Privacy Policy

Last updated: 12/11/2024

1. Introduction

Welcome to DecodeVC. We respect your privacy and are committed to protecting your personal data.

2. Your Data Privacy

Privacy Notice for DecodeVC

DecodeVC will, as part of our business, process personal data.

We are committed to processing personal data in a safe, reassuring and trustworthy manner. Our processing as the controller of personal data is based on our activities and the purpose of our business. Information about the personal data we process about you, the legal basis for the processing, the purpose of the processing, how long we process the personal data, etc. is included below.

If you have questions about processing your personal data, please contact us at the contact details provided below.

3. Responsible for the processing of personal data

DecodeVC is responsible for processing personal data described here, i.e. decides why and how the personal data is processed (the data controller). We may also process personal data in other ways mentioned below, but we will inform the personal data that applies in other ways than through this notice.

Our processing as a data controller of personal data is based on the business we run and the purpose of our business, i.e., providing the service DecodeVC and other related activities. See more below about the purpose of processing individual personal data.

Contact details on us as data controller:

Entity name: DecodeVC
Email: contact@decodevc.com
Entity reg. no.: 931059319

4. Why and what kind of personal data DO we collect and use

We collect and use your personal data for different purposes depending on who you are and how we get in touch with you.

All processing of personal data will be in accordance with this Privacy Notice, the privacy regulation in force at any given time, including the local privacy regulation and the General Data Protection Regulation (GDPR).

You will find information on the personal data we process about you, the purpose and the legal basis of the processing, how long we process the personal data, etc., in this section.

Personal data is any information related to a natural person, such as you.

Processing means anything that is done with personal data, such as collection, registration, organisation, structuring, storage, adaptation or change, retrieval, consultation, use, disclosure by transfer, dissemination, or any other form of making available, compilation or alignment, limitation, deletion or destruction.

If we are a data processor, i.e. we process personal data on behalf of others (which is the data controller), such as our customers, you may request information about the processing from the data controller. You can still contact us about the processing of your personal data, and we will refer you to the data controller. See also below about our role as a data processor.

4.1 Communication and contact

We process personal data about those who contact us to answer and document the communication and contact others not covered by the processing elsewhere in the Privacy Notice, which applies to all forms of communication, physical and digital, written, and oral.

In such cases, we process the name, telephone number, email address and any personal data that may result from the communication, including history/logs about the inquiry.

The processing is based on that we consider on having a necessary legitimate interest in processing related to the above (see GDPR Article 6 (1) f). Our legitimate interest is to have contact with others as part of our business and in documenting our business, as well as replying to those who contact us and registering such contact. We have assessed that this is necessary for us to handle inquiries we receive, and that the data subjects' privacy does not override these interests.

It is voluntary to provide us with personal data, but it will be necessary to provide us with the information to answer inquiries.

We process the personal data until we expect that there will be no further follow-up of the contract, typically for two years.

4.2 Email and other business solutions

We use email as a communication solution and other business solutions, such as document storage, cooperation solutions etc., that will contain personal data. The processing is based on that we consider having a necessary legitimate interest in processing personal data via email (see GDPR Article 6 (1) f) in order to have a work tool and communication solution and that the data subjects' privacy does not override over these interests. Personal data processing depends on the purpose of the email and what is included in it. Emails and other information are deleted when they are no longer needed, and we have measures in place to ensure regular deletion.

4.3 Services

We collect and process personal data regarding the provision of our service, DecodeVC. We are a data processor when providing the service, and our customers will be data controllers. In such processing, we collect and process the following personal data:

Contact information on the users of our customers who are in contact with us and who are using the service

Any personal data as part of the information the customers include in the service, such as information as part of the decks. This information is collected, maybe extracted from scanned images by OCR, stored in our systems, analysed, enriched or combined with other data, see below, and included in the output as reports or in other contexts for the customers.

Data collected from other sources is to be matched with the data provided by the customer, such as data from the internet and publicly available sources, such as company websites and LinkedIn. Such data is connected to the data provided by the customers, stored and provided in output and reports to the customers.

Technical logs, security logging on the website and in connection with services for security reasons, the development of the service, and statistics.

The above data is processed with the customer as controller and based on the controllers' purpose for processing and legal basis for processing (typically GDPR Article 6 (1) f) if the customer has a legitimate interest in the processing and that our customer considers to have a legitimate interest in processing this type of personal data and that its interest overrides the data subject's privacy).

