Processing of personal data at Carnegie AS and
Carnegie Business Management AS

Personal data is any kind of information that can be directly or indirectly linked to a person. For example, it can be your name, address, email address, phone number, social security number, bank account number, email address, or photo.

We will protect the data we process about you and your privacy by taking all relevant measures in accordance with current legislation, including GDPR. We register and process personal data about you so that we can offer you our services and at the same time fulfill the statutory requirements to which we are subject.

Carnegie may need to process personal data in order to fulfill our obligations to you as our customer or potential customer or as a future, potential employee. Personal data we collect is either necessary for us to be able to provide the agreed services, for us to be able to communicate with you, or when you have provided your permission.

There may be several ways we collect personal data about you, such as by signing up on services we offer, by registering for seminars, by your consent to be registered in our database or otherwise choose to interact with us as for example by email. Even when you use our website, we may need to process personal data about you in the form of cookies, user information or other information that you yourself register via our website. The personal data could include e.g., your name, address, telephone number and e-mail.

We will not save your personal data longer than is necessary for us to be able to fulfill the purpose for which the personal data was collected. Exactly how long we save your data depends on the purpose for which it is collected, but if you become a customer with us, we will save your data for the entire time you have a business relationship with us and thereafter, the number of years required for us to fulfill our statutory obligations.

Under certain conditions, we may need to transfer your personal data to other companies within the Carnegie Group or other suppliers who work on our behalf. When this happens, we demand that your personal data is handled as securely as if we processed it ourselves. When required by law, we may also share your personal data with authorities. In some cases, your personal data may be transferred to countries outside the EU/EEA, but this may only happen if we have ensured that suitable protective measures are in place.

Personal data shall be deleted if it is no longer needed for the purposes for which it was originally collected or otherwise processed, if Carnegie has no legal obligation to preserve the personal data.

You can always request information about which personal data is processed by us, requests to block direct marketing, deletion of personal data, restriction of processing of personal data, data portability, or correction of personal data by contacting Carnegie’s data protection representative.
Read more about how we process your personal data here.

If you have questions on processing of personal data please refer to our Privacy Notice in the link above or contact us at:
+ 47 22 00 93 00 or at:

Carnegie AS/Carnegie Business Management AS
Att: Carnegie AS DPO
Aker Brygge Fjordalléen 16
0250 Oslo

If you believe that we have processed your personal information incorrectly or are dissatisfied with our processing of personal data, we hope that you will contact Carnegie right away. In any case, you also have the right to complain to the Norwegian Data Protection Authority on the treatment that takes place at Carnegie. The Norwegian Data Protection Authority’s contact information and more information on how to complain can be found at