Effective date: 24.02.2023

This privacy policy of Kulturtolk AS with registered address at Bureisergrenda 170, 2365 Åsmarka, Oslo, Norway (subsequently referred to as “we,” “our,” or “us”) is based on data protection laws of Norway, European General Data Protection Regulation 2016/679 (GDPR), United Kingdom Data Privacy Act 2018 (UK DPA) California Consumers Privacy Act (CCPA) and Brazil’s Lei Geral de Proteção de Dados (LGPD). This privacy policy discloses what we collect and how we process your Personal Data. This privacy policy regulates privacy matters and Personal Data processing when it comes to:

  1. using https://globaltalentweek.com (“Website”); 
  2. processing data of our customers, partners, service providers or anyone else with whom we are doing business. 

Definitions. 

The terms listed below have the following meanings:

  1. Personal Data means information that relates to identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.;
  2. Processing means any operation or set of operations which is performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or destruction; 
  3. Data Subject (or you) is an identified or identifiable natural person who can be identified, directly or indirectly, based on particular Personal Data.

Personal Data Processing

You agree that Kulturtolk AS, a Norwegian company with offices at Bureisergrenda 170, 2365 Åsmarka, Norway (subsequently referred to as “we,” “our,” or “us”) will be data controller of your Personal Data when you are visiting our Website. Personal Data  includes the following types:

  1. Identity data: name;
  2. Contact data: email address;
  3. Technical and system-generated data: log files, pages you visited on our Website, cookie device identifiers, device operating system, date and time when pages were visited.
  4. Communication data: content, communications, and other information you provide when you use the Website;

We use different methods to collect data from and about you including through:

  1. Direct interactions. You may provide us your Identity, Contact, Communication or Technical data by filling in forms on our Website or in course of communication with us through email or by other means. 
  2. Automated technologies or interactions. As you interact with our Website, we will automatically collect Technical and system generated data about your browsing actions. We collect this Personal Data by using cookies and other similar technologies. Please see our cookie policy for further details. 

When you are visiting our Website, your Personal Data will be used in order to provide our Website or respond to your request. If you decide to contact us by email , we will process your Personal Data in order to respond to your request. 

We act as a data controller with regards to Personal Data when (1) you are visiting our Website, (2) when you are communicating with us through our Website, through our email or other contact means, or (3) when we contact you based on our legitimate interest. 

We do not collect any special categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses. 

We will Process Personal Data when onboarding service providers, employees or purchasing goods or services. We Process Personal Data for recruitment purposes to ensure that we recruit qualified candidates or certain personnel. This includes Contact Data, Identity Data and Communication Data. 

Use of the Personal Data

We process your Personal Data for the following purposes: 

  1. To provide our Website. We make our Website publicly available to potential event attendees or  visitors. We may Process Technical and system generated data to provide you with the best experience with regards to our Website.
  2. Website functioning and developing. We process Personal Data, including public feedback, to conduct research and for the further development of our Website.
  3. Security. We process identity data, contact data,  communication data and technical data in the context of your and data controllers legitimate interest – to ensure safety and security, to investigate possible fraud or other violations. For example, we may use your log files for technical analysis as well as for statistical evaluation.
  4. To respond to your question and inquiries regarding our services. We process identity data, communication data, sensory information and contact data for this purpose.
  5. To communicate with the general public, certain individuals or target groups (customers, service providers). For this purpose, we may process technical data, contact data, image data including your picture, communication data and identity data for this purpose.
  6. Where it is necessary for our legitimate interests (or those of a third party) and your interests unless fundamental rights of other Data Subject(s) override those interests.
  7. For legal purposes. We may use any type of Personal Data when Processing is required by the applicable law.

Lawful basis

We process EEA-based User’s Personally identifiable data under the following legal bases:

  1. On the basis of Art. 6 (1) (a) GDPR; Art 7 (I) LGPD – on the basis of consent.
  2. For other legitimate interests, unless those interests are overridden by user’s interests or fundamental rights and freedoms that require protection of  Personal Data. For example, we rely on our legitimate interest when it comes to (1) diagnose analytics to assess the number of visitors and page views for further optimization of our Website; (2) optimize of our visitors’ experience; (3) prevent fraud; (4) ensure network and information security; and (5) perform a contract or take a steps to initiate entering into the contract.

