Øglænd System AS is a part of Hilti AG.
Øglænd System does not only have a reputation for providing quality products and excellent customer service but is also committed to protecting your privacy in the online sphere.
Your privacy matters to Øglænd System so whether you are new to Øglænd System or a long-time user, please read this notice carefully – and if you have any questions contact us.
If you have a privacy concern, complaint, or a question regarding our electronic or digital services please contact our Data Protection Officer at Øglænd System by sending us an e-mail to oglaend.localdpo@oglaend-system.com solely dedicated to Privacy matters.
This Privacy Notice describes how we collect, process and use your personal data when you visit and/or register with our services, websites and apps and the choices we offer, including how to access and update information.
Unless otherwise stated, Øglænd System AS is the data controller for personal data we collect through the services, websites and apps subject to this Privacy Notice.
Our headquarter office address is:
Øglænd System AS
Engelsvollvegen 264
4353 Klepp Stasjon
Norway
Our owners headquarter office address is:
Hilti Aktiengesellschaft
Feldkircherstrasse 100,
9494 Schaan
LIECHTENSTEIN
Terms used in this Privacy Notice shall have the following meaning:
Terms like “we”, “us”, “our”, etc. in this Privacy Notice refer to the above mentioned responsible parties (henceforth also referred to as “Øglænd System”).
Terms like “you”, “your”, “yours”, etc. refer to you as a person.
The term “personal data” as used in this Privacy Notice means any information - whether such information was entered by you, collected from you or otherwise obtained - relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier like in our case such as a name, company, Øglænd System identification number or other technical online identifiers.
TABLE OF CONTENTS
1. Who is responsible for the proper handling of your personal data?
2. When does this Privacy Notice apply?
3. What types of personal data do we collect, process and use?
4. Why and with whom do we share personal data?
5. Will personal data be transferred abroad?
6. Why and for how long do we retain personal data?
7. What privacy choices do you have?
8. What else do we do to protect your personal data?
9. Use of cookies and similar technologies
10. Links to other websites
11. Compliance and cooperation with regulatory authorities
12. How are changes to this Privacy Notice communicated?
13. Contact us
1. Who is responsible for the proper handling of your personal data?
The party responsible for the collection, processing and use of personal data is Øglænd System as the provider of the services, websites and apps, in most cases and depending on the requested service jointly together with one or more of its affiliates.
2. When does this Privacy Notice apply?
This notice applies to all Øglænd System services, websites and apps that link to this document.
This Privacy Notice does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in search results, sites that may include Øglænd System services, or other sites linked from our services.
Our Privacy Notice does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.
3. What types of personal data do we collect, process and use?
Personal data that we collect, process and use in connection with the services, websites and apps includes not only information that we collect while you interact with us but also information that you provide to our sales team.
|
Data subject |
Log information and local storage |
Device information |
Location information and unique application numbers |
|---|---|---|---|
|
COMPANY DATA |
- name, address, department, contact information and other information in relation to a company that you represent and your function within this company - customer number - VAT number - delivery address - business email address, - invoice address - order number - password - payment information - bank account information - business telephone number - business mobile phone number |
|
- company - contact language - customer advisor / point of contact - importance of customer - organizational unit - participation in campaigns or events - postal code - product History - region - returns - order number |
We will seek your consent before collecting, processing and using your personal data for the above-mentioned purposes, where legally required. Likewise, if we wish to use your personal data for a new or different purpose, we will notify you thereof and will only make such other use if it is required or permitted by applicable law or if you have consented to it.
Any access to your personal data at Øglænd System is restricted to those individuals that have a need to know in order to fulfill their job responsibilities. For the purposes mentioned above, only a limited number of individuals within Øglænd System (e.g. individuals in sales, support, legal, finance, IT and accounting departments, as well as certain managers with assigned responsibility) will receive access to your personal data.
When you contact Øglænd System, we keep a record of your communication to help solve any issues you might be facing. We may use your provided email address or phone number to inform you about our services, such as letting you know about upcoming changes or improvements.
4. Why and with whom do we share personal data?
We do not sell, trade or rent out your personal data.
For the purposes mentioned in this Privacy Notice we disclose, transfer or otherwise share your personal data, with other entities of our group of companies to the extent described in the following or as agreed by you in a specific context (e.g., where you consent to other types of data transfers in connection with enrolling for a specific service). Whenever sharing personal data, we do strictly comply with applicable laws.
