Last updated on 01 October 2022
- About this Privacy Notice
- Why we use your personal data
- Personal data we collect about you
- Sharing your personal data
- Data retention
- Your Rights
- Keeping your personal data safe
- How to contact us
1. About this Privacy Notice
We at Stiftelsen Laerdal Foundation believe that everyone should enjoy a high level of privacy and data
protection. That is why we want to outline how we process and protect your personal data.
StiftelsenLaerdal Foundation is a registered foundation under the Norwegian law with the organization
number 940 076 722 and address Tanke Svilands gate 30, 4007 Stavanger, Norway (hereinafter
“Laerdal Foundation”, “we”, “us”). This privacy notice applies to all Laerdal Foundation websites,
application portal, grant applications, all grant related activities, and other services (“Laerdal
Foundation Service”, “Services”) when Laerdal Foundation is acting as a controller of your personal
data. For the avoidance of doubt, this privacy notice does not apply to the extent we process personal
data in the role of a processor on behalf of our other parties. Interacting with our Services could mean
that you will share personal data with us and the following paragraphs, amongst other things, explain:
- How do we collect, use, protect and process your personal data.
- Who we may share your data with and under what conditions.
- What are your rights in respect to your personal data.
We have tried to explain this in a plain and easy to understand language. Should you have any
questions, please feel free to contact us at firstname.lastname@example.org or by sending a mail to P.O. Box 556,
Sentrum, 4003 Stavanger, Norway. We may occasionally make changes to this notice. All updates will
be posted on this website. When we post such updates, we will revise the “last updated” date at the
top of this notice. We encourage you to periodically review this Privacy Notice to stay informed about
how Laerdal Foundation is processing and protecting your personal data.
2. Why we use your personal data
The table below outlines a) our purposes for processing your personal data; b) our legal basis under
data privacy laws for processing personal data for each purpose; c) categories of personal data which
we use for each purpose.
3. Personal data we collect about you
This table outlines the categories of personal data we collect about you in your use of Laerdal
Foundation Service or from third parties.
User Data – Users, applicants and grant recipients whose data is necessary to enter into the agreement
and provide Laerdal Foundation Service. This data can include name, title, email address, organization
name, organization number signature, VAT number, phone number, postal address, country, bank
account details, bank account holder name, bank account references.
Contact Data – This includes personal data of the grant applicants, grant recipients and other relevant
parties that engage in contact with us. We collect this information in order to contact you in relation
to updates, support matters as well as marketing and newsletter related communication. This data can
include name, email address, organization name, phone number and newsletter preferences.
Application Data – This includes information that is necessary to review and evaluate your application.
This data might belong to you or to other people whose personal data is disclosed in the application.
The data points include but are not limited to expertise, technical skills, languages, educational
background, professional experience including details on current and past employment, projects
involved and motivation.
Technical Data – Technical data includes online identifiers such as IP address, device ID, network
connection type, browser type and language, operating system and log data.
We understand that applicants and other individuals might, on their own discretion, share personal
data that is not required for the participation in the grant procedure. Such unsolicited personal data is
not purposefully collected and processed by Laerdal Foundation and we will refrain from their use and
we will aim to delete all personal data that is not necessary for fulfilling the above identified purposes.
Laerdal Foundation Service is not intended for children or people under the age of eighteen and we do
not knowingly collect their personal data. If you are under the age of eighteen, please do not use the
Laerdal Foundation Service, and do not provide any personal data to us.
4. Sharing your personal data
This section clarifies in what instances we may share personal data with third parties that is collected
through the use of Laerdal Foundation Service.
We may share your personal data with recipients outside the European Economic Area (“EEA”) or with
a recipient in a country other than your country. In those instances, we will ensure that we comply
with applicable legal requirements when transferring your personal data. This means that we will
transfer your personal data in accordance with adequacy decisions (please see the list of countries for
which the European Commission has issued an adequacy decision) or in the absence of such a decision
we will rely on the European Commission’s approved 2021 Standard Contractual Clauses or their
equivalent under the applicable law and/or other applicable transfer mechanisms.
