Privacy - Bitfocus Community

INTERPRETATION
This privacy policy (the “Policy”) has been compiled to better serve those who are concerned with how their personal data is being used, hereunder to inform you (“You” or “Your”) of Your rights as well as our policies and procedures regarding the processing of Your personal data.
Where the words “We”, “Us” or “Our” are used in this Policy, this refers to Bitfocus Entreprise AS, a limited liability company incorporated under the laws of Norway, bearing the Norwegian organisation no. 934 167 295. Our business address is Lørenveien 68, 0585 Oslo. Please note that We are the data controller of Your personal data unless otherwise specified.
For the purposes of this Policy, the term “Products” means Companion™, Buttons ™ and the rest of Our innovative product portfolio.
Please read Our Policy carefully to get a clear understanding of how We collect, use, protect and otherwise handle Your personal data.

PERSONAL DATA
Personal data is information relating to a natural individual who can be identified, directly or indirectly by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.
This Policy does not cover aggregated data from which the identity of an individual cannot be determined (anonymised data). We retain the right to use aggregated data in any way that We find appropriate.

COLLECTION
If You are under the age of 16, You must have and warrant to the extent permitted by law to Us, that You have permission from Your parent or legal guardian to access and use the website and they (your parents or guardian) have agreed to You providing us with Your personal data.
We collect personal data when You inquire about Our Platform, use Our Platform, subscribe to a newsletter, respond to a survey or other forms of marketing communication, use Our website or certain website features, fill out a contact form or otherwise enter information on Our website.
We process Your personal data when We collect such data from You directly, as well as through publicly available sources, either about You as an investor or as a startup company.

PURPOSE
We process personal data to the extent necessary to market, offer and enable You to make use of Our Platform and otherwise to fulfil Our legal obligations, including but not limited to processing pertaining to:

Analysis: Anonymous analysis to improve Our Products. Such analysis will be conducted using aggregated and anonymised personal data, and this data will not be used to identify You as a person.
Assistance: Provide assistance and handle disputes.
Communication: Contact and communication with You.

Competitions: Run competitions.
Internal processing: Internal record keeping and administrative purposes, e.g. internal investigations and risk assessments.
Legal: Fulfilment of Our legal obligations.
Marketing: We may process Your personal data in order to provide You with promotional information on product updates, offers and news, incl. those of third-parties.
Notifications: Send You service or operating messages, such as updates, security alerts, and account alerts.
Sales: Contact You and propose meeting invitations and/or offer tailored information or offers on how We believe that Our Products or services may be of interest to You. You may object to such processing by replying to any inquiry from Us or by contacting Us as specified in Clause 14.
Survey: Manage a survey on Your use of the Platform.
Threat detection: Register and prevent fraud, spam, abuse, technical issues, security incidents and other harmful activities.
Tips and offers: Offer certain features and inform about their use.
Website: Enable access to, maintain, monitor, maintain, improve, and analyse the website and associated applications and social media profiles.

PROCESSING
We may process personal data about You, including but not limited to:
Communication
Contact information including name, phone number and e-mail address
CV and related data
Date of birth
Details concerning Your use of the Products, e.g. duration, connection information, chat logs and Your questions and answers.
Device information, e.g. device type, operating system, unique device identifiers, device settings, and geo-location data.
Employer data
Payment details
Social media platform information
Unique identifiers such as IP addresses and UUID (unique ID that follows the phone number)

LEGAL BASIS
Unless otherwise provided, the legal basis for Our processing is Our legitimate interest to market, sell, administer and improve Our Products or services or to showcase, maintain, monitor and improve Our website.
We will have to process Your personal data to fulfil Our legal obligations, e.g. pertaining to bookkeeping in connection with purchases of Our Products, cf. Article 6 no. 1 (c) of the GDPR.
Any personal data processed as part of sales or contract negotiations and recruitment processes of prospective employees is processed on the basis of such processing being necessary for Us to enter into and perform and agreement with You, cf. Article 6 no. 1 (b) of the GDPR.
For certain processing operations, You will be asked to confirm that You have read and consented to Our processing of Your personal data in accordance with Article 6 no. 1 (a) of the GDPR. We will consider any provision of personal data through contact forms as a valid consent, unless indicated otherwise.
If You wish to receive offers or newsletters from Us, You may consent to having Your personal data processed for the purpose of receiving such marketing materials from Us.
You may withdraw Your consent at any time, e.g. by using the opt-out facilities provided in Our communication with You or by contacting Us as specified in Clause 14.

DATA CONTROLLER
Unless otherwise expressly specified, We are the data controller where the processing of personal data is collected directly from You, e.g. when You visit and interact with Our website and Us or where We deliver Our Products to You.
A data controller is the physical or legal person who determines the purpose of the processing of personal data and the means to be used during such processing. It is the data controller who has the overall responsibility for the processing of Your personal data.
Our website may link to external sites that are not operated by Us. Please be aware that we have no control over the content and policies of those sites and will not assume responsibility or liability for their respective privacy practices.