How do we protect your data

We process Personal Data in a way that assures an appropriate level of security, including protection against unauthorized Processing, destruction, accidental loss, or damage, while applying suitable organizational and technical measures under industry standards.

Our physical security complies with industry standards. All data transits are encrypted to align with best practices with Secure Socket Layer technology. Our Website using industry-standard data transport protocols. Our Website is hosted on Amazon Web Services servers based in Frankfurt-in-Main operated by Amazon Web Services EMEA SARL. All data are automatically replicated in real-time to secondary hot failover databases and file repositories in the same data center.

All our personnel and contractors are subject to confidentiality agreements. Only authorized personnel have granted minimum access on a need-to-have basis to Personal Data. 

How do we share your Personal Data

We will share your Personal Data with our service providers in order to provide and facilitate our Website. We retain the right to share your Personal Data as part of change in control, merge or sale, or in preparation for any of these events. Any third party which further buys us or part of our business will be entitled to continue to use your data, but only in the manner set out in this Privacy Policy unless you agree otherwise.

Service providers 

Our service providers acting as processors based in the EEA or USA who provide – services and IT and system administration services:

  1. We use Amazon AWS provider by Amazon Web Services EMEA SARL (having a principal place of business at 38 Avenue John F. Kennedy, L-1855, Luxembourg) for our Website hosting. Amazon AWS privacy policy is available at https://aws.amazon.com/privacy. Purpose of Processing – storage of data based on consent and on the basis of our legitimate interest. Legal basis: Art. 6 (1) (a) GDPR and Art 7 (I) LGPD. 
  2. We use Cookiebot provider by Usercentrics A/S (having a principal place of business at Havnegade 39, 1058 Copenhagen, Denmark) as cookie management solution. Cookiebot  privacy policy is available at https://www.cookiebot.com/en/privacy-policy/. Purpose of Processing – storage of data based on consent and on the basis of our legitimate interest. Legal basis: Art. 6 (1) (a) GDPR and Art 7 (I) LGPD. 
  3. We use Google Analytics 4 provider by Google Ireland Limited (having a principal place of business at  Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland) to collect general statistics about our Website visiting. Google privacy policy is available at https://policies.google.com/privacy. Purpose of Processing – storage of data based on consent and on the basis of our legitimate interest. Legal basis: Art. 6 (1) (a) GDPR and Art 7 (I) LGPD. 
  1. We may share data with our contractors and service providers, who act either as: (1) as processor or controller based in the EEA world who provide – development services, IT and system administration services, software testing services or support services or (2) acting as a processor or joint controllers including lawyers, bankers, auditors and insurers. Purpose of Processing – make our services available to our customers. Legal basis: Art. 6 (1)(a) GDPR and Art 7 (I) LGPD.

Data transfers

We are not and will never sell your Personal Data to third parties.

The Personal Data you provide us with  may be transferred to and processed on our servers, or servers of third-party providers. We enter into standard (“model”) contractual clauses, or ensure that the transfer is pursuant to another valid mechanism under GDPR. 

As far as the transmitting of Personal Data to a third party is not explicitly permitted by law, you agree that we may, if necessary, transmit Personal Data to law enforcement offices when relevant to defending against a governmental and public safety threat or the prosecution of a criminal act. Furthermore, you agree that we may, if necessary and related to legitimate law enforcement or criminal prosecution interests, transmit Personal Data to a third party. Transmission of data is not necessary and will not occur if a preliminary legal or law enforcement proceeding can be initialized or has already been initialized.

