The following is a description of the way in which Authentica AS (org no. 921 758 456) collects and processes personal data.

Data controller
Authentica AS, headed by Geir Giving Kalstad, is the Data Controller for the company’s processing of personal data.

Personal data stored
Personal data is all information which can be attributed to an individual; e.g. name, email address, telephone number or an assessment.
Authentica AS stores personal data on the contact persons in the projects we work on such as: name, invoicing address, office address, telephone number, email address and position in the company.

Authentica AS also stores the following data on participants in leader development programmes, surveys and other processes connected to 360-degree evaluations, work environment surveys and conflict management processes:
Name
Email
Names of immediate supervisor, peers and subordinates
Assessments of the participant being evaluated made by other participants

How the data subject is informed at present
Participants in programmes run by Authentica AS are informed about our collection and processing of personal data via this privacy notice which is sent to the participants via weblink.

How personal data is collected
Authentica AS collects personal data from participants through programme registration forms, interviews, surveys and the use of questionnaires from third parties such as managers and colleagues.

Purpose of data processing
Data is processed in order for us to complete assignments pursuant to the agreements we have concluded with the various companies that we work with. This covers the development of information on meetings, the collection of information for evaluations, administration of the customer relationship, administration of supplier relationships, etc.

 Legal basis for processing
Data is used to fulfil the various purchase agreements that we have concluded with our clients. The legal basis for such collection and processing is the EU’s General Data Protection Regulation (GDPR).

Disclosure of information to third parties
Authentica AS does not sell personal data to third parties.
When carrying out 360-degree evaluations, work environment surveys, the compilation of personality profiles and similar activities, we make use of external tools and suppliers for the collection of relevant data. You will be able to receive more information about our protocols and procedures for data processing in these cases when you purchase such services. We have signed data processing agreements with all of our external suppliers.

Data processors
Authentica AS uses several data processors:
Dedia AS provides web hosting which entails the storage of our website and emails. All data is stored at the data centre in Oslo. Read more about the data centre and the facility’s security here. Read Dedia AS’ privacy notice here.

We use Survey Gizmo for the compilation and reporting of questionnaires. Survey Gizmo is approved in accordance with EU Privacy Shield.

We use Hogrefe for the collection of data and reports in relation to NEO PI personality testing. Hogrefe is GDPR compliant.

General information about our questionnaires
We will always provide information about the purpose of our questionnaires and whether they will be
anonymous and/or confidential or not. If the survey is anonymous,
Authentica AS will not collect any personal data that can be attributed to
the individual respondent. Anonymous data from the questionnaires may be used for
research and processes of standardisation and will therefore be stored indefinitely. Authentica AS will not share data with others or use the data for any purpose other than the one that has been stated expressly. Data from questionnaires is also regulated by data processor agreements with the client in question.

Deletion of personal data
Personal data that we have collected in connection with assignments for our clients will be stored in our client register for up to one year following completion of the assignment.
When required by the Accounting Act (Bokføringsloven), data will be stored for up to five years.

Rights of the data subject
Authentica AS processes personal data in accordance with the EU’s General Data Protection Regulation (GDPR). Everyone who is registered in Authentica AS’ systems is entitled to gain insights into what data is held on them. Data subjects are also entitled to request that any incorrect or incomplete data be corrected, deleted or, if necessary, supplemented.

Information security
Authentica AS secures your personal data through the adoption of both physical and virtual access controls.

Online statistics
Authentica AS does not use any kind of tool for the
analysis of traffic on its websites.

Cookies
Authentica AS does not use cookies on its websites other than those which are necessary in order for the website to function correctly. We do not use any cookies for the purpose of tracking activity or tailoring advertisements.

Contact details
Data Controller:
Authentica AS
Geir Giving Kalstad
Email: geir.kalstad@authentica.no
Tel: (+47) 90023937
Mailing address: Lysaker torg 45
Org. no. 921 758 456