We do not share personal information with companies, organizations and individuals outside of Øglænd System unless one of the following circumstances applies:
Consent: We will share personal information with companies, organizations or individuals outside of Øglænd System when we have your consent to do so. We require opt-in consent for the sharing of any personal information.
External processing: We provide personal information to our third-party service providers under appropriate instructions as necessary for the respective processing purposes, to perform specific tasks on our behalf and under our instructions. Any third-party provider will have access only to such personal data needed to perform its specific tasks, and only to perform these. We will ensure that any third-party service provider is aware of and abides to these duties. We will also ensure that any third-party service provider treats your personal data no less protective as required by applicable data protection laws and that they adopt adequate technical and organizational security measures based on our instructions and in compliance with our Privacy Notice and any other appropriate confidentiality and security measures.
Legal reasons: Without limitation, this include cases in which we are required to share personal data by law or binding order of courts, law enforcement authorities or regulators. Should we decide to disclose personal data in such context we will also consider ways of reducing the scope of the disclosure, for instance by redacting the information provided.
5. Will personal data be transferred abroad?
Øglænd System’s data storage locations are chosen to operate efficiently, to improve performance, and to create redundancies to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this Privacy Notice is processed according to the provisions of this Notice and the requirements of applicable law wherever the data is located.
It is Øglænd System’s policy to process your personal data only in a manner that provides a similar level of data protection as in the EU/EEA. Hilti AG is headquartered in Liechtenstein with server centers located also in Switzerland and therefore processes personal data under the EU adequacy framework decision regarding Switzerland. If we transfer personal data outside of the EU/EEA, it will be governed by the Standard Contractual Clauses n°2021/914/EU of the European Commission published on 4th June 2021 – if the destination country does not provide an adequate level of protection.
Øglænd System has implemented Technical and Organizational Measures which set forth the technical and organizational security measures and procedures Øglænd System undertakes, as a minimum, to maintain and protect the security of personal data processed, including data in transit. IT processes at Øglænd System are developed in accordance with the ISO 27001 standard.
Please find below our third party providers:
|
Name of provider |
Country |
Activity |
Legal framework/ Safeguards on Transfers |
|---|---|---|---|
|
Office365 |
Ireland |
Webpage related workplace activities |
Contractual, Technical and Organizational measures |
|
Salesforce |
Germany |
CRM |
Contractual, Technical and Organizational measures |
|
Infor |
Germany |
CRM |
Contractual, Technical and Organizational measures |
|
CoreTrek As |
Norway |
Hosting Services |
Contractual, Technical and Organizational measures |
|
ServiceNow |
Netherlands |
Supporting services |
Contractual, Technical and Organizational measures |
|
Microsoft Azure Cloud Service |
Western Europe |
Storage of data |
Contractual, Technical and Organizational measures |
For more details regarding our extensive list of Third Party providers, please contact us at oglaend.localdpo@oglaend-system.com
6. Why and for how long do we retain personal data?
Øglænd System is continiously improving all of its services, websites and apps to retain personal data no longer than necessary for the described purposes in this notice and/or as required or permitted under applicable laws, to the extent technically possible.
The following table gives an overview of the processing activities of Øglænd System services, websites and apps with their purpose of the data collection, their type, the legal basis and the applicable data retention periods.
|
Purposes of the Processing |
Type of Personal Data and Information on Cookies Used (if applicable) |
Legal Basis for the Processing |
Retention Period |
|---|---|---|---|
|
To facilitate and process product and service orders placed on the services, websites and apps |
|
Required for the performance of a contract (Art. 6 (1) (b) GDPR) Order processes under your contractual relationship with Øglænd System need identifiers and security measures to be processed and stored on our servers. |
10 years after expiry of the contract |
|
Where applicable, to establish, execute or terminate contracts in connection with your use of our services, trainings, websites and apps. Perform your order processing and delivery in relation with local carrier for logistics purposes; or establish, execute or terminate contract in regards with service agreements e.g. PMO services (Project Management Office) |
Personal data contained in contracts, communications, and business letters VAT records and Customs & Excise duty For logistics and order delivery purposes:
For the purpose of using services, trainings and the PMO:
|
required for the performance of a contract (Art. 6 (1) (b) GDPR) Order processes under your contractual relationship with Øglænd System. We process technical data in connection with personal information to deliver your services. This includes anonymous geolocalisation information to locate assets based on receiving device position. |
For logistics and order delivery purposes Personal data is retained for 10 years after contract termination. PMO related data is retained for 10 years. |
|
To answer your questions and respond to the requests you make in connection with the provision of technical support or other customer services |
|
Legitimate interests (Art. 6 (1) (f) GDPR): The processing of personal data is necessary to answer the respective request of the website user which otherwise cannot be fulfilled. Therefore, the processing is justified on the basis of legitimate interests. |
