SDS Manager AS
effective as of 17th of September 2021
1.2 The information on Users is divided into personally identifiable and non-personally identifiable information depending on whether information can identify the User as a specific person. Personally identifiable information shall be referred to as “personal data”.
1.3 The operator of the Platform is SDS MANAGER AS, Thunesvei 2, 0274 OSLO, org number 980243699 and we are responsible for compliance with the principles relating to processing of personal data. If you have any question or concern regarding your privacy, you can contact us at firstname.lastname@example.org.
1.4 In addition to the definitions provided for in the Terms, the following words and abbreviations shall have the meaning provided herein:
“personal data” means any information relating to an identified or identifiable natural person (‘User’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of SdsManager.
“personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
2. Personal data that we process
2.1 During your interaction with the Platform or with us directly we may process the following personal data:
First and last name
Affiliated company name
Other information you choose to provide
2.2 We may collect personal data when you interact with the Platform, when you register and customise an account, or when you contact us.
3. Purposes for processing of personal data
3.1 We process your personal data for the following purposes:
to provide you with access to our Services and our Site,
to provide you with the Services you requested,
to create and manage your account,
to provide you with customer support,
to send you information about the Platform,
to comply with our legal obligations.
4. Legal basis for data processing
4.1 Depending on the type of personal data and the purpose for which it is processed, we process the personal data on the following legal basis:
You have given us consent for data processing for a specific purpose,
Processing is necessary for the performance of our obligations under the Agreement
Processing is necessary for compliance with legal obligations,
Processing is necessary for the purpose of our legitimate interest.
4.2 We may process your email address to send you information about changes to the Platform, introduce you to new Services or to provide general news about our Platform. We have a legitimate interest in keeping you informed about the Services and to promote our new Services which we believe you might be interested in. You can unsubscribe from these emails at any time by following the unsubscribe link in the email. We will not use legitimate interest to send you advertising emails for any Third-Party services.
4.3 We may process your IP address and other technical data automatically when you access the Services. This is because we have a legitimate interest in ensuring the safety and integrity of our Services, and by collecting technical data, we can scan it and prevent malicious signs such as too many password failures, seeking exploits, and similar.
4.4 We may process information about how you use the Services and how you interact with the website through third-party analytics tools. We process this data under our legitimate interest in analysing the performance of the Services and updating our Services. We aim to minimise the amount of personal data included in such information and to anonymise the data wherever possible. Session information is anonymised and used only for research purposes in order to improve and adapt our Services. Third-Party tools cannot connect the data about the session to a specific User.
5. General provisions
5.1 Some Services will not be available to you if you do not provide requested personal data, for example, if you do not provide your name and email you cannot register for an account. Different Services may require additional information which will be requested at the time of requesting the specific Service.
5.2 We may keep records of any questions, complaints or compliments made by you and the response if any. Whenever you contact us, we shall collect any information which you choose to provide. We shall store and use this information only for the purpose of responding to your inquiries. Information contained within the inquiry, free from any personally identifiable information, will be stored on our servers for the purpose of improving our Services and providing the best customer support possible.
5.4 We have implemented security procedures and measures to ensure appropriate protection of the personal data we process, against any misuse, unauthorised access, disclosure, or modification.
5.5 We acknowledge that the safety of your personal data is one of the highest priorities and therefore only authorised processors have access to your information. Although we take all appropriate measures in respect to keeping your personal data secure, you understand that no data security measures in the world can offer 100% protection. If we ever find or suspect a personal data breach we will without delay, within seventy-two (72) hours after becoming aware of it, notify the appropriate supervisory authority about the breach and Users where necessary.
5.6 The processing of personal data is being performed wholly or partly automatically, without human intervention. However, whenever you contact us, the personal data within such communication will be handled and processed by a real person to provide you with the answers and support required.
6. Children’s privacy
6.1 The services are intended for a general audience and are not targeted at children. We take children’s online safety very seriously, and if we ever learn that the personal data collected belongs to a child, we will immediately remove any such personal data. If you are younger than 16 you are not allowed to register or use the Platform.
7. Cookies And Third-Party Services
7.1 A cookie is a small piece of text used to store information on web browsers. It remembers information about your visit to our website, like your preferred settings, and helps us optimize and improve the website's user experience. Cookies make it possible to provide a more accessible and more rewarding Service to you by enabling crucial functionalities.
7.2 The cookies we use (and other types of technologies we operate with a similar purpose as cookies, referred hereto as cookies) may vary over time as we continuously update and improve our Services. We will use necessary cookies immediately upon your access to our website, but to use analytics cookies, we need your consent.
7.4 You can manage your cookies preferences at any time in your browser or device settings. Depending on which browser and device you use, you may control which cookies you allow, which cookies you want to block in the future, and delete cookies. For more information about these settings, visit your browser or device's help page. Note that some of the Services might not work as intended if you choose to disable cookies.
8. Storage and transfer of personal data
8.1 Personal data will be stored on secure servers controlled and maintained in accordance with sufficient privacy safeguards. We may store or transfer information on Users to processors located outside of European Union, provided that such processors implement appropriate and suitable safeguards regarding the security of personal information.
8.2 If you register an account with us, we will store your personal data for as long as you have an active account. We may keep your personal data for up to three years after your deactivation of the account in our backup in order to maintain the integrity of our backup storage data as well as in order to address any appeals or requests pursuant to your purchases.
9. User’s Rights
9.1 We will process all personal data in line with Users’ rights, in particular their right, in certain circumstances, to:
Request access to any data held about them by SdsManager in a commonly used and machine-readable format.
Transmit their personal data to another data controller (free of charge), where such personal data is processed on the basis of consent or contractual performance, unless in doing so, it would adversely affect the rights or freedoms of other Users or others e.g. including trade secrets or intellectual property.
Prevent the processing of their personal data or withdraw their consent at any time in certain circumstances.
Ask to have inaccurate personal data amended.
Erasure of their personal data where data is no longer required for the original purpose or where the User has withdrawn their consent and no other lawful processing grounds apply.
Object to the processing of their personal data in certain circumstances.
Be notified where their personal data is subject to automated decision making i.e. profiling, including the logic involved, as well as the significance and the envisaged consequence of such processing for the data subject and object to such profiling in certain circumstances.
9.2 You may exercise these rights by contacting us at email@example.com.
9.3 Where we are required to provide a copy of personal data this will be free of charge, however, any further copies requested may be subject to reasonable fee based on administration costs.
9.4 Where we stop processing personal data or delete User’s personal data, it will possibly mean that that particular User is unable to continue using some of our Services, and they shall be notified accordingly.
9.5 Where a User requests to rectify or erase (except data required by any legal obligations) their personal data or restrict any processing of such personal data, we may be required to notify certain Third-Parties to whom such personal data has been disclosed of such request.
9.6 If the User considers that the processing of personal data relating to them infringes the GDPR they may without prejudice to any other administrative or judicial remedy, lodge a complaint with the supervisory authority.