Noresca Privacy Policy
1. Introduction
The information contained below constitutes the privacy policy of Noresca (“Noresca”, “we”, “us”, “our”). The aim of this policy is to inform you of what personal data we collect, why we collect personal data and how we process personal data. The policy also includes information about your rights regarding your personal data.
The main reason why Noresca collects and processes personal data is because you are or have been in contact with Noresca either as a customer, customer representative, interested party, prospective customer, employment applicant or in any other capacity.
This privacy policy applies to you when you visit our website (regardless of your location) and when you communicate with us through our website, via e-mail or by other means.
We advise you to read this privacy policy together with our cookie policy and other information that we may provide that concerns data protection so that you are aware of why we collect and process personal data and your rights in this respect.
We may update this policy at any time by posting the new policy on our website.
2. Data controller and contact information
Noresca Consulting AB (Swedish company registration number 559127-6299) is the data controller and responsible for the collection and processing of personal data.
If you have any questions about our privacy policy or concerning your personal data, please contact our data privacy officer at contact@noresca.se or at our office at Datavägen 14a, 436 32 Askim.
While you are entitled to file any complaint directly with any competent data protection supervisory authority, we would welcome the opportunity to handle any concern or complaint that you may have. We therefore invite you to first contact us so that we may be able to solve your concerns easily and swiftly.
3. The data we collect and process
We typically collect two types of data: personal data and non-personal data.
Personal Data. Any information is considered personal data if the piece of information can identify a person. If identification cannot be made from the information, it is not considered personal data.
We collect, store and process a variety of personal data, such as:
- identity data (e.g. name, username, marital status, title, gender and date of birth);
- contact data (e.g. postal address, e-mail address, social account, telephone number);
- financial data (e.g. financial data, bank account);
- technical data (e.g. IP address, browser type, time zone, location);
- user data (e.g. username, password, settings, preferences, survey response, data on how you use our website and applications); and
- marketing data (e.g. your choice to receive marketing and other communication preferences).
Please note that we do not collect, store or process any special category of personal data, such as medical history, race, religious beliefs, sexual orientation, political opinion or memberships. We may, however, in certain circumstances store information about whether or not you are on parental leave or sick leave, where this is necessary considering your capacity as representative for your company so that we may maintain communication with your company, provided that you have made such information available to us yourself or via your company.
Non-Personal Data. We may also store other forms of data that are created with the help of personal data but that has been anonymized and therefore no longer constitutes personal data. An example of such non-personal data would be statistical data on the usage of our applications.
4. How we collect personal data
Personal data is collected in a variety of circumstances, of which the below are the most common.
Direct Communication and Interaction. You may provide us with personal data when you visit us, communicate with us or interact with us via other means. Typical situations are when you correspond with us via email, have online or physical meetings with us, inquire about our products and services and ask us to contact you.
Automatic Collection. You may provide us with personal information by using our website, services and/or applications. An example of this would be the usage of cookies (please see our cookie policy for more information).
Third Party Sources. We may also receive personal data from a variety of third parties. This includes company information and other information from publicly available resources as well as information from other service providers (e.g. Google, Facebook and LinkedIn).
5. How we use personal data
We only use personal data to the extent permitted by applicable data protection laws.
Typical legal grounds are a) when we need to fulfill a legal obligation due to an agreement; b) when we have a legitimate interest and the balance of interests does not prohibit this; c) when we are required to by law or other regulation; and d) when we have your consent.
Below you will find typical examples of the purpose for our use of personal data:
| Purpose | Legal Ground |
|---|---|
| Provision of Products, Services and Applications | Performance of agreement + legitimate interest |
| Communication with you as a prospective or existing customer | Performance of agreement + legitimate interest |
| Managing our relationship with you, including communication of updates to our policies, invitation to events and similar | Performance of agreement + legitimate interest + compliance with legal obligations |
| Administration and protection of our website and business | Legitimate interest + compliance with legal obligations |
| Advertising | Legitimate interest |
6. Marketing
We may from time to time send you information on our business, our products and our services. This we do to keep you informed of developments and news that may be beneficial to you.
You may at any time request us to stop sending you marketing communications by either using the appropriate link contained in the communication or by contacting us directly.
