Privacy Policy
INTERPRETATION
-
This privacy policy (the “Policy”) has been compiled to better serve those who are concerned with how their personal data is being used, hereunder to inform you (“You” or “Your”) of Your rights as well as our policies and procedures regarding the processing of Your personal data.
-
Where the words "We", "Us" or "Our" are used in this Policy, this refers to Sayfr AS, a limited liability company incorporated under the laws of Norway, bearing the Norwegian organisation no. 920 766 838. Please note that We are the data controller of Your personal data unless otherwise specified.
-
For the purposes of this Policy, the term “Solution” means (i) the specified version of Sayfr’s delivery as further agreed in an order form. This Solution is only accessible by authorized users. (ii) Sayfr open access web services such as the Sayfr webpages.
Please read Our Policy carefully to get a clear understanding of how We collect, use, protect or otherwise handle Your personal data.
PERSONAL DATA
-
Personal data is information relating to a natural individual who can be identified, directly or indirectly by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.
-
This Policy does not cover aggregated data from which the identity of an individual cannot be determined. We retain the right to use aggregated data in any way that We find appropriate.
COLLECTION
-
We collect personal data when You inquire about Our Solution, subscribe to a newsletter, respond to a survey or marketing communication, use Our website or certain website features, fill out a form or otherwise enter information on Our website.
PURPOSE
-
We process personal data to the extent necessary to market and offer Our Solution, to fulfil Our legal obligations and otherwise to:
-
Analysis: Anonymous compliment of statistics and analysis to improve Our Solution. Such analysis will be conducted using aggregated and anonymised personal data, and this data cannot be used to identify You as a person.
-
Confirm Your identity: We need to confirm Your identity and Your background and may use Your contact information to this end.
-
Dispute: Handle disputes and provide assistance.
-
Inquiries: We may process Your personal data in order to respond to requests or inquiries concerning our Solution, e.g. if You send us a support request via Our website or otherwise contact Us.
-
Marketing: If You have agreed to receive newsletters, We may also process Your personal data in order to provide You with information on product updates, offers and news.
-
Notifications: We may use Your personal data to manage a survey of Your use of the Solution and/or send You service or operating messages, such as updates, security alerts, and account alerts.
-
Recruitment: We need to process Your personal data in connection with Our recruitment efforts.
-
Sales: We may process Your personal data as necessary to follow up sales leads internally.
-
Threat detection: Register and prevent fraud, spam, abuse, technical issues, security incidents and other harmful activities.
PROCESSING
-
We may process personal data about You, including but not limited to:
-
Communication
-
Date of birth
-
Device information
-
E-mail address
-
Name
-
Name of employer
-
Position
-
Telephone number
-
Information accessed and requested from Us
-
Information about use of the Solution
-
Unique identifiers such as IP addresses and UUID (unique ID that follows the phone number)
LEGAL BASIS
-
Unless otherwise provided below, the legal basis for Our processing is to enter into or perform an agreement with You or Your employer, cf. article 6 (1) (b) of the GDPR.
-
The legal basis for the fulfilment of Our legal obligations is enshrined in Article 6 (1) (c) of the GDPR.
-
The legal basis for (a), (c), (h) and (i) is our legitimate interests to improve Our Solution, safeguard Our legal rights, conduct sales efforts and to monitor or improve Our website or Our Security posture, cf. the article 6 (1) (f). We have considered that the inconvenience that such processing may entail for You are minor and that they do not override Our interests. If You disagree, please let us know by contacting us as described in Clause 14.
-
For processing operations described in Clause 4.1 (b), (d), (e), (g), Our legal basis is Your consent, cf. Article 6 (1) (a) of the GDPR. We will consider any provision of personal data through contact forms or requests/inquiries by e-mail as a valid consent, unless indicated otherwise. You may withdraw Your consent at any time by contacting Us as specified in Clause 14.
DATA CONTROLLER
-
Unless otherwise specified, We are the data controller where the processing of personal data is collected directly from You. A data controller is the person who determines the purpose of the processing of personal data and the means to be used during such processing. It is the data controller who has the overall responsibility for the processing of Your personal data.
-
Please note that We are not acting as a data controller when processing Your personal data as part of Our provision of the Solution to Our customers. For such processing operations, We will be acting as a data processor on behalf of such customers. Any inquiries You may have concerning Your personal data should be directed to the applicable customer.
