Privacy Policy

In this Privacy Policy, we will inform you about the processing of your personal data and your data protection rights within the scope of your contact to Hexagon Purus ASA. Your privacy is an important concern to us. We exercise great care in the protection of your personal data. Your personal data will be exclusively processed in compliance with the applicable provisions under data protection laws.

For the sake of convenience, only the masculine form is used for personal names and personal nouns on this website. The corresponding terms apply to all genders in accordance with the principle of gender equality. This language is used solely for editorial purposes and entirely without prejudice.

1. Data Controller and Contact

Data controller for all processing activities in the context of your business relationship to Hexagon Purus ASA, unless stated otherwise, is:

Hexagon Purus ASA
Haakon VII's gate 2
0161 Oslo
Norway

Should you have any questions relating to data protection, you can send an email to our data protection team: privacy@hexagonpurus.com

2. Recipients of Personal Data

Within our company, only those persons who need your personal data for the respective purposes mentioned will get access to it. Your personal data will only be passed on to external recipients if we have legal permission to do so or have your consent.

a. External Recipients

We engage third party companies or individuals as service providers or business partners to support our business. These third parties are our processors and may, for example, provide and help us with computing and storage services. From time to time, we may remove or engage new processors. Hexagon Purus ASA will ensure that processors are bound by written agreements and provide an appropriate level of protection.

Our service providers have been contractually obligated to maintain confidentiality and protect data in the event that access to personal data cannot be excluded. Data will only be transferred to third countries in compliance with the rights of the data subject and only if sufficient guarantees are effective pursuant to Art. 44 et seqq. GDPR, especially under the provisions of the EU Standard Contractual Clauses.

If applicable, we provide personal data to public authorities and state institutions, such as tax authorities, public prosecutors' offices or courts, to which we (must) transfer personal data, e.g. to fulfil legal obligations or to protect legitimate interests.

b. Group Companies

With regard to data processing within the framework of Hexagon Purus Group's internal administration and joint procedures through centralized systems, we and certain Group Companies of Hexagon Purus ASA are jointly responsible as joint controllers. The joint processes particularly pertain to the operation and use of jointly used databases, platforms and IT systems. With respect to the joint processes, we and the respective Group Companies jointly determine the purposes and means of processing.

In an agreement on joint controllership pursuant to Art. 26 GDPR, we and the respective Group Companies have determined how the respective tasks and responsibilities in the processing of personal data are structured and who fulfills which data protection obligations. In particular, it was determined how an appropriate level of security and your rights as a data subject can be ensured, how the information duties under data protection law can be fulfilled jointly and how potential data protection incidents can be monitored. This also includes ensuring that reporting and notification obligations are fulfilled. Hexagon Purus ASA is at your disposal as your central contact point. You can also assert your rights with regard to the processing of personal data in joint controllership vis-à-vis any jointly responsible Group Company. In case you contact us, we and the relevant Group Companies will coordinate in accordance with the aforementioned agreement pursuant to Art. 26 GDPR in order to respond to your inquiry and to guarantee your rights as a data subject.

Jointly responsible Hexagon Purus Group Companies:

3. Data Processing on our Website

The purpose of data processing on this website is to provide information about the products and services of our company, combined with the opportunity for users to be able to get in contact with the appropriate contact person.

We process personal data in accordance with the following legal bases:

  • Art. 6 (1) a GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6 (1) b GDPR for the processing of personal data necessary for the performance of a contract with the data subject, as well as for taking appropriate steps prior to entering into a contract.
  • Art. 6 (1) c GDPR for the processing necessary for compliance with a legal obligation to which we are subject in accordance with applicable EU law or in accordance with the applicable law of a country in which the GDPR is applicable in whole or in part.
  • Art. 6 (1) f GDPR for the processing of personal data necessary to protect the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Legitimate interests are, in particular, our commercial interest to be able to provide our website, the security of information, the enforcement of our own legal claims and the compliance with further legislation.

When you visit the website, a connection is established with your browser. The information collected, which is listed as follows, is stored in temporary system files and recorded automatically: IP address of your device, data and time of access, name and URL of files accessed, website from which access is initiated or from which you are directed to our site (referrer URL), browser used and, where applicable, the operating system of your device, as well as the name of your provider.

The data specified is processed by us for the purpose of seamlessly establishing a connection and for system security. The connection data created is automatically deleted. If the website is used improperly, log files, which need to be retained for evidence purposes, are saved until the incident is clarified.

