Privacy Policy

‍

Privacy Policy

1.       Introduction and scope 

This privacy policy covers our collection, use, and disclosure of information collected through our site www.caplist.no including any connected applications that have been developed by Caplist to work as a part of our Service.

‍

The use of information collected through our service and connected applications is limited to the purpose of providing the service for which the customer has engaged Caplist.

‍

2.     Our approach to data collection and processing

‍

Caplist collects and processes information under the direction of our customers. Caplist has no direct legal relationship with each user of our service. Each of our customers acts as a data controller whereas Caplist is the data processor. A Data Processor Agreement is entered into between our customers and Caplist, included as part of the Terms of Service (TOS). This agreement includes the necessary data processing provisions to ensure that the processing of our customer´s data is in accordance with EU GDPR. Caplist acts as a data controller for the information we collect when you access our site, newsletter subscriptions and “Landing Pages”.  

Data is processed in line with the requirements of GDPR, for some of the processing Caplist uses subcontractors. These subcontractors are typically vendors of cloud services or other IT hosting services. 

When using subcontractors, Caplist will enter into a Data Processing Agreement (DPA) with subcontractors to safeguard your privacy rights and fulfil our customers’ obligations.  When subcontractors are located outside the EU/EEA, Caplist ensures legal grounds for such international transfers on behalf of you or our customers, by using the EU Model Clauses.

For our services, all customer and personal data are processed under the control of Caplist in data centres within the EU/EEA area. 

Our contact details are as follows:

Caplist AS, post@caplist.no 

3.      How and why, we collect your personal data

The information we collect stems from:

• Information obtained by completing any forms on our website, www.caplist.no. 
• Details of your visits to our site include traffic data, location data, browser version and details, weblogs and other communication data, and the resources you may access.
• As a user of our service, we store and process your name and contact details such as phone number and registered e-mail address including any other kind of information you may enter or upload into our service.

The information collected is maintained to fulfil our contractual obligations with our client and is used as such or to contact you to demonstrate our services. We process your data for one or more of the following purposes:

• To provide you with help and service;
• To provide information as per request;
• To manage any communication; 
• You have consented to the clients utilize our platform;
• By visiting our platform and website; or
• To ensure the safe and secure operation of our platform and business infrastructure.

The information we collect is not shared with any organizations, except to provide products or services requested, when we have your permission, or under the following circumstances: 

• As required by law, such as to comply with a subpoena, legal proceedings, or similar legal process;
• To investigate potential violations of our TOS;
• To security approved Sub-contractors as stated in our Data Processing Agreement with our customers;
• To third-party service provider as stated under 3rd party disclosure; or
• If Caplist is involved in a merger, acquisition, or sale of all or a portion of its assets, our customers will be notified via email and/or a prominent notice on our site of any change in ownership.
  
  

4.      The legal basis for our processing of your personal data

‍

We process your personal data for the purposes stated in this policy where it is necessary for our legitimate interests and/or for the performance of our contractual obligations with our clients. 

5.      The data being processed

Our platform and services require the processing of your personal data. The processed data depends on the application, website, and technology being used. This may include one or more of the following:  

• Biographical information that you have supplied to our clients or us; 
• Location information
• Information about the type of mobile device you are using our platform on such as type of operating system, version of firmware, IP address, etc.; 
• Website and application metadata constituting information about the way our websites are used and how they function on chosen devices. (e.g. application screens mostly used, the duration for the information transmitted to us, the information volume 
• Survey, voting or any other type of information requested by our Clients and/or provided by you, responses to surveys or electronic polls, vote in an electronic election or other information provided or entered through our platform.  

If you are visiting our website or try to contact us for information, assistance, or technical support, then the personal data we process or may ask for could include:

• Your first and last name;
• Your contact details, such as a phone number and/or email address;
• Your approximate location (depending on the settings on your device); 
• Technical data such as an Internet Protocol (IP) address, time zone, operating system and platform and information about your internet browser application;
• Which of our products and/or services you use; 
• Which Client of ours you represent and your role within that organisation (e.g. your job title); 
• Information about our hardware which you own or use and information about the mobile device accessing our online products and services; or  
• Any technical or diagnostic information we deem necessary to fix a problem or resolve an issue you are experiencing with our products or services.

6.      Third party disclosure

For analytics purposes and user profiling some personal data is transmitted to external services. This is to help us improve our site and the Caplist service and to be able to provide relevant content based on your interest. 

The third parties in question are the following:

• Webflow: We use Webflow as a tool for creating landing pages on our site. By clicking the consent form on these landing pages, you accept that your personal contact data may be shared with third parties outside of the EU/EEA. For more information, please visit the Webflow GDPR page. 
• Stripe: We are using Stripe, a global payments infrastructure company as our payment partner. Users will be transferred to a secure payment processing service powered by Stripe.

The information we collect is not shared with any organizations, except to provide products or services requested, when we have your permission, or under the following circumstances: 

• As required by law, such as to comply with a subpoena, legal proceedings, or similar legal process;
• To investigate potential violations of our TOS;
• To security approved Sub-contractors as stated in our Data Processing Agreement with our customers;
• To third-party service provider as stated under 3rd party disclosure; or
• If Caplist is involved in a merger, acquisition, or sale of all or a portion of its assets, our customers will be notified via email and/or a prominent notice on our site of any change in ownership.

7.      Security 

‍

Caplist has security and the protection of our customer’s data as a top priority. The following are our primary information security goals: 

• Caplist must ensure confidentiality, integrity, and availability of customers data. Caplist must actively work to minimize the risks and any potential damage by preventing security incidents and their potential impact. 
• Caplist must comply with relevant customer requirements, laws, and regulations for information security.

‍

What kind of security measures are we implementing?

• Authentication
• HTTPS
• Restricted ports on server
• Security measures that AWS provides for its infrastructure by default
• Notification of security breaches 
  
  

8.      Retention 

Caplist will retain personal data we process on behalf of our customers if necessary, to provide services to our customers. Caplist will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. 

Information we collect to demonstrate our services is maintained until the purpose of the collection has been fulfilled.

9.      Compliance

Caplist complies with the following Norwegian laws and regulations concerning IT security, including Norwegian and European (EU/EEA) regulations for protection of personal data: 

• EU General Data Protection Regulation (GDPR) 
• Norwegian Personal Data Act 
• Regulations on use of information and communication technology (ICT)

10.    Cancellation or termination of account

Caplist can completely remove all the client’s documents, files, and meta-data upon request. If your account is terminated for any reason, please contact us with any request to access your data. 

11.    Your data privacy rights 

The rights provided to your as a data subject is as follows:

• The right to be informed.
• The right of access.
• The right to rectification.
• The right to erasure.
• The right to restrict processing.
• The right to data portability.
• The right to object.

12.   Changes to this Statement

We may amend this Statement from time to time. The latest version will always be available on our site. You are advised to consult this Statement regularly for any changes. 

If we make significant changes to our Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our site prior to the changes taking effect. 

‍

The last update of this Privacy Statement was 14th of June 2021.  

Further information

For further data processing details, compliance, or security, you may contact Caplist on: post@caplist.no