Privacy policy

We at Aider appreciate that you visit our website. Your trust is important to us, and we are therefore committed to protecting your privacy. In this privacy policy, we explain how and why we collect and use information about our users and how we take privacy into account.

AIDER'S PROCESSING OF PERSONAL DATA


We at Aider appreciate that you visit our website and other services. Your trust is important to us, and we are therefore committed to protecting your privacy. In this privacy policy, we explain how and why we collect and use personal data and how we take privacy into account. All processing of personal data in Aider must comply with the applicable privacy regulations at all times, including the Personal Data Act and the EU General Data Protection Regulation (GDPR).


"Aider" in this privacy policy is to be understood as Aider AS, parent companies and wholly-owned or majority-owned companies. "Aider" thus consists of Aider Konsern AS, Aider Holding AS, Aider Sørøst AS, Causa Nord AS, Aider Bergen AS, Aider Innovasjon AS, Grasp Labs AS, Fordre AS and Ascender AS. The companies are independent legal entities in their own right. The companies are part of a group structure, work together to solve our assignments and act externally as if they were one company. This also applies to the processing of personal data. You can therefore contact Aider AS if you have any questions or wish to exercise your rights.


For the sake of clarity: Companies that have recently been acquired by Aider and that are planned to be merged into Aider will follow their own procedures until the merger has taken place. In the meantime, each company will be responsible for its own processing and answering questions about its processing.


Aider is more than an accounting firm. Depending on the type of processing we carry out, Aider may be both data controller and data processor.



PAYROLL AND ACCOUNTING


When Aider handles all or part of the accounting or payroll for our customers, Aider is normally the data processor for the customer. Aider's processing of personal data will then be regulated by a data processing agreement with the customer. Cf. GDPR article 28.


Aider collects personal data from our customers, their employees and other persons we gain access to information about through the accounting/payroll assignments. Information may also be obtained from public agencies and others, such as Altinn and the Norwegian Tax Administration. The personal data we process in such assignments will in particular be related to salary information.


Aider is required by law to store documentation about the performance of the accountancy assignment after the assignment has been completed. Aider is the data controller for this storage. Aider will be obliged to keep documentation on the assignments for 5 years in accordance with the Accounting Regulations, and Aider will therefore normally keep the documentation for at least 5 years. The year after the obligation has expired, data may be deleted unless other circumstances indicate otherwise.


As an accountant, we may be required by law to disclose information in some cases. This may, for example, be to a supervisory body in connection with supervision, disclosure of information in connection with debt negotiations or bankruptcy of customers or in connection with book audits of customers.




ADVISORY ASSIGNMENTS


Aider provides a number of consultancy and other services to customers, for example related to sustainability reporting, transaction consultancy, corporate governance, management development, leasing, system implementation and financial reporting.


When Aider performs such a consulting or advisory assignment, we will normally be the data controller. The purpose of this processing will be to perform the assignment for the customer. Aider's basis for processing varies depending on the type of assignment, but will often be GDPR art. 6(1)(f) of the GDPR. The legitimate interests pursued are Aider's or the customer's interest in the specific assignment being carried out. For special categories of personal data, the basis for processing will mainly be GDPR art. 9 no. 2 letter a, e or f.


In connection with such assignments, Aider may process personal data about, for example, our customers' employees. The personal data we process may typically be names, contact information, information related to the employee's employment and interview notes. In some assignments, we may also have access to information about financial matters and health information.


If the assignment is such that Aider becomes the data processor, the data processing agreement between us and the customer will regulate how this processing takes place and what it contains.



CUSTOMER CONTROL AND INVOICING


In order to comply with the Money Laundering Act, checks may be carried out on our customers. Aider is then the data controller and will be able to process personal data such as name, birth/personal number, address and other contact information for persons associated with the customer, both the customer's employees, management, board members, owners and other rights holders. The processing basis for customer control is GDRP art. 6 no. 1 letter c and art. 9 no. 2 letter, together with the Money Laundering Act.


Økokrim requires Aider to report suspicions of money laundering, terrorist financing and other criminal offenses. Depending on the nature of the case, material handed over to Økokrim may contain personal data. Reports to Økokrim will not be made known to those concerned.


Aider also processes personal data about contact persons at the customer for invoicing purposes. The legal basis for this processing is GDPR art. 6 no. 1 letter f (legitimate interest in invoicing for completed assignments).




COURSES, EVENTS AND NEWSLETTERS


Aider is the data controller for its courses and events, as well as sending out newsletters and marketing activities.



Aider as a course provider


As a course provider, Aider will conduct courses. In connection with registration, Aider will collect contact information and in some cases information about food preferences or allergies.


For refresher courses for accountants and auditors, special retention rules apply. Such documentation must be retained for at least 5 years after the course has been completed. Aider will store personal data on the course provider (name, competence and contact information) and participants (name, company, contact information and position). Data will normally be deleted one year after the documentation obligation has expired.


As a professional course provider, Aider will evaluate, and may send out evaluation forms to both course holders and participants.



