Privacy policy

PRIVACY POLICY
About the processing of personal data
Dipai AS
In connection with our business, we will process personal data. The processing of personal data is based on the business we conduct and the purpose of our business. Below you will find information about personal data we process, the legal basis for the processing, the purpose of the processing, how long we process the personal data,
The data controller for your personal data is Dipai AS,
The contact details of the data controller are:
Address: v/ÅKP, Borgundvegen 340, 6009 Ålesund
Phone: +4790209249
Organization number: 825 575 222

All processing of personal data takes place in accordance with the privacy regulations in force at any given time, including the Norwegian Personal Data Act and the EU General Data Protection Regulation (GDPR)

“Personal data” means any information that can be linked to a natural person (the latter is referred to as a “data subject”).

“Processing” means anything that is done with personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of disclosure, compilation or interconnection, restriction, erasure or destruction.

We collect and use your personal data for various purposes depending on who you are and how we get in touch with you. Below you will find an overview of these purposes and what personal data we process:

  1. Communication and contact: We process personal data about those who contact us to answer, document the communication and to contact others. In such cases, we process name, telephone number, e-mail address and any other personal information that may result from the inquiry, including history / logs about the inquiry. It is voluntary to provide us with personal information, but it will be necessary to provide us with information in order to help you with your questions. The processing takes place based on a balance of interests, cf. GDRP art. 6 (1) f. We have considered that it is our legitimate interest in having contact with the outside world is a part the business we run, as well as responding to those who contact us and registering such contact. We have considered that it as necessary for us to handle any inquiries we receive, and that the privacy of the individuals does not prevent the processing of personal data based on this interest. The data will be deleted when we consider the dialogue to have ended, normally after 12 months.
  2. In connection with customer relationships and entering into new contracts: In existing customer relationships and when entering into new contracts, we process personal data such as name, telephone number, e-mail address and any other personal data that may result from the customer relationship. The data will be deleted when the agreement and all obligations arising from the contractual relationship are fulfilled.
  3. In connection with using our product: When you as a customer/shipowner use our products/our platform, we will collect data such as user activity, user interactions, data requests, and store it in our cloud or our software. The processing is necessary for the performance of the agreement we have entered into with the customer, and for the delivery of the services/products as stated in the contract, cf. GDPR Art. 6 (1) b. The data will be deleted when we consider it to be outdated or irrelevant., normally after 3 years.

    We also collect data from our products/our platform to register user patterns. The processing takes place based on a balance of interests, cf. GDRP art. 6 (1) f. We have concluded that this is necessary for us to do, in order to adapt and improve our products and that the privacy of the individuals does not prevent the processing of personal data based on this interest. The data will be deleted when we consider it to be outdated or irrelevant, normally after 3 years

  4. Recruitment to new positions with us: In case of recruitment to new positions with us, CV, application, certificates, references, notes from interviews etc. will be processed. Processing of personal data takes place on the basis of consent that you have given, at the same time as the processing is necessary to implement measures before an employment contract with a job seeker is entered into, cf. GDPR Art. 6 (1) a and b.

    If investigations are carried out by us beyond contacting persons who are given as a reference etc., personal data is processed on the basis of our necessary legitimate interest to ensure that the right candidate for the position, cf. GDPR art. 6 (1) f. For the latter, we have considered that our legitimate interest in recruiting new employees outweighs the individual’s privacy. We encourage you not to include special categories of personal data, such as health, religion, political opinions, trade union membership, etc. in your application.

    Personal data will be deleted as soon as recruitment has been completed, if you have not consented to further storage

  5. Send out marketing, newsletters and provide information about our business: For this purpose, we collect your name and email address. The processing takes place on the basis of your consent and/or existing customer relationship, cf. Section 15 of the Marketing Control Act. The information will be deleted when you withdraw your consent.

We store personal data for as long as it is necessary for the purpose for which the personal data were collected and delete the data in accordance with regulatory requirements. How long we process the individual types of information is included above where the individual types of treatments are listed.

This means, for example, that personal data that we process based on your consent will be deleted if you withdraw your consent. Personal data we process to fulfill an agreement with you is deleted when the agreement and all obligations arising from the contractual relationship are fulfilled, such as legal obligations related to accounting, follow-up of the customer relationship related to complaints, etc. Personal data we process as a result of a legal obligation will be deleted as soon as we are not obliged to store the data.

We do not pass on your personal data to others unless there is a legal basis for this. Examples of such a basis will typically be because you have consented to it, because the disclosure is necessary to fulfill an agreement with you or there is a legal basis that requires us to disclose the information.

We use data processors to collect, store or otherwise process personal data on our behalf. In such cases, we have entered into agreements to safeguard information security at all stages of the processing. We currently use the following data processors:

  • Microsoft 365
  • Microsoft Azure
  • SSD Nodes
  • PostgreSQL
  • WordPress

All processing of personal data that we carry out takes place within the EU / EEA area.

All processing of personal data is secured with the required technical and organizational measures.

We handle information so that it is correct, accessible and handled according to the degree of sensitivity of the information. We also employ a variety of security technologies and information security procedures to protect your personal information from unauthorized access, use, or disclosure. Risk assessments are carried out for the processing of personal data.

We have entered into data processing agreements with all our suppliers who process personal data, where they assume the same level of security as we have for our processing of personal data.

We restrict access to personal data to the personnel or third parties who will process the data on our behalf. These parties are subject to a duty of confidentiality.

Routines have been established for handling breaches of information security and routines (privacy breaches), and we will, if there are breaches that entail a risk to the privacy of the personal data concerned, send a deviation notification to the Data Inspectorate as quickly as possible and no later than 72 hours after the breach was discovered. If the breach entails a high probability of privacy for the data breaches, we will also notify them.

Below are your rights for the processing of personal data. To exercise your rights, you must contact us by using the contact information above.

We will respond to your inquiry as soon as possible, and no later than one month. If it takes longer than one month, you will be notified.

Information

You have the right to receive information about the personal data we process about you. Through this statement, we inform you about our processing of personal data. For further information, please contact the above.

Insight

You have the right to demand access to the personal data processed about you.

Change and deletion

You can also ask us to correct incorrect information we hold about you or ask us to delete personal information. We will as far as possible comply with a request to delete personal data, but we cannot do this if we still need the data.

Right to restrict or object to processing

You have the right to have the processing restricted in certain cases, see Article 21 of the GDPR, if:

  1. You contest the accuracy of the personal data – the processing is stopped for a period that allows us to check the correctness of the personal data.
  2. The processing is unlawful and you object to the erasure of the personal data and instead request that the use of the personal data be restricted.
  3. We no longer need the personal data for the purpose of the processing, but you need these to establish, exercise or defend legal claims.

You may also object to processing pursuant to Article 21 (1) GDPR pending verification of whether our legitimate interests override your privacy.

The right to data portability

For information that you have provided to us and is necessary for the performance of an agreement with us, and which is processed automatically (i.e. not manually by us), you can request to have your personal data provided or transferred to another supplier in a structured, commonly used and machine-readable format (data portability).

Automated processing, including profiling

There will be no automated processing, including profiling, based on your personal data that has legal effects or significantly affects those to whom the personal data relates. See GDPR Article 22 no. 1 and 4.

If you believe that our processing of personal data does not match what we have described here, or that we in other ways violate privacy laws, you can complain to the Data Inspectorate.

You can find information on how to contact the Data Inspectorate on the Data Inspectorate’s website: www.datatilsynet.no.

If there are changes about the processing of your personal data, it may also lead to changes in the information you are provided here. Updated information will always be readily available on our website.