The processing of personal data in Norway is regulated in the Personal Data Act (personopplysningsloven regarding GDPR), but also in a number of other legislations such as the Marketing Act (markedsføringsloven) and the Accounting Act (regnskapsloven). This provides comprehensive guidelines for how personal information is to be processed, and the Norwegian Data Protection Authority (https://www.datatilsynet.no/) has both the advising and governing role in this area.
The day-to-day responsibility for the processing of personal data lies with the CEO of each individual company in the Glasspaper Group. Glasspaper has also appointed a Data Protection Officer (DPO), whose task is to ensure that Glasspaper complies with the Personal Data Act and to be a resource person both for those we process data about, for the company and for the Norwegian Data Protection Authority.
Contact our DPO:
Thomas Norbeck, , mobile: +47 916 70 054
We use information about you to organize services, orders or in other processes where we need to know who we are contacting.
We have registered the name, telephone, email address, address and payment address of participants in courses and tests.
We store this information about you for 5 years after completing the course/ test, or until you request that the information be deleted. The reason for this is, among other things, in connection with the desire to obtain proof of a course participation after completing the course. Name, e-mail and mobile are identifiers for finding such participation. Tests are provided by various subcontractors, and some of these have requirements for storing, for example, the last 4 digits of an ID card for 90 days. You will be made aware of these requirements by the test providers before conducting such a test.
In addition, there is a need for storage of some course and test providers' user IDs linked to certification status.
Through 2020/21, the implementation of virtual courses has increased in scope. We call such course implementation Connect2Classroom or just C2C. The platform we use for this type of course delivery is largely Zoom, but other platforms such as Microsoft Teams can be used in some instances. These platforms are largely US-based companies. Through the so-called Schrems II judgement, the European Commission has clarified that the USA can currently not be considered a so-called Adequate country that is on an equal footing with EU and EEA countries when it comes to processing personal data.
We must assume that, for example, Zoom uses servers located in the USA. Glasspaper does not share information about you with Zoom, and if you participate in our C2C courses, you only use a neutral link with a general password. You can avoid sharing personal information by not giving your full name when you log on to our C2C courses. Only enter your first name, or an alias if you prefer. This means that no information about you is stored in the Zoom platform.
From time to time we offer shorter webinars, and for participation in such webinars, your e-mail address must be registered. We ask you to consider which e-mail address you use when you register for such webinars, as we must assume that the e-mail address will be stored in the USA.
We store information about job seekers, passive candidates, recruited candidates and hired candidates in our candidate management system Recruitment Manager. This is information that is necessary for Glasspaper People AS to be a good matchmaker between our clients and candidates, as well as follow up hired employees on assignments. Relevant information is work experience, skills, personality, work preferences, salary information, notice period, certificates, diplomas and references, as well as our dialogue with job seekers, passive candidates, hired employees and recruited employees. In addition, we request feedback from hired employees and customers about candidates who are on assignment. For hired employees employed by Glasspaper People AS, we also store personal information such as a tax card. Salary information and necessary personal information to pay salaries are also in our ERP system. Candidates registered with us will be able to receive newsletters. If desired, you can unsubscribe from these newsletters within the newsletter itself. Sharing of your information to clients only takes place after your consent has been given to present you to the relevant client(s).
We also store information about our customers and contact persons with our customers who can sign up for newsletters via our websites, events or request this directly. Unsubscribe from the newsletter within the newsletter itself.
Candidates can choose to register or remove information about themselves in Recruitment Manager. If you want us to delete the information about you, please contact and we will delete your information except the information we are required by law to retain.
When we offer consulting services from our employees, the consultants will store contact information about those they work with that is necessary for the delivery of services. The rest of the information they have access to is regulated in the consultancy agreements and in their own privacy and confidentiality statements.
In cases where we provide IT consulting and operations services, we may receive information about you from your employer, i.e. name, telephone number, email address and username. We will then be able to see information about your computer, such as what programs it has installed, what kind of updates it has and when it has been turned on and off. We may also be able to remotely control your computer and retrieve information from documents and emails, which only happens after you have given us explicit consent for this.
At our management customers, we have access to all documents and information stored about you on the servers and systems that your employer has. Our access to and use of this is governed by Data Processor agreements between us and your employer.
When you visit our website, the IP address you contact us from, which pages you visit and how long you look at them will be registered.
If you include content in websites that come from other websites, such as advertising banners or tools to track what you see on our pages, these will also be able to store cookies on your computer. These cookies are called third-party cookies and are mainly used to collect statistics.
You can opt out of cookies by changing the security settings in your browser. In the list below, we have gathered instructions for the most common browsers:
We use a statistics tool called eMarketeer to track who reads what in our newsletters that go out by email. If you click on a link in a sent email, you will be forwarded to our website, which then tracks which pages you visit. If you then choose to book the course, this could potentially be linked back to the original email. We use a statistics tool called Google Analytics. As a visitor to our website, you are anonymous. Google Analytics is used to improve the user experience of our website and offer customized content.
If you do not want your activity on the website to be tracked, you can opt out of collecting this at the following addresses
To ensure that our processing of information about you takes place in a secure manner, only approved persons within our company have access. Access to information is secured with personal usernames and passwords, and all employees undergo regular training in security and privacy.
We do not share the information about you with third parties, except with subcontractors who help provide services to you, such as courses and tests. This is regulated through separate agreements with the subcontractors. Contact us if you want more information about this.
If the information we have about you is incorrect or incomplete, you can ask us to update this. You can also request that data be deleted by contacting us, as well as gaining insight into what we have stored about you. You can also contact us if you want more information about how we process personal information.