- the categories of personal data that we process;
- how we process personal data; and
- what purposes we process personal data for.
What is personal data?
Personal data is any information that may be linked to a natural person, directly or indirectly, such as name, postal address, e-mail address, IP-address and mobile phone number.
Who is the data controller?
On behalf of Someday, managing director Øyvind Reierstad, is the data controller in relation to the personal data that Someday processes for the purposes described below. We have an obligation to ensure that your personal data is processed in a secure and legal manner in accordance with EU Regulation 2016/679 (GDPR) and national data protection laws.
With regards to the collection of data on employees of our clients when using the Someday application, the users of the Someday application is regarded as data controllers and Someday data processor.
How do we collect personal data?
Someday may collect personal data in the following ways:
- in relation to the handling of our relationship with our customers and other persons who contact or visit us;
- when you use our services, inter alia browse our web sites or use our Someday platform;
Categories of data subjects
We may process personal data linked to the following categories of data subjects:
- Employees of our clients
- Other who visits our web site or who contacts us
What categories of personal data do we process?
The categories of personal data that we process may vary depending on the data subject.
The personal data we may process about the employees of our clients may be:
- E-mail address
- Place of work
- Work position and division
- Date of employment and signing of contract of employment
- Username used at workplace
The personal data we may process about the individuals who visits our web site or otherwise contact us may be:
- IP address
- When the webpage was visited and other behavior on our webpage
- Personal data that you register on our webpage or otherwise provide us with
We may also process other categories of data than those listed below if the relevant data subject has consented to processing of such data. In this case, the data subject will, before giving consent, receive specific information on the data that we collect as well as the purposes of the processing of said data.
The processing of anonymous data, i.e. data that cannot be linked directly or indirectly to a natural person, is not subject to the restrictions described in this policy.
How do we process sensitive data?
Sensitive personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, processing of genetic data, biometric data for the purpose of uniquely identifying a natural person and data concerning health or data concerning a natural person's sex life or sexual orientation.
As a main rule, Someday does not process sensitive personal data unless you give your consent or it is necessary to protect the vital interest of the data subjects or another natural person.
For what purposes do we process your personal data?
Someday may process personal data for the following purposes:
- Delivery of our services. In order to make it possible for our clients to use our services for own business purposes, hereunder to use to our platform to analyze its business culture.
- Sales, marketing and customer care. In order to enter into a contract with our customer and in order to provide our customers with our services.
- Security. In order to secure our network and information we must prevent circumstances, events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data.
- Business analysis. We process personal data to better improve and further develop our services.
- Sales and marketing. We process personal data to communicate with our clients and potential clients and to market our services.
The legal basis for our processing of your personal data
According to the GDPR, Someday must base its processing of personal data on a legal basis. Our processing of personal data will be based on one or more of the following:
- The processing of personal data is necessary for the performance of a contract which the relevant data subject is party to or in order to take steps at your request prior to entering into a contract.
- The processing is necessary for the purposes of our legitimate interest, insofar as this interest is not overridden by your interests or fundamental rights and freedoms which require protection of personal data.
- The relevant data subject has given consent to the processing for one or more specific purposes.
Who may we transfer personal data to?
In certain instances we will transfer personal data to our suppliers or give our suppliers access to our systems containing personal data. Supplier that processes data on our behalf, do so on the basis of a Data Processing Agreement that regulate the responsibilities of the data processor in connection with the processing of the relevant data.
We may also share personal data with the authorities in cases where we are statutory obligated to do so, this may include regulators, law enforcement authorities, welfare authorities and fraud prevention authorities.
Do we transfer your personal data to countries outside the EU/EEA area?
As a main rule, we do not transfer your personal data to countries outside the EEA. In the event that we transfer personal data outside the EEA, we will ensure that adequate safeguard are implemented in accordance with the GDPR.
How long do we store your personal data?
We do not store personal data for longer than necessary to be able to fulfil the purposes of the processing described above. This does not apply, however, if storage of data for a longer period is required by law or other statutory regulations.
How do we keep your personal data safe?
We are obliged to implement appropriate technical and organizational measures to ensure and to be able to demonstrate that our processing is performed in accordance with the GDPR and other relevant data protection legislation.
We have implemented a number of appropriate measures in order to ensure that unauthorized persons do not gain access to your personal data.
What are your rights?
The GDPR provides you a number of rights, including the right to basic information, the right of access to data, the right of rectification of data and the right to erase data that we have stored.
We will do our utmost to make sure that your personal data is correct and up to date. If you notice that your personal data is not correct, or you want to delete data, we encourage you to contact us.
Where the processing of the personal data is based on consent or a contract and the processing is carried out by automated means, you may have the right of so called data portability. This means that you shall have the right to receive the data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance.
Furthermore, you will have the right to oppose or restrict the processing of your personal data, herein processing related to profiling and automated decisions. This means that you may require that your personal data is not analyzed to reveal your behavior, preferences, capabilities or needs. However, this does not apply if the processing of your data is necessary to fulfil a contract which you are a party to or if you have consented to the processing.
If personal data is being processed on the basis of your consent, you may also have the right to withdraw your consent.
If you are of the option that Someday does not comply with the prevailing data protection legislation or other relevant legislation, you may send a complaint to Someday. You also have the right to file a complaint to the Norwegian Data Inspectorate. However, we encourage that you contact us first, so that we may come to a mutual understanding.
How do you get in touch with us?
If you want to access, delete or correct any personal data that we have stored about you, or if you have any questions relating to how we process your personal data, please contact us at: firstname.lastname@example.org.