This privacy statement explains how we collect and use personal information. The goal is to provide you with general information about our processing of personal data.
This statement is updated in the event of changes in routines
When does Rytech AS collect personal information?
We mainly process information that you have provided to us for one of the following reasons:
You have applied for a job with us
you have been offered a position with us
You have sent us a complaint
You have asked us for access
We also receive information indirectly for the following reasons:
A job seeker has provided you as a reference
An employee has identified you as their next of kin
We process and, if necessary, store personal data in order to answer your inquiry.
Data Subject Rights
You can exercise your rights by sending an email to email@example.com. You are entitled to a response within 30 days.
Access to own information
Rectification of personal data
Deletion of personal data
Read more about the right to erasure
Restriction of processing of personal data
Read more about the right to restriction
Object to processing of personal data
Read more about the right to object
You can complain about our processing of personal data
We hope you will let us know if you believe we do not comply with the rules of the Personal Data Act. Contact us on firstname.lastname@example.org
What is registered when you use the website of Rytech AS?
What is registered when you contact us?
Employees have a record of recent calls on their phones. If it is in the company's interest and necessary for the fulfilment of agreements and obligations, contact information (name, telephone number and e-mail address) is stored on the telephones where this information is required.
We use Microsoft Office as our e-mail provider, and this e-mail service supports TLS encryption to secure our e-mail communications. We ask that you do not send sensitive personal information or information worthy of protection by email, as we cannot guarantee that your email provider supports TLS. We use Microsoft Security Essentials to scan incoming and outgoing email for viruses and malware. This is done to safeguard the company's interest in securing ICT infrastructure.
Contact persons at existing and potential customers
We process information about contact persons at existing and potential customers for marketing, sales, administration, documentation and follow-up.
The processing of personal data is based on our legitimate interest, which consists of the need to sell our goods and services. We also store and disclose information where we have a legal obligation to do so, for example under the Accounting Act and the Tax Administration Act.
It is voluntary for contact persons if they want to provide us with contact information, but sometimes it is a condition for entering into an agreement that we receive the information we need. If we collect personal data from others, it will usually be contact information, position, function and employer. The source of information will most often be the contact person's employer.
We may store information for as long as we believe it may be needed, for example to document sales conditions.
Contact persons at existing and potential suppliers
We process personal data about contact persons at existing and potential suppliers for preparation, administration, documentation and follow-up.
The processing of personal data is based on our legitimate interest, which consists of the need to purchase goods and services. We also store and disclose information where we have a legal obligation to do so, for example under the Accounting Act and the Tax Administration Act.
It is voluntary for contact persons if they want to provide us with contact information, but sometimes it is a condition for entering into an agreement that we receive the information we need.
We may store information for as long as we believe it may be needed, for example to document purchasing conditions.
Information about employees, former employees and job applicants.
We process personal data about our employees in order to manage our staff, to organize our business, as well as to comply with legal requirements. Necessary information is registered for payment of salary, e.g. basic data, salary level, time registration, tax rate, tax municipality and trade union affiliation. Other information is related to the person's work instructions and adaptation of the person's work. This is necessary to fulfil the agreement to which the data subject is party.
Information related to administration of entries and exits is also registered, and information about access control in the IT system. The information is obtained from the employee himself. The information is only provided in connection with salary payments, other statutory deliveries and if the customer requires this in connection with the execution of assignments. The employee's next of kin's contact information is only provided in situations where contact with next of kin is necessary and/or contact information is already publicly available. Deletion procedures for personal data comply with the Accounting Act and the Archives Act.
All former and current employees have a personnel file in our filing system.
Here, among other things, the job application is filed/stored. Personnel files must be preserved (i.e. the job application is not deleted or shredded). Personnel files are cleared at the end of the employment relationship. Access is limited to service needs.
JobseekersWe process personal data about job applicants in order to assess whether they are suitable for the job they have applied for. The processing of personal data is based on our legitimate interest in hiring and in documenting the hiring process. It is voluntary to provide us with information. The information the job seekers choose to provide us will have a bearing on our assessment of the application.
We store data for up to one year after the hiring process has ended.
Information is stored with us in electronic and physical personnel files. Information is available only to the HR department and immediate manager. Information about names and contact details is available to other employees. We store information for the duration of your employment.
We process personal data about former employees in order to document our compliance with our obligations as an employer if necessary. Information about former employees will also appear in agreements, correspondence and other documentation we store and use as part of our business.
The processing of personal data is based on our legitimate interest in documenting our case processing in our capacity as an employer. We also process information because we are legally obliged to do so, for example to disclose and store information in accordance with the Accounting Act, the Tax Administration Act and the A-Disclosure Act.
We store information about personnel matters for up to two years after the termination of employment. Information about whether a person has worked for us and for how long, we store indefinitely.
Information security, data controller and contact information
The data controller is Rytech AS (org. no. 915 194 567). Our postal address is Birkelandsveien 1 4200 Sauda. You can also contact us by e-mail email@example.com or telephone 98245529. We will respond to inquiries within 30 days.
Rytech AS has an ICT operating model where we operate a large part of our systems ourselves. We also use external consultants if necessary. We use Norwegian suppliers who will work from Norway.
We have a onedrive that we operate ourselves. We have an agreement with NetteXpert for support if necessary. NetteXpert does not have access to our systems, but must be given access either via attendance or remote access. Backup of the data is stored in the cloud service microsoft onedrive.
For payroll and accounting systems, we use Tveit/sparebank 1, which runs on its own server in a cloud service. Here, hours are managed for payroll, other salary data and absence.
Our website is hosted at WIX.AS. They have subcontractors outside Norway. They have agreements on the exchange of data with subcontractors in the EU, and EU standard agreements for everyone except the EU.
We do not share more information than necessary with the individual partner and subcontractor.