PRIVACY AND POLICY
- VERSION 18 JANUARY 2023
1.1 Data processing at Aize
· where Aize, in the capacity of data controller, collects, uses, maintains, and discloses the personal data from you for instance when you visit our website, fill out one of our online forms, subscribe to our newsletters, and/or interact with Aize when you in-person attend any of our events.
· when Aize acts as data processor, which apply when handling (i) personal data to perform the Service on behalf of you as a Aize Customer or user; and (ii) personal information contained in the Service either inputted by you or generated by the interaction of users of the Service, when you are a user of the Service.
The delivery, access and use of the Service is covered by certain terms and conditions agreed between Aize and its customer (the “Customer Agreement”), which amongst others include terms concerning certain data generated through the use of the Service. This can be messages, technical data, software documentation, files or other content (“Customer Data” or “User Content”), depending on context of the processing. The customer (“Customer”) is data controller for the personal data inputted into the workspace under the Service (its “Workspace”) and any related Customer Data and User Content.
Aize may process Personal Information for the processing activities necessary to perform the Services, including for testing and applying new products or system versions, patches, updates and upgrades, and resolving bugs and other issues reported to Aize.
Customer is the controller of the Personal Information processed by Aize on behalf of the Customer to perform the Services. Aize will process your Personal Information as specified in your Order Form and your documented additional written instructions to the extent necessary for Aize to comply with applicable data protection law or the data processing agreement between Customer and Aize.
2. PERSONAL DATA WE COLLECT AND PROCESS
2.1 Data categories processed in Aize
When Aize is acting as data controller, we process the following categories of personal data:
· Profile information, e.g., name, email address, business address, phone number, areas of expertise or interests
· Account information, e.g. password and username, account activity, equipment registry, access controls and permissions, user preferences/system customizations, information relating to customer service or troubleshooting.
· Payment, Order and Financial Information, e.g. purchase history and details, delivery address, debit or credit card details
· Business relationship data, e.g. compensation, contract/engagement details, dialogue and evaluation
· Technical and behavioral data, e.g. IP-address, URL-address, cookie data and identifiers, geolocation (IP-address based), usage information such as Service metadata and log data
· Customer Data and User Content, e.g. data, text, including messages, audio, video or images
· Third-Party Services information, e.g. any Customer Data and User Content and Technical and Behavioral data deriving from the integration and your use of a third-party service in the Service
If you have any questions to specific data types processed in a specific processing activity, please contact us using the information below in section 8.
2.2 How we collect personal data
When we enter into new Customer Agreements, the Customer will typically provide the following data categories to us:
· Profile information, Account information, Payment, Order and Financial Information, personal data concerning Contact Persons
When you have access to and use the Workspace, you or the Customer will provide, or we may collect from you, the following data:
· Profile Information, Account Information, Technical and behavioral data, Customer Data and User Content, Third-Party Services information
When you use our website and/or fill out an online form on our website or otherwise upon our request or a third party’s request who is acting on our behalf, you will typically provide the following data to us:
· Profile Information, Technical and behavioral data
When you sign up to our newsletters or attend one of our online or on-site events, you will typically provide the following data to us:
· Profile information
3. PURPOSE AND LEGAL BASIS OF PROCESSING YOUR DATA
3.1 Processing in relation to Customer Agreements
When your organisation enters, or already has entered into a Customer Agreement, these are the main processing purposes for which we process your personal data:
· Authenticate and authorize users to give access to the Service: For this purpose, we process Profile information, Account information and Technical and Behavioural Data.
· Provide the Service, including granting or removing accesses and/or transferring users between modules of a Workspace. For this purpose, we process Profile information, Account information and Technical and Behavioural Data.
· Support, IT security and protecting the Service. Profile information, Account information, Technical and Behavioural Data, Customer Data and User Content
· Product development and analysis. For this purpose, we process Technical and Behavioural Data, Customer Data and User Content.
· Invoicing, bookkeeping and tax purposes. For this purpose, we process Profile information and Payment, Order and Financial Information.
The legal basis for 1, 2, and 3 above is that it is necessary to perform and administer Customer Agreements and the Terms of Service.
Certain sub-processing activities for purpose 2 and 3 may be carried out based on our legitimate interest. We consider that preventing, investigating or addressing service errors, security or technical issues, analyse and monitor usage, trends and other activities are in the interest of both Aize, the Customer and you.
