
We will hold your personal information on our systems for the longest of the following periods: (i) as stated above); (ii) any retention period that is required by law; (iii) as long as necessary for the relevant activity or services.
If you have given us your explicit consent to process data, e.g. to send you newsletters, we will hold your information until you withdraw your consent, until we change/close down the activity/services or for as long as necessary for the relevant activity or services.
1.8 How to exercise your rights
If you have questions or concerns regarding our processing of personal data, please contact Intility’s privacy team (firstname.lastname@example.org). You also have a right to complain to the Norwegian Data Protection Authority if you consider that we have breached the data protection legislation. Before filing such a complaint, we encourage you to first contact our privacy team. If you do choose to contact the Data Protection Authority, please see their webpages for more information: www.datatilsynet.no.
Andreas Hisdal, 26th of August 2022
Chief Executive Officer