Updated 06/22/2023
We at Bislab AS (org nr. 929 879 252) are concerned with the safety of our customers and their privacy, and take the protection of personal data seriously. To provide you with good insight, we have created an overview that describes our processing of personal data, and explains how we collect, process and store personal data and business information about you and your business. Personal data means information that can be directly or indirectly linked to you, such as your name, address, telephone number and email address.
Bislab is a Norwegian company that focuses on credit ratings and other data enrichment. As a credit data company in Norway, we are obliged to process personal and business information in accordance with applicable laws and regulations regarding credit data business and privacy. This also includes the EU Regulation on the Processing of Personal Data (EU 2016/679), also known as the General Data Protection Regulation (GDPR), when incorporated into Norwegian law.
If you would like to learn more about us, please visit us at www.bislab.no. For more information about the processing of your personal data, or if you have any questions regarding the privacy policy, you are welcome to contact our Data Protection Officer at personvern@bislab.no.
Data collected from customers and in the distribution of credit ratings
When you use our products and services, either as our customer or as a registered person/business of one of our customers, we collect personal data to ensure the best possible experience for you or your business.
Data used in credit ratings
In our credit reporting business, we collect different types of information to provide our customers with information about Norwegian companies, sole proprietorships and private individuals. This information includes negative payment notices that our customers have registered on you or your business. We also collect comprehensive information about Norwegian companies, including basic data such as name and address, financial information such as accounting data, official filings such as mortgage and bankruptcy, management structure, corporate and ownership relationships, payment history, collection cases, property information and more.
Bislab primarily uses sources such as Brønnøysund Registrene, Skatteetaten, Statens vevesen, Statens kartverk, other publicly available sources for credit information, and information from the companies themselves. Our purpose in collecting this information is to prepare credit scores used by Bislab's customers as part of their credit rating. We use quality assured models that are continually reviewed to ensure accurate assessments.
Credit reporting is an essential service for a well-functioning economy and for preventing problems that can arise from high debt burden and poor payers. When Bislab, as a credit data company, processes and transfers your personal data in our products and services as a controller, we do so on the basis that the processing is necessary to perform a task in the public interest, in accordance with Article 6 (1) (e) of the GDPR. By providing creditors with information for their assessment of a person's or a business's creditworthiness, Bislab helps to avoid excessive debt for vulnerable individuals and businesses.
Bislab acts as a data controller when we process (record and pass on) your personal and business information that appears in our products and services in our credit information business, including the processing of payment notes. As a credit information company, Bislab makes our service offering available to our customers, all of whom are obliged to sign an agreement ensuring compliance with the Personal Data Act and GDPR for the processing of your personal and business data. No one will have access to your personal data unless they can and will comply with the requirements of data protection legislation.
In cases where Bislab, in addition to our role as a credit data company, processes your personal data as a controller in our products and services, this happens when the processing is necessary for a third party to pursue a legitimate interest that outweighs the interests of the data subject or fundamental rights and freedoms. This may include, for example, situations where Bislab assists the police in preventing and detecting financial crimes such as money laundering and identity theft. You can find more information about the legislation for credit data companies on the Danish Data Protection Agency's website here.
On the other hand, when Bislab acts as a data processor and processes personal data, we do so on behalf of our customers and only according to written instructions in a data processing agreement concluded with our customers. Our customers are responsible for the processing of this personal data.
We only share your personal data with our employees who are authorized to process such information. Furthermore, we share personal data with affiliates within the Bislab Group, distributors and business partners who process personal data on our behalf and in accordance with our instructions.
Bislab has its head office in Norway, and our databases are (via our supplier) located in the EU. If we transfer your data to a country outside the EU/EEA, we ensure that such transfers are safe by using the European Commission's standard contractual provisions on data protection for the transfer of data to third countries.
As controller and data processor, Bislab uses data processors and sub-processors in our processing of personal and business data. We have entered into binding written agreements with our data processors and we assure that we only use data processors and sub-processors that have provided the necessary guarantees to implement appropriate technical and organisational measures to safeguard data protection laws and your rights.
At Bislab, we take the security and protection of your information seriously. We only retain your information for as long as it is necessary to process it in accordance with applicable law and our legitimate needs, and we ensure that we follow the policy on retention periods for personal data.
Bislab uses only the latest technology and has implemented robust processes to secure your information against unauthorized access, disclosure or illegal use. Furthermore, we require our employees and associated contractual parties to comply with the laws, regulations and internal policies that apply to the processing of personal data. We have put in place organizational and technical procedures to ensure that your personal data does not go astray.
You have the right to access your personal data, and in certain cases you also have the right to correct, delete and restrict the processing of the personal data we hold about you. You can exercise these rights by contacting Bislab at personvern@bislab.no
In certain cases, you may also object to our processing of your information in our credit reporting business. However, we would like to inform you that your objection will not necessarily lead to the termination of our processing of your data or the deletion of the data. This may be due, among other things, to the fact that the basis for processing your data may continue to be valid if it is based on our ability to process personal and business data as a credit information company.
We reserve the right to update and amend this Privacy Policy at any time. If you have questions about this privacy statement or would like information about the information Bislab has collected about you or your business, you are welcome to contact us at the following email address: support@bislab.no.
If you have any questions regarding your rights as a registered person, please contact our Data Protection Officer at the following e-mail address: personvern@bislab.no.Hvis If you have any questions regarding your rights as a registered person that cannot be answered by Bislab, you can contact or send a complaint to the Danish Data Protection Authority by phone: +47 22 39 69 00.