This website uses “Hypertext Transfer Protocol Secure” (https). The connection between your browser and our server is encrypted.

Contact forms

If you contact us via our contact form, your data from the form will be processed for your request. The legal basis for the data transfer to us is your consent according to Art. 6 (1) a GDPR. Personal data entered into forms on our website will be transmitted to Hexagon Purus ASA via a secure connection in encrypted form. You can withdraw your consent at any time with effect for the future.

Newsletter

The purpose of sending the newsletter is to provide information about new products and services of our company. We send newsletters to our customers on the basis of our legitimate interests according to Art. 6 (1) f GDPR in conjunction with Rec. 47 sentence 7 GDPR. The data will not be passed on to third parties. If you subscribe on our website for the newsletter, we process your data on the basis of your consent according to Art. 6 (1) a GDPR. In the case of a newsletter subscription, the so-called double opt-in procedure is used, the request for the newsletter must be actively confirmed by you once again by clicking on the link of the e-mail sent to you. You can unsubscribe at any time by clicking on the “unsubscribe” link.

Use of cookies

This website uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website is used to evaluate your visit to the website and to improve the information we provide.

If cookies that are not necessary for the operation of the website are used, we ask for your consent in advance; the legal basis for data processing is Art. 6 (1) a GDPR (consent).

If the use of cookies is necessary for the functionality of the website, we use cookies on the basis of our legitimate interests. The legal basis for data processing is then Art. 6 (1) f GDPR (legitimate interests). The cookies will be deleted after two years at the latest. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can choose to opt out of all but the necessary cookies. In the settings of the browser, you can change the settings to ensure that cookies will be blocked. Most browsers provide you with an explanation on how to do this in the so-called ‘help-function’. However, if you block the cookies, it is possible that you will not be able to enjoy all the technical features our website has to offer and it may negatively affect your user experience.

Google Tag Manager

This website uses Google Tag Manager. This is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). It is used to manage the Google services on our website. The legal basis for this processing is consent in accordance with Art. 6 (1) (a) GDPR.
As part of this processing, it cannot be ruled out that this information will be transferred to a Google server in the USA. Data will only be transferred to the USA if the requirements of Art. 44 et seq. GDPR are fulfilled. The transfer of personal data to the USA has been declared permissible by the EU-U.S. Data Privacy Framework.
The terms of use of Google https://policies.google.com/te...,
https://marketingplatform.goog... and the privacy policy of Google https://policies.google.com/pr... apply.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The legal basis for this processing is your consent according to Art. 6 (1) (a) GDPR.
Google Analytics also uses "cookies", which are text files placed on your computer, to enable an analysis of the use of the website. The possibility that the data generated by the cookie about your use of this website might be transmitted to a Google server in the USA and stored there cannot be excluded. Data transfer to the USA only occurs if the requirements of Art. 44 et seq. GDPR are fulfilled. According to the European Commission, personal data transferred from the EU to US companies participating in the EU-U.S. Data Privacy Framework (DPF), including Google Inc., has been deemed reasonably secure. The IP address transmitted by your browser as part of Google Analytics will not be combined with other Google data. The user data will be deleted after 24 months at the latest.
You can revoke your consent at any time with effect for the future and prevent the use of data by Google if you download and activate the available browser plugin: https://tools.google.com/dlpag....
You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. Further information on data protection by Google can be found at: https://policies.google.com/pr....

Google Ads

For the optimization of our advertising we use Google Adwords Remarketing tags from Google (Google Ireland Limited, Gordon House, Barrrow Street, Dublin 4, Ireland). The legal basis for the use of your data for analysis of our website and economic optimization of our service is your consent based on Art. 6 (1) (a) GDPR.
The data processing with Google Ads serves to ensure that advertising is only shown to interested persons. In the context of remarketing, code, small graphics and cookies from Google are integrated in our website. This makes it possible to trace which websites you visit outside our site and what content you are interested in. This enables us to track which Google advertising has led to actions/orders from users on our site. We only receive the number of users who have clicked on an advertisement and cannot use this information to identify you.
Within the scope of data processing, it is possible that data may be transferred to a Google server in the USA. A data transfer to the USA shall only be carried out if the requirements of Art. 44 et seq. GDPR are fulfilled. The content is processed pseudonymously and is not combined with other data such as your name or e-mail address, unless you allow Google to do so via your user account settings. Further information can be obtained from Google's privacy policy: https://www.google.com/policie....
If you have a Google account, you can manage the settings for the Google services and thus also object to the data processing: https://policies.google.com/te.... Otherwise, click here to deactivate Google Adwords Remarketing in the <privacy-settings>.

