3. Data Transfers
We primarily process and store personal data within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards (e.g., Standard Contractual Clauses or equivalent legal mechanisms) are in place.
GDPR Compliance Statement
- GDPR Compliance
At Rasas Catering Ekspress, we are committed to protecting your personal data and respecting your privacy. This GDPR Compliance Statement explains how we collect, process, and safeguard your information in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
1. Legal Basis for Processing
We process personal data only where lawful under GDPR, including:
● Contractual Necessity: To provide catering delivery and logistics services.
● Consent: For marketing communications, cookies, and other optional features.
● Legitimate Interests: Improving services, ensuring security, and preventing fraud.
● Legal Obligation: Where processing is required to comply with applicable laws.
2. Data Subject Rights
As a data subject under GDPR, you have the right to:
● Access: Request a copy of the personal data we hold about you.
● Rectification: Correct inaccurate or incomplete personal data.
● Erasure (“Right to be Forgotten”): Request deletion of your personal data under certain conditions.
● Restriction: Request that we limit the processing of your personal data.
● Data Portability: Receive your data in a structured, commonly used, and machine-readable format.
● Object: Oppose processing for direct marketing or based on legitimate interests.
● Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
Requests may be submitted to privacy@rasas.no. We will respond in accordance with GDPR timelines.
4. Data Protection by Design & Default
We integrate GDPR principles into our services by:
● Collecting only the minimum necessary data.
● Implementing strict access controls and encryption.
● Regularly reviewing and updating data protection measures.
5. Data Retention
We retain personal data only as long as necessary to fulfill our service obligations, comply with legal requirements, or resolve disputes. Once no longer needed, data is securely deleted or anonymized.
6. Data Security
We use administrative, technical, and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.
7. Supervisory Authority
If you believe we have not handled your personal data properly, you have the right to file a complaint with your local Data Protection Authority (DPA). In Norway, this is:
Datatilsynet (The Norwegian Data Protection Authority)
Website: https://www.datatilsynet.no/
8. Contact Us
For GDPR-related questions or requests, please contact us:
Rasas Catering Ekspress
Email: privacy@rasas.no
Phone: +47 123 456 789
Address: Agmund Bolts vei 47, 0664 Oslo, Norway