PRIVACY POLICY
This Privacy Policy is valid from: August 30, 2024*
*In the event of any discrepancies or disagreements between the Norwegian and English versions of this Privacy Policy, the Norwegian version shall prevail as the official version, and the English version is provided as an unofficial translation
1 Definitions
"Vendor" refers to Compleasy AS, also referred to as "we," "us," "our," "Compleasy," or "the Company."
"System" refers to the Compleasy® software and its associated modules, along with all related and connected documentation. The System includes, but is not limited to, content, design, functionality, and documents or components thereof.
"Solutions" refers to the System, websites, or other services from Compleasy AS.
"Customer" refers to the natural or legal person, public authority, agency, or other body that, alone or jointly, uses the Solutions, as mentioned in this Privacy Policy.
"Corporate Customer" refers to the legal person, public authority, agency, or other body that enters into an agreement with the Vendor for the purchase of the System, as mentioned in this Privacy Policy.
"Privacy Policy" means this document that describes how Compleasy AS, as the Data Processor, processes the Customer’s personal data.
"Personal Data" means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
"GDPR" refers to the EU General Data Protection Regulation, "Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC." It was adopted by the European Parliament and the Council of the European Union on April 14, 2016, and is also referred to as the General Data Protection Regulation.
"Privacy Legislation" refers to all applicable laws and regulations concerning data protection and privacy, including the GDPR and the Norwegian Personal Data Act.
"Terms" refers to the terms and conditions for the use of the System.
"Data Processing Agreement" refers to the provisions outlined in the Data Processing Agreement entered into between the Customer, as defined in the Data Processing Agreement, and the Vendor upon purchasing the System.
"Processing" means any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Data Subject(s)" refers to one or more natural person(s) whose personal data is registered in the Solutions.
"Users" refers to the natural persons to whom the Customer grants access to the System.
2 Introduction
Compleasy is committed to protecting the privacy of its Customers. This Privacy Policy describes how the Vendor collects, uses, stores, and shares Personal Data when the Customer uses the Solutions.
Compleasy is a Norwegian company with business processes, management structures, and technical systems that deliver software and services to businesses both inside and outside of Norway. The company’s headquarters are located in Asker, Norway, and are subject to European Privacy Legislation.
The Company’s management makes all strategic decisions regarding privacy in the Solutions.
2.1 Scope
This Privacy Policy applies to all business processes within Compleasy and all Compleasy websites, domains, mobile solutions, cloud services, and online forums. Additional provisions are outlined in the Terms & conditions and the Data Processing Agreement.
The Privacy Policy provides information on the Processing of Personal Data where Compleasy is the data controller and determines the purpose of the Processing. It also includes information on the Processing of Personal Data that Compleasy performs on behalf of Corporate Customers as the data controller, with Compleasy acting as the data processor. The relationship between Corporate Customers as the data controller and Compleasy as the data processor is regulated by the Data Processing Agreement.
2.2 Duration and Amendments
This Privacy Policy is valid as long as Compleasy processes Personal Data. Compleasy may update and revise the Privacy Policy as needed. The latest version of the Privacy Policy is always available on compleasy.no.
3 Collection and Processing of Personal Data
Processing of personal data is necessary for Compleasy to serve its Customers. Compleasy collects and processes Personal Data to provide and improve the Solutions. This includes:
-
Contact Information: Name, email address, phone number, job title, and company of contact persons.
-
User Information: Name, username, email, password, and other information provided by the User when creating an account. Other personal data voluntarily provided by the Customer.
-
Usage Data: Information about how Customers use the Solutions, including technical data such as IP address, device type, browser type, and operating system. Compleasy also processes information about clicks and movements within the Solutions.
-
Communication and Feedback: Any messages Customers send to Compleasy, including support requests.
-
Potential Customers: Information about customers who contact Compleasy via compleasy.no, email, phone, or other channels.
-
Finance: Information such as contact person, billing address, etc.
-
Job Applicants: Information submitted by job applicants in the form of application letters, CVs, or other supplementary documentation related to the application process.
Compleasy processes personal data to assess the potential of hiring job applicants. The legal basis for such processing is the applicant's consent.
As a data controller, Compleasy does not process sensitive personal data.
4 Use of Personal Data
When Compleasy determines the purpose and means of Processing Personal Data, it is considered the data controller. This includes scenarios where Compleasy collects Personal Data in connection with the individual being a job applicant, a contact person for a Corporate Customer or potential Corporate Customer, or when the individual is a Customer in the Solutions.
Compleasy uses Personal Data for the following purposes:
-
Creating and managing accounts and providing Users with access to the System.
-
Communicating with and providing quality services to Corporate Customers and their Users.
-
Understanding how Customers use the Solutions, providing support, and improving and developing the Solutions.
-
Responding to inquiries and providing important information about the System, including updates and changes.
-
Maintaining the security and integrity of the Solutions.
-
Carrying out sales processes with existing and potential new customers.
-
Detecting, mitigating, and preventing security threats and preventing misuse.
-
Processing orders, billing, payments, and other administration.
-
Mapping interests on Compleasy’s websites to offer relevant content to Customers.
The legal basis for Processing Personal Data according to purposes 1 to 8 is that Compleasy believes it has a legitimate interest in Processing Personal Data for these purposes from a business perspective, and that this does not infringe on the privacy of Customers and Users.
The legal basis for Processing Personal Data according to purpose 9 is consent.
4.1 Collection of Personal Data
Compleasy usually collects Personal Data directly from Customers.
Compleasy also uses cookies and other tracking technologies when individuals use Compleasy's websites and interact with the company via email to optimize the customer experience.
