PRIVACY POLICY
1. Introduction
We, Enovate AS (“Enovate”, “we”, “us”, “our”) are the owners and responsible for the daily operations of the website www.enovate.no (“Website”). The Website showcases the offerings and services provided by Enovate to customers extending beyond the Website (“Service(s)”). The Website and Services are collectively referred to as the “Platform”.
We respect your data privacy rights and are committed to protecting Personal Data collected on this Platform. This privacy policy (“Policy”) sets forth how we collect, use and protect the Personal Data on the Platform. This Policy is applicable to all natural persons who visit, use or access the Website (“Data
Subject”, “you”, “your”) and all other services offered by Enovate. The “Customer” shall mean and include an entity, organisation, company which has subscribed or availed the Services.
PLEASE READ THIS POLICY CAREFULLY. BY CONTINUING TO USE THE WEBSITE, PROVIDING US PERSONAL DATA, YOU CONSENT TO OUR USE OF YOUR PERSONAL DATA IN ACCORDANCE WITH THE TERMS OF THIS POLICY. IF YOU DO NOT AGREE TO THIS POLICY, YOU MAY WITHDRAW YOUR CONSENT OR ALTERNATIVELY CHOOSE NOT TO PROVIDE YOUR PERSONAL DATA ON THE WEBSITE. SUCH AN INTIMATION TO WITHDRAW YOUR CONSENT CAN BE PROVIDED BY EMAIL TO support@enovate.no.
Throughout this document we will use terms like ‘Personal Data’, ‘Controller’, ‘Processor’, ‘Processing’ and others, as defined in European Union Regulation 2016/679 General Data Protection Regulation, (the “GDPR”), Article 4. The GDPR includes the United Kingdom’s post Brexit GDPR.
This Policy describes the Personal Data for which we act as the Data Controller. When we receive Personal Data from our customers, we act as a Processor and shall process Personal Data as per the instructions received from the customers who will act as a Data Controller. For Personal Data collected on behalf of Customers while providing services please refer to Clause 4 of this Privacy Policy. Any requests you may have related to your Personal Data should be made directly to the respective Enovate’s customer directly.
2. Personal Data We Collect
a) Contact Information
This may include your name, email address, phone number, country of residence and current employer or company affiliation (as existing or prospective Enovate customer). It may also include additional information you give us by your own choice when interacting with us.
Source: Forms you fill in (e.g. contact form on our homepage), social networking software (e.g. LinkedIn) or by corresponding with us at conferences, events, via email, phone or otherwise.
b) Correspondence Data
This includes support tickets, questions, feedback, signed agreements, and/ or any content directly related to Enovate services or operations, which you send to us. It also includes any follow-up conversations and metadata (time, status, etc.).
Source: Information you share with us by your own choice, or information we derive from direct interaction with you – such as submission of forms, via email, phone or otherwise.
c) Technical Data
This may include information about the software (operating system, browser), the settings (display resolution, time zone, language preferences), the internet connection (IP address, bandwidth, latency,
location) and the device (device type) you are using while accessing our services. Whenever you are logged out, this data does not identify you directly, but is still considered personal data as it could potentially identify you indirectly.
Source: This data will be collected or inferred from collected data whenever you use our services, either due to the requirements of the communication protocols (e.g. TCP/IP and HTTP) or from logging of your
browser’s internal state and settings. This data is obtained via user- initiated requests and non-user-initiated background communication in web and mobile applications.
d) Interactivity Data
This may include information about the actions you perform (logins and logouts, form submissions, API calls, etc.), site navigation (menu choices, URLs visited) and your usage patterns (timing, mouse activity). Whenever you are logged out, this data does not identify you directly, but is still considered personal data as it could potentially identify you indirectly.
Source: This data will be collected or inferred from collected data whenever you use our services, either due to requirements in the communication protocols (e.g. TCP/IP and HTTP) or from logging of your browser’s internal state and settings. This data is generated via user-initiated requests and non-user-initiated background communication in web and mobile applications.
3. Cookies
We use cookies and/or similar in-house and third-party tracking tools to track user traffic patterns. Tracking tools also used are beacons, tags and scripts to collect and track information and to improve and analyze our Website. You may choose to disable cookies through your browser settings. For more
information, please refer to our cookie policy here Cookies Policy.
