Privacy Policy
We are committed to protecting your personal data and strive to be fully responsible and transparent regarding the collection and use of information on our website. Below, we present our Privacy Policy and Cookie Statement (hereinafter referred to as the "Statements"), where you will find our rules and principles for the protection of personal data.
These guidelines apply when you visit the website of LHM Gruppen (hereinafter – the “Company”), register for meetings or interviews, submit an inquiry or job application, and when the Company sends out newsletters. We process personal data in accordance with the European Union General Data Protection Regulation 2016/679, the Personal Data Act and the instructions of the supervisory authorities.
If you have any questions about our Statements, please contact us at the following email address: marketing@lhmgruppen.no
PRIVACY POLICY AND COOKIE STATEMENT
The company's processing of personal data
To ensure transparency and responsible handling of personal data, we guarantee that the Company processes personal data for the following purposes:
Direct marketing, including newsletters and feedback forms;
What personal data is collected?
The Company collects and processes the following categories of personal data:
- Basic information necessary for direct marketing: first name, last name, address, and contact details;
- Necessary information for the sale of products: order details and information required for inquiries about production or invoice issuance, etc.;
- Additional information collected with your consent; the purpose of the collection will be described in detail. This information will also be processed in accordance with the standards outlined in the Statement.
What is the legal basis for collecting your personal data?
The Company may only collect your personal data in accordance with the legal basis of entering into and fulfilling a contract, either when you personally enter into a sales contract with the Company, or if you request information about a potential agreement. The Company may also process information as part of legitimate customer communication, such as sending feedback forms, newsletters, and new information about products and services. Under another legal basis, the Company may process your personal data with your consent, so that the Company can offer direct marketing through individual offers or conduct individual customer analyses. The Company may also process your personal data in connection with legal obligations, such as complying with legal requirements, responding to legitimate inquiries from governmental or local authorities, or other legal grounds for legal processing.
Cookies
The information collected through cookies enables us to provide you with a user-friendly website and attractive offers, while also giving us valuable insights into the behavior of visitors on our website, allowing us to analyze trends and improve the website, our customer service, and the Company’s services.
We also use cookies to record whether you have accepted the use of cookies on the Company’s website, so that you don't need to answer this question each time you visit the site.
The Company’s employees have access to visitor statistics on the Company’s website and are responsible for data analysis and improving the site. The Company’s official representatives, as listed on our website, are responsible for our production, sales, and development, in addition to providing content management tools for the website.
Visit www.allaboutcookies.org, or use the help function in your browser to learn more about cookies and how to manage or remove them.
How do I manage my cookies?
On the Company’s website, you can choose whether or not to use cookies. You can manage and/or delete cookies according to your preferences. In your browser settings (Internet Explorer, Safari, Firefox, Chrome, etc.), you can select which cookies you want to accept or reject. You can delete all cookies already on your computer, and in most browsers, you can choose not to allow cookies to be stored. The location of these settings depends on the browser you are using.
In most browsers, you can do the following:
- check which cookies are stored and delete individual cookies;
- block cookies from third parties;
- block cookies from specific websites;
- block all cookie storage;
- delete all cookies when the browser is closed.
If you do not consent to storing cookies on your computer or another device, you can withdraw your consent at any time by changing the settings and deleting the stored cookies. If you choose to delete cookies, please note that this will erase all settings you have previously selected. Additionally, many websites (including the LHM Group website) may not function properly when cookies are completely blocked. For this reason, we do not recommend disabling cookies when using the Company’s website.
Visit www.allaboutcookies.org, or use the help function in your browser to learn more about cookies and how to manage or remove them.
PERSONAL DATA SECURITY
Your personal data is processed in a responsible and secure manner, in accordance with the Personal Data Protection Act, EU regulations (GDPR), and other applicable laws (if any). In connection with the processing of data, and when we use tools for personal data processing, we implement appropriate legal, technical, and organizational protective measures to safeguard your personal data from unauthorized processing.
The Company’s employees and official representatives, as listed on our website, do not allow third parties to disclose or transmit information about the Company’s customers, including visitors to the Company’s website, in the workplace.
In connection with the processing of personal data, security measures are determined based on the potential risks that may arise.
YOUR RIGHTS AND OTHER IMPORTANT INFORMATION
You have the right to:
- Receive information about your personal data processed by LHM Group, including where and how the personal data was collected and how the Company processes it;
- Correct or update the information in your personal data; and/or terminate the processing of such data if you are aware that the information is incorrect, incomplete, or inaccurate;
- Delete personal data or terminate the processing of such personal data if you are aware that personal data was accessed unlawfully or fraudulently, or if excessive personal data is being processed, or if there has been any other breach of relevant laws and regulations related to the processing of personal data.
