Privacy Policy
Last updated: 28.11.2024
Introduction
Stray Partners AS ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you interact with us.
Data we collect
We may collect and process the following types of personal data:
1.1 Personal Identifiable Information:
· Name, email address, phone number, job title, and company details (when submitting inquiries or using our services).
1.2 Technical Data:
· IP address, browser type, operating system, and usage data (collected through cookies or analytics tools).
1.3 Special Category Data:
· Anonymized health data, used solely for research and analysis purposes.
2. How we use your data
We process your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| To respond to inquiries and provide services. | Contractual necessity |
| To analyze health data for research purposes. | Legitimate interest (anonymized data) |
| To improve website functionality and user experience. | Legitimate interest |
| To comply with legal or regulatory requirements. | Legal obligation |
3. Sharing your data
We do not sell or rent your personal data. However, we may share it with:
· Service Providers: Vendors providing IT, hosting, and analytics services under strict data protection agreements (DPAs).
· Legal Authorities: When required to comply with legal obligations.
· Clients: Anonymized data only, for research reports.
4. Data Transfers
If your personal data is transferred outside the EU/EEA, we ensure it is protected using:
· Standard Contractual Clauses (SCCs).
· Hosting services compliant with GDPR and ISO 27001 standards.
5. Data Retention
We retain your data only as long as necessary for the purposes outlined in this policy:
· Employee data: 5 years after employment ends.
· Health data: 48 hours (anonymized for analysis).
· Technical data: 26 months.
6. Your Data Protection Rights
Under GDPR, you have the following rights:
· Access: Request access to your data.
· Correction: Correct inaccuracies in your data.
· Deletion: Request deletion of your data (where applicable).
· Objection: Object to data processing in certain situations.
· Portability: Request data transfer to another organization.
To exercise these rights, contact us at compliance@straypartners.com
7. Data Security
We implement technical and organizational measures to protect your data, including:
· Encryption (SHA-256) for data in transit and at rest.
· Role-based access controls and multi-factor authentication (MFA).
· Regular penetration testing and incident response plans.
8. Cookies
Our website uses cookies to:
· Enhance functionality and user experience.
· Analyze website traffic via tools like Google Analytics.
For more details, see our Cookie Policy.
9. Data Breaches
In the event of a data breach, we will:
· Notify affected individuals and authorities within 72 hours (if required).
· Document all breaches in our Incident Management Log.
10. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us at:
Stray Partners AS
Beddingen 24, 0250 Oslo, Norway - InWester Building, Aker Brygge
Email: compliance@straypartners.com
11. Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations. The latest version will always be available on our website.