4. Processing of Personal Data by Enovate on behalf of the Customer
i. The Company as a Data Processor: The Customer sets the purpose and means of Processing of such Personal Data. We process such Personal Data only on behalf of and on the specific instructions of the Customer and solely for the purposes of rendering our Services to the Customer.
ii. Customer Privacy Policy: If you are the Data Subject using or accessing the Platform and your Personal Data was shared with us by the Customer, the privacy policy of the Customer, on whose behalf we process the Personal Data, will apply. This means that any enquiry, request, objection or complaint that you as a Data Subject may have in connection with the processing of Personal Data that forms part of your Platform usage will be
addressed to and resolved by the Customer.
iii. Personal Data: Depending on the nature of Services and Customer requirements the Company processes Personal Data on behalf of Customer/s. Please check the Customer’s privacy policy for further details.
The Customer has complete control over the Personal Data and the Company processes the Personal Data on the Customer’s behalf.
iv. Customer Responsibility: The Customer represents that it has acquired all necessary consents, provided privacy notices and/or relies on other appropriate legal basis for the processing of Personal Data of the Data Subject. The Customer confirms that Data Subjects have been informed about that their Personal Data is transferred to the Company as a Processor and other third parties used by the Company for the provision of services.
5. Use of Personal Data
a) To Request Consent
We may use your Personal Data to request consent to send you marketing materials, surveys, statistics or product updates. We will not send you any of this unless you have given your consent. You will always have the option to opt out of such communication (‘right to restriction of processing’) or to have your contact information deleted entirely (‘right to erasure’), even if you have previously consented. You may also entirely ignore our communication and we will, after a time, stop communicating and automatically delete your data (cf. section 4a, below).
b) To Inform or Notify You
We may use your contact information to
i. send you marketing materials, newsletters, surveys, statistics or product updates you have given your consent to, or
ii. send you invoices, policy updates or any other relevant legal or administrative information relating to your company’s customer relationship to Enovate or
iii. send you security updates, personal data breach notifications or any other relevant technical information regarding the operation of Enovate services.
c) To Provide Customer Service and Relationship Management
We may use correspondence data to assist you, to communicate regarding contracts, terms and policies and to improve our customer service and management routines.
d) To Improve the Functionality of Our Services
We may use correspondence data, technical data and interactivity data to evaluate features we need to improve.
e) To Improve the Usability and Performance of Our Services and Website
We may use correspondence data, technical data and interactivity data to
evaluate which non-functional requirements that need to be set and met.
f) To Enhance or Improve the Security of our services
We may use correspondence data, technical data and interactivity data to evaluate the operations of our services as well as for auditing purposes during and after an incident. We may also do profiling on technical and interactivity data for purposes of detecting or preventing intrusion, data breaches, denial of service or other fraudulent activity.
g) For Compliance and Documentation
We may use correspondence data to document legal or financial responsibilities and contractual obligations.
6. Legal Basis of processing:
We will not process your Personal Data without a lawful basis to do so. We will process your Personal Data only on the legal basis of consent, contract, or based on our legitimate interests, provided that such interests are not overridden by your privacy rights and interests.
7. Accuracy of information
The Data Subject undertakes that they shall be solely responsible for the accuracy, correctness, or truthfulness of the Personal Data shared with us whether of its own or any third party. In the event the Data Subject is sharing any Personal Data on behalf of a third person, the Data Subject represents and
warrants that he has the necessary authority to share such Personal Data with us, obtained a written consent from such third party and the we shall not be responsible for verifying the same. The Data Subject understands and acknowledges that such Personal Data shall be subject to the terms and
conditions of this Policy.
8. Retention of Personal Data
We will retain your Personal Data for as long as it is required to be retained for the purpose of provision of the services on our Platform. We may retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
9. Personal Data Security
In order to protect the security (confidentiality, integrity and availability as commonly defined and understood in the information security field) of your data, the systems and services processing it, we will assess the related risks (threats, probabilities and consequences) and implement technical, organizational and physical measures as appropriate. Assumed costs and effectiveness of the measures will be taken into account.
Please understand that the landscape of threats and attack tools changes constantly and becomes increasingly smarter. Ensuring acceptable security over time requires a continuous process of evaluation and improvement. We have implemented routines to monitor data security. However, with the current backdrop, we realize no process can guarantee absolute data security, but we do our utmost to comply with best industry practice and to update our routines and systems accordingly.
In the unfortunate event of a data breach, we will notify the involved parties, including the relevant supervisory authority, in compliance with GDPR, Article 33 and 34.
10. Transfer of your Personal Data across borders:
We collect and may transfer limited categories of Personal Data outside the EU and UK to trusted
sub-processors in strict adherence to the provisions of the GDPR. If you have questions, please contact support@enovate.no.
11. Sharing of Personal Data
a) General
In particular, we will not sell, rent or trade your Personal Data to/with any other third party. We will only share it for the purposes stated below.
