Trimtex will process personal data as part of our business. We are committed to processing personal data safely, reassuringly, and trustworthy.
Our processing as the controller of personal data is based on our activities and the purpose of our business, which is the production, distribution and sales of clothing and training clothes. Below is information about the personal data we process about you, the legal basis for the processing, the purpose of the processing, how long we process the personal data, etc.
We may also process personal data in other ways, as mentioned below, but we will inform you of the personal data that applies in ways other than through this notice.
If you have questions about the processing of your personal data, you can contact us, see our contact details below.
- RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
Trimtex is responsible for processing personal data described here, i.e., decides why and how the personal data is processed (the data controller).
Contact details on us as data controller:
Trimtex Sport AS
Address:
Sekkebekksletta 8, 4790 Lillesand
Email: support@trimtex.se
Phone: +47 37 26 91 00
Entity reg. no.: 914 839 467
- WHY AND WHAT KIND OF PERSONAL DATA DO WE COLLECT AND USE
We collect and use your personal data for different purposes depending on who you are and how we contact you.
All processing of personal data will be in accordance with this Privacy Notice and the privacy regulations in force at any given time, including the local privacy regulation and the General Data Protection Regulation (GDPR).
Personal data is any information about a physical person that can be identified directly or indirectly (the latter are called “data subjects”).
Processing personal data is any activity performed with personal data, for example, collection, recording, organising, structuring, storing, adapting, altering, transmitting, or deleting.
2.1 Purchase process
A. You can purchase products through our online store. When you shop with us, we will process your personal data as a customer. In such processing, we collect:
· Identity: Name
· Contact information: Address, mobile number, and email address
· Items you order/purchase
· Login data: IP address, login history
· Purchase history and information related to complaints, claims, or other matters related to our services.
· Technical logs, security logs on the websites, and in connection with the services for security purposes, service development, and statistics.
B. You can purchase products through our salesman’s manually for clubs, companies, and teams. When you shop with us according to this, we will process your personal data as a customer. In such processing, we collect:
· Identity: Name
· Contact information: Address, mobile number, and email address
· Items you order/purchase
· Purchase history and information related to complaints, claims, or other matters related to our services.
This information is necessary for us to deliver the items to you via the carrier you choose and to contact you regarding your order. Additionally, we will process information about the products you purchase to deliver them and handle any follow-up sales, such as warranty or return handling. We receive this information from you and process it to fulfil a contract with you (GDPR Article 6(1)(b)). The information will be processed for as long as necessary to handle any claims and warranties, as well as to maintain a purchase history on your account for your records and to view your past purchases.
Information related to your account with us will be stored and processed as long as it is active or until you delete it.
For security reasons, we also process technical and security logs, including the IP address used to place the order, since we need to document any fraud and secure our systems. Logs are also stored and processed for service development, and statistics are used to develop the service. Therefore, we have a legitimate interest in securing and developing our systems and information therein, and this legitimate interest outweighs the privacy interests of the information concerned (GDPR Article 6(1)(f) and Article 32). This information is generated through our systems and may be disclosed to the police concerning fraud investigations.
We are also legally required to retain this information for accounting and tax purposes, as mandated by the Accounting Act and the Value Added Tax Act (GDPR Article 6(1)(c)). We also received this information from you and may transfer it to the authorities to whom we must transfer it.
A third party stores card numbers and information and is the data controller for this information. This depends on your payment solution and agreement with the payment facilitator, such as your bank or credit card company. Please also refer to the privacy policy from payment service providers.
2.2 Communication and contact
We process personal data about those who contact us to answer and document the communication and contact others not covered by the processing elsewhere in the Privacy Notice, which applies to all forms of communication, physical and digital, written and oral.
In such cases, we process the name, telephone number, email address and any personal data that may result from the communication, including history/logs about the inquiry.
The processing is based on what we consider to be a necessary legitimate interest related to the above (see GDPR Article 6 (1) f). Our legitimate interest is to contact others as part of our business, document our business, reply to those who contact us, and register such contacts. We have assessed that this is necessary to handle inquiries we receive and that the data subjects’ privacy does not override these interests.
