Last updated: Apr 26 2022
PROCESSING, PERSONAL DATA, AND DATA SUBJECTS
1. Types of personal data and how we process it
This privacy statement applies to any processing of personal data on Complai.com and the Complai online service which is hereinafter referred to as the “Website and service”.
Personal data in this regard shall mean any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
Processing shall mean any operation which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Registration for and use of our services and products
We will process personal data actively provided by you, e.g. when you register with us by setting-up an account on Complai, sending us requests or questions, prepare offers or place orders or access services. Such personal data may contain inter alia your name, e-mail address, contact details, company affiliation, request, and order information.
Complai collects and uses personal data only to provide you with the services you requested, to administer your account, identify you at sign-in and to communicate with you. We also interact with you via our general enquiry/support sections or responding to complaints or general feedbacks given by you on our services or because we had or have a contract with you in place.
We may also contact you with regards to your satisfaction with our products and services and may conduct other surveys.The legal basis for the processing is GDPR article 6 (1) (b) and (f) (necessary for the performance of our obligations towards you and for us to administer our relationship with you).
We use the personal data and contact data you provide by registration to inform you directly about our additional products and services. The use of your personal data for directly advertising related products and services is a legitimate interest for us as a provider of this Software.
You can object to the use of your personal data for direct marketing at any time. We will then refrain from any processing to the extent it is related to such purposes. You can inform us about your objection under contact, contact@complai.com
We process your personal data as far as necessary for compliance with legal obligations to which we as the data controller are subject, the applicable commercial accounting obligations and tax law requirements.
Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your user account is used. After deletion of your account, your personal data will be erased once the purpose for keeping it has expired. Some personal data may be kept for security related purposes. Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.
Usage Reports
We will provide our customers with usage reports to inform them how data is captured, accessed, and processed. To do so, we will track the activity on an account, e.g. date and time of access.
Log files
Complai is collecting log files when using the service to determine error situations.
Informational e-mails
With your email address you can subscribe to our informational e-mails that provide you with the latest news about our products and services like webinars, analytics, reports, and whitepapers if you consent to receiving such e-mails. Your email address will be retained as long as you subscribe to our informational e-mails.
This service is partly provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service. If your subscription is not confirmed, we will not send you informational e-mails.
You can unsubscribe from this service by opting out via the link provided in each informational e-mail.
Automated decision making
We do not use your personal data for automated decision making which produces legal effects concerning you or similarly significantly affects you.
2. Duration of the processing
We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.
3. Recipients
Complai internal recipient
Data will only be available within the COMPLAI company to support the operation of the application.
Third party recipients
We engage third party companies and individuals who assist us in providing the services and products we offer through this Application or support us with certain functions related to this Application. Your personal data will be e. g. shared with the following third parties and partly their sub-processors based also outside EU/EEA:
• Microsoft Corporation
• Auth0® Inc.
Moreover, when you purchase a service on Complai from any Service Provider we share the following basic set of personal data (e.g. username, name, company affiliation, email, service subscription, login ID) for the purpose of enabling the service provider to verify that you are registered as a user of Complai and to allow you to experience the usage of Complai in a more convenient way. We require these Service Providers to comply with relevant personal data protection laws.
Our Service Providers will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with the requests.
We may disclose your personal data if legally entitled or required to do so (for example if required by law or by court order). The legal basis for this processing is Art. 6 (1) 1 lit. c GDPR.
Microsoft Cloud Services
Complai relies on the services of a reputable provider of cloud services for the purpose of the Complai services provided by Microsoft™. Access to and use of this service is governed by the terms of Microsoft as applicable from time to time, including its risk distribution.
Microsoft may process some of your data for its own purposes in its capacity as data controller to comply with legal obligations and requirements. This data processing falls within the sole responsibility of Microsoft. The Microsoft Privacy Statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.
International data transfer
Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the European Union) which may have different data protection standards than your country of residence. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agenciesAll transfers of your personal data outside the EU / EEA will be subject to transfer mechanisms in accordance with the GDPR, typically by the adoption of EU’s Standard Contractual Clauses.
4. Retention periods
We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfill the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.
5. Security
We are committed to maintaining the confidentiality, integrity, and security of your personal data and take precautions to protect such information. It is our policy to use reasonable and appropriate administrative, technical, and physical safeguards designed to protect the personal data we have about you from loss, theft, and unauthorized use, access, modification, or destruction. We periodically review our policies and procedures to confirm that they are appropriate to meet our commitment to our community, our customers, and ourselves.
