Privacy Notice

Last updated on 01 October 2022

  1. About this Privacy Notice
  2. Why we use your personal data
  3. Personal data we collect about you
  4. Sharing your personal data
  5. Data retention
  6. Your Rights
  7. Keeping your personal data safe
  8. How to contact us

1. About this Privacy Notice
We at Stiftelsen Laerdal Foundation believe that everyone should enjoy a high level of privacy and data
protection. That is why we want to outline how we process and protect your personal data.
StiftelsenLaerdal Foundation is a registered foundation under the Norwegian law with the organization
number 940 076 722 and address Tanke Svilands gate 30, 4007 Stavanger, Norway (hereinafter
Laerdal Foundation”, “we”, “us”). This privacy notice applies to all Laerdal Foundation websites,
application portal, grant applications, all grant related activities, and other services (“Laerdal
Foundation Service
”, “Services”) when Laerdal Foundation is acting as a controller of your personal
data. For the avoidance of doubt, this privacy notice does not apply to the extent we process personal
data in the role of a processor on behalf of our other parties. Interacting with our Services could mean
that you will share personal data with us and the following paragraphs, amongst other things, explain:

  • How do we collect, use, protect and process your personal data.
  • Who we may share your data with and under what conditions.
  • What are your rights in respect to your personal data.

We have tried to explain this in a plain and easy to understand language. Should you have any
questions, please feel free to contact us at privacy@laerdal.com or by sending a mail to P.O. Box 556,
Sentrum, 4003 Stavanger, Norway. We may occasionally make changes to this notice. All updates will
be posted on this website. When we post such updates, we will revise the “last updated” date at the
top of this notice. We encourage you to periodically review this Privacy Notice to stay informed about
how Laerdal Foundation is processing and protecting your personal data.

2. Why we use your personal data
The table below outlines a) our purposes for processing your personal data; b) our legal basis under
data privacy laws for processing personal data for each purpose; c) categories of personal data which
we use for each purpose.

We collect your information for the following purposes:

Processing Purpose Legal BasisCategories of Personal Data
Review and evaluation of grant applications (Grant Award Procedure) – We need to process your personal data in order to review and evaluate your application, decide whether your grant application is selected for funding and manage the grant award process.
  • Performance of a Contract

  • Legitimate Interest (to evaluate applications, make informed decision on grant winners and inform you about the outcome of the grant application process)
  • User Data

  • Contact Data

  • Application Data

  • Technical Data
  • Support – When sending enquiries to us, we need your contact details such as email and name to communicate with you.
  • Performance of a Contract

  • Legitimate Interest (to respond to any questions that you might have in respect to our Services)
  • User Data

  • Contact Data

  • Technical Data
  • Contract execution and grant implementation – We need your personal data to enter into contract with you or your organization, perform the contract and implement the grant.
  • Performance of a Contract

  • Compliance with Legal Obligations

  • Legitimate Interest (to enter into a contract with your organization that will enable distribution of grant funds)
  • User Data

  • Contact Data

  • Application Data
  • Troubleshooting and Issue Fixing – To identify, understand, diagnose, troubleshoot, and fix issues with Laerdal Foundation Service.
  • Performance of a Contract

  • Legitimate Interest (to enable uninterrupted operation of Services and fix any issues with Services)
  • User Data

  • Contact Data

  • Technical Data
  • Publication of Previous Grant Winners – We will publish on our website the names of previous grant winners.
  • Consent

  • Legitimate Interest (to ensure transparency in the outcome of the grant application process)
  • User Data
  • Security and Prevention of Abuse – In order to ensure a high level of security in all of our Services and prevent abuse and fraud in use of Services we might process some personal data.
  • Performance of a Contract

  • Legitimate Interest (to achieve a high level of security, prevent abuse and fraud in use of our services, and protect our rights and rights of third parties)
  • User Data

  • Technical Data
  • Compliance with Legal Obligations – We process personal data in order to meet statutory legal obligations such as complying with applicable bookkeeping laws, tax laws, data protection laws, etc.
  • Compliance with Legal Obligations
  • User Data