Occasionally, information about individuals may be collected from other sources. These sources may be publicly available or from third-party social networks such as LinkedIn or proff.no. Compleasy may combine personal data about an individual from one data source with data collected from another. This provides Compleasy with a more complete picture of the individual and helps in offering the best possible customer service.
Compleasy uses various digital tracking technologies to collect information about activity on Compleasy’s websites and when individuals interact with the Company.
5 Sharing of Personal Data and Subcontractors
Compleasy shares Personal Data with third parties only when necessary to deliver services or when the Company is legally obligated to do so.
5.1 Sharing of Personal Data
5.1.1 Online Forums
If an individual posts comments, contributions, or similar on Compleasy’s online forums or other forums on Compleasy’s websites, such information may be read and used by anyone with access to these forums and may be used for purposes beyond the control of the users or the individual. Compleasy is not responsible for information individuals make available in such online forums, Compleasy’s websites, or other similar forums. Compleasy reserves the right to remove offensive or inappropriate posts. Compleasy also reserves the right to ban individuals from such forums.
5.1.2 Compleasy Partners
Compleasy may share Personal Data with partners in accordance with applicable data protection laws. For example, if an individual purchases a product or service on behalf of their employer that Compleasy offers through a partner, Compleasy and the partner may share Personal Data to provide the product or service to the Customer.
5.1.3 Public Authorities
The police and other authorities may request the disclosure of Personal Data from Compleasy. In such cases, Compleasy will only disclose Personal Data and data if a court order or similar is in place.
5.1.4 Mergers and Acquisitions
In the context of mergers, acquisitions, or the reorganization of Compleasy’s business, the acquiring entity and its advisors may gain access to the data managed by the company, which may include Personal Data in some cases. In such situations, external parties will sign a confidentiality agreement with Compleasy.
5.2 Cookies
Cookies are small text files containing a string of characters that give the browser a unique identity. This identity can be used to recognize an individual and, for example, tailor website content to what the individual was interested in during their last visit. Most browsers are initially set to accept cookies. The settings in the browser can be changed to deny the use of cookies in general, block third-party cookies, or specify when a cookie should be accepted.
5.2.1 Cookies from Wix
Cookies are used to collect and analyze visitor data when individuals land on Compleasy.no. This helps Compleasy offer the best user experience to website visitors.
5.3 Relationship with Subcontractors
Compleasy uses subcontractors to process personal data and may export Compleasy’s or Customer’s data to other companies within the EU. These subcontractors are typically providers of cloud services or other IT services.
When subcontractors are used, Compleasy will enter into a data processing agreement to protect the Customer’s privacy rights in accordance with applicable data protection laws and to fulfill obligations to Customers.
Compleasy reserves the right to use third parties in its business processes. These third parties include, but are not limited to:
6 Storage and Security
6.1 Storage of Personal Data
Compleasy stores data for as long as it is necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. This means that Compleasy may retain Personal Data for a reasonable period after the Customer’s last interaction with the Company.
6.2 Deletion of Personal Data
When the Personal Data is no longer necessary to fulfill the purpose for which it was collected, it will be deleted. Compleasy may process data for statistical purposes, but in such cases, the data will be pseudonymized or anonymized, as Personal Data is not relevant in this context.
6.3 Security Measures
Compleasy has implemented several measures to protect Personal Data from unauthorized access and dissemination, including:
-
All employees are required to complete privacy training.
-
Compleasy maintains a record of processing activities and continuously assesses risks when Personal Data is processed.
-
Data Processing Agreements are entered into with subcontractors who process Personal Data.
-
Classification of Personal Data to ensure that security measures implemented are proportionate to the risk assessment.
-
Ongoing assessment of the use of encryption and pseudonymization as risk-reducing measures.
-
Limiting access to Personal Data to those who need it to fulfill obligations under service agreements or legislation.
-
Use of systems that detect, remedy, prevent, and report data breaches.
-
Use of security audits to continuously assess whether the current technical and organizational security measures are sufficient.
-
The premises are protected by access control and video surveillance systems.
7 Corporate Customer and Compleasy's Obligations
The Corporate Customer shall ensure, in accordance with applicable data protection laws, that there is a legal basis for processing Personal Data. A designated person employed by the Corporate Customer shall be responsible for the risk associated with processing Personal Data.
The Corporate Customer shall also ensure compliance with the duty to inform the data subjects.
The System is part of the Corporate Customer’s responsibility as the data controller since Compleasy's services are part of the processing of Personal Data that the Corporate Customer must ensure is in compliance with applicable data protection laws. When Compleasy processes Personal Data on behalf of Customers, the data protection laws applicable to data processors are followed.
8 Individuals' Rights
Individuals have rights concerning their Personal Data, including the right to:
-
Access: Obtain access to the Personal Data Compleasy holds about them.
-
Rectification: Request that inaccurate or incomplete information be corrected.
-
Erasure: Request that their Personal Data be deleted, unless Compleasy has a legal obligation to retain it.
-
Restriction: Request that the processing of their Personal Data be limited under certain circumstances.
-
Data Portability: Receive a copy of their Personal Data in a structured, commonly used, and machine-readable format.
-
Objection: Object to the processing of their Personal Data under certain circumstances.
-
Opt-out of Marketing Communication: Inform Compleasy that they do not wish to receive marketing communications from the Company.
To exercise their rights, individuals can contact Compleasy at personvern@compleasy.no.
9 Changes to the Privacy Policy
Compleasy reserves the right to update this Privacy Policy from time to time. Any changes will be posted on Compleasy’s website.
Compleasy encourages everyone to review the policy regularly.
10 Contact Information
For questions related to this Privacy Policy or how Compleasy processes Personal Data, the Company can be contacted at personvern@compleasy.no.