We will also process personal data related to technical logs, security logging and in connection with services will also be processed for security reasons, the development of the service, and statistics. As we decide the purpose of the processing (to provide and secure the service) and the means of the processing (the security measures to impose), we are the controller of such personal data. The processing is based on our duty to comply with the privacy regulations to secure personal data, see GDPR Article 6 (1) c, cf. Article 32, and our duty to secure your personal data according to the agreement with the customer.

4.4 Communications and information on services

We may send you information on the services you or your organisation have purchased or are using, such as technical conditions, upgrades, new functionality, etc., and also emails that may be automatically generated by our services. This information is part of the services we provide and may be important to you or your organisation.

The information will be provided regardless of whether you have consented, as it is our necessary and legitimate interest to inform our customers of the services they are purchasing (see GDPR Article 6 (1) f). The purpose of the processing is to keep you updated about the services. Consequently, you may not be able to unsubscribe from the information.

We only process personal data that allows us to send information, such as your email address and your telephone number. The email address and your telephone number are not used for anything other than sending out the information or contacting you, and we will not share, transfer or provide the information with anyone else. The personal data is processed as long as you use our services.

4.5 Newsletter

If you request information or sign up for our newsletters, we may send you information about our products and services, products for partners, newsletters and other information and marketing. As a consequence, we will process your name and email address.

The process of personal data is based on your consent (GDPR Article 6 (1) a) in case the information is considered marketing. For information on the services, please see above. You can withdraw your consent at any time by using the link in the newsletter or contacting us to stop receiving newsletters.

The processing of the personal data takes place until you have received the requested information, have withdrawn your consent or if you object to receiving such information. Your personal data will then be deleted.

4.6 Business customers, suppliers, partners, etc.

We process personal data about contact persons of existing and potential business customers, suppliers, and other partners to manage our relationship with suppliers and others, prepare, implement, and document services and evaluate the use of services. In these cases, we will process names, contact information, company names and information related to the contact with the company in which the person in question works.

The processing of personal data is based on the necessary processing and legitimate interest in handling the relationship with our customers, partners, and suppliers.

The processing of personal data is based on that we consider on having a necessary legitimate interest (GDPR Article 6 (1) f) to manage the relationship with our customers, partners and suppliers, and that our interest is not overridden by the data subject's privacy.

We also store and disclose information where we have a legal obligation to do so, for example, under accounting and tax legislation. We may store information for as long as we believe it may be necessary to document matters relating to services. In many cases, it will be necessary for us to obtain personal data to enter into agreements with customers and suppliers, among other things, to document that an agreement has been entered into. If we do not receive the information we need, we will not be able to enter into agreements.

It is voluntary for contact persons to provide us with personal data. If we collect personal data from others, it will mainly apply to contact information (including name, address, telephone number and email address), position, function, employer, and any competence and references where relevant. The source for such information will be the contact person, employer, or something else, such as the employer's website.

We store the personal data until the relationship with the customer, supplier, or partner ceases or until the contact person is no longer the contact person, with the exceptions mentioned above.

4.7 Recruitment

When recruiting for new positions with us, e.g. CV, application, certificates and references are processed. Processing of personal data takes place on the basis of consent that you have given if processing takes place through, e.g. recruitment solution or on the basis that it is necessary and within our legitimate interest to recruit new employees.

The basis for processing personal data when recruiting is that the processing is necessary to make assessments of possible job seekers prior to entering into a possible employment agreement (GDPR Article 6 (1) b). If assessments are made in this regard, such as contacting persons who are not listed as a reference, examining when searching for background, etc., personal data is processed on the basis of our necessary legitimate interest in ensuring that the correct candidate for the position (GDPR Article 6 (1) f).

For the latter, we have considered that the individual data subject's privacy does not override our legitimate interest in recruiting new employees. We recommend you not to enter special categories of personal data, such as health, religion, political opinion, union membership, etc., in your application.

Information in the service is deleted as soon as the recruitment is done if you have not agreed to further storage.

4.8 Social media

We have contact with stakeholders and others through social media. Among other things, we have established a Linkedin page, where we are responsible for processing personal data in this connection with Linkedin. Personal data will be processed through the Linkedin page if you publish posts on the page, comment on posts, or like/follow the page. Our purpose for processing personal data through Linkedin is to have contact with you who wish to communicate with us or interact on our Linkedin page in other ways, see also about communication under section 4.2 above.

In this context, your name and link to other information that you have posted on Linkedin associated with your name/account on Linkedin are processed. In addition, everything you share through posts and comments on our Linkedin page and the fact that you have liked/followed our website is processed. What you share on the Linkedin page is up to you and voluntary.

We ask you not to share personal information in posts or comments on the website, and especially not to share personal information about others, e.g. by tagging or mentioning people.

