VEWD PRIVACY STATEMENT FOR PARTNER PORTALS
Version date: 7 January 2021
We, Vewd Software AS, aim for full transparency about the personal data we process when you use our products and services. In this Privacy Statement, we explain, among other things, what information we collect, why we collect it, and how we use the information when you use our customer portal and/or our developer portal (the “Portal”).
When we post changes to this Privacy Statement, we will include the date when the Privacy Statement was last updated.
Other privacy statements from Vewd:
WHAT DATA WE COLLECT ON THE PORTAL AND WHY
When you visit the Portal, we collect certain information from the device you use and information about how you use the Portal.
Information collected from your device includes:
- IP address,
- date and time of the access,
- name and URL of the accessed file,
- browser type and version
- further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, etc.).
We process these data to ensure trouble-free connection to the website, comfortable use of our website, for evaluating system security and stability and for further administrative purposes.
In order to enter the Portal you must register:
- your name,
- e-mail address, and
- company name.
The information listed above is processed by us in order to enable you to enter the Portal. The legal basis for processing your personal data is that it is necessary for the performance of a contract to which you are party.
The Portal allows you to freely submit additional information such as your role, telephone number, picture and address for the purpose of personalizing your profile further. The legal basis for our processing of your data for this purpose is your consent.
Information about how you use the site includes information such as:
- the length of your stay on the site,
- which content you read,
- scrolling behavior etc.
The information we collect from your device is processed at an aggregated level to gain insight that allows us to develop and improve the Portal. Hence, the legal basis for this processing is Vewd’s legitimate interest to develop and improve the Portal. When your personal data are processed on the basis of legitimate interests you have the right to object to the processing of your personal data, insofar as there are grounds arising from your particular situation.
HOW WE SHARE YOUR DATA
We may share your data:
- For cloud storage providers
- To government bodies and law enforcement agencies to comply with the law, for example in judicial proceedings, by court order or other legal process;
- To third parties (including professional advisors) to enforce or defend our legal rights, including our terms of service and/or end user license agreement;
- To a third-party purchaser or seller (including professional advisors) in connection with a corporate event such as a merger, business acquisition or insolvency situation;
- As described elsewhere in this statement.
If we transfer personal data to processors or other controllers who are not located in the EU or otherwise not approved as safe countries by the EU, such transfer is safeguarded by entry into EU’s standard contractual clauses for transfer of personal data to third countries.
INFORMATION SECURITY – HOW WE PROTECT YOUR DATA
The protection of your personal data is a high priority for us. We continuously work to protect personal data and other confidential information. Our security measures include physical, technical and administrative measures that will ensure that your personal data is not compromised, not unintentionally changed, and available when required. Such measures include for example access restrictions and controls, back up routines, and disaster recovery routines.
Any threats to data security are handled efficiently as security and the protection of your personal data is part of the daily work of our business. We comply with the requirements for the protection and safeguarding of personal data as provided by applicable privacy laws.
We review and update our working procedures regularly to improve your privacy and ensure that our internal policies are followed. We strive to promptly correct any non-conformance with these policies.
Any breach of security practices will be documented, and we have procedures and capacity to detect and deal with any breaches of security. If a security breach is detected, this will be reported to the management, the risk of privacy breaches is assessed, and the Norwegian Data Inspectorate (Datatilsynet) will be notified where necessary. You will also be notified as a user if the breach poses a risk to you and your rights.
RETENTION AND DELETION
Accounts that have not been active the past 24 months will be provided with the chance to confirm that the account is still active. If not, the account and the personal data will be deleted. Non-active contracts will be deleted within 30 days of the contract end date.
We will only retain personal data as long as it is necessary for processing it in accordance with the purposes described in this statement, to comply with our legal obligations, resolve disputes and enforce our agreement.
When your data is no longer necessary or relevant for our purposes, or required by applicable laws, we take steps to have it deleted, aggregated or made anonymous.
ACCESS, CORRECTION AND DELETION OF PERSONAL DATA
Please contact us if you want to know if we hold any personal data about you or if you want to access the personal data we have registered about you. You may be asked to prove your identification so that we can verify who is making the request. If we hold information about you, you can ask us to correct any mistakes and delete any excessive information.
For profile information, if any of the information we have registered about you is incorrect, we encourage you to make changes to your profile. You may also withdraw any consents you have given at any time. Feel free to contact us for assistance.
COOKIES
A cookie is a piece of data sent from an online site that is visited and stored locally on the user’s browser. Cookies do not cause any harm to your computer and do not contain any viruses, trojans or other malware. Most browsers accept cookies as default. You may decline your cookie preferences at any time by making changes to the browser settings to not accept cookies. However, note that some parts of the service may not work properly if cookies are removed.
We use cookies when you are logged in so that we can remember this fact. This prevents you from having to log in every time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in. We also use cookies to enhance the user experience when you log into our Portal.
Our portal at https://certify.vewd.com/ uses the following cookies:
Name | Purpose | Storage | Type |
Login cookie | Register whether the user is logged in. | 30 days | Essential |
Our portal at http://customerportal.vewd.com/ uses the following cookies:
Name | Purpose | Storage | Type |
Session cookie | session ID and secret token (used to decrypt the session on the server) are used to identify the user to the system. | 24 minutes | Essential |
Same-site cookies | The purpose of the cookie is to prevent CSRF attacks. All same-site cookies are identical for all users on all Nextcloud instances, hence, no personal data is stored. | forever | Essential |
Remember-me cookie | In order to identify the user to the portal, the cookie stores user id, the original session id and a remember token. | 15 days (can be configured) | Preference |
You can choose whether to accept cookies by editing your browser settings. However, if cookies are refused, some features on our website may not work as intended. Information about the procedure to follow in order to enable or disable cookies can be found at:
For more information about other commonly used browsers, please refer to http://www.allaboutcookies.org/manage-cookies/
YOUR RIGHT TO FILE A COMPLAINT
If you believe that we process your data in violation of your rights, you have the right to complain to the Norwegian Data Inspectorate (“Datatilsynet”). You should always contact us directly before sending a complaint to the Norwegian Data Inspectorate, so that we can try to solve or clarify the issue.
CHANGES TO THE PRIVACY STATEMENT
We may need to update the Privacy Statement as our operations and services evolve or if there are changes in the applicable privacy laws. Hence, we encourage you to regularly check out the latest Privacy Statement that is updated in the Portal. In the event of any substantial changes in the Privacy Statement, we will try to contact you directly through available channels, such as through your email, information banner in the Portal, notifications on our websites or other digital services.
CONTROLLER AND CONTACT INFORMATION
Vewd Software AS, organization number 916 368 011, Fridtjof Nansens Plass 5, 0160 Oslo, Norway is the controller of personal information processed under this Privacy Statement.
If you have any questions about the Privacy Statement or any other questions regarding our privacy practices, please contact us at: privacy@vewd.com.