Six Months (for quality control and evidence purposes) |
7. What privacy choices do you have?
Your trust makes our services, websites and apps work better for you. We keep it private, secure and put you in control for your preferences.
We aim to maintain our services, websites and apps in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, websites and apps we may not immediately delete residual copies from our active servers and may remove information from our backup systems only after certain timeframes in accordance with applicable laws. (see pt. 6).You can at any time contact us via oglaend.localdpo@oglaend-system.com to exercise your rights according to applicable data protection laws and regulations.
In the case you withdraw your consent to a processing activity Øglænd System reserves the right to further process and use your personal data to the extent this is required or permitted by law e.g. to administrate your unsubscribe or set an over layer cookie to respect your cookie settings.
You are entitled to exercise the following rights as a natural person:
- Right to object: you have the right to object, on grounds relating to your particular situation, without any formal requirements, to the processing of your personal data by Øglænd System, if such processing is in pursuit of the legitimate interests of Øglænd System or a third party. You also have the right to object, without any formal requirements, to the use of personal data for promotional and marketing purposes. If you object to marketing purposes, we will discontinue processing your personal data for this purpose. (Art. 21 GDPR)
- Right of access: you have the right to obtain from Øglænd System confirmation as to whether or not we process your personal data and, where that is the case, access the personal data processed such as, but not limited to, the purposes of the processing, categories of personal data concerned.(Art. 15 GDPR)
- Right to rectification: you have the right to obtain from Øglænd System the rectification of your inaccurate personal data (Art. 16 GDPR).
- Right to erasure ("right to be forgotten"): You have the right to obtain from Øglænd System the erasure of your personal data where grounds listed in Art. 17 GDPR apply. (Art 17 GDPR)
- Right to restriction of processing: you have the right to obtain from Øglænd System restriction of processing where grounds listed under Art. 18 GDPR apply (accuracy of the personal data is contested, processing is unlawful, Øglænd System no longer needs the personal data for the purposes of the processing, you have objected to processing pending the verification of legitimate grounds). (Art 18 GDPR).
- Right to data portability: you have the right to receive the personal data processed by Øglænd System in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Øglænd System where applicable grounds apply (Art 20 GDPR).
- Right to lodge a complaint: in the event you consider we do not process your personal data with compliance to GDPR, you have the right to lodge a complaint to a supervisory data protection authority (see point 11 hereafter). (Art. 77 GDPR)
Please use the official EU website to learn more about these rights.
8. What else do we do to protect your personal data?
Øglænd System understands the importance of information and data security and we want your purchasing experience with us to be as safe as possible.
To protect your personal data, we have implemented reasonable and state of the art safeguards and precautions, including technical and organizational measures against unauthorized access, improper use, alteration, unlawful or accidental destruction and accidental loss, both in an online and offline context. Øglænd System personnel is trained and undertakes to protect personal data accessible when performing their functions.
For example:
- we review the integrity of our information collection process, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- we restrict access to personal information for Øglænd System employees, contractors and agents based on a need to know approach in order to process it for us. Involved parties are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
You should only share online or through apps personal information which you are comfortable sharing acknowledging that no organization or its systems can ever be guaranteed 100% secure all the time.
9. Use of cookies and similar technologies
Privacy policy and cookies
When you visit our website, your browser will download information capsules (“cookies”). These are small text files that are exchanged between your unit and our website and which are used to ensure the optimal functioning of the website. Below, you will find a summary of the cookies used on our website.
As an internet user, you can choose to decline storage and use of cookies. We recommend the website nettvett.no for a description of how to accept or decline cookies.