It is voluntary to provide us with personal data, but it will be necessary to answer inquiries.
We process the personal data until we expect that the contract will not be further followed up.
2.3 Email and other business solutions
We use email as a communication solution and other business solutions, such as document storage, cooperation solutions, etc., that will contain personal data. The processing is based on that we consider having a necessary legitimate interest in processing personal data via email (see GDPR Article 6 (1) f) to have a work tool and communication solution and that the data subjects’ privacy does not override over these interests. Personal data processing depends on the purpose of the email and what is included in it. Emails and other information are deleted when no longer needed, and we have measures to ensure regular deletion.
2.4 Information and Marketing
If you request information or subscribe to our newsletter, we will send information about our products and services, benefits from partners, newsletters, and other information and marketing. We will then process your email address.
We process personal data to inform you about services and products that may interest you based on your consent (GDPR Article 6 (1) a). You can withdraw your consent at any time by using any unsubscribe options in the communications you receive or by contacting us to opt out of direct marketing and/or profiling under GDPR Article 21 (2).
We only process personal data, such as the email address and name, to send the newsletter, making the inquiry more personal and ensuring the communication reaches the right person. The email address is not used for other purposes other than sending the newsletter.
The processing will continue until you have received the requested information or withdrawn your consent. Thereafter, your personal data will be deleted.
2.5 Information on services
We may also send out information about our services and products that do not contain marketing. This will be done regardless of whether you have consented. Personal data will then be processed on the basis that we either fulfil a contract with you as an existing customer (GDPR Article 6 (1) b) or based on our legitimate interest in informing our users and contacts about our services (GDPR Article 6 (1) f). Alternatively, we may process the information based on your consent (GDPR Article 6 (1) a). The purpose of the processing is then to keep you updated about products and services you receive and follow up on purchases of products or services. The processing of personal data will occur as long as you receive our services.
2.6 Business customers, suppliers, partners, etc.
We process personal data about contact persons of existing and potential business customers, suppliers, and other partners to manage our relationship with suppliers and others, prepare, implement, and document services and evaluate the use of services. In these cases, we will
process names, contact information, company names and information related to the contact with the company in which the person in question works.
The processing of personal data is based on the necessary processing and legitimate interest in managing our relationships with our customers, partners, and suppliers.
The processing of personal data is based on what we consider a necessary legitimate interest (GDPR Article 6 (1) f) to manage the relationship with our customers, partners, and suppliers, and the data subject’s privacy does not override our interest.
We also store and disclose information where we have a legal obligation, for example, under accounting and tax legislation.
We may store information for as long as necessary to document services-related matters.
In many cases, we will need to obtain personal data to enter into agreements with customers and suppliers and, among other things, to document that an agreement has been entered into. If we do not receive the information we need, we cannot enter into agreements.
It is voluntary for contact persons to provide us with personal data. If we collect personal data from others, it will mainly apply to contact information (including name, address, telephone number and email address), position, function, employer, and any competence and references where relevant. The source for such information will be the contact person, employer, or something else, such as the employer’s website.
We store personal data until the relationship with the customer, supplier, or partner ceases or until the contact person ceases to be the contact person, with the abovementioned exceptions.
2.7 Recruitment
CVs, applications, certificates, and references are processed when recruiting for new positions with us. If the processing takes place through a recruitment solution or on the basis that it is necessary and within our legitimate interest to recruit new employees, it is based on the consent that you have given.
We may use recruitment services to manage applications, which will be our data processor. If you register with the job search service with your profile, the service will be a data controller responsible for processing, and reference is made to its privacy notice about the processing of personal data in the service. The processing of personal data is based on your consent in the recruitment service (GDPR Article 6 (1) a), obtained or the basis set forth below.
The basis for processing personal data when recruiting is that it is necessary to assess potential job seekers before entering into an employment agreement (GDPR Article 6 (1) b).