LinkedIn Insights Tag

We use LinkedIn Insights Tag on our website, a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The purpose of its use is to analyze the success of our advertising on LinkedIn. Through the LinkedIn Insight Tag, data about visitors to the website is collected: URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed. Members' direct identifiers are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days. For us, the processing is not attributable to your person (IP masking). During use, a transmission of data to the LinkedIn Corporation in the USA is not excluded. A data transfer to the USA only occurs if the requirements of Art. 44 et seq. GDPR are fulfilled.
The legal basis for the data processing is your consent according to Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future in the settings of our consent tool or object to the processing via this link:
https://www.linkedin.com/psett...
Furthermore, if you have a LinkedIn profile, you can choose to set the data collection centrally for all websites with LinkedIn technology for your profile in the LinkedIn settings: https://www.linkedin.com/psett...
Information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy

4. Privacy Notice for our customers, business partners and third parties

We process personal data of you as customer, prospective customer, business partner or third party to establish, perform and terminate a contract pursuant to Art. 6 (1) b GDPR. Prior to a contract, your personal data can be processed to prepare bids or purchase orders or to fulfil other requests of the prospective customer relating to contract conclusion. In this regard, you will need to provide any personal data that we need for preparing and carrying out our business relationship with you. In the absence of this information, we will not be able to process your inquiry and/or to perform the contract. As prospective customers you can be contacted during the contract preparation process using the information that you have provided.

We also process personal data for advertising purposes, if this is consistent with the contractual purpose pursuant Art. 6 (1) f GDPR. If your personal data is collected only for advertising purposes, you can choose whether to provide this data. You shall be informed that providing data for this purpose is voluntary. As part of the communication process, Hexagon Purus ASA and its affiliates will ask for your consent. When giving consent, you will be given a choice among available forms of contact, such as e-mail and phone to withdraw your consent. If you object to the use of your data for advertising purposes, we will no longer use it for these purposes and will restrict or block from use for these purposes. We may use third-party sites and third-party platforms as well as publicly available information to collect and add some information to the information provided by you in order to give you relevant communication (for marketing purposes). Examples of collected information are additional work-related profile information.

Next to advertising purposes, the legitimate interests, which coincide with the particular purpose, include but are not limited to: Ensure the technical operation, responding to inquiries that are not related to the contract, ensure data security, ensure data availability, and rectification of errors and faults. In the event we need to disclose data for these purposes, we will expressly notify you of this circumstance. In the absence of this information, we may not be able to process your inquiry.

We will also process your personal data for the purpose of compliance with statutory requirements that apply to us pursuant to Art. 6 (1) c GDPR. These requirements may exist under the trade, tax, money laundering, financial, or criminal code. The processing purposes are determined by the applicable statutory duty; generally, data processing will only serve the purpose of compliance with monitoring and disclosure duties under national law.

5. Privacy Notice for Applicants

You can use our career portal to apply for jobs advertised there or to submit unsolicited applications. Data processing takes place exclusively for the purpose of initiating employment relationships on the basis of Art. 88 (1) GDPR related with national laws.

Your data will be stored for the duration of the application process; if you enter into an employment relationship with us, your application data will be stored by us for the duration of your employment relationship. If, after completion of the application process, you are not hired, we will retain your data according to national laws. Your data will not be used for any other purpose than retain your data for legal proof. In the case of unsolicited applications or after your consent to store the data for a longer period for possible future employment, we will inform you about the retention time when asking you for consent.

If you use any of your social media profiles as part of your CV, you declare your consent to submit this information to us for the purpose to take the information at your social media profile into account for your application process.

6. Data Processing on our Social Media Platforms

Hexagon Purus ASA may take part on social media platforms to enable you to get information about the company and network with us. Your use of these features may result in the collection or sharing of information about you, depending on the platform. We encourage you to review the privacy policies and settings on the social media websites with which you interact to make sure you understand the information that may be collected, used, and shared by the Social Media Providers.

a. LinkedIn

We use our LinkedIn presence to provide information about our company, products and services, combined with the opportunity for users to interact with us in a targeted manner. We are processing personal data basing on Art. 6 (1) f GDPR. Our legitimate interest is, in particular, our business interest in sharing information with our users and being able to communicate with them.

