The statement applies to ANZYZ TECHNOLOGIES AS (ANZYZ) with its website, www.anzyz.comANZYZ shall comply with the applicable privacy regulations at all times, hereby the GDPR and the Norwegian Personal Data Act. This privacy statement provides additional information about what personal information is collected, how the information is collected and your rights if personal information about you is registered with us.

Responsible for processing
The CEO of the company is responsible for the company’s processing of personal data.

What processing of personal data is carried out by us?
ANZYZ processes personal data as an employer, in relation to customer bases and as a supplier of software. To perform our work, it is necessary for us to process, among other things, name, e-mail, address, employer, date of birth, etc.

Customer and supplier information
We process personal data about customers and suppliers, in addition to any third party that is necessary for the delivery of contractual obligations, including access to personal data that is part of the search functions that Anzyz offers its end customers, but where Anzyz is not responsible for processing.

Among the information that is processed is contact information about customers and suppliers. Contact information include the name of the contact person, telephone number and e-mail address. The legal basis for such processing is GDPR Article 6 letter b, c and f, as well as GDPR Article 9 letter a and b. The personal information is stored in a dedicated database and deleted five years after the end of the customer relationship.

When the contact form on our website is used, we ask for the following information: Name, e-mail address, telephone number, and the purpose of the inquiry. The purpose of collecting and storing information is to be able to respond and have a dialogue about inquiries. The information is sent to a dedicated person in ANZYZ and stored in our e-mail system (MS 365 Outlook) where only ANZYZ employees have access. The information is stored as long as we find it useful.

Sub-processors
We use sub-data processors and act as data processors for customers, as a result of the service we offer. We are therefore operating on a general permit for the use of sub-processors, see GDPR Article 28. This is agreed with the customer in our data processor agreement.

When using sub-data processors, we ensure that they are imposed the same obligations with regard to the protection and use of personal data and other customer data as with ANZYZ. ANZYZ has at all times an overview of its sub-processors, and a list of which sub-processors ANZYZ uses can be obtained by contacting: [gdpr@anzyz.com]

Processing of personal data in our service areas
Information obtained directly from the customer can be information about name, address, telephone, e-mail address, and is used to keep in touch with key people at customers. In its customer assignments, ANZYZ will be the data processor and consequently enters into a data processor agreement with the customer as responsible of the data. The data processor agreement will set the framework for our processing of personal data. The specific security measures and deletion deadlines for the processing will be stated in each individual data processor agreement.

Processing of personal data related to job seekers
When registering and / or subscribing to vacancies at ANZYZ, as well as when submitting a CV, application and other relevant documents in connection with a job application, personal information is collected. Information that is processed in connection with recruitment includes personal, job and education details. The information is obtained from the jobseekers. The information will not be used for purposes other than that for which the information was collected. Personal information about applicants for positions will be deleted two years after the person applied for a position with ANZYZ, unless the person in question is employed or agrees that the information can be stored longer.

Processing of personal data as part of personnel administration
ANZYZ processes personal data as part of personnel administration such as in payroll and deduction statements. The personal information that is processed in this connection includes personal information, salary information, evaluations, information about relatives, and education / position level. The legal basis for this processing is fulfillment of the employment contract, see the Personal Data Act § 8 ​​letter a and b (GDPR Article 6 letter b and c). Personal information associated with personnel administration is stored as long as the person is employed by ANZYZ, and is deleted 1 year after the person has left.

Disclosure of information to third parties
ANZYZ shall not disclose Personal Information to Third Parties, unless the Customer has agreed in advance to such disclosure, or that there is a statutory obligation for ANZYZ to disclose the Personal Information. This can, e.g. be to National Labor and welfare administration (NAV)or to the tax authorities. Delivery to other Data Processors shall take place in accordance with the terms of the data processor agreement.

Deletion and correction of personal information
Those who are registered with us have the right to request access to their own personal information, as well as demand correction and deletion. The personal information is stored for as long as it is relevant and deleted 2 years after the end of the customer relationship.
Everyone who is registered in the system must be deleted if they have been inactive for 2 years or more. In connection with sending out newsletters, those who wish to be deleted from the recipient list will unsubscribe when they wish.

