Processing of (personal) data by the entity in charge of the online application process
Privacy Policy
This Privacy Policy provides information about how Norvestor processes personal data when you use this website and when we provide our services.
The Norvestor entity in the jurisdiction where you operate is responsible for ensuring that we process your personal data in compliance with applicable privacy laws, including the General Data Protection Regulation (EU) 2016/679 (often referred to as GDPR) and national data protection regulations in jurisdictions where we process personal data. It is this company we refer to when we use terms as “we”, “us”, or “our” in this policy.
If we make significant changes to our Privacy Policy or to our privacy practices, an updated version of this Privacy Policy will be made available to you.
Personal data
Norvestor will process personal data for the purpose of:The hiring process: such personal data include general information, contact information and professional information, such as application, degree certificate, interview form, personality test, credit rating, pre-employment screening and other information relevant to assess whether you are qualified for the position. The legal basis for this processing is the GDPR article 6 (1) b, whereas the processing is necessary for the preparations prior to entering into the employment contract. Our employer branding and recruitment process is managed through our career site; more information on the processing of personal data submitted through our career site can be found here[AMT/B1] .
Assess whether you are fit and have the qualifications required for the relevant position. For certain positions, such personal data may include information regarding bankruptcy proceedings, fines and penalty charges, criminal investigations, indictments, convictions, and additional tax. The legal basis for this processing is the GDPR article 9 (2) b, and article 6 (1) b, whereas the processing is necessary for the purpose of carrying out the obligations and exercising the rights in the field of employment in relation to the engagement. Under the GDPR such personal data are considered special categories of personal data, and special measures will be taken to ensure adequate data protection for these personal data.
Complying with legal obligations. Such personal data may include information related to AML/KYC, own-account trading, gifts and contracts with suppliers and service providers. The legal basis for this processing is the GDPR article 6 (1) c, whereas the processing is necessary for the purpose of compliance with legal obligations.
Conducting due diligence on potential new investments by funds advised or managed by Norvestor. For certain investments, Norvestor may be provided with data containing personal data related to employees, board members, clients, sellers, and other individuals. The legal basis for this processing is the GDPR article 6 (1) f, whereas the processing is necessary for the purpose of legitimate interests.
Assisting business partners and other third parties with AML/KYC controls (know your customer processes). Norvestor may retain a copy of the passport for business partners who have explicitly consented to this. The legal basis for this processing is the GDPR article 6 (1) a and f, and 9 (2) a whereas this particular processing is based on consent.
Assisting potential and existing investors in a due diligence process and classifying investors. This may involve the collection of personal information, such as the individual's name, role, education, age, experience, contact details and similar details. The purpose of assisting potential investors is to facilitate fundraising and investments, including performing due diligence and closing. The legal basis for this processing is the GDPR article 6 (1) f, whereas the processing is necessary for the purpose of legitimate interests. Classifying investors is to sort out professional investors in accordance with MiFID and make sure that potential investors have access to sufficient information to make informed investment decisions regarding a fund or portfolio company managed or advised by Norvestor. The legal basis for this processing is the GDPR article 6 (1) c, which allows for the processing of personal data when it is necessary for compliance with a legal obligation to which the controller is subject.
Access control: such personal data include information relating to the access control system, such as entries, and activation and blocking of admission cards. The legal basis for this processing is the GDPR article 6 (1) f, whereas the processing is necessary for the purpose of legitimate interests. The legitimate purpose pursued is the need to ensure safety and prevent unauthorised access.
- Website use: Norvestor collects and retains personal data through cookies for a limited duration, typically during your website visit. Upon revisiting, we may access cookies and previously stored personal data. We only use cookies that are necessary for the proper functioning of the website, such as preventing unauthorized actions and maintaining a secure browsing environment. The legal basis for these cookies is based on GDPR Article 6 (1) f for legitimate interests – ensuring safety and preventing unauthorized access. The cookies placed on your device have varying lifespans, ranging from 30 seconds to 1 year. For detailed information on the duration of storage for each cookie on your device, please refer to section 5.
Data security and retention
Norvestor is required to prevent unauthorised access to your personal data. We utilize reasonable and appropriate physical, technical, and administrative procedures and measures to safeguard the personal data we collect and process.Norvestor will not retain your personal data longer than necessary and will assess the need for retention of personal data on an ongoing basis. Unnecessary personal data will therefore be deleted when retention is no longer necessary, or if the legal basis for the processing activity is based on consent, when your consent is withdrawn.
Use of service providers
Norvestor may provide its service providers access to the personal data if they provide services such as maintenance, operations, or other technical or AI solutions to Norvestor. To safeguard your rights pursuant to the applicable national personal data regulations, Norvestor has entered into data processing agreements with the service providers who may gain access to or process personal data on behalf of Norvestor. Our service providers are not entitled to make use of the personal data for other purposes than those set out in this Privacy Policy. Our service providers have an equal obligation to enter into a data processing agreement with their respective service providers (sub-processors), ensuring that the sub-processors are imposed the same obligations as the service providers.In the event that a service provider is located outside of EU/EEA, Norvestor will ensure that sufficient safeguards are implemented in order to ensure that such transfer is safe and in accordance with the applicable national personal data regulations.