YOUR RIGHTS
-
As a data subject, You have the following rights:
-
Access: You may request a copy of Your personal data that We process.
-
Data portability: You may request to obtain the personal data that You have provided to Us or to have said data transferred to a third party in a structured, commonly used and machine-readable format.
-
Erasure: You may demand that We erase all of Your personal data, unless We are required by law to retain the data for a certain period of time.
-
Information: You are entitled to receive information about the categories of Your personal data that We process and how they are processed.
-
Objection: You may object to Our use of Your personal data for the purpose of direct marketing, including profiling for direct marketing purposes. You may also object to being subject to decision based solely on automated processing, including profiling, which produces legal effects that significantly affects You.
-
Rectification: You may require Your personal data to be rectified or supplemented.
-
Restriction: You may request that We restrict the processing of Your personal data.
RETENTION
-
We keep Your personal data only for as long as it is required for the reasons it was collected from You or until You delete such data yourself. The time period in which We retain personal data varies, depending on the category and the nature of the personal data.
-
When Your personal data is no longer required for Our purposes, We have procedures to destroy, delete, erase or convert it into an anonymous form.
THIRD PARTIES
-
We may disclose Your personal data to governmental authorities, entities within Our group of companies or to individuals and organisations who are Our service providers, including but not limited to providers of business support, accounting translation services, database management, maintaining, legal or financial advice.
-
We may share aggregated and anonymised data with third parties. Such data cannot be used to identify You as an individual and is considered personal data
-
We require service providers to use Your personal data solely for the purposes of providing services to Us and to have appropriate safeguards for the protection of that personal data.
-
You acknowledge that We co-operate with government authorities and law enforcement officials to enforce and comply with any applicable law. Please note that there are circumstances where the use and/or disclosure of personal data may be justified or permitted or where We are obliged to disclose personal data without Your consent.
-
Where personal data may be subject to transfer to another organisation in contemplation of a merger, financing, reorganisation or dissolution transaction of all or part of Us, We will do this only if the involved parties have entered into an agreement under which the collection, use and disclosure of the personal data is restricted to those purposes that relate to the transaction, including a determination of whether or not to proceed with the transaction, and is to be used by the involved parties to carry out and complete the transaction. If another company acquires Us or Our business or assets, that company will possess the personal data collected by Us and will assume the rights and obligations regarding Your personal data as described in this Policy.
SECURITY
-
Safeguarding Your personal data is Our highest concern. As such, We endeavour to adhere to the generally accepted industry standards and best practices to protect data submitted to Us. We will otherwise employ and maintain reasonable measures for the physical, procedural and technical security of Your data, so as to prevent any loss, misuse, unauthorised access, disclosure, or modification thereof.
-
We restrict access to production environments and monitoring of Your activities to a limited number of individuals who have special access rights to such systems and are required to keep the personal data confidential. We use computer systems with limited access housed in facilities with physical security measures.
-
Your personal data is contained behind secured networks, and We securely encrypt, limit and restrict access to Your personal data using SSL. We encrypt all data at rest and any personal data is double encrypted with two keys at both the infrastructure and application level.
-
If any of Our employees misuses personal data, this will be considered as a serious offence for which disciplinary action may be taken, including termination of employment. If any individual or organisation misuses personal data – provided for the purpose of providing services to or for Us – this will be considered a serious issue for which action may be taken, including termination of any agreement between Us and that individual or organisation.
INTERNATIONAL TRANSFER
-
Your Personal Data will only be processed in countries within the European Economic Area.
AMENDMENTS
-
The Policy may be updated from time to time. If possible, We will notify You by e-mail of any material changes.
CONTACT
-
If you wish to utilise Your rights of access, information, rectification, erasure, restriction, data portability or the right to object to the processing of personal data or if You have questions or requests regarding this Policy, Our processing or wish to file a complaint, please contact Us at: legal@sayfr.com.
-
We will investigate all complaints and if a complaint is found justified, We will take all reasonable steps to resolve the issue. You are also entitled to file a complaint to the Data Protection Authority regarding Our processing of Your personal data. For information on how to contact the Data Authority, visit the Data Authority’s website.
-
To guard against fraudulent requests, We may require sufficient information to allow Us to confirm that the individual making the request is authorised to do so.