HTTPS and secure transfer
Our website uses HTTPS to transfer data securely through encryption. If you want to make sure that a page is encrypted, the URL in the browser's address bar will start with “https” instead of just “http", and most browsers will also show a padlock to indicate this.
The purpose of using encryption is to ensure secure data communication between the server (our website) and the client (your computer). HTTPS also makes use of a digital certificate to ensure that the website is genuine.
Cookies on this website
CoreTrek AS provides the publication tool used on our website (CorePublish), and is responsible for its technical development, operation and maintenance. These are the cookies used by CorePublish on our website:
- For the CMS to work properly: the cookie CorePublishSession. This cookie contains a reference to a session file on the web server. The session file will not contain personal data for anonymous users, but may be used for intermediate storage, such as form data and search texts between page views. The session file will be deleted automatically within 15 minutes after the user has closed the browser or been idle and is thus not permanently stored. Only system administrators have access to these session files.
- To identify what type of unit and browser you are using: the cookie ctcdk. This cookie has a duration of one week, and enables our website to adjust its content presentation to the correct type of unit (PC, mobile, tablet, etc.). This cookie does not store personal data.
Sharing
We offer options to forward articles by email and share articles via social media. Email addresses used to forward articles are not recorded. The further processing of data shared via social media is regulated by your agreement with the relevant online service provider.
Statistics and logs
When you browse our website, information is stored in statistical and log files. The system stores the user agent, IP address and what page a visitor has viewed in a raw data table. This information is then used to generate statistics on the number of page views per object (menu item, article, file), per host and per search term. All data in the raw data table are deleted after two days, and the remaining statistics then contain only summary data that cannot be used to identify individual users.
We also store the user agent, IP address and what page a visitor has viewed in the web server’s logs. These logs are used exclusively for troubleshooting and security purposes, and no data are taken from these logs or otherwise used. The logs are deleted at regular intervals (normally every four weeks). Only the administrators of the web server (operations), have access to them.
Our website uses the following tools (that also uses cookies):
We use Google Analytics to analyse visitor data. IP-addresses are not stored and it is not possible for us to link user statistics up to an induvidual user. The user statistics are only available to our web editors and the IT department of our company. Google Analytics also adds cookies in your browser.
If you do not want to be tracked by Google Analytics, you can use a browser plugin to block tracking: Google Analytic's opt-out opions.
Login attempts
All login attempts are logged in a separate database table. The purpose is to detect failed login attempts, detect and stop hacking or brute force login attempts and to see when a user logged in.
The login table stores the following data: Username, date and time of the log in attempt, the URL of the login attempt and the users IP-adress.
10. Links to other websites
Our services, websites and apps may contain links to other services, websites and apps of interest, once you have used these links you leave our services area. When you visit such other services, websites and apps you should exercise caution and look at the privacy statement applicable to the app or website in question. We cannot, and do not, assume any responsibility or liability for such other websites, the content of such services, websites and apps and their privacy practices, nor do we endorse them.
11. Compliance and cooperation with regulatory authorities
We regularly review our compliance with our Privacy Notice. We work closely with the Liechtenstein Data Protection Authority where Hilti AG has its headquarters. You have the right to lodge a complaint with the supervisory data protection authority of Liechtenstein or you can lodge a complaint with your local supervisory authority in an EU or EEA member state, e.g your place of habitual residence, place of work or the place in which the alleged infringement took place. The local supervisory authority for Norway is datatilsynet. The local supervisory authority for the UK is The Information Commissioner’s Office, who can be contacted here. We suggest you submit any request or raise any concern in writing directly at: oglaend.localdpo@oglaend-system.com. The Data Protection Officer is the appropriate point of contact for any data protection matter.
12. How are changes to this Privacy Notice communicated?
Our business changes constantly, which means that our Privacy Notice will be updated from time to time. Please check this Privacy Notice from time to time to ensure that you are comfortable with any changes we had to make.
We will not reduce your rights under this Privacy Notice without your explicit consent. We will post any Privacy Notice changes and, if the changes are significant, we will provide a more prominent notice up to individual e-mail notification.
13. Contact us
Your feedback is always welcome. If you have any questions or concerns about our privacy practices or your online privacy please do not hesitate to contact us