- Receive a copy of the personal data the Company has stored, in a machine-readable format, and either forward this information to another data controller or request the Company to transfer such data directly to another controller, when technically feasible (the right to data portability).
If you have any questions or complaints regarding your rights related to our use of your personal data, you can contact marketing@lhmgruppen.noWe will always try to resolve such issues quickly and directly; however, you can also contact the Data Protection Authority (Datatilsynet) if you are not satisfied with our response.
How will I be informed about changes to this statement?
When we update this Privacy and Cookie Statement from LHM Group, we will post a notice on the website. www.lhmgruppen.no to inform you about significant changes.
Rules for processing Personal data
Basic terms
1.1. The Company – LHM Gruppen AS, owner of the LHM Gruppen brand, established in accordance with Norwegian law, with an office at Fossvegen 5, 2634 Fåvang in Ringebu municipality, organization number 918 659 552, with data registered and stored in the Register of Legal Entities.
1.2. The Data subject – a natural person whose personal data is processed by the Company.
1.3. Personal Data – any information related to a natural person – the data subject.
1.4. Processing of Personal Data – any action related to the use of personal data: collection, registration, storage, classification, grouping, compilation, modification (addition or change), distribution, publication, use, logical and/or arithmetic operations, search, transmission, deletion, or any other action or combination of actions.
1.5. Automated processing – actions, fully or partially carried out in an automated manner.
1.6. Employee – the person who has entered into an employment agreement or equivalent agreement with the Company, and who has been designated by the Company's management to be responsible for the processing of personal data.
1.7. Official representative – a business entity or an individual, specified on www.lhmgruppen.no, who is designated by the Company to represent the Company’s sales and product development interests.
1.8. Management – a legal or natural person authorized by the Company to process personal data. The manager(s) (if any) must be registered with the appropriate authorities.
1.9. Data recipient – the legal or natural person who receives personal data. The data recipient(s) (if any) must be registered with the appropriate authorities.
1.10. Cookies – small text files sent to the device of anyone who visits the website; these text files are linked to the website and temporarily stored on the device. During a person’s next visit to the website, the browser will read the cookies and transfer information back to the website. The information collected by the website through cookies helps to customize the website's content according to the visitor’s interests, by assisting in identifying visitors to the website and storing the history of the visit.
General provisions
2.1. This document regulates the actions of the Company and its employees, official representatives in relation to the processing of personal data, and the Company’s use of automated processing of personal data. It also defines the rights of the data subject, risk factors related to the protection of personal data, protective measures for personal data, and other matters related to the processing of personal data.
2.2. Personal data must be accurate, relevant, and only collected and processed if necessary for the Company’s requirements for processing personal data. All personal data necessary for the processing of personal data is continuously updated.
2.3. The purpose of processing personal data – direct marketing and other lawful purposes, defined prior to the collection of data.
2.4. The Company processes, for the purposes described in paragraph 2.3 of the Rules, the following personal data about the data subject:
(a) name;
(b) surname;
(c) email;
(d) phone;
(e) residential address.
2.5. The processing of personal data is regulated by the Personal Data Protection Act and relevant laws and regulations concerning the processing and protection of personal data, in addition to these Rules.
Processing of Personal Data
3.1. The Company processes personal data for the following purposes:
direct marketing, including newsletters and feedback forms;
intern administrasjon.
3.2. The Company collects and processes the following categories of personal data:
(a) the basic information necessary for the purposes described above: first name, last name, and contact information;
(b) information necessary in connection with the sale of goods: order details, invoices, payment information, etc.;
(c) other information, as described in detail when requested, and which is only collected with your consent.
3.3. Personal data is processed manually and without automation, using the Company's systems for processing personal data.
3.4. Only employees, official representatives, and managers are authorized to process personal data. All employees/official representatives/managers assigned to process personal data must keep the information confidential and act in accordance with the legal requirements for the protection of personal data.
3.5. An employee/official representative/manager must:
(a) maintain the confidentiality of personal data;
(b) process personal data in accordance with the Personal Data Protection Act and related regulations;
(c) not disclose, transfer, or make personal data available in any way to any person who is not authorized to process it;
(d) immediately notify the company’s manager, or the person designated by the company’s manager, of any suspicious situation that may jeopardize the security of personal data.
