Privacy Policy
CEO at Dataserver is the data controller and is responsible for all personal data received and registered in contact with the company. This Privacy Policy explains what data we collect, and how we collect, process, store, and delete data.

Organisation Number: 995 944 383  
Company Name: DATASERVER AS  
Business Type: Limited Company  
Business Address: Vollsveien 13 G  
Municipality: Bærum
‍
Purpose of Using Personal Data
Depending on how you choose to use our products and services, we use personal data for various purposes. This may include information about products and services. Personal data is used for:

Providing relevant information about products and services via newsletters.
Offering relevant services and products.
Service and warranties.
Handling customer data and interaction in CRM.
Email and telephone communication.
Accounting system.

Newsletters or other specific newsletter dispatches from Dataserver combine user information with general marketing and information about our offers and services. By registering your email address, you consent to us sending you newsletters and using your email address for this purpose. We will not use your email address for anything other than sending you newsletters and, if applicable, user surveys. You can unsubscribe from the newsletter at any time.

For Archiving and Case Management, Dataserver uses Visma Global, Teamwork, Teamline, Google G-Suite, and Destinet CMS. Various types of personal data are registered in the archiving and case management system. This includes company name, personal name, address, phone number, email address (basic data), and other relevant information evident from the inquiry/processing.

Email and Telephone are used as part of the daily operations to manage Dataserver’s products and services. The CEO is responsible for processing personal data in this context. Relevant information from telephone conversations and email exchanges conducted as part of operations is recorded (Case Management and Archive).

Dataserver employees also use email for general dialogue with internal and external contacts. Each individual is responsible for deleting messages that are no longer relevant and for reviewing and deleting unnecessary content in the email inbox at least annually. Upon departure, email accounts are deleted, but some relevant emails will typically be transferred to colleagues. Sensitive personal data should not be sent via email. Please be aware that regular email is unencrypted. We, therefore, advise you not to send confidential, sensitive, or other private information via email.

Legal Basis for Processing
We only contact you based on legitimate interest and information that you voluntarily provide to us. We receive and collect information based on the legitimate interest provided. Our legal basis for processing is your consent, the basis for fulfilling our contract, or necessary to fulfill our legal obligations as per the Accounting Act and the Archiving Act.

What Personal Data Do We Collect About You?
Depending on the information you provide, how you use our products and services, the permissions you give us, and the information we have collected, we hold the following information about you:
‍
Company name, personal name, position, workplace, mobile, email.
Information about the customer relationship (service and order information, payment information, and marketing permissions).
Information generated in connection with the use of the services, such as activities on our websites (including date and time, browser used, IP addresses, screen size, etc.).
Other information about service usage, such as data collected using cookies and similar technologies when visiting our websites.
Other information collected based on your consent. You will receive information about the data we collect and its use when we request your consent.

Where Do We Collect Information From?
Dataserver provides various services. The information we collect about you depends on the services you use, subscribe to, or purchase, as well as the information you provide us during purchases or other interactions.

We collect personal data that:
You provide to us, for example, when you purchase or register for our services, subscribe to our newsletters, or contact us with inquiries.
Is registered automatically when you send an email, visit our websites through cookies, and when you use forms on our websites.
We can obtain from publicly available registers (e.g., the National Registry).
Providing personal data to us is voluntary, but if you choose not to, we may be unable to provide you with our services, as we may be unable to invoice you for the services, for example.

Who Do We Share Personal Data With?
We share personal data with the following companies that provide technical and administrative services to Dataserver:

Salesforce (CMS solution)
Tripletex (Accounting system)

A separate data processing agreement exists between Dataserver and the companies that provide technical and administrative services. The agreement regulates the information the supplier has access to and how it should be processed.

How Long Do We Store Personal Data?
We store personal data only as long as necessary to achieve the purpose for which it was collected or if we are required to store the data. The data will be deleted or anonymized when it is no longer needed to achieve the purpose. Below is an overview of how long we store your data:

Forms store your information on our websites for up to 60 days. Form data is shared with Archive and Case Management to achieve the purpose.
The Archive and Case Management system stores relevant data to fulfill agreements, complaint and warranty periods for 10 years.
Email and Telephone are reviewed annually, where necessary data is stored or transferred to Case Management and Archive.
(Accounting) Routines are prepared in accordance with the Accounting Act.

Your Rights
Anyone who requests it has the right to basic information about the processing of personal data in a business pursuant to Section 18, 1st paragraph of the Personal Data Act. Dataserver has provided this information in this declaration and will refer to it for any inquiries. Those registered in one of Dataserver's systems have the right to access their own information.
‍
You may have the right to ask us to:
Provide you with further information on how we process your personal data.
Provide you with a copy of your personal data.
Update your personal data.
Delete data that we no longer have a basis to retain.
Restrict or stop the processing of your data.
Withdraw any consents you have given us.

If you believe that we are processing personal data in violation of the Personal Data Act, you have the right to complain to the Data Protection Authority. Before you do so, we would like you to contact us so that we can answer your questions or clarify any misunderstandings.

Internal Control - Deviations, Deviation Analysis and Measures
If the processing of personal data is due to a breach of data security, this will be reported to the Data Protection Authority within the given deadline. If it is not possible to determine the extent within the given deadline, the deviation report will be sent step by step to the Data Protection Authority. Dataserver has its own mapping form that summarises breaches or deviations describing the system, category, and type of information affected. The form filler must inform the general manager about breaches or deviations. The responsible recipient must assess whether immediate measures should be implemented. Then, the individual must describe the consequences of the breach or deviation, highlight the measures, and limit the consequences.

Changes to the Privacy Policy
We may need to update the Privacy Policy as our operations and services develop, and we, therefore, encourage you to regularly check the latest version of this Privacy Policy on our website.
‍
Contact Information
If you wish to get in touch, you can use the phone number +47 67 10 40 00 and email: post@dataserver.no