3) What kind of information do we collect?
In order to deliver the best services possible, we are dependent of collecting different types of information, including your personal data. Below you can find an overview of how we typically gather personal data and what kind of data this typically is.
a) Information you provide to us
Upon registering on our website, you must provide some information that will be stored with us. This may include your name, email address, phone number etc. We will also save your information when you are in contact with us later, such as inquiries to one of our departments. When contacting us through phone, chat, email or other digital channels, we will also store your information. The information you provide can also be enriched by information databases, purchase history or social media you give us access to. Providing your personal data is optional.
b) Data we get through the use of our services.
When you use our services, we register information about what services you are using and how you use them. Among other things, we collect information about:
i)Your device and internet connection:
We can register information about the device you are using. This may include manufacturer of mobile/Computer, operating system and browser version. We can also collect information about the connection to our services such as IP-addresses, network-id, cookies and unique identification files.
ii) Purchasing or use of our services:
We collect information on your use of services as well as any purchase you make, which sites you visit, when you visit our web pages and what functions you have used, or purchases you have made there.
iii) Information about your position: We can also register your geographical position when you use our services or shop in our stores through data from the purchases you are making.
c) Information we receive from other sources.
We cooperate with third parties (for example business partners, subcontractors of technical services, payment services and delivery services, commercial networks, analytical services, search engine services and credit agencies) and can receive information about you from these. According to our contractual clause we reserve the right to make credit checks by all new tenants, and in case of non-payment.
d) Automatic assessments.
Through analysis of your purchases and behavior an automatic categorization of you as a customer can be derived.
5) Who treats your information (Data processors)?
Customer service will be performed by OK Minilager AS, while accounting will be performed by the parent company Self Storage Group ASA. We have entered into data processing agreements with the companies that treat information for us, and these will not extradite information to third parties. The following companies outside of Self Storage Group are central when your information is processed:
- Jotform – gathering of information from our users via the website.
- One.com – operating web pages.
- Salesforce – administration and storage of information.
- 24SevenOffice – administration of invoices and orders.
- Quickpay – processing of payment by card.
- Google – anonymized and aggregated user information for use of our digital services.
- Facebook – anonymized and aggregated user information for use of our digital services in conjunction with advertising.
7) Securing personal data
The security of your personal data is important to OK Minilager AS. We commit to protect the information we collect. We maintain organizational, technical and physical security measurements designed to protect the personal data you provide, or we collect, against unintentional, illegal or unauthorized destruction, loss, change, access, sharing or use. We use SSL encryption on our websites for transferring certain personal data.
OK Minilager AS stores personal data only as long as it is necessary to fulfill the purpose for which the personal data was collected, unless the active right demands or opens for something else. We take action to destroy or de-identify personal data if this is required by the law, or the personal data is no longer needed for its intended purpose.
9) Transferring of personal data to foreign countries
a) Inside the EU/EEA
Your personal data can be transferred to foreign countries. Transfer of personal data inside the EU/EEA – area can freely take place according to the current privacy legislation.
b) Outside the EU/EEA
If we transfer personal data outside the EU/EEA-area, we will be insured that the transfer is happening according to the current legislation. This means that we will collect consent from you to implement the transfer or use other mechanisms to do a legal transfer.
11) Who gets access to your personal data
In some cases, other businesses will have access to your personal data:
Other companies in the group: Personal Data will be shared with the mother company Self Storage Group ASA, and in some cases, we will need to share your personal data with other companies in the group, for example in conjunction with customer service. The data we share will not be used for other purposes than stated above in item 4).
Insurance companies: If you have chosen to order the insurance we provide, we can at the request of the insurance company or in case of damages give the insurance company (Reason Global) access to the personal data. OK Minilager AS has a data processing agreement with Reason Global, who can disclose data to third parties responsible for handling any damage.
Public authority: Your personal data can in special cases be disclosed to a relevant public authority. Disclosure like this will only occur if we are required to comply with applicable laws and regulations.
13) External links
15) Surveillance cameras
OK Minilager AS has surveillance cameras installed on most storage facilities. All recordings will automatically be deleted in accordance with applicable legislation. If it is likely that a recording may be handed over to the police, the tape can be stored for up to 30 days.
17) Email and phone
OK Minilager AS uses email and phone as a part of the daily work to serve customers and interests. Relevant information provided by the telephone conversation and emails as part of the customer treatment is journaled.