Your Privacy Options according to GDPR and UK DPA 2018

According to GDPR and UK DPA 2018, you have the following rights:

    1. Right to rectification. You have the right to request to rectify, without undue delay, any incomplete, inaccurate or incorrect data pertaining to you.
    2. Right to limitation of Processing. You can limit the use of Personal Data processed.
    3. Right of opposition. You have the right to object, for reasons related to its particular situation, to the Processing based on our legitimate interest of your Personal Data, including regarding the creation of profiles. 
    4. Right of access. You may request a copy of Personal Data collected during use of our Website. This data includes Personal Data processed, purposes of Processing, categories of Personal Data concerned, recipients of personal data, origin of the data (unless collected directly from you), the envisaged period for which Personal Data will be stored, the existence of other rights.
    5. Objecting to or restricting the use of Personal Data. You can ask to stop using all or some portion of Personal Data or limit use thereof by requesting its erasure as described above or sending us a request.
    6. Right to lodge a complaint with supervisory authority. You have the right to lodge a complaint with a competent data protection supervisory authority. 
    7. Right to data portability. You can receive Personal Data we collected about you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. 
    8. Right to be forgotten. Your can request deletion of your Personal Data when following grounds applies: (1) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (2) you withdraw your consent and where there is no other legal ground for Processing; (3) and there are no overriding legitimate grounds for Processing, or you object to Processing pursuant to Article 21(2) GDPR. We may not delete your Personal Data insofar as the Processing is necessary for: (1) for the exercise of the right to free expression and information; (2) for compliance with a legal obligation which stipulates the Processing obligation under European Union law or domestic law applicable to us; (3) for the establishment, exercise or defense of a right in court.
  • Right not to be subject to a decision based solely on automated Processing, including profiling. 

Exercise of rights granted according to GDPR or UK DPA 2018

To exercise any of the aforesaid rights you may send us an email to info@globaltalentweek.com. Upon request, we will review it and will provide a response if we are a data controller. We may charge a reasonable fee if the request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

If we are data controllers, we shall review and pronounce on the request within 1 month as of its filing. This period may be extended by further two months, if necessary, for example, if your request is particularly complex or you have made a number of requests. We shall inform you as to any such extension within 1 month as of receipt of the request, stating the reasons for the delay. When you file a request by electronic means, the information is provided electronically, if possible, unless you have requested otherwise. Should your request be unclear we reserve our right to send you our additional questions.

Upon the filing of a request by an authorized person, the notarized power of attorney must be attached to the request. In case of death of the natural person, his / her rights are exercised by his / her heirs and the certificate of heirs shall be attached to the request. The heritage should be confirmed by a respective certificate, issued in the dead person’s jurisdiction.

Where data does not exist or their provision is forbidden by law, access of the requesting party to such data is refused.

Third-party content and links 

Our Website may contain embedded links to other websites, services, and web addresses. This privacy policy applies only to our Website and not to those external websites, services and web addresses that we link to. Those websites, services, video hosting services and web addresses have their own privacy policies. We are not responsible for these external websites and services and their privacy policies and practices, as well as their compliance with applicable data protection laws. 

Retention 

When you are sending us an inquiry, or we process your Personal Data on the basis of our legitimate interest, we will process your Personal Data as long as it is required for the purpose or our legitimate interest, but not more than five years from such inquiry or occurrence of our legitimate interest. 

Age Limitation

Our Website is generally not for users who are under 16 years old. We do not knowingly process any Personal Data from persons under 16 years of age, and any such data shall be immediately deleted upon detection, unless (1) processing of personal data of persons under 16 years of age is explicitly allowed by the national personal data protection law applicable to such person’s personal data and Event Organizer, (2) person under 16 years of age consented to processing of its personal data or, where lawfully required, the consent was given by the tutor of the person under 16 years and (3) processing of personal data of individual under 16 years of age is  explicitly disclosed in Event Organizer’s privacy policy. If you learn that anyone younger than 16 years old has provided us with Personal Data, please contact us at info@globaltalentweek.com.  

Privacy Policy Changes

We may amend this Privacy Policy from time to time, and we shall inform you about any such amendments in the future. The use of data we collect, process, and save now is subject to the version of this Privacy Policy that is in effect at the time users provide such data.