YOUR RIGHTS
As a data subject, You have the following rights:
Access: You may request a copy of Your personal data that We process.
Data portability: You may request to obtain the personal data that You have provided to Us or to have said data transferred to a third party in a structured, commonly used and machine-readable format.
Erasure: You may demand that We erase all of Your personal data, unless We are required by law to keep the data for a certain period of time.
Information: You are entitled to receive information concerning which categories of Your personal data that We process and how they are processed.
Objection: You may object to Our use of Your personal data for the purpose of direct marketing, including profiling for direct marketing purposes. You may also object to being subject to decisions based solely on automated processing, including profiling, which produces legal effects that significantly affects You.
Rectification: You may require Your personal data to be rectified or supplemented.
Restriction: You may request that We restrict the processing of Your personal data.

RETENTION
We keep Your personal data only for as long as it is required for the reasons it was collected from You or until You delete such data yourself. The time period in which We store personal data varies, depending on the category and the nature of the personal data.
When Your personal data is no longer required for Our purposes, We have procedures to destroy, delete, erase or convert it into an anonymous form.

THIRD PARTIES
We may disclose Your personal data to governmental authorities, entities within Our group of companies or to individuals and organisations who are Our service providers and partners that are involved in business support, translation services, sponsorships or promotions, marketing or advertising, professional advisers, payment service providers, credit reporting agencies, debt collectors, ad networks, analytics, error loggers, database management, maintaining, reviewing, and developing Our business systems, procedures, and infrastructure, including testing, or upgrading Our computer systems or who otherwise facilitates Our Products.
Third parties will only receive access to Your personal data for the purpose of fulfilling Our obligations to You, providing access to and use of the Platform, fulfil Our legal obligations or if You have otherwise consented to such transfer or access. If We were to disclose personal data to organisations that perform services on Our behalf, We will require those service providers to use such personal data solely for the purposes of providing services to Us and to have appropriate safeguards for the protection of that personal data.
Our service providers are obligated to adhere to Our standards for the processing of personal data otherwise act in accordance with applicable privacy legislation.
You acknowledge that We co-operate with government authorities and law enforcement officials to enforce and comply with any applicable law. Please note that there are circumstances where the use and/or disclosure of personal data may be justified or permitted or where We are obliged to disclose personal data without Your consent.
Where personal data may be subject to transfer to another organisation in contemplation of a merger, financing, reorganisation or dissolution transaction of all or part of Us, We will do this only if the involved parties have entered into an agreement under which the collection, use and disclosure of the personal data is restricted to those purposes that relate to the transaction, including a determination of whether or not to proceed with the transaction, and is to be used by the involved parties to carry out and complete the transaction. If another company acquires Us or Our business or assets, that company will possess the personal data collected by Us and will assume the rights and obligations regarding Your personal data as described in this Policy.

SECURITY
Safeguarding Your personal data is Our highest concern. As such, We endeavour to adhere to the generally accepted industry standards and internal procedures to protect data submitted to us and otherwise employ and maintain and reasonable measures for the physical, procedural and technical security with respect to the offices and information storage facilities involved with Your personal data, so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of Your personal data. This also applies to Our disposal or destruction of Your personal data.
We restrict access to production environments and monitoring of Your activities to a limited number of individuals who have special access rights to such systems and are required to keep the personal data confidential. We use computer systems with limited access housed in facilities using physical security measures.
Your personal data is contained behind secured networks, and We securely encrypt, limit and restrict access to Your personal data using SSL. We encrypt all data at rest and any personal data is double encrypted with two keys at both the infrastructure and application level.
If any of Our employees misuses personal data, this will be considered as a serious offence for which disciplinary action may be taken, including warnings and potential termination of employment. If any individual or organisation misuses personal data – provided for the purpose of providing services to or for Us – this will be considered a serious issue for which action may be taken, including termination of any agreement between Us and that individual or organisation.

INTERNATIONAL TRANSFER
We strive to ensure that Your Personal Data will only be processed in countries within the European Economic Area. However, for some processing operations such as hosting, personal data may be transferred to the United States, the United Kingdom or other third countries. If this is the case, we will ensure necessary and appropriate safeguards for such transfers, ensure that the receiving companies are certified under the Data Privacy Framework, and conduct necessary risk assessments such as Transfer Impact Assessments and Data Protection Impact Assessments.

CHANGES
The Policy may be updated from time to time due to amendments or expansions in the Platform. In case of any material changes, We will notify You via e-mail.

CONTACT & COMPLAINT
If you wish to utilise Your rights of access, information, rectification, erasure, restriction, data portability or the right to object to the processing of personal data or if You have questions or requests regarding this Policy, Our processing or wish to file a complaint, please contact Us.
We will investigate all complaints and if a complaint is found justified, We will take all reasonable steps to resolve the issue.
You are also entitled to file a complaint to the Data Protection Authority regarding Our processing of Your personal data. For information on how to contact the Data Protection Authority, visit the Data Protection Authority’s website.
To guard against fraudulent requests, We may require sufficient information to allow Us to confirm that the individual making the request is authorised to do so.
You are entitled to a response without undue delay, and within one month at the latest.