Before we publish pictures of persons, we ask for your consent (legal basis: Art. 6 (1) a GDPR), or we make a written contractual agreement with your (legal basis: Art. 6 (1) b GDPR). In exceptional cases we may publish pictures based on our legitimate interest for making information about our company available (legal basis: Art. 6 (1) f GDPR).

We process personal data through our LinkedIn Company Page for the purpose of establishing contact, publicising our company and providing information. Our company processes your personal data when you use the messaging, commenting and posting functions. Your data will only be provided to authorities if there are overriding legal provisions.

When using LinkedIn, each user enters a direct contractual relationship with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. How LinkedIn processes user data can be viewed in their data protection information: https://www.linkedin.com/legal.... Please note that the possibility of user data being processed on systems outside the European Union cannot be ruled out. LinkedIn has undertaken to comply with EU data protection standards. Data will only be transferred to systems outside the EU if the requirements of Art. 44 et seq. GDPR are complied with. You can find out more at: https://www.linkedin.com/help/linkedin/answer/a1343190?trk=microsites-frontend_legal_privacy-policy&lang=en-us&intendedLocale=und.

Use of Page Insights

When a LinkedIn user visits, follows or engages with our LinkedIn page, LinkedIn processes personal data in order to make the page views available to us. In particular, LinkedIn processes data that the user has provided to LinkedIn in their profile, such as the position, country, industry, period of employment, company size and employment status. In addition, LinkedIn processes information about how a user has interacted with our company page, e.g. whether a user is a follower. Data processing is carried out on the basis of our legitimate interests in customising our company profile for specific target groups. Conflicting legitimate interests of users (display of individual target group-optimised advertising) are not overriding.

Together with LinkedIn, we are a joint controller for the Page Insights in accordance with Art. 26 GDPR. LinkedIn users are informed of this; the responsibility for data collection lies primarily with LinkedIn. A Joint Controller Addendum has been concluded with LinkedIn, which you can find here: https://legal.linkedin.com/pag....

Use of LinkedIn services

For the use of LinkedIn services, a Data Processing Agreement has been concluded between us and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, which can be accessed here: https://www.linkedin.com/legal...?

b. Facebook

With Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a Joint Control Agreement has been completed, which you have access to on

https://www.facebook.com/legal/terms/dataprocessing

https://www.facebook.com/legal/terms/page_controller_addendum

Meta Platforms Ireland Ltd. assumes the primary responsibility acc. to the European Data Protection Regulation (GDPR).

To learn more about the Facebook privacy statement, please visit https://www.facebook.com/privacy/explanation

The purpose of data processing on our fan page is to provide information on our products and services and simultaneously allowing users a targeted interaction with us. The data processing is legally based on Art. 6 (1) f GDPR. Our legitimate interest is in particular our economic interest, the exchange of information with our users and to communicate with them.

Data disclosure to authorities requires the existence of overriding statutory provisions.

If pictures are published; this is done via consent (legal basis: Art. 6 (1) a GDPR), on basis of a contractual agreement (legal basis: Art. 6 (1) b GDPR) and, in exceptional cases, on basis of legitimate interests. Legal basis: Art. 6 (1) f GDPR.

Use of Facebook-Insights

We operate online advertisement on Facebook and use Facebook Insights in order to evaluate the behavior of our target group resulting from interaction with our website. The precise target group advertising is a legitimate interest of our company. Facebook users are informed; the main responsibility for such data collection lies with Meta Platforms Ireland Ltd. Conflicting interests of users are not overriding (publication of individual target group optimized advertising). Our legal basis is Art. 6 (1) f GDPR.

c. YouTube

We use a YouTube channel of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5. The purpose of data processing on our YouTube channel is to provide information about products, services and news, combined with the possibility for users to interact with us in a targeted manner. The legal basis for the data processing is Art. 6 (1) f GDPR. Our legitimate interest is in particular our business interest to share information with the visitors of the YouTube channel and to be able to communicate with them.

The YouTube service is based on the following data processing agreement with Google Ireland Ltd.: https://www.youtube.com/t/terms_dataprocessing.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible for the collection and further processing of personal user data on YouTube channels. Please note that YouTube collects and processes certain information about your visit to our YouTube channel even if you do not have a YouTube user account or are not logged in to YouTube. For us as the provider of this YouTube channel, only your public profile on YouTube is visible. The kind of information visible for us depends on your settings in your profile. For information about the processing of personal data by YouTube, please refer to YouTube's privacy policy at https://policies.google.com/privacy?hl=de&gl=de.

