Last updated 6rd of December 2018.
We collect and use your personal data within the legal limits of the data protection law of Norway and the EU General Data Protection Regulation no. 2016/679 (GDPR) as incorporated in Norwegian law. When we use terms like “personal data”, “processing”, “data controller” and “data processor”, they have the meaning as laid out in the data protection law.
When you visit our website, use our services or deal with us as a professional, we may process personal data about you as described below. We then act as a data controller, and you may direct any request regarding our processing of your personal data to us as explained below.
Full contact details:
Legal entity: opengarden Ingvild Huseby, org. nr. 985 891 850 Email address: firstname.lastname@example.org
Postal address: Melkeveien 49A, 0779 Oslo, Norway
It is important that the information we hold about you is accurate and up to date. Please let us know if at any time your information changes by emailing us at email@example.com.
2 WHAT DATA, FOR WHAT PURPOSE AND ON WHAT BASIS?
Personal data means any information capable of identifying an individual. It does not include anonymized data.
We may process certain types of personal data about you as follows:
Identity data: May include first name, last name, title, roles, date of birth, legal company name, org. no., website, social media addresses.
Contact data: May include your billing address, postal address, delivery address, email addresses, telephone numbers.
Financial and transaction data: May include your bank account details and details about payment between us.
CRM data: May include your preferences for communication with us, your orders feedback and our communication. Technical data (our webservices providers): Our webservices providers may collect some information automatically about you. We do not collect this data separately, we refer to their policy as linked up below. This may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform, usage data, and other technology on the device you use to access this site.
We may process Aggregated Data from your personal data but this data does not reveal your identity and as such in it self is not your personal data. An example of this is if we make statistics on how many visiting our site or news update.
We may collect data about you through different methods including:
Direct interactions: You may provide data by communicating with us by phone, email, in person or similar, filling in forms on our site, including when you request information, order our services, give feedback or similar.
Automated technologies or interactions: As you use our site, our service provider automatically collect Technical Data about your equipment, browsing actions and usage patterns. Our webservices provider collect this data by using cookies, server logs and similar technologies. We do not collect this data separately, we refer to our third party service provider policy as linked up below.
Mailing lists from third parties or publicly available information: We may get information, such as a mailing address, from third party services for cold sales and marketing or from publicly available information.
The legal purpose of our collection of data is to provide you relevant offers, fulfill our commitment to you under our terms of engagement, invoicing, improve and safeguard our services, according to a consent from you, or for compliance with a legal obligation.
3 THIRD PARTY RECIPIENTS TO YOUR PERSONAL DATA
We use certain third parties that we may share your personal data with, or who may have access to your personal data. This includes our service partners such as our provider of hosting services for our web platform and our software and service partners for our complete operation. This includes, but may not be limited to, WordPress.com, our Office cloud solutions, our email webservices, our security, back-up and PC services solution and our billing and accounting solution. These products and net based services follow their respective privacy policies; Elkjøp cloud, Telenor 365, Microsoft 365, ISPHuset, Fiken. We don’t own or control these third parties and they have their own rules about collection, use, security and sharing of information, which you should review.
We may only share your personal information with public authorities when required by law.
4 LOCATION OF YOUR DATA
We store your personal data on servers located within the EU/EEA area. Some of our third parties service providers are based outside EEA, so their processing of your personal data will involve a transfer of data outside the EEA.
When your personal data is transferred outside EU/EEA area, or when we choose third party service providers, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
• Transfer of your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
• Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US; or
• In the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.
While no online service is 100 % secure, we work hard to protect information about you against unauthorized access. We have implemented security measures to protect your data against unauthorized access, use and destructions.
6 RETENTION AND DELETION
opengarden will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount and nature of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We normally keep relevant data related to our contact for 3,5 to 5 years after ending the engagement. After this period, and in some occasions before, we may terminate data not applicable to legal requirements without any further notice.
We may keep your identity data and contact data for potential future contact as part of our network.
Identity data: As first name, last name, title, date of birth, legal company name, org. no., website, social media addresses
Contact data: As your billing address, delivery address, email addresses, telephone numbers
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7 YOUR RIGHTS
You are entitled, upon request, to disclosure regarding your personal data that we are storing or are otherwise processing as a data controller. You are also entitled to have any incorrect personal data corrected and rights to blocking or deletion of your personal data as long as it does not hinder our Terms of Engagement or is hindered by legal reasons.
Procedures are reviewed regularly to ensure that the policies are followed. Any non-conformance regarding the policies will be corrected without unnecessary delay.
9 UPDATES AND CHANGES.
10 CONTACT INFORMATION
11 CHANGE LOG
9. December 2018: Corrected typos.