However, we may share or publish aggregated anonymized data (i.e. data derived from Personal Data, but no longer classified as such), for example traffic statistics from Platform.
We may be compelled to release your Personal Data to comply with law enforcement or other legal requirements we are subject to. If so, we will attempt to notify you to the extent permitted by law.
In the event of a merger or an acquisition of the Company, we may transfer your Personal Data to ensure the continuity of services.
b) Our Trusted Sub-Processors
We may share your data with the following trusted sub-processors for the
purposes listed below
Freshworks, Inc.
Product/Service
Freshdesk
Purpose
Storage and processing of contact information (cf. section 2a) and correspondence data (cf. section 2b), primarily for the purpose described in section 3c (customer service). Data from such communication may later be used to improve our services as described in sections 3d, 3e and 3f.
Privacy Policy
https://www.freshworks.com/privacy/
Residency
USA (San Bruno, CA 94066)
Functional Software, Inc.
Product/Service
Sentry.io
Purpose
Storage and analysis of pseudonymous technical (cf. section 2c) and interactivity (cf. section 2d) data for the purposes described in sections 3d, 3e, 3f and 3g.
Privacy Policy
https://sentry.io/privacy/
Residency
USA (San Francisco, CA 94105)
Microsoft Corporation.
Product/Service
Office 365
Purpose
Storage and processing of contact information (cf. section 2a) for the
purposes described in section 3a and 3b.
Privacy Policy
https://privacy.microsoft.com/en-us/privacystatement
Residency
USA (Redmond, Washington, 98052-6399)
Tripletex AS.
Product/Service
Tripletex
Purpose
Storage of orders and invoices related to you as a customer.
Privacy Policy
https://www.tripletex.no/personvernerklaering/
Residency
Norway (Karenslyst allé 56, 0277 OSLO)
12. Your Rights
As a Data Subject, several rights regarding storage, processing and access to your own personal data:
i. Access to Data
Data Subjects must be able to access and review their Personal Data. Please note there might be some exceptions.
ii. Rectification
A process must be available for data subjects to notify the controller about incorrect/ incomplete personal data and/ or whenever appropriate.
iii. Restricted Processing
Data subjects must at any time be able to object or withdraw from consent given previously to process their own Personal Data.
iv. Data Deletion
A process must be available for data subjects to request deletion of their personal data. The request must be assessed and handled within a reasonable time frame.
v. Data Portability
Data subjects must be able to export their personal data via a standard, open, electronic and machine-readable format. This shall enable them to take their data to a different provider without any hindrance by the data controller.
vi. Right to file a complaint
Data Subjects have the right to file a complaint with the data protection authority.
Should you wish to make use of any of these rights or if you have a question
related to this, please refer to section 17 “How to Contact Us”.
13. Choice and Opt Out
We may send you communications including but not limited to (a) notices about your use of our Platform, including those concerning violations of use, (b) updates, (c) promotional information regarding our services, and (d) newsletters. You may opt out of receiving promotional emails and newsletters from us by following the unsubscribe instructions provided in those emails. Alternatively, you can opt out, at any time, by emailing support@enovate.no with your specific request.
14. Changes to This Policy
We may update this Policy, when necessary, e.g. for legal reasons or to reflect changes in our service. If so, we will provide the change date and change log upon publishing the document. The revised Policy will be effectuated thirty (30) days after publishing.
We will notify our existing customers of any substantial changes. We will also encourage you to review our Policy periodically and be aware of any changes. We encourage you to contact us if you have specific questions or requests regarding the changes.
Your continued use of our services after the changes are effectuated will be regarded as accept of the changes. If you do not agree to the changes, we will unfortunately have to ask you to please stop using our services before the changes take effect. We hope you appreciate this requirement, as it is vital for
us to provide consistent services under the same rules to everyone.
15. Links to other Websites/Applications
Our Platform may contain links to other websites/ applications of your interest. Please note that we do not have any control over such other websites/ applications, and you will be accessing these websites/ applications at your own risk. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites/applications and those are not governed by this Policy. You should exercise caution and look at the privacy policy applicable to such websites/applications,
16. Governing laws
This Privacy Policy shall in all respects be governed by and construed and enforced in accordance with the laws of Norway and the courts of Norway shall have an exclusive jurisdiction to adjudicate any subject matter under this Privacy Policy.
16. How to Contact Us
If you have any question request or concern related to this Privacy Policy, or Enovate privacy and data protection practices in general, please contact us at support@enovate.no and we will do our best to assist you.
Company address:
Bleikmyrvegen 42
4276 Veavågen
Norwayr