- Which data ConnectMyApps process.
- What we do with this data and what it is needed for.
- Which data protection rights and options you have.
ConnectMyApps provide online data synchronisation services made available through ConnectMyApps’ Web Application or via web service application programming interfaces (API), to enterprises in several countries.
ConnectMyApps’ head office is located in Oslo, Norway and ConnectMyApps is subject to Norwegian and European data protection legislation. This data protection policy was last updated on October 5, 2022.
1. INFORMATION ABOUT DATA PROTECTION LEGISLATION
All processing of personal data in Norway is governed by the EU’s data protection regulation, the General Data Protection Regulation (GDPR).
"Personal Data" is all information which allows us to identify you straight away or by combining it with other information. Examples: Your name, your telephone number, your customer number, order numbers or your email address.
The local Data Protection Authority oversees GDPR and supplementary national legislation. For more information about data protection, such as guidelines and contact information for the Norwegian supervisory authority you may refer to: www.datatilsynet.no
2. WHAT TYPES OF PERSONAL DATA ARE PROCESSED, WHY, HOW AND FOR HOW LONG?
2.1 HOW WE PROCESS YOUR PERSONAL DATA
ConnectMyApps acts as the controller of personal data when we process personal data to manage your ConnectMyApps account and to verify your compliance with our terms. The formal responsibility for processing personal data lies with the CEO of ConnectMyApps.
We will also be controller of the personal data we process for our own purposes of advertising and communication through our website and on social platforms. However, the social platform will be the controller of the personal data they process for their own purposes.
We collect and use personal data for various purposes each with its own legal basis. We store personal data only for as long as required to fulfil the purpose, after which it is deleted or anonymized.
In providing our services to our customers, we may process personal data on behalf of such customers. In such cases the customer is responsible for the processing of data, while ConnectMyApps acts as the data processor on behalf of the customer. All such processing is covered by a Data Processing Agreement between ConnectMyApps and the customer. The legal basis for such processing is compliance with our agreement with the customer concerned, as well our legitimate interest in administering such agreements and relationships with our customers.
Personal Data Collection and Processing
When you visit our website, we collect the following information from your device:
- IP address,
- date and time of the access,
- name and URL of the accessed file,
- browser type and version, and
- further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, etc.).
We only process these data to ensure trouble-free connection to the website, comfortable use of our website, for evaluating system security and stability and for administrative purposes, unless otherwise stated in our cookies policy.
You may contact us through our website. To respond you your request or inquiry we process:
- your name,
- your email, and
- other personal data you choose to share with us.
The processing is necessary for the performance of a contract with you (General Data Protection Regulation (GDPR) art. (1) b).
When Customer registers for the Services and Subscriptions on www.ConnectMyApps.com, ConnectMyApps asks for information such as Customer’s business name, first name, surname, email address and account credentials.
This information is stored and used so we can provide Customer with access to the Service and to monitor Customer’s use of same.
2.2 PURPOSE AND BASIS OF PROCESSING YOUR DATA - PROCESSING ACTIVITIES
ConnectMyApps process personal data through our website, Customer Relations Management system (CRM), Enterprise Resource Planning system (ERP) and other digital systems.
This is done for the following purposes:
- Providing services: We process personal information to provide and deliver services to you. For example, we process your information in relation to identification of customers, invoicing and payments, customer service, technical support and customer complaint handling. Such processing is necessary to fulfil our agreements with you, and/or to provide Services to you.
- Development and analysis: We process personal data to improve our Services and digital channels. Such processing is based on legitimate interest.
- Sales and marketing: We use both anonymized and personal data for marketing purposes. These activities include direct marketing, such as:
- defining target groups; based on consent (if required)
- adapting and targeting the marketing; based on consent (if required)
- distribution of newsletters and other forms of direct marketing; based on consent or another applicable legal basis; and
- marketing analysis and customer satisfaction surveys; based on consent and/or legitimate interest.
- Information security: We may process personal information to ensure the security of our systems, and to detect and prevent certain types of misuse of our services. Such processing is based on ConnectMyApps’ legitimate interest.
