Nordic Credit Rating AS (NCR) is paying the greatest attention to protecting your individual rights and personal data as a data controller. Even though Nordic Credit Rating’s business model is not primarily based on the processing of personal data as a business-to-business operation, data protection is central in our daily operations. This privacy notice seeks to provide you with important information regarding your individual rights and why and how we use personal data to carry out our services and obligations as a Credit Rating Agency.
This Privacy Notice covers the following areas:
1. NCR as a data processor
You are always welcome to contact Nordic Credit Rating AS with inquiries relating to data protection. Contact us at compliance@nordiccreditrating.com or by mail to: Nordic Credit Rating AS, Data Protection, Postboks 1519 Vika, 0117 Oslo, Norway. For further general information relating to your individual rights and data protection, please contact the Norwegian data protection authority.
2. What type of personal data do we collect, and why do we collect it
What type of personal data are we collecting?
We collect personal data when entering into new customer agreements with a rating object (legal entities that acquire rating services from NCR). To manage the ongoing customer relationship and service with the rating object, we may also collect personal data relating to other persons involved in the customer relationship. We will also collect relevant information that you have shared with us such as emails and post, to carry out our services. In addition to the data we collect from you, we may also collect publicly available data from third parties. Data collected from third parties are always minimized, and only used to carry out services. Third-party sources may be registers held by governmental agencies (tax authorities, company registration offices, etc.), or similar public sources relating to financial and ownership data. As a business-to-business company, we will only collect the following categories of personal data:
- Contact information: name, company address, phone number, and postal address
- Financial and legal information: Ownership structures and financial statements.
Why do we collect personal data, and how do we use it?
We collect and use your personal data to fulfil contractual and legal obligations, where ongoing communication with all customers is important. The collection of personal data is vital to be able to verify and set up new customer agreements and to fulfil legal obligations relating to reporting requirements.
Performance of a contract:
- To be able to verify and set up a new customer agreement
- Customer communication and service throughout the customer lifecycle.
- To be able to carry out the ongoing rating service.
Legal obligations:
- Bookkeeping requirements.
- Tax authorities reporting and other relevant authorities.
- Other regulatory obligations relevant to credit rating agencies
Personal data may also be processed in relation to marketing of our services. Where we might use personal data for marketing purposes, you will always have the possibility to opt-out from the marketing activity. We will never process any type of sensitive data, and we urge you never to share or send us any sensitive personal data.
3. Automated decision-making
We are not using any automated decision-making processes relating to personal data in the course of our operations.
4. Whom we may disclose your personal data to, and data transfer
We may share personal data with others such as authorities and suppliers (NCRs data processors). All disclosure and sharing of personal data will always be performed according to applicable data protection regulations and secrecy obligations. Disclosure of data to authorities may include data relating to tax, police enforcement, or other relevant legal purposes. Disclosure of data with third parties will only be made with our selected suppliers and vendors that are carrying out services on behalf of us such as IT, hosting, and support. Personal data shared with third parties will never be used for marketing, or any other purposes, other than what is strictly necessary to carry out our services as a credit rating agency.
5. How we protect your personal data
Protecting personal data is of crucial importance to us, and our internal control framework, business processes, and systems are adapted to safeguard the processing of personal data. Data protection can be divided into three general areas:
- Confidentiality: We will always protect your data from unauthorized access, loss, and related misuse.
Integrity: We will always protect the integrity of personal data by assuring accuracy and completeness.
- Availability: We will always ensure that personal data is readily available when needed by preventing unwanted disruption or related failures.
6. Your privacy rights
Your privacy rights are central to us, and the regulatory framework governing data protection gives you a broad set of rights relating to your personal data. These rights are defined to protect you, and can be defined as:
- Right to information and access: You have the right to receive information from us regarding our use of personal information (this privacy notice), as well as what type of information we have collected from you, as long as this is not in conflict with any other regulatory obligations.
- Right to rectification: You have the right to correct any personal data relating to you if this data is incomplete or incorrect, as long as this is not in conflict with any other regulatory obligations.
- Right to be forgotten (erasure): You have the right to have your personal data erased when (as long as this is not in conflict with any other regulatory obligations) the personal data is no longer necessary for the purpose for which NCR originally collected or processed it for
- NCR is relying on your consent as the lawful basis for holding the data, and you withdraw the consent
- NCR is relying on legitimate interests as the basis for processing, and you object to the processing of the data, and there is no overriding legitimate interest to continue this processing
- NCR is processing the personal data for direct marketing purposes and you object to that processing
- NCR has processed the personal data unlawfully
- NCR has to do it to comply with a legal obligation or
- NCR has processed the personal data to offer information society services to a child.
- Right to restricted processing: You may have, under certain circumstances such as correctness and unlawful processing, have a right to restricted processing of your personal data. This applies as long as this is not in conflict with any other regulatory obligations).
- Right to data portability: You have the right to receive your personal data in a machine-readable format.
7. Cookies
We use cookies only to manage and improve the performance and functionality of our webpage and related services. We will never use cookies for marketing purposes.
8. How long do we keep your personal data, and why
The right to the erasure of personal data is central to protect your individual rights and data. We will only keep your personal data as long as they are needed for our obligation to fulfil a contractual obligation, or as stated by regulatory requirements.
9. Privacy Notice updates
Any changes made to this privacy notice will be updated on our website and will be communicated to our customers in the case of more extensive changes.
Off