Privacy Policy

Contact

Privacy Policy

1. Data Controller

This privacy policy explains how we collect and use (process) personal data in our business.

Covertro AS, represented by the Managing Director, is the data controller responsible for the

processing.

Our contact details are:

Covertro AS

Business Address: Dronningens gate 22, 0154 Oslo, Norway

Organization Number: 933399192

Email: contact@bespokescaling.com

We take your privacy seriously and have implemented measures to ensure you receive clear

information about how we process your data and what rights you have. If anything seems

unclear or missing, please don’t hesitate to contact us.

2. Your Rights

Contact us if you have questions about or wish to exercise your rights. You are entitled to a

response within 30 days. For more information, visit the Norwegian Data Protection Authority’s

website.

Access and correction: You can request a copy of the data we process about you and

ask us to correct any incorrect information.

Deletion or restriction: In certain situations, you can request the deletion or restriction

of your personal data. However, we cannot delete data we are legally required to

process.

Objection to processing: If we process your data based on legitimate interests, you

have the right to object.

Data portability: If we process your data based on consent or a contract, you can ask

us to transfer your data to you or another data controller.

You can also withdraw your consent at any time.

If you are dissatisfied with our data processing, you can file a complaint with the Norwegian

Data Protection Authority, but we encourage you to contact us first so we can try to resolve the

matter directly.

3. Whose Personal Data We ProcessWe process personal data about:

Customers

Potential customers

Contact persons at suppliers and partners

Website visitors

Job applicants

Employees and former employees

4. How We Collect Personal Data

Providing personal data to us is voluntary, but certain information is necessary for completing

transactions.

We process personal data when you:

Purchase our products/services

Contact us via phone, SMS, our website, email, or social media

Respond to a survey

Apply for a job or work with us

Are a supplier or partner

5. Purpose, Legal Basis, and Retention

Under Article 6 of the GDPR, we process personal data based on:

Your consent

A contract we’ve entered into

A legal obligation

Protecting vital interests

Tasks carried out in the public interest or official authority

Legitimate interests

As a general rule, personal data will not be processed or stored longer than necessary to fulfill

the purpose of processing. Annual GDPR audits ensure that we update, amend, or delete

personal data as required.

6. How We Process Personal Data

We process personal data in various contexts, including:Communications:

When you contact us (via website forms, email, phone, social media, etc.), we may process your

name, contact details, IP address, and other information you provide. This helps us respond,

maintain records, and manage potential complaints or claims.

Purchases:

When you purchase our products or services, we process your name, contact information, order

details, and payment information to deliver the goods/services and manage our customer

relationship.

Marketing:

If you have an existing customer relationship, we may send you marketing communications

based on legitimate interests or consent.

Job Applications and Employment:

We process job applicants' information (e.g., name, contact info, CV) to assess applications.

Employee data is also processed as needed for payroll and employment administration.

Surveys:

We always clarify the purpose of surveys and whether they are anonymous.

Suppliers and Partners:

We process contact information when entering agreements with suppliers or partners.

7. Sharing Personal Data

We share personal data with:

Data processors: Service providers processing data on our behalf.

Professional advisors: Legal, financial, accounting, audit, and insurance services.

We ensure all data recipients uphold strict data security standards and comply with GDPR

requirements through data processing agreements.

8. Data Transfers Outside the EU/EEA

In some cases, personal data may be transferred outside the EU/EEA. Such transfers are

limited to countries approved by the European Commission or under GDPR-compliant

safeguards (e.g., standard contractual clauses).9. Security

We prioritize information security by implementing:

Strong passwords

Access control

Two-factor authentication

We use reputable IT service providers and restrict access to personal data to authorized

personnel following our instructions.

Last updated: January 14, 2025