Chief Commercial Officer and Co-Founder: Ingrid Sofie Øvrum Sem
Shapemaker processes data for the following purposes:
To provide our services, including access management, it is necessary to process personal data. The personal data we collect for this purpose is the name of the contact person affiliated with the customer, name of users affiliated with the customer, customer address, e-mail address and/or telephone number to the contact person or user, and IP addresses ("Customer Data").
Furthermore, to provide our invoicing and support we may process the personal data connected to the payment information and payment history of the contact person of the businesses and agencies ("Purchasing Data").
The legal basis for the processing of Customer Data is to fulfill an agreement in accordance with Article 6 (1) b) of the GDPR.
The legal basis for the processing of Purchasing Data is based on our obligations under the bookkeeping legislation, in accordance with Article 6 (1) c) of the GDPR.
If you sign up for our e-mail newsletter, your name and e-mail address will be processed and stored ("Marketing Data"). The purpose of processing this data is to reach existing, potential, and former customers and collaboration partners to market our services.
The legal basis for the processing of Marketing Data for this purpose is consent, in accordance with Article 6 (1) a) of the GDPR. When we have requested your consent to the processing of Marketing Data, you can withdraw it at any time.
As a controller, we are responsible for the security and confidentiality of the personal data we process. We have implemented appropriate technical and organizational measures ensuring that personal data is processed at a level of security appropriate to the risk, e.g. ensuring confidentiality, availability, and integrity of the personal data.
We do not disclose and/or share your personal data with third parties except where it is necessary for fulfilling our legal obligations.
We may use data processors to assist us in providing our services. For example, we use Google to host our services. Under such circumstances, we will enter into data processing agreements with data processors which inter alia obligates the data processor to implement technical and organizational measures to ensure an appropriate level of security, confidentiality, and integrity of the personal data, as well as to only process the relevant personal data in accordance with data protection legislation.
As a general rule, we do not process personal data outside the EU/EEA. The exception is in cases where we deliver services to customers in countries outside the EU/EEA area. In such cases, we may transfer personal data to our partners outside the EU/EEA, but only with a valid legal basis, such as Standard Contractual Clauses adopted by the EU Commission ("SCCs").
We will not disclose your personal data to any third parties than the third parties described above, unless we are required to do so under applicable law, or if it is necessary to establish, exercise, or defend legal claims.
As a data subject you have the following rights when we process personal data about you:
Please note that the above rights may be subject to further exceptions and limitations in accordance with the data protection legislation.
You may contact us at: firstname.lastname@example.org if you wish to exercise any of the above rights. Please note that we may request additional information from you if such information is necessary to confirm your identity.
The storing of personal data will take place as long as it is necessary for the purpose of the processing. We will not store your personal data beyond this unless there is another legal basis for the processing.
More specifically, we will delete or anonymize personal data in accordance with the following procedures:
The Norwegian Data Protection Authority has inter alia been established to supervise Norwegian companies' processing of personal data. You may contact us at any time if you have any questions or complaints regarding our processing of your personal data. You may also file a complaint to the Norwegian Data Protection Authority, or a data protection authority in the EU/EEA Member State of your habitual residence, place of work, or the place of the alleged data protection infringement.
You can obtain the contact details of the Norwegian Data Protection Authority on the following website: www.datatilsynet.no. You may also find more information on your rights and the data protection legislation on this website.