We also require third-party service providers acting on our behalf or with whom we share your personal data to maintain security measures consistent with applicable regulatory compliance requirements.
Notwithstanding our security safeguards, it is impossible to guarantee absolute security in all situations. If you have any questions about the security of our Site or Services, please contact us at contact@complai.com. For your own security, please do not send any confidential or sensitive personal data to us via email or through the contact form on our website.
6. Cookies
Like many websites and services, Complai uses “cookie” technology to collect additional website and service usage data and to improve the website and our services. A cookie is a small data file that is placed in your browser.
By accessing and retrieving information and/or using services on our website and service, you agree that cookies are placed in your browser – as most browsers are set so that they automatically accept cookies. If you do not want to accept our use of cookies, you may withdraw your consent by changing the settings in the browser. However, this may imply that the services on our website and service do not work optimally.
Complai may use both session cookies and persistent cookies to better understand how the users interact with the website and our services, to monitor aggregate usage by the users and web traffic routing on the website, and to improve the website and our services. A session cookie enables certain features of the website and our service and is deleted from the user’s computer when disconnecting from or leaving the site. A persistent cookie remains after the browser is closed and may be used on subsequent visits to the website and service.
Types of Cookies used
Strictly Necessary Cookies
These cookies are necessary for the Sites and Services to function. Cookies categorized as Strictly Necessary cannot be turned off. These cookies are essential in order to enable visitors to move around the Site and Services and use their features, such as accessing secure areas of the Site. Without these cookies, some key services cannot be provided.
Performance Cookies
These cookies collect information about how visitors use the Site or Services, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that on its own individually identifies a Site visitor or Service user.
Functional Cookies
These cookies enable the Site to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to the pages of our Sites.
If you do not allow these cookies then some or all of these services may not function properly.
Google Analytics
This website and Service uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use the service. The information generated by the cookie about your use of the Website and service (including your IP address) will be transmitted to and stored by Google on servers in the United States.
The Website and service uses Google Analytic’s IP anonymization function. Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On our behalf, Google will use this information for the purpose of evaluating your use of the Website and service, compiling reports on Website and service activity, and providing other services relating to Website and service activity and internet usage to us. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this Website and service.
Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en. An opt-out cookie will be set to prevent the future collection of your information when you visit this Website and service.
Further information can be found under https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
7. Your choices and rights
Opt-out of marketing email communications You can opt-out of direct marketing from Auth0 at any time by checking and updating your contact details within your account, using the “unsubscribe” link at the end of all our marketing emails. If you are a customer and you opt-out of receiving marketing messages from Complai, you may continue to receive transactional communications from us regarding our Services.
Managing Cookies, Targeted Advertising and Other Tracking/Analytics Technologies See section 6 for information about Cookies and Tracking/Analytics Technologies used on our Site and Services and about your options in relation to these technologies including relevant browser-based cookies controls and other opt-out capabilities.
Mobile Device Settings Your mobile device may also have settings that, if enabled, restrict mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means.
Data subjects’ rights
You may be entitled to exercise some or all of the following rights free of charge:
a. require (i) information on whether your personal data is retained and (ii) access to and/or (iii) duplicates of your personal data retained, including the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed and where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
b. request proper rectification, removal or restriction of your personal data, e.g. because (i) of the incomplete or inaccurate nature of the personal data, (ii) it is no longer needed for the purposes for which it was collected, (iii) the consent on which the processing was based has been withdrawn, or (iv) you have taken advantage of an existing right to object to the data processing; in case your personal data is processed by third parties, we will forward your request for rectification, removal or restriction also to such third parties unless this proves impossible or involves disproportionate effort;
c. receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller,
d. refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
e. object at any time that your personal data will be used for direct marketing purposes, or – based on grounds relating to your particular situation, that your personal data shall be subject to data processing for other purposes;
f. not to be subject to any automatic individual decisions (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or similarly significantly affect you;
g. take legal actions in relation to any breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators.
8. Revision of the statement
We reserve the right to adjust and adapt this privacy statement, for example in the event of changed regulatory requirements. Our updated privacy statement at any time will be published on our website complai.com.
9. Contact details
The Data Controller is Complai AS, Norwegian business nr.925 076 767 . If you have any questions regarding our processing of personal data please contact us: contact@complai.no