Privacy Policy

Processing of Your Personal Data at Idntfy me AS

Idntfy me AS, organization number 931924818, (hereinafter "the Company"), is the Controller responsible for the processing of personal data within the business. All processing of personal data is carried out in compliance with the Act relating to the processing of personal data and the EU General Data Protection Regulation (“GDPR”).

This Privacy Policy provides you with information about how we process your personal data and what rights you have in that regard. This Privacy Policy applies to you who are:

• our customers and potential customers
• employed by our customers
• suppliers and collaborators
• employed by our suppliers
• job applicants
• visiting our websites
• otherwise in contact with us, for example, individuals participating in seminars, individuals receiving newsletters, journalists contacting us, or other visitors.

"Personal data" means information that can be linked to a physical person. "Processing" of personal data means any use of personal data, both automated and manual, such as collection, structuring, storage, and deletion.

Contact Information for the Controller:

Name: Idntfy me AS

Postal Address: Haxthausens gate 4A, 0263 Oslo, Norway.

Email: nina@idntfy.me

Org. No.: 931924818

1- Which Personal Data is Collected, as well as the Purpose and Legal Basis for the Processing

1.1 Introduction

In this section, you can read about the following:

1. The purposes for which we will process your personal data
2. The types of personal data we process to achieve the stated purpose and whether the personal data comes directly from you or another source
3. The legal basis for the processing under the given purposes

1.2 Delivery of Our Services

The Company collects and processes your personal data in connection with the delivery of the services offered. Personal data processed may typically be contact information such as name, email, phone number, and any other personal data necessary in the specific customer relationship, but also information about height, gender, [biometric data and measurement data in connection with the development of your personal virtual shopping assistant]. When we process biometric personal data, our processing takes place based on your explicit consent, cf. GDPR Article 9 (2)(a). The processing of such data will cease when the contract between you and Klarna is terminated, or when consent is withdrawn. It will be necessary to process other personal data to fulfil our agreement with you, cf. GDPR Article 6 letter b.

1.3 Collaboration with External Parties

For collaboration with and follow-up of our customers, suppliers, and other partners, it is necessary to store information to fulfil our contractual obligations and to plan and execute assignments and projects. Personal data processed may typically be name, email, phone number, and any other personal data necessary in the specific assignment or customer/supplier relationship. It will be necessary for us to process most of this personal data to fulfil our agreement with you, cf. GDPR Article 6 letter b. In some cases, the processing is necessary to safeguard our legitimate interest in the proper operation and organization of our own business, cf. GDPR Article 6 letter f. In the latter cases, we have assessed that our interest in carrying out the processing outweighs the participant's need for protection of their interests or fundamental rights and freedoms.

1.4 Processing of Personal Data in connection with inquiries received via the website or other channels

If you contact us via our websites or other channels, we process your personal data. Personal data processed will typically be name, phone number, email address, and any personal data that may arise from the inquiry. The information is collected via contact forms, inquiries by email, filling out applications/forms, or when you contact us in another way. The processing of personal data is based on a balancing of interests, cf. GDPR Article 6 letter f. We have assessed that it is necessary for us to store this personal data to follow up on your inquiry in a proper manner.

1.5 Processing of Personal Data in connection with events

In connection with us arranging seminars, courses, and similar events for our customers, suppliers, collaborators, and others, personal data is processed. This includes name, contact information, position, and employer. The legal basis for this processing is GDPR Article 6 letter f. In order to organize such events, we have assessed that our interest in carrying out the processing outweighs the participant's need for protection of their interests or fundamental rights and freedoms.

1.6 Processing of Personal Data during recruitment

In connection with the recruitment of employees, we collect personal data about job seekers who apply for jobs with us: Name, contact information, photo, CV, application, diplomas, certificates, statements from references, interview reports, and other information provided to us by the job applicant. The legal basis is GDPR Article 6 letters a and f. The Company has a legitimate interest in collecting information about the candidate for recruitment purposes. This data is deleted after the recruitment process is finished, unless the candidate consents to the information being retained by the Controller. In that case, the legal basis is GDPR Article 6 letter a. The information is stored for one year after consent has been given or until consent is withdrawn.

1.7 Newsletter and other marketing

For individuals who have consented, we send out newsletters by email. We also send newsletters and other marketing to those with whom we have an existing customer relationship. In connection with the newsletter and other marketing, we process personal data. This includes name, contact information (email, address, possibly phone number), and potentially information about the employer for this purpose.

Consent to receive such marketing may be withdrawn at any time. This can be done by contacting us. The legal basis for the processing is GDPR Article 6 letter f. The processing is necessary for the purposes of our legitimate interests, which override the need for protection of the data subjects' interests or fundamental rights and freedoms.

Personal data related to marketing is processed until consent is withdrawn or if the existing customer relationship ceases.

2- Disclosure of Personal Data to Others

We do not disclose your personal data to others unless there is a basis for such disclosure. Examples of such a basis would typically be because you have consented to it, because the disclosure is necessary to fulfil an agreement with you, or there is a legal basis that obliges us to disclose the information.

The Controller uses Data Processors to collect, store, or otherwise process personal data on our behalf. In such cases, we have entered into data processing agreements to safeguard information security during the processing. Such Data Processors may include software providers, payment service providers, accountants, recruitment systems, HR systems, payroll systems, IT systems, HSE systems, etc.

[All processing of personal data that we carry out takes place fundamentally within the EU/EEA area.]

[The Company may transfer personal data to recipients outside the EU/EEA in accordance with the requirements of the General Data Protection Regulation (GDPR). If transfers occur to countries not approved by the European Commission, we use appropriate security mechanisms, including the European Commission's standard data protection clauses (Standard Contractual Clauses – SCC), to ensure an adequate level of protection. Where necessary, we also implement supplementary measures to safeguard privacy. You may contact us for further information on transfers and security measures.]

3- Storage Period

We store your personal data with us for as long as it is necessary for the purpose for which the personal data was collected, unless we are legally obliged to continue storage.

4- Your Rights when we process personal data about you

The privacy regulations grant you a number of rights related to the processing of your personal data. You have the right to request access to your personal data, rectification of any errors, or deletion of the personal data we process about you. You also have the right to demand restriction of processing, object to the processing, and claim the right to data portability. You can read more about the content of these rights on the Norwegian Data Protection Authority's website: www.datatilsynet.no.

To exercise your rights, we ask you to contact us by email. We will respond to your inquiry as soon as possible, and no later than within 30 days. You can also contact us if you want more information about how we process your personal data.

We will ask you to confirm your identity or provide additional information before we allow you to exercise your rights with us. We do this to ensure that we only grant access to your personal data to you and not someone impersonating you.

5- Cookies

Information capsules or "cookies" are small text files stored on the user's device that collect information about the individual user. The information collected depends on the purpose of the cookie, which may be, for example, user adaptation or statistics.

"Functional cookies" are cookies that are necessary to use the primary functions of the website. These are necessary for the operation of the website and are always used.

The Company only uses functional "cookies" on this website.

6- Complaints

If you believe that our processing of personal data is not consistent with what we have described here or that we are otherwise violating privacy legislation, please contact us by email: [insert]. Furthermore, you can complain to the Norwegian Data Protection Authority (Datatilsynet). You can find information on how to contact the Data Protection Authority on their website: www.datatilsynet.no.