If assessments are made in this regard, such as contacting persons who are not listed as a reference, examining when searching for background, etc., personal data is processed based on our necessary legitimate interest in ensuring that the correct candidate for the position (GDPR Article 6 (1) f). For the latter, we have considered that the individual data subject’s privacy does not override our legitimate interest in recruiting new employees. We recommend you not enter special categories of personal data, such as health, religion, political opinion, union membership, etc., in your application.
If we process special categories of personal data, we will do so based on your consent (GDPR Article 9 (2) (a)). Consent can be withdrawn at any time, which will not affect the lawfulness of processing personal data before the consent was withdrawn.
If you have not agreed to further storage, information on the service will be deleted as soon as recruitment is done.
2.8 Events etc.
For event participants, contact information will be registered and processed, along with which event the person in question is to attend, so that the person in question can identify as registered and the necessary communication can be carried out.
For event participants, contact information will be registered and processed, as well as the event the person attended, so that the person can be identified as a participant and that necessary communication and possible invoicing of participation fee can be carried out. Processing of personal data will be based on fulfilling an agreement with the participant (GDPR Article 6 (1) b) or if the participants represent a company on the basis that we have assessed that we have a necessary legitimate interest (GDPR Article 6 (1) f) by holding events as part of activities. In the latter case, we have considered that our legitimate interest overrides the data subject’s privacy.
If food and/or drinks are served, we may obtain information about food preferences, which can show health and/or religion based on the preferences. This information will only be processed to serve food and/or drinks and deleted immediately after the event. In such cases, the personal data will be processed based on consent.
2.9 Social media
We have contact with stakeholders and others through social media. We have a Meta account, where we are responsible for processing personal data in connection with Meta services (Facebook/Instagram). Personal data will be processed through the Meta accounts if you publish posts on Meta services. Our purpose for processing personal data through Meta services is to have contact with you who wish to communicate with us or interact on our Meta channels in other ways, see also about communication under section 2.2 above.
In this context, your name and link to other information you post associated with your name/account on our Meta accounts are processed.
We ask you not to share personal data in posts or comments on the website, especially not to share personal data about others, e.g. by «tagging» or mentioning people.
We process personal data on social media, such as Facebook, because we believe we have a legitimate interest in communicating with the outside world through social media and want to process personal data in this context (GDPR Article 6 (1) f). We have considered it so that we must communicate with the outside world and handle inquiries we receive and that the data subject’s privacy does not come before these interests.
The data will be processed as long as postings/comments are available on social media, and you can delete this at any time.
2.10 Use of websites, cookies, etc.
We will use cookies or similar technology to collect information when you visit or interact with our website. We use the information collected to improve the customer experience on websites and services, to adapt and develop the website, and to offer functionality in the services. We also use the information to provide visitors with recommendations and service adjustments that are as relevant to you as possible. This will be given based on visitors’ behaviour, e.g., on services used, links clicked on, or information read, and on the behaviour of other users with similar usage patterns. In addition, cookies are used to provide customised marketing on our websites, in advertising networks, and on social media. As far as practically possible, we try to do this with anonymous information without knowing that the information is specifically linked to each individual visitor.
A cookie is a text file or information that, upon visiting or interacting with a website, is placed in your browser's internal memory or a number/series of numbers that can identify your browser or device using the websites (referred to as cookies below for simplicity's sake).
You can prevent us from placing cookies in your browser. Many browsers or devices are set to accept cookies automatically, but you can change the settings so the cookies are not accepted. The disadvantage of disabling cookies in your browser is that web pages will not work optimally. The purpose of most cookies we use is to provide functionality for the services.
We also use tools other than cookies to collect information about your IP address, browser type, operating system, and the date and time of your visit to the website and services. This information is used to analyse trends to make the website and services more user-friendly.
The cookies used can be viewed in the box on the websites the first time you visit or by clicking on the circle at the bottom left of the pages, where you can also change your cookie preferences.
We will process the personal data mentioned above based on our consent (GDPR Article 6 (1) a). The information will be processed until you withdraw your consent, which may be done by clicking on the circle at the bottom left of the pages, where you can withdraw your consent and change your cookie preferences.
