ERP Norway AS(“we”, “us”, “our” or “ERP”) organizes collection and recycling of waste electrical and electronic equipment. This privacy statement applies to any living individual (“you”) whose personal data is contained in waste electrical and electronic equipment (“Data-Containing Devices”) which is given to us, whether directly by third parties for reuse, recovery or disposal operations. And as we do not know your identity, we cannot deliver this privacy statement to you, and section Article 14(5) of the GDPR allows us to comply with our obligations by making this privacy statement publicly available.
We do not wish to process your personal data and our preference is that you follow our recommendation and permanently erase all personal data from the Data-Containing Devices before we receive it. Where you choose to leave personal data on the Data-Containing Device provided to us, we might then gain possibility to access to whatever is contained on Data-Containing Devices. Where Data-Containing Device you provide us include personal data relating to other people, we ask you to only do so after making sure that erasure or destruction of this data complies with applicable laws.
We collect Data-Containing Devices solely to process them for re-use (by approved and regulated re-use organisations), or for recycling by our contractors. Our day to day processes do not include accessing Data-Containing Devices or the personal data contained in them. In all situations, our only processing of personal data contained in Data-Containing Device will be permanent erasure (in case the Data-Containing Device is prepared for reuse) or the destruction (in case the Data-Containing Device is destroyed and recycled into component parts) at our contracted facility which does not process any data in the Data-Containing Devices on our behalf. We use a variety of security technologies and operational procedures to help protect your personal information from being accidentally altered, disclosed, lost, used or accessed in an unauthorized way. However, if you have handed over Personal Data of you or others against our recommendations, we cannot be held responsible for any unauthorised processing of your data by ill-intentioned people.
Because our processing of personal data contained in Data-Containing Devices does not require the identification of data subjects, we are not required to either (a) maintain, acquire or process additional information in order to facilitate such identification; nor (b) grant rights of access, rectification, erasure, restriction of processing, or data portability to you. Due to the nature of our activity and the volume of Data-Containing Devices which we process, it is in any event near-impossible to identify any specific individual from the Data-Containing Devices we hold even if you provide us with additional information.