Legal

GDPR Compliance

Top Shelf Solutions AS is fully committed to the General Data Protection Regulation (GDPR) and Norwegian personal data law. Privacy is embedded into every process — from call handling to data storage.

Our GDPR Commitments

Data minimisation — we only collect what is strictly necessary
Purpose limitation — data is never used beyond its stated purpose
Storage limitation — data is deleted once its purpose is fulfilled
All data encrypted in transit and at rest within the EEA
Data subject rights honoured within statutory GDPR deadlines
All third-party processors bound by GDPR-compliant DPA agreements
Data breach notification to Datatilsynet within 72 hours
No transfers to third countries without adequate safeguards

GDPR in Call Centre Operations

As a call centre and customer support outsourcer, Top Shelf Solutions AS processes personal data of end-customers on behalf of our clients. In this capacity we act as a data processor under Art. 28 GDPR, bound by a Data Processing Agreement (DPA) with each client (the data controller).

Calls are recorded for quality assurance and training purposes. End-customers are informed of recording at the start of every call. Recordings are stored securely within Norway and the EU/EEA and are never shared with third parties except as required by law or our clients' DPA.

We do not use customer data for any purpose beyond the specific mandate agreed with our client. All staff are trained on GDPR obligations and undergo annual refresher training.

Your Rights as a Data Subject

If your personal data has been processed through one of our client engagements, you may exercise the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

Contact us at support@topshelfsolutions.pro to exercise any of these rights.

Data Protection Officer

Top Shelf Solutions AS has appointed an internal Data Protection Officer (DPO) in accordance with Art. 37 GDPR. The DPO can be contacted for any data protection enquiries, subject access requests, or DPA negotiations.

support@topshelfsolutions.pro

For full details of how we process personal data, please review our Privacy Policy. Supervisory authority: Datatilsynet (Norway).