Necessary and functional cookies and cookies for statistics are processed based on our necessary legitimate interest (GDPR Article 6 (1) f) to adapt the website to our users. We consider that the data subject’s privacy does not override this interest. However, we safeguard the privacy of website visitors by only using the information for statistics where individuals are not identified. The information will be processed as long as necessary for the abovementioned purposes.
- PROCESSING BASED ON CONSENT
If we process personal data based on your consent (see above), you can withdraw your consent at any time without affecting the lawfulness of processing before its withdrawal. Contact us if you want to withdraw your consent. Note that if you withdraw your consent, it may still be possible for us to continue processing all or part of the information if there is another basis for the processing.
- RETENTION AND DELETION OF PERSONAL DATA
We keep and store personal data for as long as necessary for the purpose for which it was collected, and we delete the data under regulations. The length of time we process the individual data types is included above under the specification of the different processes.
When we delete the information included above where the individual processes are discussed, or else the storage period is based on the following criteria:
· Whether we have a legal or contractual need to retain the information, as there may be claims directed against us
· Whether the information is necessary for our business
· Where the basis of processing is consent, when consent is withdrawn.
When we no longer have an ongoing legitimate need to process your personal data, it will be deleted or anonymised as quickly as possible in accordance with applicable law.
In some cases, anonymising personal data instead of deleting it may be relevant. Anonymisation removes all data that may identify or potentially identify data subjects (individual persons) from data sets.
This means, for example, that personal data that we process based on your consent will be deleted if you withdraw your consent. Personal data that we process in connection with sales or purchase agreements you have with us is deleted when the agreement is fulfilled. All obligations arising from the contractual relationship are fulfilled, such as legal obligations related to accounting, follow-up of customer-related complaints, etc. Personal data related to our fulfilment of legal obligations is deleted as soon as the legal obligations have been fulfilled, such as the obligation to keep accounts.
- DISCLOSURE OR TRANSFER OF PERSONAL DATA
We do not disclose or transfer personal data to others in cases other than those mentioned in this notice unless there is a legal basis for such disclosure/transfer. Examples of such a basis will typically be an agreement with or consent from the data subject or a legal basis that requires us to publish the information. The latter applies to public activities such as tax collection (if necessary), accounting/auditing, and other things we need in our business, such as a bank connection.
We use data processors to process personal data on our behalf. In such cases, we have entered into data processing agreements with the data processors to safeguard your rights and security for your personal data at all stages of the processing.
Personal data may be disclosed to public authorities if required by law, or there is a suspicion that a crime has been committed in connection with the use of our services, such as the police, in case of an investigation.
If personal data may be subject to transfer to another organisation in connection with a merger, financing, reorganisation or dissolution transaction of all or part of us, we will only do so if the parties involved have entered into an agreement where the collection, use and sharing of personal data is limited to the purposes of the transaction, including a provision as to whether or not the transaction will proceed, and the personal data shall only be used by the parties involved to complete and complete the transaction. If another company buys our business or assets, this company will have access to the personal data we collected and will assume the rights and obligations regarding your personal data as described in this privacy notice.
- TRANSFER OF PERSONAL DATA TO RECIPIENTS IN COUNTRIES OUTSIDE THE EEA
It is an objective that all processing of personal data shall be carried out within the EEA, but we may use suppliers or process personal data outside the EEA. In such cases, transfer and processing outside the EEA will take place in countries approved by the EU Commission or under a valid legal basis for the transfer of personal data under GDPR Chapter V. If transfer to countries approved by the EU Commission does not take place, the transfer will only take place after guarantees set out in Article 46 (2) of the GDPR. You can get information on the lawful basis used for the transfer if you contact us.
- LINKS TO THIRD PARTIES/OTHER WEBSITES
Our website may contain links to other websites or third parties offering products or services and sites not under our control. These links are provided only as an opportunity for users to obtain more information. Websites not part of ours, will process personal data as the data
controller itself and may have separate and independent privacy notices. We have no responsibility for the content and activities of these websites.