  • Contact Data

  • Application Data

  • Technical Data
  • To establish, exercise, or defend legal claims – We might process your personal data when necessary for establishment, exercise or defence of legal claims whether in court proceedings or in an administrative or out-of-court procedure.
  • Compliance with a Legal Obligation

  • Legitimate Interest (to establish, exercise and defend legal claims and/or rights)
  • User Data

  • Contact Data

  • Application Data

  • Technical Data
  • To generate reports for statistical and analytics purposes – we might pseudonymize and aggregate your personal data to prepare and furnish reports for statistical and analytics purposes.
  • Legitimate Interest (to generate reports that will help with making informed decision pertaining to future Laerdal Foundation activities)
  • User Data

  • Contact Data

  • Application Data
  • Marketing and Advertising – When we disseminate marketing communication that might be of interest to you.
  • Legitimate Interest (to spread awareness of Laerdal Foundation mission and achieve higher familiarity with our activities)

  • Consent
  • User Data

  • Contact Data
  • User and Applicant Survey and Research – We need to process some of your personal data when conducting surveys and research activities.
  • Legitimate Interest (to study how the application process can be improved)

  • Consent
  • User Data

  • Contact Data
  • 3. Personal data we collect about you
    This table outlines the categories of personal data we collect about you in your use of Laerdal
    Foundation Service or from third parties.

    User Data – Users, applicants and grant recipients whose data is necessary to enter into the agreement
    and provide Laerdal Foundation Service. This data can include name, title, email address, organization
    name, organization number signature, VAT number, phone number, postal address, country, bank
    account details, bank account holder name, bank account references.

    Contact Data – This includes personal data of the grant applicants, grant recipients and other relevant
    parties that engage in contact with us. We collect this information in order to contact you in relation
    to updates, support matters as well as marketing and newsletter related communication. This data can
    include name, email address, organization name, phone number and newsletter preferences.

    Application Data – This includes information that is necessary to review and evaluate your application.
    This data might belong to you or to other people whose personal data is disclosed in the application.
    The data points include but are not limited to expertise, technical skills, languages, educational
    background, professional experience including details on current and past employment, projects
    involved and motivation.

    Technical Data – Technical data includes online identifiers such as IP address, device ID, network
    connection type, browser type and language, operating system and log data.

    We understand that applicants and other individuals might, on their own discretion, share personal
    data that is not required for the participation in the grant procedure. Such unsolicited personal data is
    not purposefully collected and processed by Laerdal Foundation and we will refrain from their use and
    we will aim to delete all personal data that is not necessary for fulfilling the above identified purposes.

    Laerdal Foundation Service is not intended for children or people under the age of eighteen and we do
    not knowingly collect their personal data. If you are under the age of eighteen, please do not use the
    Laerdal Foundation Service, and do not provide any personal data to us.

    4. Sharing your personal data
    This section clarifies in what instances we may share personal data with third parties that is collected
    through the use of Laerdal Foundation Service.

    Category of Recipients Reason for Sharing
    Service providersWe need to rely on service providers in order to provide Laerdal Foundation Service. Those services could be related to the operation of the technical infrastructure and application portal, protection and securing of our systems and services.
    Financial InstitutionsWe will share some of your personal data with financial institutions such as banks in order to distribute the grant funds.
    Members of Laerdal Group of CompaniesWe might share the data with our group of companies in order to provide Laerdal Foundation Service to you.
    Law enforcement and other authoritiesWe might share in case we believe in good faith it’s necessary for us to do so in order to comply with a legal obligation or respond to a valid legal process.
    PublicWe might share data that includes the name of the grant recipient, country and project name. This will only happen in case that you consent to the sharing of your personal data or if it is deemed that a legitimate interest of Laerdal Foundation and/or 3rd parties for such sharing exists.

    We may share your personal data with recipients outside the European Economic Area (“EEA”) or with
    a recipient in a country other than your country. In those instances, we will ensure that we comply
    with applicable legal requirements when transferring your personal data. This means that we will
    transfer your personal data in accordance with adequacy decisions (please see the list of countries for
    which the European Commission has issued an adequacy decision) or in the absence of such a decision
    we will rely on the European Commission’s approved 2021 Standard Contractual Clauses or their
    equivalent under the applicable law and/or other applicable transfer mechanisms.