We process personal data on social media, such as Linkedin, because we believe we have a legitimate interest in communicating with the outside world through social media and want to process personal data in this context (GDPR Article 6 (1) f). We have considered it so that this is necessary for us to communicate with the outside world and handle inquiries we receive and that the data subject's privacy does not come before these interests.

The data will be processed as long as postings/comments are available on social media, and you can delete this at any time.

4.9 Use of websites, cookies etc.

We will use cookies or similar technology to collect information when you visit or interacts with our website. We use the information collected to improve the customer experience on websites and services, to adapt and develop the website, and to offer functionality in the services. We also use the information to provide visitors with recommendations and service adjustments that are as relevant to you as possible. This will both be given on the basis of visitors' behaviour, e.g. on the basis of services used, links clicked on, or information read, and on the basis of the behaviour of other users with similar usage patterns.

The information collected will be your IP address, the type of browser you use, your internet provider, operating system, date and time of website visits and services etc. The information is stored in your browser's internal memory or related to a series of numbers/digits that can identify your browser or device that uses the website (referred to as cookies below for simplicity). The information will then be related to other information collected.

You have the ability to prevent us from placing cookies in your browser. Many browsers or devices are set to accept cookies automatically, but you can choose to change the settings yourself so that the cookies are not accepted. The disadvantage of disabling cookies in your browser is that the web pages will not work optimally. The reason is that the purpose of most cookies we use is to provide just functionality on the services.

Personal data is also used to improve our websites, compile statistics and understand the use of the pages. As far as practicable, we try to do this with anonymous information without knowing that the information is specifically related to the individual visitor.

We will process the personal data mentioned above on the basis of our consent (GDPR Article 6 (1) a). The information will be processed until you withdraw your consent, which may be done by email on the contact information above.

We process the personal data mentioned above on the basis of our necessary legitimate interest (GDPR Article 6 (1) f) to adapt the website to our users, and we consider that this interest is not overridden by the data subject's privacy. However, we safeguard the privacy of visitors to the website by only using the information for statistics where individuals are not identified. The information will be processed for as long as it is necessary for the purposes mentioned above.

The cookies etc., we use is listed at the end of this Privacy Notice.

5. Retention and deletion of personal data

We keep and store personal data for as long as is necessary for the purpose for which the personal data was collected, and we delete the data under requirements in regulations. For how long period we process the individual types of data is included above under the specification of the different processes.

Instead of deleting the personal data, it may be relevant to anonymise the personal data in some cases. By anonymisation, all data that may identify or potentially identify data subjects (individual persons) are removed from data sets.

This means, for example, that personal data that we process based on your consent will be deleted if you withdraw your consent. Personal data that we process in connection with sales or purchase agreements you have with us is deleted when the agreement is fulfilled, and all obligations arising from the contractual relationship are fulfilled, such as legal obligations related to accounting, and follow-up of the customer-related complaints, etc. Personal data related to our fulfilment of legal obligations is deleted as soon as the legal obligations have been fulfilled, such as the obligation to keep accounts.

6. Processing personal data as part of services

Customers who use our services are data controllers for the personal data processed by use of the services and are then responsible for the processing of the personal data processed when using the services, see above on information on processing personal data as part of our services. We will then process personal data on behalf of the customer and are then the data processor. A data processor agreement has been entered into between the customers and us to regulate our processing of personal data on behalf of the customers.

As it is our customers that are then responsible for the processing (data controller), you must contact our customer to enforce your rights, see below.

The information in this privacy notice will also apply to our processing of personal data about our customers' customers with regard to the disclosure and transfer of personal data and security/technical matters. For deletion of personal data, it depends on when our customer chooses to delete the information. We will never use information or information from our services without this being instructed or approved by our customers.

We send out emails to contact persons at users of our services and our customers to provide information about the services, such as technical conditions, upgrades, new functionality, etc., in addition to emails that are automatically generated by our services.

7. Disclosure or Transfer of Personal Data

We do not disclose or transfer personal data to others in cases other than those mentioned in this notice and unless there is a legal basis for such disclosure/transfer. Examples of such a basis will typically be an agreement with or consent from the data subject or a legal basis that requires us to publish the information. The latter applies to public activities such as tax collection (if necessary), accountant/auditor, as well as others that we need in our business as a bank connection.

We use data processors to process personal data on our behalf. In such cases, we have entered into data processing agreements with the data processors to safeguard your rights and security for your personal data at all stages of the processing.

If it is required by law or there is a suspicion that a crime has been committed in connection with the use of our services, personal data may be disclosed to public authorities.