OK Minilager’ co-workers will use email in general dialogue with internal and external contacts. The individual is responsible to delete messages that no longer are current, and at least yearly go through and delete unnecessary content in from the inbox.
19) Information about our employees
OK Minilager AS treats personal data about their employees to process salaries and personnel responsibility. Legal basis follows the Personal Data Act § 8, first paragraph and § 8 a), b) or f) and § 9 a), b) and f). It is the CEO that has the daily responsibility for this. The necessary information for payment of salary is registered. This may include ground data, salary level, time registration, tax rate, tax municipality, and union affiliation. Other information about employees are connected to the individual’s work instructions and facilitation of the individual’s work. Furthermore, information related to key administration of entries and deposits, and information about access control to IT systems. The information is gathered from the employees themselves. The information will only be deployed in conjunction with salary payments and other law-abiding disclosures. Routines for deleting personal data follows The Norwegian Accounting Act and The Archival Act of 1992. Information about names, positions and working areas are considered to be public information and can be published on all of the company’s websites.
Every application for positions will be stored in our electronic archive, and shredded as soon as the position is filled, or after a year.
21) Contact information and the data manager
The data manager in OK Minilager AS is CEO Fabian Søbak.
Phone: +47 92 42 94 38
Når du besøker nettstedet, kan vi automatisk samle system-relatert informasjon om ditt besøk, slik som hvilken type nettleser du bruker, nettstedet som du har kommet fra og din IP-adresse (den unike adressen som identifiserer din datamaskin på internettet) som automatisk gjenkjennes av vår nettserver. Denne systemet-relaterte informasjonen i seg selv inneholder ingen personlig identifiserbar informasjon. Nettstedet benytter også cookies, men de identifiserer brukerens datamaskin, igjen, gjør de ikke i seg selv, brukere identifiserbare.Cookies er Informasjonskapsler, biter av informasjon som et nettsted overfører til harddisken for lagring og noen ganger spore informasjon om deg. Cookies er spesifikke for serveren som skapte dem og kan ikke nås av andre servere, noe som betyr at de ikke kan brukes til å spore bevegelser rundt på internett. Vi bruker cookies til:
- å gjenkjenne deg når du kommer tilbake til nettstedet;
- lar deg navigere nettstedet raskt og enkelt;
- lagre dine preferanser;
- tilpasse elementer av layout og / eller innhold av sidene på nettstedet for deg.
De fleste nettlesere aksepterer automatisk cookies, men hvis du foretrekker det, kan du endre nettleser for å hindre det. Du kan imidlertid ikke kunne dra full nytte av nettstedet hvis du gjør det.Vi bruker noe av system-relatert informasjon referert til ovenfor, inkludert informasjonskapsler, til:
- å administrere nettstedet og bistå i diagnostisering av tekniske problemer
- identifisere nye og returnerende besøkende til nettstedet
- anslå størrelse på vårt publikum og mønstre
- utføre forskning på brukernes demografi
- revidere tilgang av ressurser og nedlasting av data fra nettstedet
- bistå i å forbedre og oppdatere nettstedet
- bistå i å forbedre og utvikle våre produkter og tjenester
2) The legal basis
Personal data and assessments that can be tied to an identifiable individual. This can be for example names, addresses, phone numbers, emails, IP-addresses or purchases and service-histories. All treatment of personal data such as collecting, registration, storage and extradition is subjected to special rules, such as in the Personal Data Act. The chief executive officer is responsible for making sure the processing of data is coherent with the rules of the law. The Norwegian Data Protection Authority is monitoring that the law is being upheld. OK Minilager AS’s foundation for treating personal data will vary, but will according to the Data Protection Act § 8 letters a and b consist of consent from the registered individual or if is legally required. Further, it could be necessary to treat personal data in order to fulfill an agreement with the registered individual, or to fulfill a legal commitment. Consent to treatment of personal data can at any time be withdrawn according to the GDPR article 13 (2) letter c.
OK Minilager AS will in most cases process personal data based on consent. In some cases, we will also treat personal data based on legitimate interest. In that case we will do a “Legitimate interest assessment”.
It is the Norwegian Personal Data Act that is in effect for our treatment of personal data.
4) What is the data used for
We use the personal data to the following purposes:
a) To deliver and improve our services.