If we publish images of individuals, this is done via consent (legal basis: Art. 6 (1) a GDPR), based on a contractual agreement (legal basis: Art. 6 (1) b GDPR) and in exceptional cases based on legitimate interests (legal basis: Art. 6 (1) f. GDPR.

YouTube Analytics

We also process your activities on our YouTube channel with the help of the statistics service YouTube Analytics. This process helps us to understand our video and channel performance and optimize our channel and our content. This process is consistent with the purpose of data processing described below. Anonymous statistics are created based on your activities. Among other things, we can gain insights into the interactions and activities of our subscribers, the views and the reach of our videos, information about which countries and cities our visitors come from, as well as statistics about the gender ratios, age structures, providers, and interests of our visitors. Neither conclusions about individual users nor access to individual user profiles by the administrator are possible.

Data Transfer to third countries

Due to the affiliation of the provider Google Ireland Limited to the Google group, which has its headquarters in the USA, a data transfer to Google LLC and thus to all states in which Google has data centers cannot be excluded. To ensure an adequate level of data protection, Google Ireland Limited bases such data transfers on the standard contractual clauses of the European Commission.

In this context, we would like to point out that you are using the service provided by Google Ireland Limited (YouTube) and all associated functions such as sharing and rating videos, participation in discussions on your own responsibility. Data that you have voluntarily provided on YouTube will be processed by Google (e.g. name and username, email address, telephone number) and may therefore also be transmitted to third countries. The transfer of personal data to the USA was judged by the ECJ to be fundamentally unsafe without further security measures, as it cannot be ruled out that US security authorities will gain access to this data.

It is possible for you to restrict the processing of your data by Google. To do this, you can open the general settings of your Google account and change your privacy settings. Information on how to individualize your privacy settings can be found here: https://policies.google.com/privacy?hl=de&gl=de#infochoices

You can also change certain settings for your mobile devices (e.g. smartphones, tablets, etc.) so that Google only has limited access to your contact data, location data, calendar data or photos, among other things. These setting options differ depending on the operating system used on your mobile device.

d. X

X is a service provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A.If we process data with X, this is done based on the purpose and legal basis outlined below. There is no transfer of data to X, such as IP addresses, due to the embedding of tweets on homepages or similar.


However, we may retweet tweets from you, reply to tweets from you or write tweets that refer to you or your X account. In this respect, your public data on X may be made available to followers of our site.


The purpose of data processing on our X site is to provide information about products, services and news, combined with the possibility for users to interact with us in a targeted manner. The legal basis for the data processing is our legitimate interest (Art. 6 (1) f GDPR) on sharing information with our users and being able to communicate with them.
If we publish images of individuals, this is done via consent (legal basis: Art. 6 (1) a GDPR), based on a contractual agreement (legal basis: Art. 6 (1) b GDPR), and in exceptional cases based on legitimate interests (legal basis: Art. 6 (1) f. GDPR) to publish information about our services and events.


Personal data processed by X


We have no influence on the type and scope of the data processed by X Corp. or the transfer of the data to third parties. Furthermore, there are no control options for us.

In this context, we would like to point out that you use the services provided by X Corp. and all associated functions (e.g., sharing and rating content) takes place on your own responsibility.

Information about the data processing carried out by X Corp. and the corresponding purposes pursued can be found in the data protection guidelines of X Corp. here: https://X.com/en/privacy

It is possible for you to restrict the processing of your data by X. For that purpose, you can open the general settings of your X account and change your privacy settings.
You can control and customize your privacy settings here:
https://X.com/settings/y...

Information and further assistance on this can be found at this link:
https://help.X.com/de/fo...
You can also change certain settings for your mobile devices (e.g., smartphones, tablets, etc.) so that X only has limited access to your contact data, location data, calendar data or photos. These setting options differ depending on the operating system used on your mobile device.

For more information and assistance, please refer to the following links: https://help.x.com/en/personal...
To view the processed data, obtain information about their use and download the corresponding data as an archive, you can follow this link. https://help.x.com/en/managing...

To contact X, you can follow this link: https://help.x.com/en/forms/pr...

Data transfer to third countries

It is not excluded that data from users is processed on systems outside the European Union. Retrieval of public tweets is possible worldwide.

