Evidens cares about keeping your personal data secure, and we are transparent about how we store and use your personal information.
Any information you give to us is given voluntarily, and we do not store or use your personal data in other ways than those you have consented to.
On evidens.no, there are two ways you can consent:
- By allowing websites to place cookies in your browser in your browser settings (learn more).
- By willingly giving us additional information by signing up to our newsletter.
Read on to learn how we gather information from you and how we use and store it.
How we gather information from you
As you know, we gather information from you by a) placing cookies in your browser and b) when you provide personal information to us by filling out form fields.
What cookies do we place, and what do they do?
We use Google Analytics to monitor how you and other users who have cookie tracking enabled use our website. This means we track site visits across pages, and get an overview of how long your session lasts, what pages you’ve visited and where you clicked our link (Google, Instagram, some other website). Google Analytics uses your IP address, user IDs and advertising cookies to identify you.
Google Analytics is also connected to Google AdWords for marketing purposes. This means we record conversions and may run remarketing campaigns based on your website usage using Google Analytics and AdWords.
An example of a remarketing campaign run through AdWords could be: You visit our document control course page and leave the website because you want to eat dinner, so Google AdWords shows you an ad for our course on a different website.
The retention period for user identifiers in Google Analytics (including cookies and advertising IDs) is 26 months after the last visit you made to our site.
What happens when you voluntarily give us more personal information?
You can give us personal information by signing up for the newsletter, contacting us through a form, or apply for a job.
How we store and use your information depends on which of those reasons you have for giving us your personal data.
Here’s an overview of the different scenarios:
Signing up to our newsletter
When you sign up for the newsletter through a sign up form embedded on our website you will receive emails from us (sent through MailChimp). You can unsubscribe at any time by clicking the unsubscribe link added to the bottom of every newsletter.
Contacting us through a contact form on our site
When you contact us trough a contact form on our website your message and contact details (name, email, reason for contact an message) are automatically forwarded via email from WordPress (our website CMS) to the managers of Evidens. The email is stored until no longer relevant for your conveniences, and one of the managers of Evidens will follow up with you on your message as soon as possible.
Please do not send sensitive information by email as normal email is not encrypted.
Signing up for a course
When you sign up for a course, you provide the following information:
- Which course you’re interested in
- Which date you want to attend the course
- Name of the course attendant
- Organizational number
- Billing information
- Postal code
Once you’ve filled out that information, you’ve successfully registered your interest in attending one of our courses, and can expect to hear from us. When you submit, your information is forwarded automatically via email to the managers of Evidens, just like it would if you contacted us by filling out a contact form.
We keep a record of your course interest for your convenience unless you state otherwise as we often have course attendants attend more than one course. We may contact you regarding additional courses if you are interested.
Applying for a job
When you apply for a job through our website, you provide the following information:
- First name
- Last name
- Phone number
- Post code
- Additional files (CV, etc.)
- Your message / application
Once you’ve filled out that information, you’ve successfully submitted your application, and can expect to hear from us. When you submit, your information is forwarded automatically via email to the managers of Evidens, just like it would if you contacted us by filling out a contact form.
We keep a record of your application as we often have new carrier opportunities that become available, and we notify applicants who may be a good fit.
How to request deletion of your personal information
If you want us to delete, edit or add to your personal information, you can simply reach out to us, and we’ll get back to you. If you want to receive a copy off the information we’ve stored about you, we’ll give you this to if you ask for it. There is one case where we can’t delete your information. If you attend a course or become a customer, as we have to store a record of your purchase for up to 15 years due to tax rules in Norway. We therefore can’t delete the record of your purchase before 15 years have passed. If you want us to delete or update your resume, other provided personal data provided through contact forms or have all data in MailChimp deleted or sent to you, we’ll get that done fast. All you have to do is reach out and ask, and we’ll get back to you within 30 days.
How to request changes changes to your personal information
If you want to change the personal information we have received from you, all you have to do is reach out. If you want us to change the email that’s subscribed to our newsletter, we’ll happily do this for you if you reach out.
Consent by use
What do we do to keep your personal data safe?
All our software suppliers are reputable suppliers that take the safekeeping of personal and non personal data very seriously, just like we do. To protect your personal data we protect our devices, avoid open networks, use safe storage solutions and follow good password practices. We also protect our facilities and personnel, and keep our technology stack (website and plugins) up to date. We are using service providers solely for assuring the safety of our devices and software.
We also perform regular risk assessments where we review available technology, needs and regulations. This is in effort to assure that we always take the necessary security steps, to avoid things like personal data getting into the wrong hands. Addit Vest AS deliver IT and security services for us to assure your data is safe and we have an data processor agreement with them that ensures they don’t misuse or share your personal or non personal data.
If something happens: 1. a safety breach or 2. deviation from procedures, we 1. alert Norwegian authorities digitally within 72 hours, and 2. immediately alert Norwegian authorities digitally. If we don’t have the full picture of the situation we’ll give authorities an overview of the deviation piece by piece. We also document this work.
If a high risk safety breach occurs, we’ll alert you as soon as possible, where we explain as simply as possible:
- What happened
- Who you can contact about it
- Possible consequences of the breach
- Description of steps towards stopping the breach and limiting the consequences
We may not alert you if:
- Steps for protection against the security breach are already taken, especially if the steps render the data legible (encryption, etc.)
- If steps making the threat non-likely are taken
- If we would have a hard time reaching all touched by the breach. In those cases we’d publish warnings, send emails, etc. hoping to reach all those affected by the breach
How do you contact us for deletion/editing requests?
If you want to request changes to your contact information or edits, reach out to firstname.lastname@example.org and we’ll get back to you and comply with your request or give you a reason why we can’t within 30 days. We’ll store records of requests until a Norwegian government representative tells us we can delete them.
Other personal data processing initiatives
Evidens uses email as part of the daily work and dialoge with internal and external contacts. The general manager is responsible for processing of personal data in this setting. All Evidens employees go through their inbox and delete unnecessary content at least yearly starting May 25th. If an employee quits, relevant emails are transferred to colleagues. Do not send any sensitive data over email as email is not encrypted. Sometimes employees talk on the phone as well, and store contact details on their phone. They have a history of texts and phone calls available, and follow the same procedures we have set up for email for phone calls and texts (at least yearly).
Information about employees
Evidens processes employee personal data to administer salary and personell. Necessary data for processing of salaries, and reporting to the government is stored. Other data is tied to job function and facilitating work. Data is collected from the employees and are only shared when the law requires it (mainly salary and tax reporting) or if the employee willingly has agreed to having their details sent to potential clients (new opportunities).
Deletion of said data is done based on applicable Norwegian laws. Information such as name, position and responsibilities are considered official information, and may be published on Evidens’ website.
All existing and future employees have a personell file in our archives, where job applications are stored.
Sensitive and non sensitive data from third party companies
A part of our business is based around keeping sensitive data safe for other companies. Security measures required by law and additional security measures not mentioned here for the purpose of maintaining data security. We only store and process personal data from in accordance with instructions within applicable laws and according to instructions from third party companies (clients).
Please use the contact information below for inquiries related to personal data:
Tel: +47 51 67 18 88