- Legal compliance: We process personal information to meet legislative requirements, for example in relation to accounting and providing information to authorities when required by law. Such processing is based on compliance with our legal obligations.
- Collection and disputes: If our agreement terminates, or if other bases for processing of your personal data therefore lapses and/or if a dispute has arisen between us, the following applies: We do not need to delete your data if we may need it to process it for the purpose of collection of any outstanding amount and/or for the purpose of dispute handling (see GDPR art. 17 (3) e).
ConnectMyApps process personal data complying with our legal requirements, for example accounting laws and storage requirements, or our agreements with our customers. The legal basis for such processing is compliance with our statutory obligations, and we store such data in accordance with any relevant legal requirements.
Data Security measures
ConnectMyApps takes data security seriously and has implemented technical steps to protect Customer’s Personal Data and account credentials from loss, unauthorized use or access. These include encryption, Secure Socket Layer (SSL) software and other industry standard methods for the transmission and storage of data. Further, ConnectMyApps has, in respect of Personal Data, implemented routines for; securing of data, measures in case of breach of routines or unexpected events, reporting to public authorities, confidentiality, security revisions, persons approved for access, physical security etc. ConnectMyApps handling of Personal Data fulfils the requirements under European data protection legislation.
Our security work is based on regular risk assessments and internal controls to ensure that sufficient security measures are imposed to prevent the unauthorized access of personal data. ConnectMyApps is currently undergoing ISO 27001 certification which is expected to be complete in January 2023
2.3 GENERAL INFORMATION ABOUT SHARING PERSONAL DATA
Disclosure of personal data in response to legal orders
To the extent required by law, or when necessary for the investigation of possible criminal offences against our company, relevant data may be disclosed to the public authorities or any other legitimate entities.
Processing of data by ConnectMyApps’ data processors
Data processors are used to collect, store and in other ways process data on our behalf. In such cases, we have entered into Data Processing Agreements to ensure the security of your information in all phases of the data processing, especially for the data processing that takes place outside the EU/EEA area.
Amazon Web Services, Inc. ("AWS")
EU Standard Contractual Clauses
Microsoft Inc. (Azure)
GDPR art. 44 (inside EEA)
Disclosure of Personal Data to Countries outside the European Economic Area
ConnectMyApps may use suppliers or partners that process personal data in countries outside the European Economic Area. In such cases we ensure that the data is transferred in accordance with the applicable data protection legislation, and any approved standard agreements and certification schemes, as well as organizational and technical measures to secure such transfer.
2.4 SPECIAL INFORMATION ABOUT COOKIES
- Essential cookies which are placed on your computer as soon as you visit an ConnectMyApps website. They are technically essential for enabling the website to function. Typical examples are screen functions and menus.
- Functional cookies such as preferred language or the region in which you are located.
- Cookies for analysis purposes in order to assess how the website is used and for identifying improvement potential.
- Cookies for marketing purposes such as Facebook pixels which enable us to display advertisements which are relevant and interesting for individual users.
For more information about other commonly used browsers, please refer to http://www.allaboutcookies.org/manage-cookies/
ConnectMyApps’ websites do not place any cookies other than those that are necessary until you have given your consent in our cookies statement. They also provide information about how we store and share such cookies. You can amend your consent at all times in the bottom left-hand corner of our websites.
Information about the procedure to follow to enable or disable cookies can be found at:
ConnectMyApps does not rent out or sell Customer’s Data to any third-parties. If your do not wish to receive information from the Website you may at all times “opt-out” of future communications by emailing a request to email@example.com
ConnectMyApps has created websites on various social media platforms in order to convey information and marketing details about the group, as well as involve us in discussions with interested parties. We share processing responsibilities with the operators of such platforms such as ConnectMyApps’ pages on Facebook, Twitter and LinkedIn. ConnectMyApps has a legitimate interest in understanding and communicating on social media with interested parties who have elected to follow us and contact us, while the relevant social media have their own legitimate interests as explained in their own privacy declarations.