- SECURITY OF PROCESSING – ARE WE COMPLIENT WITH THIS?
We prioritise the security of personal data in our business and will implement all required technical and organisational measures to secure your personal data. If possible, all processing will be encrypted and unavailable to anyone other than those needing personal data to perform their tasks (“need-to-know”).
We ensure that personal data is correct, accessible, and handled according to its degree of sensitivity. We also use various security technologies and information security procedures to protect your personal data from unauthorised access, use, or disclosure. Where necessary, risk assessments are carried out.
We have entered into data processor agreements with all our suppliers who process personal data. These agreements require them to assume the same degree of security as we ensure in processing personal data.
We restrict access to personal data to the staff or third parties who process the personal data on our behalf. These parties are subject to a duty of confidentiality.
Routines have been established for handling breaches of information security and routines, and we will, if there are breaches that pose a risk to personal data, notify the supervisory authority (Datatilsynet) as soon as possible and no later than 72 hours after the breach is discovered. If the breach entails a high probability of the privacy of the data subjects affected by the breach, they will also be notified.
- YOUR RIGHTS WHEN WE PROCESS PERSONAL DATA ABOUT YOU
Below is a description of your rights when we process your personal data. To exercise your rights, you must contact us, see contact information above, or otherwise, if it follows below.
We strive to respond to your inquiry as soon as possible and within one month. If it takes longer than one month, you will be notified.
In some cases, we will request you to confirm your identity or provide additional information before you can exercise your rights to make sure that we only give access to your personal data to you - and not someone who pretends to be you.
9.1 Information
You have the right to information about the personal data we process about you. This policy provides information on the processing of personal data. You can also contact us if you want more information.
9.2 Access to Your Personal Data
You have the right to request access to the personal data we processed about you. Contact us if you want such access. If you have registered an account, certain information you have provided will be accessible in the service if the information has not been deleted.
If you request it, you will also receive a copy of the personal data we process about you. We may ask you to specify which data you wish to receive a copy of to make the release easier for us. Upon providing a copy of your personal data, we may require you to identify yourself to ensure we do not disclose personal data to unauthorised persons. The information about you will be sent in digital form unless you request it to be transferred in another manner.
9.3 Correction and deletion
You can ask us to correct or delete any personal data. You can also correct or delete your information on your profile page if you are a registered user. We will, as far as possible, accommodate a request to delete personal data, but we cannot do this if the data is necessary for us.
9.4 Processing based on your consent
If we process personal data based on your consent, you can withdraw the consent at any time. The easiest way to withdraw your consent is as informed to you when you give your consent or to contact us.
9.5 Right to protest or restrict the processing
You have the right to have your processing restricted or stopped in certain cases, see further in GDPR Article 21.
Where our processing is based on legitimate interests, you can object to processing your personal data. If you object, we shall cease the relevant processing unless there are compelling legitimate grounds for continuing the processing.
You may also object to processing personal data concerning you for marketing purposes, including profiling, to the extent that it is related to such direct marketing, as per GDPR Article 22 (2).
9.6 Automated processing, including profiling
There will be no automated processing, including profiling, based on your personal data that may have legal effects or significantly affect those to whom personal data applies. See GDPR Article 22 no. 1 and 4.
- COMPLAINTS
We use the Norwegian Supervisory Authority (Datatilsynet) as the leading supervisory authority for cross-border processing under GDPR Article 56. You can, therefore, direct any complaint to the Norwegian Data Protection Authority.
If you suspect that our processing of personal data is not in accordance with what we have described here or that we, in other ways, violate the privacy legislation. In that case, you can complain to the Norwegian Data Protection Authority. However, we ask you to contact us so we can correct the matter immediately.
You will find information about your rights and how to contact the Norwegian Data Protection Authority on the website: www.datatilsynet.no/en/.
- AMENDMENTS
Should our services or regulations on processing personal data change, the information you provided here may change. We will inform you of these changes if we have your contact information. The updated privacy notice is readily available on our website.