    5. Data retention
    We will store your personal data only as long as it is necessary to deliver the Laerdal Foundation Service
    and fulfill other legitimate purposes listed in the section “Why we use your personal data”. Once the
    processing purpose is exhausted, we will delete or anonymize your personal data as soon as possible.
    For example, in case that we don’t have a legitimate purpose for holding personal data, we will delete
    or anonymize personal data of unsuccessful applicants 30 days after the announcement of the grant
    winners.

    6. Your Rights
    Privacy laws such as General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act
    (“CCPA”), give a number of rights to individuals in relation to their personal data. The following are the
    rights that any individual whose personal data are processed for the purposes stated above can
    exercise:

    • Right of Access – You have the right to ask us if we have your personal data. In case we do have
      your personal data, you have the right to request us to hand over the copies of your personal
      data.
    • Right to Rectification – You have the right to request that we rectify your personal data when
      the data is inaccurate or incomplete.
    • Right to Erasure – You have the right to request that we delete your personal data under
      certain circumstances.
    • Right to Restriction of Processing – You have the right to request that we stop the processing
      of your personal data under certain circumstances.
    • Right to Data Portability – You have the right to request that we transfer your personal data in
      electronic format to another organization or you.
    • Right to Object to Processing – You have the right to object to the processing of your personal
      data at any time. Please note that this right does not apply if we can demonstrate strong and
      legitimate reasons to continue using your data.
    • Right to Withdraw Consent – You have the right to withdraw your consent to processing of
      personal data at any time whenever our processing is based on your consent.
    • Right to prevent your information from being sold – You have the right to state that you do
      not want your personal data to be sold to anyone.
    • Right to obtain a copy of personal data safeguards used for transfers outside your jurisdiction – You have the right to request copy of appropriate safeguards that serve as a transfer
      mechanism for GDPR covered transfers.
    • Right to Complaint – You have the right to send a complaint to the relevant supervisory
      authority if you are not satisfied with the way we handle your personal data.
    • Right not to be subject to automated decision-making – You have the right not to be subject
      to a decision based solely on automated processing.


    We may ask you for additional information to confirm your identity and for security purposes, before
    disclosing any personal data requested by you. Please note that this list may not be exhaustive. This
    means that you may have additional rights in accordance with your local laws. If you would like to learn
    how to exercise your rights or inquire about our privacy practices, please go to the “How to Contact
    Us
    ” section.

    7. Keeping your personal data safe
    We are committed to ensuring a high level of your personal data protection. That’s why we have
    implemented organizational and technical measures that will help protect your personal data. We have
    also implemented a framework for continuous improvement of security and privacy. Some of the
    measures implemented are access controls, encryption, internal policies and processes for handling
    data, training and awareness, incident response process, supplier due diligence for security and
    privacy, risk assessments, business continuity plans. Everyone that is involved in evaluating your
    application or handling your data in any capacity is bound by the duty of confidentiality. We also
    regularly review, test, improve, expand and implement new controls that ensure that your personal
    data stays safe and secure. Our Information Security Management System in certified under the ISO
    27001 standard and our information security practices are audited annually by internal and external
    auditors. The ISO 27001 certification requires us to have appropriate physical, electronic and
    managerial protection measures in place to prevent unauthorized access, erasure, loss, use, processing
    or disclosure of your personal data. We have implemented frameworks for continuous improvement
    of security, privacy and data protection, and we will continue to review and update our security
    measures where appropriate, as new technology becomes available.

    8. How to contact us
    You may contact us in a number of ways listed below in connection with your personal data:

    1. If you have any questions about this Privacy Notice or our privacy practices or you would like
      to complain about our handling of your personal information, you can contact our data
      protection team by (a)sending an email at privacy@laerdal.com or (b) by post using the details
      set out below:
      Stiftelsen Laerdal Foundation
      For the attention of the Data Protection Manager
      Postal: P.O. Box 556, Sentrum, 4003 Stavanger, Norway
    2. You may choose to Exercise Your Rights as set out in Section 6 specific to your jurisdiction by (a) filling in the form here, (b) by emailing us at privacy@laerdal.com or (c) by writing to us at the address set out in the paragraph above.




    Privacy Policy