Your right to information, rectification, deletion, object and data portability
You may avail yourself of your right to information, rectification and deletion of data at any time. Simply contact us using one of the methods described above. Should you require data to be deleted, which we are still legally obligated to retain, access to your data will be restricted (blocked). You may avail yourself of your right to data portability if the recipient and ourselves have the technical means.
In case you require to assert your rights towards X Corp., we shall pass your concerns on to X Corp.

e. Instagram

Instagram is a service provided by Meta Platforms Ireland Ltd. With Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland a Joint Control Agreement has been completed, which you have access to on:

https://www.facebook.com/legal/terms/dataprocessing

https://www.facebook.com/legal/terms/page_controller_addendum

Meta Platforms Irland Ltd. assumes the primary responsibility acc. to the European Data Protection Regulation (GDPR).

To learn more about the Meta Platforms Irland Ltd. privacy statement, please visit:

https://help.instagram.com/155833707900388/?locale=en_GB&helpref=hc_fnav&cms_id=155833707900388&published_only=true

Purpose of the data processing of our Instagram presence page is to provide information on our prod-ucts and services and simultaneously allowing users a targeted interaction with us. The data processing is legally based on Art. 6 (1) lit. f GDPR. Our legitimate interest is, in particular, our economic interest, the exchange of information with our users and to communicate with them.

To operate the fan page, we use service providers that have been separately bound to maintain confidentiality and committed to data protection. Data disclosure to authorities requires the existence of overriding statutory provisions.

Before we publish pictures of persons, we ask for your consent (legal basis: Art. 6 (1) a GDPR), or we make a written contractual agreement with your (legal basis: Art. 6 (1) b GDPR). In exceptional cases we may publish pictures based on our legitimate interest for making information about our company available (legal basis: Art. 6 (1) f GDPR).

Use of Instagram-Insights

We operate online advertisement on Instagram and use Instagram Insights in order to evaluate the be-haviour of our target group resulting from interaction with our website. The precise target group

advertising is a legitimate interest of our company. Instagram users are informed; the main responsibility for such data collection lies with Meta Platforms Irland Ltd. Conflicting interests of users are not over-riding (publication of individual target group optimized advertising). Our legal basis is Art. 6 (1) f GDPR.

7. Privacy Notice for US-Residents

The information we collect

By providing our Facebook, Instagram, Twitter, YouTube, and LinkedIn Pages (in the following called “Pages”), we may collect the following information:

  • Personal information such as name, address, contact details and other information of your profile
  • Personal information such as your profession, political affiliation, gender, and other categories of data you post publicly
  • Personal information from messages to us
  • Other information which could be collect by providing the fan page

How we use the collected information

  • to operate online advertisement on Facebook and use Facebook Insights to evaluate the behaviour of our target group resulting from interaction with our website
  • to improve our Twitter Page, we use Twitter Analytics
  • to provide information on our products and services
  • to interact with interested users
  • to investigate and respond to customer inquiries and complaints
  • to promote, market and sell products, services, and special offers

How we share your information

We may disclose your information to third parties in the following circumstances:

  • to third parties who provides services to us
  • as required or permitted by law including, but not limited to, complying with a court order, complying with a statute or regulation, and assisting with investigations by law
  • in emergency situations that threaten the life, health, or security of an individual, the community, or the environment
  • in connection with a change of ownership, sale, merger, liquidation, reorganization, or acquisition of Hexagon Purus ASA
  • in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements and when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas

How we protect your information

We have implemented technical and organizational measures in accordance with the obligations under Art. 32 GDPR. These measures protect the collected information from loss, unauthorized access, and misuse. Furthermore, the measures prevent the disclosure, modification, and destruction of information, considering the risks associated with the processing and the nature of the data.

a. Important notice for California Residents

This Notice for California Residents includes the obligations of the CCPA and of the CPRA. Both Acts apply for personal information, of natural persons who reside in the State of California. California residents have a right to knowledge, access, and deletion of their personal information. Furthermore, they have the right to correct personal information, opt out the use of sensitive personal information, opt out the share of personal information and opt out the use of personal information for profiling. The collection, retention and use of personal information is limited for a reasonably time of the disclosed purpose.

If any conflict of this Notice and any other provision of the Privacy Statement exist, this Notice shall control only with respect to California residents and their personal information. If you are not located in California, please see the rest of our Privacy Statement.

To comply with the above obligations, we establish a list of the categories of personal information which we collect. For each category we also list the categories of third parties with whom we share the personal information for a business or commercial purpose.

Categories of Personal Information Collected

Sources of Collection

Business/Commercial Purpose for Collection

Categories of Third Parties Receiving Personal Information

Personal identifiers including your name, alias, address, phone number, email address

Your Facebook/ Instagram/ LinkedIn/ Twitter/ YouTube Profile

To provide our products and services, to interact with you, to provide you with information about services or products that may be of interest to you.