If ANZYZ processes personal data which is incorrect, incomplete or which it is not permitted to process, the person in question may demand that ANZYZ correct or delete the incomplete information. ANZYZ must, if possible, ensure that the error does not become significant, e.g. by notifying recipients of disclosed information. ANZYZ shall respond to inquiries about access or other rights pursuant to the Personal Data Act § 18, § 22, § 25, § 26, § 27 and § 28 without undue delay and no later than 30 days from the day the inquiry was received, unless special circumstances prevent to respond to the inquiry within this deadline. In that case, ANZYZ shall provide a preliminary answer with information on the reason for the delay and the probable time for when an answer can be given.

Information security
We secure personal information through both physical and virtual access control. ANZYZ has secured access to its systems with approval via several factors in the login process. To access accounts, users must complete additional identity verifications.

We provide data processor agreements to our customers where it is confirmed that we process data in accordance with the regulations.

Contact information
If you have any questions regarding the processing of personal data, or have input to us regarding this topic, you can contact our data responsible, CEO Kristian Hernes at kristian@anzyz.com

Supplementary and in-depth information about privacy under our data processor agreements
Execution of projects means that Anzyz processes Personal Data on behalf of the Customer. ANZYZ thereby acts as the Data Processor for the Customer responsible for processing. The purpose of ANZYZ’s processing of Personal Data is to carry out the services that have been agreed to be carried out.

The Data Processor Agreement intends to regulate ANZYZ’s processing of Personal Data on behalf of the Customer, and thereby ensure that the processing takes place in accordance with the Personal Data Act (LOV-2018-06-15-38), including the EU Privacy Regulation (EU / 2016/679), and subsequent legislation that replaces or supplements these (the “Personal Data Regulations”).

The definitions in Article 4 of the Privacy Regulation apply correspondingly to terms used in this data processor agreement.

ANZYZ shall only process Personal Data in accordance with documented instructions from the Customer, including in the Agreement and in the last page of this data processor agreement in this document.

If ANZYZ believes that an instruction from the Customer, see the first paragraph, conflicts with the Personal Data Regulations, the Customer shall be notified of this.

ANZYZ must notify the Customer without undue delay if ANZYZ will not be able to comply with its obligations under this data processor agreement.

ANZYZ shall take all measures necessary to establish an appropriate level of security during the Processing, in accordance with the requirements of Article 32 of the Privacy Regulation. The measures shall be documented.

ANZYZ shall without undue delay notify the Customer of any breach of personal data security that has resulted in an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to the Personal Data being processed, pursuant to this the data processor agreement. The notification shall contain the information required by Article 33 (3) of the Privacy Regulation.

ANZYZ shall immediately take measures to prevent or limit the consequences of the security breach. ANZYZ shall assist the Customer in complying with the requirements of the Privacy Ordinance Articles 32 to 36 on information security.

ANZYZ shall also assist the Customer in fulfilling the Customer’s duty to respond to inquiries from data subjects who wish to exercise their rights under the Regulation.

ANZYZ shall not itself respond to such inquiries, but without undue delay forward the inquiry to the Customer or direct the Registered Party to contact the Customer directly.

ANZYZ shall, upon request, provide the Customer with access to all information and documentation necessary to demonstrate that the processing takes place in accordance with this data processor agreement and the Customer’s instructions.

ANZYZ shall enter into a written agreement with its Data Processors, which imposes on the Data Processors the same obligations as ANZYZ itself has pursuant to this data processor agreement. ANZYZ is fully responsible to the Customer for the Processing performed by the Data Processor.

Personal information can only be transferred to countries outside the EU / EEA area if the Customer has given prior consent. The Customer agrees to the transfer out of the EU / EEA area, which takes place in connection with the Personal Data being transferred to existing Data Processors, on the terms specified in this document.

Upon termination of the Agreement, ANZYZ is obliged to return, delete or anonymize all Personal Information in accordance with the Customer’s further instructions at the time of termination. The Parties shall mutually agree on the practical implementation of this duty which addresses both Parties’ need to meet statutory requirements and ensure day-to-day operations.

In any case, the deletion obligation does not apply to Personal Information that is included in ANZYZ’s own project documentation.

The data processor agreement is valid as long as ANZYZ processes personal data on behalf of the Customer. The data processor agreement may be amended if necessary and agreed between the parties in accordance with ANZYZ’s standard terms for the assignment. Announcements and other communications under this Data Processor Agreement shall be in accordance with ANZYZ’s standard terms.

The parties’ rights and obligations under this declaration are determined in their entirety by Norwegian law.

Changes to the privacy statement
There may be changes to the privacy statement. Date of last registered change is 03.2022

ANZYZ TECHNOLOGIES AS, Jon Lilletuns vei 3, 4879 Grimstad