Skip to content Skip to footer

Data Protection and Security Policy of Magnora ASA

Effective Date: 1 October 2024

Company Information:

  • Company Name: Magnora ASA
  • Company Address: Karenslyst Allè 6, Oslo, Norway, 0278
  • Contact Email: contact@magnoraasa.com
  • Data Protection Officer (DPO): [Insert DPO Contact Information]

1. Introduction

Magnora ASA (“we,” “our,” or “us”) is committed to ensuring the security and protection of personal data that we process. This Data Protection and Security Policy outlines how we manage personal data in compliance with the EU General Data Protection Regulation (GDPR) and other relevant data protection laws.

2. Scope

This policy applies to all employees, contractors, and third-party service providers processing personal data on behalf of Magnora ASA.

3. Data Retention Policy

3.1 Purpose

We are committed to retaining personal data only for as long as necessary to fulfill the purposes for which it was collected, as required by law or to protect our legitimate interests.

3.2 Data Categories and Retention Periods

We define specific retention periods based on the type of data being processed:

  • Client Data: Retained for the duration of the contractual relationship and for up to [insert number of years] years thereafter to comply with legal obligations.
  • Employee Data: Retained for the length of employment and for [insert number of years] years following termination, in accordance with employment laws.
  • Marketing Data: Retained for as long as consent is valid or until consent is withdrawn.
  • Financial Records: Retained for [insert number of years] years in compliance with tax regulations.

3.3 Secure Data Disposal

Once data is no longer required or retention periods expire, it will be securely deleted or anonymized through the following methods:

  • Digital Data: Secure erasure using industry-standard methods.
  • Physical Data: Secure shredding of documents containing personal information.

4. Data Breach Notification Procedure

4.1 Purpose

In the event of a data breach, Magnora ASA is committed to ensuring that it is handled appropriately, with minimal risk to individuals and prompt communication with supervisory authorities.

4.2 Identifying a Data Breach

A data breach may include:

  • Unauthorized access to personal data.
  • Loss or theft of devices containing personal data.
  • Accidental disclosure of personal data to unauthorized parties.

4.3 Internal Reporting

  • All data breaches must be immediately reported to the Data Protection Officer (DPO) at [Insert DPO Contact Email].
  • The DPO will assess the breach and determine the severity and impact.

4.4 Notifying Authorities

  • If the breach is likely to result in a risk to the rights and freedoms of individuals, the supervisory authority will be notified within 72 hours of becoming aware of the breach.
  • The notification will include the nature of the breach, categories of data affected, approximate number of data subjects, potential consequences, and measures taken to address the breach.

4.5 Notifying Individuals

  • If the breach poses a high risk to affected individuals, we will notify them as soon as possible, providing details of the breach and guidance on how they can mitigate potential risks.

4.6 Documentation

  • All data breaches, whether reportable or not, will be documented and stored securely for internal review and auditing purposes.

5. Data Access Request Procedures (DSAR)

5.1 Purpose

Individuals have the right to request access to their personal data under GDPR. Magnora ASA ensures that data access requests are handled in a transparent and efficient manner.

5.2 How to Make a Request

  • Individuals can submit a Data Subject Access Request (DSAR) via:
    • Email: contact@magnoraasa.com
    • Postal Address: [Insert Postal Address]

The request must include sufficient information to verify the individual’s identity and describe the data they wish to access.

5.3 Response Time

  • We will respond to all valid DSARs within 30 days of receipt. If additional time is required due to complexity or volume of requests, we will inform the requestor of the delay and the reasons for it.

5.4 Data Portability and Rectification

  • Upon request, individuals have the right to receive a copy of their personal data in a structured, commonly used, and machine-readable format.
  • Individuals can also request corrections to any inaccurate or incomplete data we hold about them.

5.5 Right to Erasure (“Right to be Forgotten”)

  • Individuals may request the deletion of their personal data where it is no longer necessary for the purpose for which it was collected, or if they withdraw consent.
  • We will comply unless we have a legitimate reason to retain the data (e.g., legal obligations).

5.6 DSAR Form

We provide a Data Subject Access Request Form to facilitate these requests. The form is available [Insert Link to Form, if applicable].

6. Data Security Measures

6.1 Technical Measures

  • Encryption: Personal data is encrypted in transit and at rest.
  • Access Control: Only authorized personnel have access to personal data, with appropriate authentication mechanisms in place.
  • Backup and Recovery: Regular backups are performed to prevent data loss, with robust disaster recovery plans in place.

6.2 Organizational Measures

  • Employee Training: All employees receive regular training on data protection best practices and are aware of their responsibilities under GDPR.
  • Data Minimization: We collect and process only the data that is necessary for specific purposes, and access is restricted based on job roles.

6.3 Third-Party Compliance

  • We ensure that all third-party service providers processing personal data on our behalf comply with GDPR and implement appropriate data protection measures.

7. Monitoring and Review

This policy will be reviewed annually, or sooner if significant changes occur, to ensure ongoing compliance with data protection laws.

Contact Information

If you have any questions or concerns regarding this policy or how we handle your data, please contact us:

  • Email: contact@magnoraasa.com
  • Mailing Address: Magnora ASA, Karenslyst Allè 6, Oslo, Norway, 0278

Appendix: Data Subject Access Request Form

https://www.jaquar.com/Images/uploaded/Data_Subject_Access_Request_Form_Integrated_EN.pdf