Information for California and Nevada Residents

Under California Consumers Privacy Act (CCPA) and Nevada Privacy Law we have to inform consumers based in California and Nevada about our use, disclosure, Processing and collection of personal information. This section explains your rights as of California/Nevada consumer or resident pursuant to this act. Categories of Personal Data that we collect are described in the “Data Processing” section of this Privacy Policy. The purposes of Processing of Personal Data are described in the “Use of Personal Data” section of this Privacy Policy. 

We will never collect, sell, and/or disclose Personal Data to third parties or service providers. 

CCPA prohibits any kind of discrimination acts against California consumers for executing their rights granted pursuant to CCPA and imposes requirements and restrictions on any kinds of financial incentives related to collection, Processing and use of California consumers Personal Data. Due to this, we will not discriminate against you and will provide, and will not deny, a different level of quality of services and/or goods. Also, we will charge or suggest that we will charge different prices or rates or impose penalties. However, we reserve the right to do so, when it is reasonably related to the value provided to the consumer by the consumer’s data. 

We honor rights granted to consumers pursuant to CCPA and Nevada Privacy Law, so we will accept verifiable requests of copy, deletion and right to know. California and Nevada consumers can execute your right twice per 12 month period. 

  1. Deletion request. Right to request deletion of Personal Data we collected about you.
  2. Copy request. Right to request a copy of Personal Data we collected about you.
  3. Right to know. Description of Personal Data we collected about you within the last 12 month period as per the CCPA.

You can execute your rights by sending email to info@globaltalentweek.com. When you file a request by electronic means, the information is provided electronically, if possible, unless you have requested otherwise.

For California based consumers: we will provide you with a response within 45 days from the moment we received your request and verify your identity. 

For Nevada based consumers: we will provide you with a response within 90 days from the moment we received your request and verify your identity. 

Please take into account that we will satisfy your request only when we have verified your identity to a reasonable degree of certainty. You are entitled to authorise your agent to execute your rights. However, please note that we will verify your agent’s authorisation.

Information for Brazilian residents

Brazil’s Lei Geral de Proteção de Dados, the Brazilian General Data Protection Law, Federal Law no. 13,709/2018 (“LGPD”) will become effective on August 16, 2020. The LGPD is a legal policy in Brazil, both online and offline, in the private and public sectors. As supervisory authority, the National Data Protection Authority (ANPD) has been created and charged with overseeing and enforcing the LGPD. LGPD requires that Brazilian Personal Data processed by an organization is appropriately and sufficiently managed and protected. 

We honor Brazilian residents rights and allow to execute the following rights granted by the article Art 18 of LGPD: 

  1. The right to confirmation of the existence of the Processing;
  2. The right to access the data;
  3. The right to correct incomplete, inaccurate or out-of-date data;
  4. The right to anonymize, block, or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD;
  5. The right to the portability of data to another service or product provider, by means of an express request
  6. The right to delete Personal Data processed with the consent of the Data Subject;
  7. The right to information about public and private entities with which the controller has shared data;
  8. The right to information about the possibility of denying consent and the consequences of such denial; and
  9. The right to revoke consent.

You can execute your rights by sending email to info@globaltalentweek.com. When you file a request by electronic means, the information is provided electronically, if possible, unless you have requested otherwise.

We will provide you with a response within:

  • Response to the right of access request will be provided within 15 days from the moment we received your request and verify your identity.
  • Other requests will be executed within reasonable time, but not more than 30 days from the moment we received your request and verified your identity. 

Please take into account that we will satisfy your request only when we have verified your identity to a reasonable degree of certainty. You are entitled to authorize your agent to execute your rights. However, please note that we will verify your agent’s authorisation.

Supervisory Authority

We’re regulated by the Norwegian Data Protection Authority (DPA). You can also contact them for advice and support at https://www.datatilsynet.no/en/about-us/contact-us/.

How To Contact Us

If you have any questions or requests regarding your policy, please send your request to  info@globaltalentweek.com