If personal data may be subject to transfer to another organisation in connection with a merger, financing, reorganisation or dissolution transaction of all or part of us, we will only do so if the parties involved have entered into an agreement where the collection, use and sharing of personal data is limited to the purposes of the transaction, including a provision as to whether or not the transaction will proceed, and the personal data shall only be used by the parties involved to complete and complete the transaction. If another company buys our business or assets, this company will have access to the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this privacy notice.

8. Transfer of personal data to recipients in countries outside the EEA

It is an objective that all processing of personal data shall be carried out within the EEA, but it may be that we use suppliers or process personal data outside the EEA, see above. In such cases, transfer and processing outside the EEA will take place in countries approved by the EU Commission or under a valid legal basis for the transfer of personal data under GDPR Chapter V. If transfer to countries approved by the EU Commission does not take place, the transfer will only take place after guarantees set out in Article 46 (2) of the GDPR. You can get information on the lawful basis used for the transfer if you contact us.

9. Security of processing

We prioritise the security of personal data in our business and will implement all required technical and organisational measures to secure your personal data. All processing will, if possible, be encrypted and not available to anyone other than those who need personal data for performing their tasks (need-to-know).

We ensure that the personal data is correct, accessible and handled according to the degree of sensitivity of the information. We also use a variety of security technologies and information security procedures to protect your personal data from unauthorised access, use or disclosure. Where necessary, risk assessments are carried out.

We have entered into data processor agreements with all our suppliers who process personal data, where they assume the same degree of security as we ensure in our processing of personal data.

We restrict access to personal data to the staff or third parties who process the personal data on our behalf. These parties are subject to a duty of confidentiality.

Routines have been established for handling breaches of information security and routines, and we will, if there are breaches that pose a risk to personal data, notify the supervisory authority (Datatilsynet) as soon as possible and no later than 72 hours after the breach is discovered. If the breach entails a high probability of the privacy of the data subjects affected by the breach, they will also be notified. If the breach comprises personal data where we are data processor, the data controller (such as our customers) will be responsible for giving notification on the breach.

10. Your rights when we process personal data about you

You will find a description of your rights when we process personal data about you below. To exercise your rights, you must contact us, see contact information above, or otherwise, if it follows below.

We strive to respond to your inquiry as soon as possible and no later than 30 days. If it takes longer than 30 days, you will be notified.

In some cases, we will request you to confirm your identity or provide additional information before you can exercise your rights to make sure that we only give access to your personal data to you - and not someone who pretends to be you.

Your rights set forth below apply where we are responsible for the processing. If we are a data processor for our customers, and you use services from one of our customers, the customer is responsible for the processing of personal data (data controller). You must then contact the one you receive the services from in order to exercise your rights related to the processing of your personal data. Your rights will then essentially be as described below.

10.1 Information

You have the right to get information about the personal data we process about you. Through this policy, you get information on the processing of personal data. You can also contact us if you want more information.

10.2 Access to your personal data

You have the right to request access to the personal data we processed about you. Contact us if you want such access.

10.3 Correction and deletion

You can also ask us to correct any personal data or ask us to delete personal data. We will as far as possible accommodate a request to delete personal data, but we cannot do this if the data is necessary for us.

10.4 Processing based on your consent

If we process personal data based on your consent, you can withdraw the consent at any time. The easiest way to withdraw your consent is as informed to you when you give your consent or to contact us.

10.5 Right to protest or restrict the processing

You have the right to have your processing restricted or stopped in certain cases, see further in Article 21 of the GDPR.

10.6 The right to data portability

For personal data that you have provided to us, which is necessary to carry out an agreement with us, and which is processed automatically (i.e. not manually by us), you can request that the personal data be disclosed or transferred to another provider in a structured, commonly used and machine-readable format (data portability).

10.7 Automated processing, including profiling

There will be no automated processing, including profiling, based on your personal data that may have legal effects or that significantly affect those to whom personal data applies. See GDPR Article 22 no. 1 and 4.

11. Complaints

If you suspect that our processing of personal data is not in accordance with what we have described here or that we, in other ways, violate the privacy legislation. In that case, you can complain to the Norwegian Data Protection Authority. However, we ask you to contact us first to correct the matter as soon as possible.

We use the Norwegian Supervisory Authority (Datatilsynet) in Norway as the leading supervisory authority for cross-border processing under GDPR Article 56. You can therefore direct any complaint to the Norwegian Data Protection Authority.

You will find information about your rights and how to contact the Norwegian Data Protection Authority on the website: www.datatilsynet.no.

12. Changes to This Privacy Notice

Should there be a change in our services or changes in the regulations on the processing of personal data, it may change the information you have provided here. If we have your contact information, we will make you aware of these changes. You will find the updated privacy notice readily available on our website.