Disclosure to third parties
Norvestor will only disclose personal data to third parties if (i) such disclosure is required by the GDPR or is in accordance with national data protection regulations, and (ii) the disclosure is made for the purposes set out in this Privacy Policy. Such third parties may include banks, financial and legal advisors, and national tax authorities. In addition, Norvestor may disclose personal data to funds managed or advised by Norvestor, including their affiliates, on a need-to-know basis, subject to the provisions in (i) and (ii) above.Norvestor may disclose personal information, including passport details and proof of address, pertaining to business relations (e.g., investor, business partner etc.), to third parties such as airline companies, foreign immigration authorities, embassies, and other institutions mandated to conduct AML/KYC controls. Additionally, Norvestor may share personal information, specifically passport details and proof of address, with reporting entities, including companies, organizations, and institutions bound by legal obligations to perform AML/KYC controls (know your customer processes). The processing of this information is based on the explicit consent of the individual, as outlined in article 6 (1) a and f, and article 9 (2) a, allowing the data subject to withdraw consent at any time.
Norvestor may disclose personal data related to employees, former employees, and business relations to potential investors. The processing of this information is based on the legitimate interest of Norvestor, as outlined in article 6 (1) f.
Norvestor may disclose personal data relating to candidates to our recruiters. The processing of this information is necessary for the preparations prior to entering into the employment contract, as outlined in article 6 (1) b.
Norvestor may disclose personal data to our newsletter service provider Apsis. We have an agreement with Apsis regarding distribution of newsletters and other relevant information on behalf of Norvestor. For Apsis to distribute the newsletters, we must share some of your contact details with Apsis. The processing of this information is based on the legitimate interest of Norvestor, as outlined in article 6 (1) f.
In the event that a third party is located outside of EU/EEA, Norvestor will ensure that sufficient safeguards are implemented in order to ensure that such disclosure is safe and in accordance with data regulations.
Your rights
You have the right to request access to, and rectification or erasure of your personal data. You also have the right to request restriction of the processing, object to the processing, and to request data portability. For further information on these rights, please see:the Norwegian Data Protection Authority (Datatilsynet) website: www.datatilsynet.no
the Luxembourg National Commission for Data Protection (CNPD) website: www.cnpd.public.lu
the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) website: www.imy.se
the Finnish Office of the Data Protection Ombudsman (Tietosuojavaltuutetun Toimisto) website: www.tietosuoja.fi
the Danish Data Protection Agency (Datatilsynet) website: www.datatilsynet.dk
the German Federal Commissioner for Data Protection and Freedom of Information (BFDI) website: www.bfdi.bund.de
the United Kingdom’s Information Commissioner’s Office (ICO) website: www.ICO.org.uk
If a processing activity is based on your consent, you have the right to withdraw your consent at any time.
To exercise your rights, you may contact us at Privacy@norvestor.com. We will respond to your request as soon as possible, and no later than 30 days.
If necessary, we may ask you to confirm your identity or to provide further information before we allow you to exercise your rights. This is to ensure that we only give access to your personal data to you, and no one else.
Complaints regarding processing of personal data may be submitted with the relevant National Data Protection Authority.
The data controller
When the Norvestor entity, in the jurisdiction where you operate, is the data controller for the processing activity. Any questions regarding this Privacy Policy and our privacy practices should be sent by e-mail to Privacy@norvestor.com. Inquiries in relation to the rights set out in section 3 above should be sent to Norvestor in the same manner.The following Norvestor entities are the data controller for the designated jurisdictions:
Norvestor Advisory Aps (Denmark)
Norvestor Advisory OY (Finland)
Norvestor Advisory AB (Sweden)
Norvestor Advisory AS (Norway)
Norvestor Advisory GmbH (Germany)
Norvestor Advisory Ltd (United Kingdom)
Norvestor Investment Management S.a.r.l. (Luxembourg)
Cookies
This section provides an overview of how cookies are utilized on our website to enhance your browsing experience.CRAFT_CSRF_TOKEN Cookie
The "CRAFT_CSRF_TOKEN" cookie is used for security purposes to prevent unauthorized actions on our website and maintaining a secure browsing environment.
1031b8c41dfff97a311a7ac99863bdc5_identity
The “1031b8c41dfff97a311a7ac99863bdc5_identity” cookie is used for user authentication and session management on our website.
Norvestor
The “Norvestor” cookie is used for tracking and analyzing user interactions for the proper functioning of the website.
1031b8c41dfff97a311a7ac99863bdc5_username
The “1031b8c41dfff97a311a7ac99863bdc5_username” cookie is used for storing the username of the logged-in user for personalized browsing experiences and easy access to their account.
[AMT/B1]Hyperlink to career site privacy policy included. However, it is also possible to just write that it can be found on the career site.