3.6. Employees/official representatives who process personal data automatically or have access to the local network where personal data is stored must use passwords. Passwords must be changed regularly, as well as under certain circumstances (e.g., when an employee terminates their employment or if it is possible that the password has been disclosed to third parties, etc.). An employee/official representative is only allowed to know their own password.
3.7. The person responsible for maintaining data equipment must ensure that files containing personal data are not "shared" from other computers and that antivirus programs are regularly updated.
3.8. The protection of personal data is organized, guaranteed, and carried out by the Company’s management, or an employee designated by them.
3.9. An employee no longer has the right to process personal data when their employment contract with the Company expires, or when the Company
3.10. An official representative no longer has the right to process personal data when the cooperation agreement with the Company is terminated, or if the Company’s manager withdraws the official representative’s right to process personal data.
3.11. The company manager loses the right to process personal data when their contract with the Company is terminated.
Information on the Company's website (www.lhmgruppen.no):
(a) By managing the website and diagnosing issues on LHM Gruppen's server, we may use the IP addresses of visitors' devices. An IP address – a unique network code – identifies a computer. It can be used to track a visitor and collect various demographic information.
(b) By using cookies, we collect information about the use of the service. Information about cookies, types of cookies, and their usage is provided in the fifth paragraph of the Rules (see below).
(c) You submit information by sending contact forms, warranty services, job applications, and requests for a meeting or call through LHM Gruppen's website. We collect the basic information necessary to identify the user that you have provided, such as name, surname, email, residential address, etc.
Use of Cookies:
(a) Technical Cookies: Ensure the functionality of the website by creating a user account and logging in to manage the registered user's orders. These technical cookies are necessary for the website to function properly.
(b) Functional Cookies: Help remember the preferences of the registered user and enable efficient use of the website. For example, these cookies will remember information such as your preferred language, login details, searches, and previously visited products. These functional cookies are not essential, but they add functionality and enhance the registered user's experience on the website.
(c) Analytical Cookies: Provide insights into how visitors use the website, allowing this information to be used to optimize and improve the website, as well as to select the most effective ways to market and communicate.
(d) Commercial Cookies: Cookies from the company and third parties are created to display personalized marketing on our own website and other websites, based on online actions, such as products viewed or searched for by the registered user.
(e) The tool "Google Analytics" is provided by the American company "Google Inc.," which also has access to the statistics collected with the tool. "Google Inc." is committed to using the EU-US privacy agreement, ensuring that the service provider adheres to the EU's privacy standards. This provider is also subject to contractual obligations regarding privacy. You can read about this here..
Handling of the data subject's rights
6.1. By submitting a personal identification document to the Company, the data subject has the right to receive information about the sources of the data and details regarding the collected personal data, such as how it is processed and made available. The data subject can submit a written request via either letter or email for the Company to provide access to personal data.
6.2. Upon receiving a request from the data subject regarding the processing of their personal data, the Company is responsible for sending the requested information to the data subject within 30 calendar days from the date of the request. Upon the data subject's request, such information shall be made available via the postal address or email address.
6.3. As the data subject, you can request the correction or deletion of personal data, or ask to cease the processing of your personal data, by sending a written request to the Company via letter or email. Upon receiving such a request, the Company will immediately verify the personal data and will promptly correct any incorrect, incomplete, or inaccurate personal data according to the data subject's wishes.
6.4. The Company will immediately inform the data subject about the correction, deletion, or removal of personal data in accordance with the request.
6.5. The Company also ensures all other rights, guarantees, and interests of the data subject, as guaranteed by the Personal Data Protection Act and other relevant legal provisions (if any).
Transfer of Personal Data
7.1. Personal data may only be made available to data providers when the Company has signed the relevant agreements for the transfer/sharing of personal data; the security measures should ensure adequate protection of the personal data being transferred. Personal data may also be transferred to third parties in other cases, as described in the Personal Data Protection Act and other relevant legal provisions (if any).
7.2. The Company does not use or disclose any sensitive personal data, such as health information, ethnicity, religious beliefs, or political opinions, without explicit consent from the data subject, unless it is necessary or permitted by law.
7.3. Personal data may also be transferred to third parties in other cases, as described in the Personal Data Protection Act and other relevant legal provisions (if any).
Risk factors for the protection of Personal Data
8.1. Data Security Breach – An act or omission that may result in unwanted outcomes, as well as a violation of mandatory requirements under laws regulating data security. The protection of personal data, the severity of the damage caused by the breach, or the consequences in each specific case shall be assessed by a team appointed by the Company’s manager or a designated representative.