Affiliates if necessary for answering your request.

Internet and other network activity information including online identifiers such as your IP address or device identifier, browsing history, search history, and information about your interactions with us.

Your Facebook/ Instagram/ LinkedIn/ Twitter/ YouTube Profile.

To provide our products and services, to provide you with information about services or products that may be of interest to you, improve website performance and functionality, to prevent, detect, and investigate fraud or other security incidents.

We share this information with third party service providers who help us to operate, optimize and secure our website.

We may share this information with social media platforms if you activate a social plug-in

Geolocation data reflecting physical location or movements

Platforms you use to access our online services

Improve Website Performance and functionality, to provide our products and services, to provide you with information about services or products that may be of interest to you.

We may share this information with social media platforms if you activate a social plug-in

We share this information with third party service providers who help us to operate, optimize and secure our website

Information reflecting your preferences, characteristics, predispositions, behavior, attitude, and any other inferences drawn from your personal information

Your Facebook/ Instagram/ LinkedIn/ Twitter/ YouTube Profile

To provide you with information about services or products that may be of interest to you.

We share this information with third party service providers who help us to operate, optimize and secure our website.

We do not sell your data for any reason. This is why we do not offer a request for your opt out of the sale of your personal information.

Your Privacy Rights by the CCPA and CPRA

As a California resident you have the rights listed below.

Right to opt out

The right to opt out of the sale or sharing of your personal information.

The right to opt out the use of your sensitive personal information.

The right to opt out the use of your personal information to run through automated decision-making process to derive insights which is referred to as profiling.

However, even if you opt-out, we are allowed to continue sharing with service providers as permitted by law.

Right to know

California residents have the right to request that we disclose personal information that we have about them. You can request that we disclose to you the categories of personal information, the source from which the personal information is collected and information about the purpose for collecting, selling, or sharing your personal information. You can also request that we disclose to you the specific pieces of personal information and the third parties to whom we disclose personal information.

Right to correct information

California residents have the right to correct inaccurate personal information we have collected from them.

Right to data portability

California residents have the right to request a transfer of personal information to another entity. The personal information have to be transferred in a structured, commonly used and machine readable format.

Right to delete

California residents have the right to request deletion of the personal information we have collected from them. We send that request also to third parties that have received your personal information. To respond to your request, we will need to verify your identity to match with the information we have on file. The personal information that we use to verify your identity will not be used for any other purpose.

Furthermore, we will not collect or use your personal information for another purpose for which we collected the information or longer than reasonably necessary for the disclosed purpose.

Right to non-discrimination

California residents have the right to not receive discriminatory treatment for exercising their CCPA and CPRA privacy rights. We do not discriminate against California residents who exercise their CCPA and CPRA privacy rights.

Submit a request

You or your authorized agent can submit a request for opt out or for another purpose here or by
calling +47 70 30 44 50.

To respond to your request, we will need to verify your identity to match with the information we have on file. The personal information that we use to verify your identity will not be used for any other purpose.

  1. Important notice for Virginia Residents

This Notice for Virginia Residents includes the obligations of the VCDPA. This Acts apply for personal information, of natural persons who reside in the State of Virginia. Virginia residents have a right to knowledge, access, and deletion of their personal information. Furthermore, they have the right to correct personal information, opt out the use of sensitive personal information, opt out the share of personal information and opt out the use of personal information for profiling. The collection, retention and use of personal information is limited for a reasonably time of the disclosed purpose.

If any conflict of this Notice and any other provision of the Privacy Statement exist, this Notice shall control only with respect to Virginia residents and their personal information. If you are not located in Virginia, please see the rest of our Privacy Statement.

Right to opt out

The right to opt out of the processing of personal data for targeted advertising purposes.

The right to opt out of the sale of your personal information.

The right to opt out the use of your personal information to run through automated decision-making process to derive insights which is referred to as profiling.

However, even if you opt-out, we are allowed to continue sharing with service providers as permitted by law.

Right to know

Virginia residents have the right to request that we disclose personal information that we have about them. You can request that we disclose to you the categories of personal information, the source from which the personal information is collected and information about the purpose for collecting, selling, or sharing your personal information. You can also request that we disclose to you the specific pieces of personal information and the third parties to whom we disclose personal information.

Right to correct information

Virginia residents have the right to correct inaccurate personal information we have collected from them.