We use personal data to deliver our services to you. An example would be to use your personal data to contact you, or make sure you are able to pay for the services we provide you. If you contact us via customer service, dependent of what the inquiry is regarding and what channel you contact us through (phone, chat or email), we will need to know who you are, what product you have purchased, your address and your phone number. We will gather the information needed to help you.
We also use personal data to insure you get the best possible user experience, such as adapting the display of the content to your screen/device in order for the pages to load as quickly as possible.
b) To adapt services, give you recommendations and relevant marketing.
We wish to give you recommendations, product information and service adjustments that are relevant to you. This will be given based on your behavior, such as products and services du have used or bought, ads you have clicked on, or articles you have read, as well as on the behavior of other users with a similar utility pattern as you.
c) To improve digital communication and advertising.
We use your personal data to improve our advertising. By creating a profile with us you accept targeted advertisement through programmatic purchases and targeted advertising through social media where your personal data will be used within purchasing of such advertising.
d) To compile statistics and understand marketing trends.
We compile statistics and map marketing trends to improve and further develop our product offers and services. As far as it is practically possible we try to do this with anonymous information, without knowing this information is tied specifically to you.
e) To avoid misuse of our services.
We use personal data to prevent misuse of our services. Misuse can be attempts to log on to others accounts, attempts on fraud, spam, hateful expressions and other acts that are illegal according to Norwegian law.
6) Administration of personal data
You can influence which personal data we store about you, and how we use the information. You can do this by contacting Christian Hanssen by mail, or by phone 22654000. If you discover any misinformation about you, please contact us so that we can correct this.
OK Minilager AS deletes information about you in line with regulatory requirements. Information on purchases will as a main rule be deleted when there is no longer need to store information to answer the customers inquiries and complaints, unless we need the information to fulfill other legitimate purposes. Accounting legislation and other legislations can in some cases require us to store some types of information for a longer period of time. Instead of deleting the personal data, it may in some cases be appropriate to anonymize the personal data. With anonymization, we mean that all identifiable or potentially identifiable characteristics will be removed from the datasets that will be stored.
10) Your rights
OK Minilager AS values your feedback. Here you can see which rights you at any time possess, and can at any point exercise by contacting us.
Withdrawal of consent: If you have given your consent to receive inquiries from us about offers on our services, you can at any time withdraw this consent. We have facilitated so that you can easily reserve yourself from this kind of inquiries in every inquiry from us. Consent can also be withdrawn by contacting customer service.
You have the right to ask for access to your personal data according to the Data Protection Act §18 and GDPR art. 15.
Ask for correction or deletion: You can also ask us to correct misinformation we have about you or ask us to delete any personal data. We will, as far as possible, accommodate a request to delete personal data, unless there are weighty reasons for us not to delete. For example storing information for documentation purposes.
Right to data portability: you can demand to take your personal data to another business—This is called data portability. If this is technically possible, you can demand that we as the ones responsible for data management make sure to transfer the information to the new business. The information shall be in a structured, standardized and machine-readable format.
These rules are of the regulation article 20.
Right to complain: You have the right to complain to a supervisory authority, in this case The Norwegian Data Protection Authority pursuant to The Data Protection Act article 13 (2) letter d.
You also have the right to get limited processing in certain cases pursuant to The Data Protection Act article 18.
We also use other tools than cookies to gather data about your IP-address, what browser you use, your broadband supplier, operative system, date and time of your visit, and data about how you navigate the website. We use this data to analyze trends, in order to make the website more user friendly.
For a full list over which cookies we use, follow this link.
14) Especially about marketing through email and SMS
Marketing through email and SMS includes newsletters and other inquiries about content, services, offers, campaigns and events from us, our collaborators and partners through email, phone, SMS, post/letters and social media. We only use this marketing tactic if you have given us consent to do so. Your personal data can also be used to adapt this communication. You can at any time, easily and without cost, opt out of these marketing inquiries through the unsubscribe-function in the emails and texts.
16) Access system
On most of our Storage facilities we have an access system, either by entering a code, or entering through a tele key. Any use of the access system Is logged.
18) Legitimate interest
In cases where you are contacting us with an interest of knowing more about our services, we will always conduct a “legitimate interest assessment”. If we, based on this assessment, conclude that your interest in being contacted by us is more important than your privacy interests, we will start the dialogue with you through the medium you contacted us on, or any medium you have specifically requested.