Newsletters, course/webinar invitations and other information


The customer can choose to subscribe to information from Aider, such as newsletters, webinar invitations, course invitations and other relevant information for the customer. In such cases, Aider will store name, contact information such as email and telephone, company, position, etc. as well as what the user agrees to receive information about.


Aider will also be able to send general and professional information, as well as newsletters and course invitations to contact persons at existing customers without consent when it is relevant to the customer relationship. The contact persons may opt out of such mailings at any time. The processing basis for such mailings is GDPR art. 6(1)(f) (legitimate interest in informing about our activities and offering professional updates and courses).


In order to be able to send the user the most relevant content possible, Aider's system will register what the user shows interest in, for example that the user opens information/newsletters, what the user reads on aider.no, which landing pages are visited and what the user signs up for.



Registration of prospects


Aider will collect information about prospects (potential new customers) and will market to them. Aider will then collect publicly available information (the company's website, etc.). The basis for processing is GDPR art. 6 no. letter f (legitimate interest in finding new customers).


If you do not wish to receive information from us, you can ask to be deleted from our register.




WEBSITES


Contact us on the website


By using "contact us" on our website, you will provide personal information such as email address, name, telephone, company. This is stored in the website's administration and sent as an email to Aider. This processing is based on consent, cf. GDPR art. 6 no. 1. letter a.



Information cookies (cookies)


Aider uses cookies on its websites. The Norwegian Data Protection Authority describes cookies as follows, seehttps://www.datatilsynet.no/personvern-pa-ulike-omrader/internett-og-apper/cookies/):


"A cookie is a small text file that is downloaded and stored on the user's computer when the user opens a website.


The cookie is used, for example, to store login details, register where the user moves around the website or remember the shopping cart in online stores. The party behind the cookie, i.e. the data controller, can customize its services based on the information stored."


Aider has set up Cookie information or Cookiebot on our website so that you can manage your settings. You can easily go into the solutions and update your settings. In these solutions you can also see which cookies we use. The use of cookies is consent-based (GDPR art. 6 no. 1 a) except for cookies that are necessary for our website to function.



SOCIAL MEDIA


Aider has several social media channels. In order to visit our channels, it is in many cases required that you have a user account in the social media. Both by creating a user account, or by visiting our channels without a user account, you accept the terms and conditions of the social media providers and consent to their processing of personal data.


When you use social media and visit our channels, personal data about you and your visit is processed in accordance with these terms of use, including the providers' processing of personal data for their own purposes. Aider will also have access to overviews and statistics about posts and visits to our channels.



RECRUITMENT


In connection with recruitment, candidates will enter their names, contact information, applications, tests, CVs, confirmations such as education, certificates and references in our recruitment database. Background checks may also be carried out. More information about the recruitment is provided in our recruitment portal.



RIGHTS OF DATA SUBJECTS


Anyone who asks is entitled to basic information about a company's processing of personal data. Everyone registered in our systems thus has the right to access their own data. You also have the right to request that incorrect or incomplete information be corrected, deleted or supplemented. In some cases, you have the right to object to the processing, or request that the personal data be transferred to another data controller (data portability).


The rights described above may in some cases be limited due to other obligations, such as the fact that we may be subject to a statutory retention obligation (affecting deletion) or a duty of confidentiality that limits your ability to exercise your right of access.


You also have the right to complain to the Norwegian Data Protection Authority, see datatilsynet.no


If you wish to exercise your rights, you can send a request to the customer manager at Aider, or to Aider's data protection officer by email atpersonvern@aider.no. Requests for the use of rights will be answered by Aider within 30 days unless there is a need for a longer case processing and the Personal Data Act allows for this.


If Aider is contacted by persons wishing to exercise their rights and Aider is the data processor (this applies in particular to payroll and accountancy assignments), we will refer you to the customer.



DISCLOSURE OF PERSONAL DATA


If requested, Aider may disclose personal data, but will only do so if it is to fulfill a legal obligation or by agreement with the customer.



USE OF SUBCONTRACTORS


Aider provides services where subcontractors will process personal data, e.g. suppliers of IT platforms and systems. These suppliers will be the data processors, and must act in accordance with legislation and regulations for privacy and information security.


In assignments where Aider is a data processor for our customers, these suppliers will be regarded as sub-processors.



TRANSFERS TO COUNTRIES OUTSIDE THE EU/EU


Aider uses subcontractors who mainly only process personal data in countries within the EU/EEA or in approved third countries, including the USA. If there is a need to process personal data in countries outside these areas, Aider will ensure that privacy and information security principles are followed.


In some cases, Aider will transfer personal data out of the EU/EEA when working for international customers on the customer's instructions. The customer is then responsible for ensuring that the regulations for the transfer of personal data out of the EU/EEA are followed unless otherwise agreed with Aider.



CONTACT INFORMATION


If you have any questions or suggestions for Aider regarding Aider's processing of personal data, this can be directed to the Data Protection Officer by email to:personvern@aider.no.



If you do not feel that Aider safeguards your rights or other matters, you can contact the Norwegian Data Protection Authority directly.


The Norwegian Data Protection Authority:
W: datatilsynet.no
E : postkasse@datatilsynet.no
T: +47 22 39 69 00
A: PO Box 8177 Dep, 0034 Oslo