The legal basis for 4 is legitimate interest. We consider that developing and improving the Service is in the interest of both Aize, the Customer and you. We may also aggregate or de-identify data to find new use cases under this processing purpose. Such use cases will not be based on any user identifiers.
The legal basis for 5 is the Customer Agreement and legal obligations, including statutory bookkeeping requirements.
3.2 Processing in relation to our website
When you use our website and/or fill out an online form on our website or otherwise upon our request or a third party’s request who is acting on our behalf, such as ordering a demo or a trial version of the Service, these are the main purposes for which we process your personal data:
· Authenticate and authorize user to process the request: Profile information.
· Provide product information, give access to demo or trial version of the Service: For this purpose, we process Profile information, Account information and Technical and Behavioural Data.
The legal basis for bullet 1 and 2 above is that it is necessary to perform and administer your request for a demo or a trial version of the Service in accordance with the Terms of Service.
3.3 Marketing communication
When you sign up for our newsletters, attend one of our events or we otherwise send you marketing communication in accordance with your customer relationship, these are the main purposes for which we process your personal data:
· Register you in our CRM system. For this purpose, we process Profile Information.
· Send you marketing communication. For this purpose, we process Profile Information.
· Measure the effect of our marketing. For this purpose, we process Behavioral and Technical Data.
The legal basis for bullet 1 and 2 is legitimate interest if you are in a current business relationship with us, e.g. a user of the Service. If you are not in a business relationship with us the legal basis is consent. The legal basis for bullet 3 is also legitimate interest.
4. HOW WE PROTECT YOUR DATA
We prioritize the protection of your personal data, and continuously work to safeguard it and other confidential information. Our security measures include physical, technical, and organizational measures, use of protective software, IT infrastructure, internal and external networks and technical facilities, as well as internal policies and access control.
Our security work is based on regular risk assessments and internal controls to ensure that sufficient security measures are imposed to prevent the unauthorized access of personal data.
5. SHARING PERSONAL DATA
As a provider of a technology platform where a core part of the Service is to allow the Customer to integrate Third-Party Services to their Workspace, we inform that your personal data may be shared by Aize in accordance with Customer`s instructions, and subject to the terms of the Customer Agreement.
To carry out our processing activities as a data controller, we engage with several service providers. We only share your data with such services providers when we have the legal grounds for doing so, and always subject to data processing agreements. This includes the following categories of recipients:
· Financial service providers, for our invoice and payment administration, as well as to comply with applicable accounting and tax laws.
· Marketing service providers and advertisers, which assist us with advertising and marketing Aize and the Service.
· Legal, technical and business partners, to safeguard our legal interests and to detect and prevent, as well as to stop, fraud and other security and technical issues
· Law enforcement and regulators, when we receive a request for information, we may disclose personal data if required by applicable law, regulation or legal process.
6. INTERNATIONAL DATA TRANSFERS
If Aize is receiving services from a data processor located outside the EU/EEA, and personal information contained in the Service or received from you is transferred to such service provider in a country that does not provide an adequate level of protection for personal information, Aize will take measures designed to adequately protect information about our Customers and Users, such as ensuring that such transfers are subject to the terms of the EU Standard Contractual Clauses or other adequate transfer mechanism as required under relevant data protection law.
7. STORAGE PERIOD
8. YOUR RIGHTS
You have the right to access, correction, and in some cases deletion of your personal data processed by us. You may also have the right to restrict or object to the processing, as well as the right to data portability. You can read more about the extent of your rights on the web pages of the Norwegian Data Protection Authority: www.datatilsynet.no, or on the webpages of other EEA/EU data protection authorities.
If our processing is based on your consent, you can always withdraw your consent to our processing of your personal data.
To assert your rights, please send us a request to firstname.lastname@example.org
Aize will answer your request as soon as possible, and in all cases no later than in 30 days.
If you are of the opinion that our processing of your personal data breaches the terms of this policy, or in other ways breaches the General Data Protection Regulation (GDPR), you may file a complaint by emailing us or by contacting the Norwegian Data Protection Authority (Datatilsynet). However, we would appreciate it, if you contact us first so that we can address your objections and try to resolve any misunderstandings.
You can find information about how to contact the Norwegian Data Protection Authority on their web site: https://www.datatilsynet.no.