Privacy policy

MOORE’s DATA PROTECTION DECLARATION
Data protection refers to the right to privacy and the right to determine how your personal data is used.
Personal data means data and evaluations that can be linked to an individual person.
Data protection is an important part of MOORE’s deliveries and we attach the highest priority to protecting the integrity, accessibility and confidentiality of all personal data.
This personal data declaration provides supplementary information about which personal data we collect, how this information is collected and your rights if we record personal data relating to you. The CEO of MOORE AS has primary responsibility for personal data processing activities at MOORE AS.
In which areas does MOORE process personal data?
  • Client and supplier information
MOORE processes personal data about clients and suppliers, in addition to any third parties where this is required to fulfil contract obligations.
The legal basis for such processing is Section 8, first paragraph and Section 8 a), b) or f) and Section 9 a), b) and f) of the Norwegian Personal Data Act.
The information processed includes contact information for clients and suppliers.
Personal data is stored in a separate database and is deleted five years after the conclusion of the client relationship.
  • Marketing
MOORE processes personal data for marketing purposes. Such personal data will not be passed on to other enterprises.
– ADDRESS REGISTER
MOORE stores contact information for potential clients in a separate database. The information is retrieved from publicly available sources, such as enterprises’ websites. The personal data is processed in order to market our services and coordinate this marketing work.
The legal basis for this processing is Section 8 letter f of the Norwegian Personal Data Act.
Personal data for potential clients is deleted within one year of being recorded in the database, provided that a client relationship has not been established.
  • Services
– SERVICES
Processing of personal data in connection with MOORE’s audit services is based on Section 8 first paragraph of the Norwegian Personal Data Act, cf. Chapter 5 of the Norwegian Auditors Act.
Any personal data processed in audit assignments will primarily relate to contact information and other data concerning the employment relationship.
Section 5-5 of the Norwegian Auditors Act requires the auditor to store documentation and numbered correspondence in an ordered and secure manner for at least ten years. The same applies to correspondence concerning consultancy services. MOORE shall delete the above documentation within one year of the expiry of the duty to store information.
MOORE can perform all or some accounting duties for clients. Personal data processed in this context typically includes names, ID numbers and salary information.
In these assignments MOORE is the data processor and signs a data processor agreement with the client as data controller. The data processor agreement establishes the frameworks for MOORE’s personal data processing activities. The specific security measures and deletion deadline for processing will be established in each individual data processor agreement.
  • Client checks and investigations
MOORE is required to implement client checks in accordance with Sections 5, 6 and 15 of the Norwegian Money Laundering Act, and to perform more detailed investigations if it is suspected that a transaction relates to the proceeds of a criminal act, cf. Section 17 of the Norwegian Money Laundering Act.
Data that MOORE is required to process in this connection includes names/company names, ID numbers, organisation numbers, permanent addresses, family matters (association with politically exposed individuals), and data relating to potential suspected criminal acts.
Processing of personal data relating to client checks and any duty to investigate can involve processing sensitive information, including in connection with criminal acts.
In accordance with Section 22 of the Norwegian Money Laundering Act, MOORE is required to store documents used for client checks for at least five years after the cessation of the client relationship or completion of the transaction, unless a shorter period is established in other legislation or regulations.
Documents and information relating to client checks and any investigations in accordance with Section 17 of the Norwegian Money Laundering Act are stored in separate databases, protected against unauthorised access and deleted within one year of the expiry of the duty to store information.
Under certain circumstances MOORE is also required to deliver information to the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime, for example where it is suspected that a transaction relates to proceeds of a criminal act. However, this does not apply to knowledge acquired by lawyers as a result of work to establish the client’s legal status.
  • HR administration
MOORE processes personal data as part of its HR administration procedures. Personal data processed in this context includes biographical data, salary information, assessments, information about next of kin, and qualifications/position level.
The legal basis for this processing is Section 8 letter f of the Norwegian Personal Data Act.
Personal data relating to HR administration is stored for as long as the individual in question is employed at MOORE. Personal data for unsuccessful applicants is deleted one year after the relevant individual applied for the position with MOORE.
Your rights
MOORE’s personal data processing activities are regulated by the Norwegian Personal Data Act and associated regulations. Your rights relating to our personal data processing activities are established in Chapters III and IV of the Norwegian Personal Data Act. Some of your most important rights are presented below.
  • RIGHT TO ACCESS INFORMATION
    Anyone who asks has the right to know what type of personal data processing MOORE performs, as well as basic information about these processes. This information is provided in the data protection declaration.

    If you are registered in MOORE’s systems you have the right to know which information about you is recorded and which security measures are in place for processing as long as such access does not undermine security.

    You can demand that the data controller provide more detailed information as mentioned above if this is necessary to enable you to safeguard your interests.
     
  • CORRECTION AND DELETION OF INVALID PERSONAL DATA
    If MOORE processes personal data about you that is inaccurate, incomplete or which it is not permitted to process, you can demand that MOORE correct or delete such data.