Where the words "We", "Us" or "Our" are used in this Policy, this refers to Legentic, a limited liability company incorporated under the laws of Norway, bearing the Norwegian organisation no. 996 414 914. Please note that We are the data controller of Your personal data unless otherwise specified.
For the purposes of this Policy, the term “Solution” means the Legentic Platform.
1. WHAT IS PERSONAL DATA?
Personal data as described in European privacy law is information relating to an identified or identifiable natural individual, which is an individual who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
This Policy does not cover aggregated data from which the identity of an individual cannot be determined. We retain the right to use aggregated data in any way that We determine appropriate.
2. WHAT KIND OF PERSONAL DATA DO WE PROCESS?
We may process personal data about You, including but not limited to:
- Details concerning Your use of the Solution, e.g. duration, connection information, chat logs and Your questions and answers.
- E-mail address
- Telephone number
- Unique identifiers such as IP addresses
3. LEGAL BASIS
Unless otherwise provided, the legal basis for Our processing is Our legitimate interest to market (insofar as you have not objected to the use of your data), sell, administer, analyse and improve Our Solution or to operate, monitor and improve Our website or Our security posture. Article 6 no. 1 (f) of the GDPR.
Any personal data processed as part of sales or contract negotiations is processed on the basis of such processing being necessary for Us to enter into and perform and agreement with You and/or the organisation that You represent, cf. Article 6 no. 1 (b) of the GDPR.
We may process Your personal data insofar as such processing is necessary for the fulfilment of Our legal obligations (e.g. bookkeeping obligations), cf. Article 6 no. 1 (c) of the GDPR.
If You wish to receive offers or newsletters from Us, You may consent to having Your
personal data processed for the purpose of marketing. Such consent is not required in order to use the Solution. You may withdraw Your consent at any time by contacting Us as specified in Clause 10.
4. FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep Your personal data only as long as it is required for the reasons it was collected from You.
When Your personal data is no longer required for Our purposes, We have procedures to destroy, delete, erase or convert it into an anonymous form.
5. DO WE DISCLOSE PERSONAL DATA?
Your personal data will be disclosed to Our employees and legal and financial representatives, as well as Our data processors, hereunder service providers that facilitates Our Solution or are developing and maintaining Our business systems and infrastructure. These third parties are Our data processors and have access to Your personal data only for the purposes of performing these tasks on Our behalf.
6. WHAT ARE YOUR RIGHTS?
As a data subject, You have the following rights:
- Access: You may request a copy of Your personal data that We process.
- Data portability: If we process information about you on the basis of consent or a contract, you can ask us to transfer information about you to you or another data controller in a structured, commonly used and machine-readable format.
- Erasure: You may demand that We erase all of Your personal data, unless We are required by law to keep the data for a certain period of time.
- Information: You are entitled to receive information concerning which categories of Your personal data that We process and how they are processed.
- Objection: You may in some cases object to Our use of Your personal data for the purpose of direct marketing, including profiling for direct marketing purposes. You may also object to being subject to decision based solely on automated processing, including profiling, which produces legal effects that significantly affect You.
- Rectification: You may require Your personal data to be rectified or supplemented.
- Restriction: You may in some cases request that We restrict the processing of Your personal data.
7. INTERNATIONAL TRANSFER
Your personal data may be transferred to — and maintained on — computers located inside of the European Economic Area and other countries which the European Commission has considered to have an adequacy of protection of personal data on the basis of article 45 of Regulation (EU) 2016/679.
Safeguarding Your personal data is Our highest concern. As such, We endeavour to adhere to the generally accepted industry standards and internal procedures to protect data submitted to Us and otherwise employ and maintain and reasonable measures for the physical, procedural and technical security with respect to the offices and information storage facilities involved with Your personal data, so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of Your personal data. This also applies to Our disposal or destruction of Your personal data.
9. CONTACT & COMPLAINT
If You have any questions or requests regarding this Policy, Our data collection or processing practices, or wish to bring a complaint to Our attention, You may contact Legentic’s data protection officer at firstname.lastname@example.org. To guard against fraudulent requests, We may require sufficient information to allow Us to confirm that the individual making the request is authorised.
We will investigate all complaints and if a complaint is found justified, We will take all reasonable steps to resolve the issue.
You are also entitled to file a complaint to the Data Protection Authority regarding our processing of your personal data. For information on how to contact the authority, visit its website at www.datatilsynet.no.