If you visit, like or share our content on social media such as Facebook, Twitter, YouTube and LinkedIn, pixels are delivered in order to collocate data for targeted advertisements against the segment in question. This cannot be linked directly to you as an individual. You can read more here about how collocated data is used for displaying advertisements without the advertiser knowing who you are:
- Facebook https://www.facebook.com/ads/about/?entry_product=ad_preferences
- YouTube (owned by Google) https://policies.google.com/privacy
Answering enquiries: before a customer relationship is established, we process personal data such as name, title/role and whatever you are asking so that we can administer enquiries made to us. We will process and share personal data within the group so that we can answer enquiries to the best of our ability. This type of processing is based on an agreement to answer your enquiry.
Sales enquiries/leads: based on our legitimate interests, ConnectMyApps develop an overview of potential customers and contacts based on publicly available information. Such information is stored for three years.
If you give consent once when you make enquiries with us, we will also register you as a lead and we will process your information in line with the relevant consent.
2.4 STORAGE PERIOD
We only store your personal data for as long as necessary and for the purpose the data was collected, unless a legal requirement demands a longer storage period, or if you have given us your consent to extended storage.
Your personal information will be processed for as long as you have an active relationship with us, or until you request us to delete the information in our systems. Upon effective termination of our agreement, we will delete any personal data related to your account within three months.
3. HOW WE PROTECT DATA?
ConnectMyApps works in a planned and systematic manner to protect personal data.
Through good internal control and information security, we ensure that we process personal data lawfully, securely and properly.
ConnectMyApps is committed to preventing unauthorised access to and disclosure of personal data. We shall ensure that the personal data we process is processed confidentially, we shall maintain the integrity of the personal data as well as ensure that it is available in accordance with the applicable data protection legislation.
The following measures are especially important for us in this regard:
- ConnectMyApps has dedicated people in the company that manage the responsibility for data protection in cooperation with the CEO.
- All employees shall complete training in data protection and security.
- Awareness campaigns are conducted on data protection and security for all employees.
- All ConnectMyApps employees sign a declaration of confidentiality about the information we receive in connection with our work.
- Internal control responsibilities have been established in the company with clear policies for how data protection should be handled, including privacy impact assessments, records of processing activities and other documentation.
- All subcontractors shall conclude a data processing agreement with ConnectMyApps which ensures an unbroken chain of requirements for data protection and information security.
- Classification of personal data to ensure that the security measures implemented are in proportion to the assessment of risk.
- Use of encryption where applicable as risk-reducing measures.
- Restrict access to personal data to those who need access in order to fulfil their duties under service agreements or legislation.
- Use systems that remedy and prevent data breaches.
- Use security audits and External Penetration Tests to continuously assess whether current technical and organisational security measures are adequate.
- Our premises are protected by access control.
4. YOUR RIGHTS
Subject to applicable law, you have certain rights with respect to our processing of your personal data.
We will provide you with the right to access, to rectify, to correct and update the personal data that we have about you in accordance with GDPR chapter 3. You may also have the right to restrict processing or have your data deleted.
If our processing is based on your consent, you may withdraw any consents you have given at any time. Please contact us at firstname.lastname@example.org.
If you believe that we process your data in violation of your rights, you have the right to complain to the Norwegian Data Inspectorate (“Datatilsynet”). We ask you kindly to contact us before sending a complaint to Datatilsynet or the relevant data protection authority, so that we can try to resolve or clarify the issue.
5. APPEALS, BREACHES AND INCIDENTS
If you believe that our processing of personal data does not correspond to what we have described here or that we have otherwise violated the data protection legislation, we hope you will contact us as soon as possible.
All incidents and data breaches that could affect your privacy or information security shall be reported to us by email to email@example.com When you file a case with us you will also receive information about how you can contact us in order to follow up your case.
You can also contact us by using the Contact Information below.
You can also submit an appeal to the local data protection authorities. Information about how to contact data protection authorities can be found at www.datatilsynet.no
Periodically, we need to update this Data Protection Policy in order to provide you with correct information about the way we process personal data. If any significant changes are made, we will inform you about them on our websites and customer portals and in any newsletters.