5. Data retention
We will store your personal data only as long as it is necessary to deliver the Laerdal Foundation Service
and fulfill other legitimate purposes listed in the section “Why we use your personal data”. Once the
processing purpose is exhausted, we will delete or anonymize your personal data as soon as possible.
For example, in case that we don’t have a legitimate purpose for holding personal data, we will delete
or anonymize personal data of unsuccessful applicants 30 days after the announcement of the grant
6. Your Rights
Privacy laws such as General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act
(“CCPA”), give a number of rights to individuals in relation to their personal data. The following are the
rights that any individual whose personal data are processed for the purposes stated above can
- Right of Access – You have the right to ask us if we have your personal data. In case we do have
your personal data, you have the right to request us to hand over the copies of your personal
- Right to Rectification – You have the right to request that we rectify your personal data when
the data is inaccurate or incomplete.
- Right to Erasure – You have the right to request that we delete your personal data under
- Right to Restriction of Processing – You have the right to request that we stop the processing
of your personal data under certain circumstances.
- Right to Data Portability – You have the right to request that we transfer your personal data in
electronic format to another organization or you.
- Right to Object to Processing – You have the right to object to the processing of your personal
data at any time. Please note that this right does not apply if we can demonstrate strong and
legitimate reasons to continue using your data.
- Right to Withdraw Consent – You have the right to withdraw your consent to processing of
personal data at any time whenever our processing is based on your consent.
- Right to prevent your information from being sold – You have the right to state that you do
not want your personal data to be sold to anyone.
- Right to obtain a copy of personal data safeguards used for transfers outside your jurisdiction – You have the right to request copy of appropriate safeguards that serve as a transfer
mechanism for GDPR covered transfers.
- Right to Complaint – You have the right to send a complaint to the relevant supervisory
authority if you are not satisfied with the way we handle your personal data.
- Right not to be subject to automated decision-making – You have the right not to be subject
to a decision based solely on automated processing.
We may ask you for additional information to confirm your identity and for security purposes, before
disclosing any personal data requested by you. Please note that this list may not be exhaustive. This
means that you may have additional rights in accordance with your local laws. If you would like to learn
how to exercise your rights or inquire about our privacy practices, please go to the “How to Contact
7. Keeping your personal data safe
We are committed to ensuring a high level of your personal data protection. That’s why we have
implemented organizational and technical measures that will help protect your personal data. We have
also implemented a framework for continuous improvement of security and privacy. Some of the
measures implemented are access controls, encryption, internal policies and processes for handling
data, training and awareness, incident response process, supplier due diligence for security and
privacy, risk assessments, business continuity plans. Everyone that is involved in evaluating your
application or handling your data in any capacity is bound by the duty of confidentiality. We also
regularly review, test, improve, expand and implement new controls that ensure that your personal
data stays safe and secure. Our Information Security Management System in certified under the ISO
27001 standard and our information security practices are audited annually by internal and external
auditors. The ISO 27001 certification requires us to have appropriate physical, electronic and
managerial protection measures in place to prevent unauthorized access, erasure, loss, use, processing
or disclosure of your personal data. We have implemented frameworks for continuous improvement
of security, privacy and data protection, and we will continue to review and update our security
measures where appropriate, as new technology becomes available.
8. How to contact us
You may contact us in a number of ways listed below in connection with your personal data:
- If you have any questions about this Privacy Notice or our privacy practices or you would like
to complain about our handling of your personal information, you can contact our data
protection team by (a)sending an email at email@example.com or (b) by post using the details
set out below:
Stiftelsen Laerdal Foundation
For the attention of the Data Protection Manager
Postal: P.O. Box 556, Sentrum, 4003 Stavanger, Norway
- You may choose to Exercise Your Rights as set out in Section 6 specific to your jurisdiction by (a) filling in the form here, (b) by emailing us at firstname.lastname@example.org or (c) by writing to us at the address set out in the paragraph above.