8.2. Risk Factors for the Protection of Personal Data:
(a) Unintentional Incidents: These are breaches of personal data security caused by accidental factors, such as errors in data processing, data storage, or data deletion, incorrect distribution (addresses) during data transmission, system outages caused by power failures, computer viruses, violations of internal procedures, lack of system maintenance, software testing, insufficient maintenance of data transmission, inadequate line capacity and protection, network integration of computers, protection of software programs, lack of fax equipment, etc. These incidents may occur due to human error, technical failures, or lapses in security protocols.
(b) Intentional Breaches of Personal Data Security: These involve deliberate actions that compromise personal data security, such as unauthorized intrusions into the company's or official representatives' premises, storage media containing personal data, information systems, or computer networks. It also includes malicious access to personal data, intentional spreading of computer viruses, theft of personal data, illegal use of another employee's access credentials, etc. These incidents are typically caused by individuals with malicious intent or external attackers targeting the system for unauthorized access to sensitive information.
(c) Unexpected Accidental Events: These include natural disasters or unforeseen events such as lightning, thunderstorms, fires, floods, extreme weather, electrical issues, temperature and humidity changes, exposure to dust, dirt, and magnetic fields, accidental technical failures, and other unavoidable and/or uncontrollable factors. These events can cause significant disruptions or damage to the systems that store and process personal data, leading to potential data breaches or loss of information.
Implementing measures for the protection of Personal Data
9.1. To ensure the protection of personal data, the Company implements – or intends to implement – the following measures for the protection of personal data:
(a) administrative (arranging secure documents, data records, and related archives, as well as organizing work within different areas of activity, introducing personal data security to employees, in the workplace, after termination of employment or similar situations, etc.);
(b) technical security and software security (management of servers, information systems, and databases, maintenance of workstations, maintenance of the Company's premises, protection of operational systems, protection against viruses, etc.);
(c) communication and data networks (firewalls, data sharing, programs, unwanted data packets, etc.);
9.2. Technical tools and software tools for the protection of personal data must ensure the following:
(a) installation of operating systems and database copies, techniques for duplication and compliance checks;
(b) technology for continuous processing;
(c) a strategy for system updates in case of unexpected events (handling of surprises);
(d) physical (logical) separation of the program testing environment from operational processes;
(e) authorized use of data, and maintenance of data integrity.
9.3. All employees/official representatives who are authorized to process personal data or facilitate and enforce their protection must strictly adhere to the requirements of the measures for the protection of personal data and the associated rules, instructions, or procedures established by the Company.
Terms for the processing of personal data
10.1. For the purpose of scheduling a meeting or conversation – first name, last name, email address, phone number, and home address. These personal data are processed with your consent and stored for 10 (ten) years after your last visit to our website, for marketing and quality assurance purposes.
10.2. For the purpose of entering into and fulfilling the contract – first name, last name, email address, phone number, delivery address, payment details for the product/service (bank account number, payment method, etc.), purchase history (purchased items, price, etc.), and other information related to the conclusion and delivery of the contract or offer. These personal data are processed based on the necessity of fulfilling the contract entered into with you, or to ensure the efficiency of the process and high-quality customer service for potential contracts, and are stored for 10 (ten) years from the date of your last purchase and/or from the date of your last inquiry regarding entering into a potential contract.
10.3. For the purpose of providing warranty services – first name, last name, email address, phone number, home address, purchase history (purchased items, order number, etc.), and other information related to the identification of the subject for warranty service. These personal data are processed based on the necessity of fulfilling the contract entered into with you, and are stored for 10 (ten) years from the date of the completed contract.
10.4. For the purpose of creating a network of official representatives – first name, last name, email address, phone number, street address. These personal data are processed based on your consent and are stored for 10 (ten) years after your application has been completed and submitted to us.
10.5. When personal data no longer needs to be processed, they will be deleted, except for those that, as required by law, must be transferred to governmental archives.
10.6. Information for direct and indirect marketing campaigns is stored by the Company only as long as necessary for the intended purpose of data processing, legislation, or the data subject. In the event of a request from the data subject, the Company will delete all information related to the data subject that is not required to be retained according to legal requirements.
Responsibility
11.1. The employee/official representative who violates the Personal Data Protection Act, other laws regulating the processing and protection of personal data, or these rules, is responsible for the consequences provided by law.
Final provisions
12.1. Compliance with the rules, and if necessary, revisions, shall be approved by the company's manager or their designated person.
12.2. Responsible employees/official representatives confirm the rules by signing.
LHG Gruppen – November, 2022