Right to data portability

Virginia residents have the right to request a transfer of personal information to another entity. The personal information have to be transferred in a structured, commonly used and machine readable format.

Right to delete

Virginia residents have the right to request deletion of the personal information we have collected from them. We send that request also to third parties that have received your personal information. To respond to your request, we will need to verify your identity to match with the information we have on file. The personal information that we use to verify your identity will not be used for any other purpose.

Furthermore, we will not collect or use your personal information for another purpose for which we collected the information or longer than reasonably necessary for the disclosed purpose.

Right to non-discrimination

Virginia residents have the right to not receive discriminatory treatment for exercising their VCDPA privacy rights. We do not discriminate against California residents who exercise their VCDPA privacy rights.

Submit a request

You or your authorized agent can submit a request for opt out or for another purpose here or by
calling +47 70 304450.

To respond to your request, we will need to verify your identity to match with the information we have on file. The personal information that we use to verify your identity will not be used for any other purpose.


8. Data Security

Your personal data are protected from unauthorized access and unlawful processing or transfer, as well as from accidental loss, alteration or destruction. Before the introduction of new methods of data processing, particularly new IT systems, Hexagon Purus ASA undertakes technical and organizational measures to protect your personal data. These measures are based on the state of the art, the risks of processing and the need to protect the data. The technical and organizational measures relevant to data protection are documented and reviewed regularly by the Data Protection Officer. Our security measures will be continuously improved based on the state of the art.

9. Storage period and deletion of personal data

We process personal data only as long as necessary to achieve the purpose. If the processing purpose ceases to apply, we delete the data in accordance with the provisions of Art. 17 GDPR. As soon as the purpose of processing no longer applies, we retain the data in accordance with the statutory retention periods. Any retention beyond shall only take place in the event of an exception pursuant to Art. 17 (3) GDPR.

10. Rights and Provision of Data Subjects

If your personal data is processed, you are a “data subject” within the meaning of the GDPR and you are entitled to the following claims against the “controller”:

Right of access

You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed. If we did process your personal data, you are entitled to further rights to access set forth in Art. 15 GDPR.

Right to rectification

If data that we collected on you is inaccurate or incomplete, you may claim the rectification without undue delay pursuant to Art. 16 GDPR.

Right to restriction of processing

Subject to Art. 18 GDPR, you may also have the right to claim the restriction of processing of personal data concerning you. Where processing has been restricted, your personal data shall only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. We will notify you before the restriction is lifted.

Right to erasure

If one or more of the grounds listed in Art. 17 (1) GDPR apply, you may claim the erasure of personal data concerning you without undue delay, unless there is an exception pursuant to Art. 17 (3) GDPR.

Right to notification

If you have asserted the right to rectification, erasure of personal data, or restriction of processing, we are obligated pursuant to Art. 19 GDPR to notify all recipients to whom personal data has been disclosed, unless this proves impossible or involves disproportionate effort. In addition, you have the right to be informed about who these recipients are. You may exercise your right to be informed of those recipients against the controller.

Right to data portability

Furthermore, pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you in machine readable format and to transmit this data to another controller without hindrance, provided, however, that the conditions enumerated in Art. 20 (1) a GDPR exist, or to demand to have the personal data transmitted directly from us another controller, where technically feasible and if this does not adversely affect the rights and freedoms of others. This right shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right to object at any time to the processing of personal data concerning you by written notice to Hexagon Purus ASA which is based on Art. 6 (1) f GDPR. We shall not longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the assertion, exercise or defense of legal claims.

Right to withdraw the consent under data protection law, rules, and regulations

You may withdraw your data protection consent at any time by notifying Hexagon Purus ASA. The withdrawal of consent shall not affect the lawfulness of processing based on this consent before its withdrawal.

Right to lodge complaints

If you have any objections or complaints with the way in which we process your personal data, you have the right to lodge a complaint with the relevant data protection supervisory authority, where the applicable laws provide for such remedy.

Provision obligation

Without providing correct data, addressing your interests regarding your business relationship to Hexagon Purus ASA may not be possible.

11. Changes to this Privacy Policy

The latest version of this Privacy Policy applies. This version dates from 23.09.2022.

For additional privacy information, click here.

Hexagon Purus
Get in touch

Hexagon Purus ASA
Haakon VII's gate 2
0161 Oslo
Norway

Imprint
Patents

Subscribe

Terms and Conditions

Follow us
Privacy
Hexagon Purus home Hexagon Purus logo © 2024 Hexagon Purus