Please note that opting out from receiving marketing communication from us will not affect your personal data that we have collected and process on other legal grounds.
7. Cookies
You can manage your browser settings to allow or refuse some cookies. You can find more information about this in our cookie policy. Please note that if you disable some or all cookies, this may affect your access to parts of our website.
8. Data sharing
We do not generally disclose your personal data to third parties. However, for business reasons, this may sometimes be required.
We may for example share personal data with a) companies that are affiliated with Noresca, such as service providers that provide IT systems, IT administration and software used for our business and for the performance of our services to you, b) professional consultancy providers such as lawyers, auditors, insurers and banks, c) any third party to whom we may sell all or parts of our business, d) any third party business that we acquire, e) competent authorities to whom we are required to disclose personal data.
We may also, where necessary, transfer personal data outside of the EU and EEA to partners that are based outside of these areas.
We require all third parties with whom we share personal data to adopt the same level of protection as we do and to process personal data in line with our privacy policy, unless such third party has another legitimate basis for collecting and storing personal data.
9. Storage time
We typically only keep personal data as long as necessary for the fulfillment of the purpose for which the personal data was collected. Please note that we may have to store personal data for long periods of time due to auditing requirements and other legal requirements.
You are always welcome to contact us in case you consider that we may no longer be entitled to store or process your personal data and we will inform you of the reason for why we continue to store your personal data.
If we would make certain personal data anonymized, so it can no longer be associated with you, such data ceases to be personal data and we can store such anonymized data without limitation in time.
10. Security measures
We have taken appropriate measures to protect your personal data from becoming accidentally disclosed or used or being accessible without permission by third parties. We also aim to restrict access to personal data to those of our employees that need to know such data to perform the purpose for the collection of the personal data. In the event of a personal data breach occurring that affects your personal data, we will take appropriate measures to minimize the negative effects of such a breach and we will also notify the applicable competent authority and you of the breach where we are required by law to do so.
11. Your rights
You have certain rights in accordance with applicable data protection laws. Below is a list of your rights.
Withdrawal of Consent: You have the right to withdraw your consent in full or part. Such withdrawal will take effect from the time you have informed us about the withdrawal.
Object to Marketing: You always have the right to object to your personal data being used for marketing purposes.
Balance of Interests: You have the right to object to the processing of your personal data based on a balancing of interests. However, sometimes you do not have this right, in cases where we can demonstrate compelling legitimate reasons for the processing that outweigh your interests.
Access Rights: You have the right to confirmation of whether personal data concerning you is processed by us as well as information about the processing that we carry out. You can also access the personal data and receive a copy of the personal data processed by us.
Right to Correction: You have the right to have any incorrect data about you corrected and you also have the right to request us to supplement incomplete data.
Right to be Forgotten and Restriction of Processing: You have, under certain conditions, the right to request the deletion of your personal data and to request that we limit our processing of your personal data. This can be the case if your personal data is no longer required for the purposes for which it was collected or processed or if you dispute the correctness or legality of the personal data.
Complaints: You are always entitled to submit a complaint to any competent authority. Preferably, this should be done with the authority in the member state within the EU/EEA where you reside or work or where a violation of data protection laws has occurred.
Data Portability: You may require us to transfer some or all your personal data that we are in the possession of to another company. This right assumes that you have provided us your personal data in a format where such transfer is technically possible.
Please note that we may require you to prove your identity before we can process any of the requests detailed above or any other request concerning your personal data.
12. Third party websites
From time to time our website and our communications with you may include links to third party websites, applications and other similar electronic tools. If you click on such links, this may result in the collection of your personal data by such parties. Please note that we have no control over the actions taken by such third parties and we cannot assume any responsibility in any manner or to any extent for any collection or processing of your personal data by such third parties. It is therefore important that you inform yourself of the privacy policy for every website that you access.
13. Failure to provide personal data
Please note that if we need to collect your personal data by legal obligation or in order to perform our duties following a contract with you and you do not provide us with requested personal data, such refusal may affect our ability to perform our obligations to you and we may therefore be unable to continue an agreement with you or communication with you, and we shall not be held responsible for any damage that this may cause you.
14. Contact
If you have any questions about this privacy policy, if you wish to discuss our processing of your personal data or if you wish to exercise your rights, please contact us at contact@noresca.se.

