Privacy Policy

Nordic Financial CERT protects your personal data and your privacy rights.

This privacy policy explains how Nordic Financial CERT (NFCERT) processes personal data, including how we collect, store, use, and share i

Our contact details are:
Address: P.O. Box 2644, 0253 Oslo
Email: post@nfcert.org

Organisation number: 919 221 852

1. What personal data we collect

We process personal data that you give us directly, for example when you contact us, attend our events, or visit our website.

In some cases, we also collect personal data about you from public sources, partners, and organisations connected to NFCERT through an agreement.

The personal data we mainly collect is:

  • name
  • contact details
  • job title or role
  • employer

We do not process special categories of personal data (sensitive personal data) unless the law allows it or you have given your consent.

2. How we use your personal data and the legal basis for doing so

We process your personal data based on legitimate interests, performance of a contract, legal obligations, and consent.

LEGITIMATE INTERESTS (GDPR Article 6(1)(f))

Our main purpose for processing personal data is to share our assessments and views with different groups in Norwegian society, including consumer authorities, national and international partners, decision-makers, and consumers. This also means that we process personal data about employees and other representatives of organisations connected to us. This processing is based on our legitimate interests.

Examples of our legitimate interests:

  • contact with decision-makers
  • dialogue with employees of NFCERT members, and employees of organisations that take part in NFCERT processes
  • managing membership in NFCERT
  • managing boards, committees, and working groups run by NFCERT
  • sending information
  • marketing webinars, meetings and conferences to employees of NFCERT members and other partners

PERFORMANCE OF A CONTRACT (GDPR Article 6(1)(b))

In addition to our legitimate interests, we also process personal data to perform our contracts.

Examples of contract performance:

  • providing services to organisations connected to NFCERT

CONSENT (GDPR Article 6(1)(a))

In some cases, we ask for your consent to process your personal data. For example, we may ask for consent to send you information and offers about courses and conferences we arrange. Our consent request will explain the specific processing. You can withdraw your consent at any time.

LEGAL OBLIGATION (GDPR Article 6(1)(c))

We process personal data to comply with legal obligations under laws, regulations, or decisions by public authorities.

3. Who we may share your personal data with

We only disclose your personal data with your consent or where the law allows us to do so.

We may share your personal data with others, for example our connected organisations, partners, and entities linked to NFCERT.

Transfers outside the EEA

In some cases, we may transfer personal data outside the EEA (European Economic Area) if there is a valid legal basis for the transfer:

  • the European Commission has decided that the country ensures an adequate level of protection
  • other appropriate safeguards are in place, such as the EU Standard Contractual Clauses or Binding Corporate Rules
  • you have consented to the specific transfer

4. How we protect your personal data

We process your personal data in a safe and secure way. We use appropriate technical, organisational, and administrative safeguards to protect the information against loss, misuse, unauthorised access, disclosure, alteration, or destruction.

5. Data processors

We use data processors to collect, store, or otherwise process personal data on our behalf. We enter into agreements with our data processors to ensure that personal data is processed in line with privacy law and our requirements.

You can contact us for more information about our use of data processors.

6. Your privacy rights

As a data subject, you have rights regarding the personal data we hold about you.

Access to your personal data

You have the right to access the personal data we hold about you. This right may, however, be limited by law, the privacy rights of others, business considerations, or internal assessments.

Correction of inaccurate or incomplete data

If your personal data is inaccurate, you have the right to ask us to correct it, subject to the limits set by law.

Erasure

You have the right to ask us to delete your personal data in the following cases:

  • you withdraw your consent and there is no other legal basis for the processing
  • you object to the processing and there are no overriding legitimate grounds to continue
  • you object to processing for direct marketing
  • the processing is unlawful
  • the personal data must be deleted to comply with a legal obligation

Restriction of processing

You can ask us to restrict processing of your personal data if you contest its accuracy or lawfulness, or if you have objected to the processing. In that case, the data will only be stored until it is corrected or until it has been decided whether our legitimate interests override yours.

Objection to processing

You can object to our processing when it is based on legitimate interests. You can always object to processing for direct marketing, including profiling related to direct marketing.

Data portability

You have the right to receive, in a machine-readable format, the personal data that you have provided to us if our processing is based on consent or performance of a contract and is carried out by automated means. You can also ask us to transfer the data directly to another controller if this is technically possible.

If you want to exercise any of these rights, please contact us. We will review your request and respond to you.

7. Cookies

We collect, process, and analyse personal data about how our websites and newsletters are used.

We use cookies and similar technology to provide better services, improve security, manage marketing, and give you a good user experience. We also use this technology to track visits to our websites and assess website performance.

You can set or change your browser settings to accept or reject cookies. If you choose to reject cookies, you can still use our websites, but some access or functionality may be limited.

8. How long we process your personal data

We will delete the personal data we hold about you when we no longer have a valid purpose and legal basis for processing it.

For example, we will stop processing personal data based on legitimate interests when we can no longer show that our interests override yours. This may be because the need is no longer as strong or because the data has become outdated over time.

We will delete personal data processed to perform a contract when the contract has been fulfilled, unless we have another lawful reason to keep the data.

We will delete personal data processed based on your consent if you withdraw that consent and we have no other lawful reason to keep processing the data.

If we process personal data to comply with a legal obligation, we will delete it as soon as that obligation has been met, unless we have another lawful reason to keep it.

9. Changes to this privacy policy and our use of cookies

If our services change, or if the rules for processing personal data change, we may update this privacy policy. Updated information will always be available on our website.

10. Contact us

If you have questions about how we process personal data, please contact us at post@nfcert.org or send us a letter.