This privacy statement deals with our processing of personal data as a controller in connection with your use of our services, including the dCompany app/portal. In this privacy statement you will find information about how we process personal data and your rights. The term personal data refers to all information which relates to an identified or identifiable natural person.
In providing our services, we also act as a processor in relation to personal data for which our customers act as controllers. If you want information or have questions relating to the processing of such personal data, we ask you to read our customers’ privacy statements or get in touch with them.
- How we process personal data
We primarily process data about companies, which are not personal data. In order to provide our services, however, we do process certain personal data. Below is an overview of the personal data we typically process.
|Who||What||Why||For how long|
|Users of our services||Name, date of birth/national identity number, contact information, password and verifications of identity checks (for example via BankID). In addition, we retrieve data on the user’s roles/shareholdings in Norwegian limited companies.||In order to facilitate log-in and use of our services||Data which we are not required by law to keep for a longer period of time, is deleted no later than 6 months after the user has been deleted or has become inactive (inactive status occurs after 6 months of non-use)|
|Shareholders and persons with roles in companies using our services||Information on who owns shares (and number of shares) in companies on the dCompany platform, including full name and date of birth/national identity number. National identity number is necessary for unique identity control, but we only make the number available for users with administrator rights for the company in question.||In order to offer a better and more useful service and contribute to transparency, we share updated shareholder data with our partner T-rank AS when changes are registered on the dCompany platform.||For as long as the company is a customer on the platform.|
|Contact persons with our customers, suppliers and partners||Name, contact information and correspondence, if any||For customer administration and invoicing purposes||Data which we are not required by law to keep for a longer period of time, is deleted after the contact person has quit his position and contact information is updated, or no later than 6 months after the customer/supplier/partner relation has ended|
|Recipients of marketing material||Name, contact information and preferences the person has supplied, if any||In order to issue news letters, invitations and other marketing material, either because you are a contact person with one of our customers, or because you have given your consent||The data is deleted shortly after you have opted out of marketing, unless you are still a contact person (see above)|
The legal basis for such processing of personal data is our legitimate interest in providing, managing and promoting our services. For marketing without an existing customer relationship, the legal basis is consent. We may also process personal data for other purposes which are not incompatible with those mentioned above, for example for accounting purposes, product development and innovation, and in relation to purchase, sale or other form of transfer of business.
- Sharing of personal data
We do not share personal data with third parties unless you have consented or we have a legal obligation to do so, except for the sharing of shareholder data with our partner T-rank AS as described in the table above.
We do, however, share personal data with our suppliers of IT related services and their suppliers where that is necessary for their provision of services to us. We have data processing agreements with these suppliers which ensure that they do not use the data for their own purposes. As a general rule, we do not transfer personal data out of the European Economic Area (“EEA”), but in connection with payment we use a solution which is managed from the USA.
- Your rights
Pursuant to the personal data laws (including the EU’s General Data Protection Regulation GDPR) you have a right to access, correction, deletion, limitation and portability of personal data about yourself. You also have the right to protest against our processing of personal data about you. Note that conditions and exceptions may apply. Reach out to us if you want to exercise your personal data rights. We will answer your inquiry as soon as possible, typically within one month.
If you disagree with the way we process your personal data, you may complain to the Norwegian Data Protection Authority (Datatilsynet). We would appreciate it if you contact us first, so that we may solve any misunderstandings.
- Changes to this privacy statement
We will update this privacy statement when necessary. You will be notified if we make significant changes. You will always find the current version of our privacy statement on our website.
- Contact information
Feel free to contact us if you have questions, comments or wish to exercise your rights. You may use the following contact information:
Edvard Storms gate 2, 0166 Oslo, Norway