1 Privacy Policy

Information about the processing of personal data in IWMAC systems.

Here at IWMAC, we safeguard the privacy of our clients, suppliers, partners, as well as our clients’ customers. In this document, we’ll provide an overview of how, when and why we process personal data.

Definitions:

  • When referring to IWMAC, this covers IWMAC AS and all its subsidiaries.
  • IWMAC is responsible for processing personal data for all of our employees and job applicants.
  • Personal data we process about employees of our clients/suppliers/partners is carried out in accordance with the relevant data processing agreement.
  • IWMAC develops systems that facilitate the storage and processing of personal data. The personal data stored by or for our clients is owned by our clients, who act as the data controller. IWMAC is therefore the data processor.

1.1 Why do we process your personal data?

The personal data about our clients and end users will primarily be used to manage and maintain the client relationship, including to communicate with, follow up, carry out deliveries, and otherwise fulfil our agreements.

We may also use the personal data to send out information on offers and marketing materials, conduct customer surveys, and to assess when it would be appropriate to send out certain types of material to the individual client.

The same also applies to our suppliers and partners.

When IWMAC is the data processor, it is the data controller who submits personal data and defines the purpose of the processing within the framework of the system.

1.2 What personal data do we process?

In general, we will only process personal data about our clients and users as necessary to manage the client relationship or agreements.

More specifically, this may involve us processing information such as name, email address, telephone number, position/role, technical usage information, correspondence, audio recordings from Alarm Center/Support conversations, views on our products/services in the form of responses to customer meetings and meeting minutes.

We do not process any sensitive personal data on our users. See here for the definition of sensitive personal data:

https://www.datatilsynet.no/rettigheter-og-plikter/personopplysninger/

1.3 How do we collect your personal data?

The source of the information we have about our clients/users will normally be the client themselves, by the client providing the information themselves, or after the client has been established.

IWMAC uses Cookies (small information files) and other forms of mapping the use of our services on our websites. Cookies help us to determine which parts of our websites are the most popular, including which pages users visit, and for how long. The information is used, for example, for performance, development and analysis of services and the targeting of advertising on the Internet. This is to ensure that our clients have the best possible experience when using our services.

1.4 What is the legal basis for the processing of your personal data?

We may in some cases obtain the consent from our clients to process personal data, but we will also process data without requesting specific consent where it is necessary to fulfil our agreement with the client, or for taking action at the request of the client before an agreement is entered into.

When IWMAC is the data processor, it is the data controller who holds the legal basis for processing and storing personal data.

1.5 Who has access to your personal data with us?

We will limit access to the personal data of our clients/users to the persons in IWMAC who need such access based on the purposes as set out in section 1 above.

1.6 Do we share your information with anyone?

We do not share, sell, lease or exchange your information with third parties without your consent, except when as described below.

1.6.1 Third-party service providers working on our behalf:

We may pass your information on to our distributors, agents, subcontractors or other associated organisations with the purpose of providing services to you on our behalf.

1.6.2 Third-party product suppliers we work with:

We work with third party product supplies to provide you with products and services. When you ask about or buy one or more of these products, the relevant product provider will use your data to provide you with information and carry out the duties stipulated in contracts you have entered into with them. In some cases, these product providers will act as data processors of your data, which is why we encourage you to read their privacy policies and sign a data processing agreement. These third-party product providers share your data with us, and we use this information in accordance with this privacy policy.

1.6.3 If required by law:

We will disclose your personal data if it is required by law, or if we as a company believe that this disclosure is necessary in order to protect the rights of IWMAC and/or to comply with any lawsuit or court order. However, we will do what we can to ensure that privacy rights continue to be protected.

1.6.4 Use of subcontractors (data processors and sub-processors)

We may use subcontractors to process personal data on our behalf. In this case, we are responsible for ensuring that they comply with this Privacy Policy and applicable privacy laws by signing a data processing agreement.

If the subcontractor processes personal data outside the EU/EEA, such processing must comply with the EU-US Privacy Shield, the EU Standard Contractual Clauses for transfer to a third country, or any other specific legal basis for the transfer of personal data to a third country.

1.7 How and for how long do we store your personal data?

Personal data is retained for as long as it is needed for the purpose of the processing. Also note that we may be required to store personal data even after the purpose has been fulfilled, for example, following accounting legislation or other public law requirements.

It is the data controller who defines how and for how long the personal data is stored.

1.8 How do we secure the processing of your personal data?

IWMAC shall meet the security requirements in accordance with those are set out in the applicable Norwegian privacy laws. The level of security will take into account the nature of the personal data and the risk of a data breach of the data subject.

We have established procedures and measures at various levels to ensure that non-authorised persons cannot access your personal data, and that all processing of the data is performed in accordance with the applicable laws. The security measures include regular risk assessments, technical systems and procedures to ensure security of the information.

Further information about the above may be shared with contractual partners upon request.

1.9 What information requirements does the data subject have?

As the data subject, you have the right:

  • to gain access to the personal data about you that we process;
  • to request that incorrect, unnecessary, insufficient or outdated personal data is rectified or removed;
  • to object to the processing from direct marketing as well as to know about any profiling;
  • to withdraw any consent to the processing of personal data that you have granted us;
  • to download the personal data about yourself that you have given us and transfer it to another data controller (data portability);
  • to contact us if you have any input or questions related to our processing of personal data;
  • to complain directly to supervisory authorities if you consider that the processing of your personal data is in violation of the applicable laws.

1.10 Changes to the Privacy Policy

Changes to the Privacy Policy will be published on the company’s website.

1.11 How can you contact us?

If the Client has any questions or requirements related to our processing of personal data, they can contact our Data Protection Officer via privacy@iwmac.no.

All enquiries related to personal data where IWMAC is the data processor should go directly to the data controller.