Effective as of 08.10.2021
1. What is this policy?
This policy describes our (the DEFA Group) processing of information about you. We are an international group of companies. DEFA Group is headquartered in Slependveien 108 N-1396 Billingstad, Norway and registered at the Brønnøysund Register Center as DEFA AS, 945 692 758, Blingsmoveien 30, 3540 Nesbyen, a limited liability company incorporated in Norway.
This policy only applies to our processing of information about you when we are the data controller, and not to our processing of information as a data processor.
2. When do we process information?
We process information about you when:
(a) You sign up to or use one of our services, such as browsing our websites, installing and using our apps, or subscribing to other services.
(b) Your employer or other relevant third party provides us with information about you so that we may provide our services to you.
(c) You have subscribed to one of our newsletters.
(d) You have contacted us about our services or with other queries such as applications for employment or complaints.
3. What information do we process?
3.1 Information provided by you
We may process information about you, such as your name, e-mail address and phone number, provided by you when you create an account relating to our services, subscribe to our newsletter or contact us about our services or with other queries.
3.2 Information provided by third parties
We may process information about you, such as your name, e-mail address and phone number, provided by your employer or other relevant third party that has permitted you to use our services.
3.3 Location data
Some of our services use your mobile phone or other connected device’s location services to determine your location. The location data will be gathered from various sources depending on your device and the service, but will typically use GPS data and data relating to cellular and Wi-Fi connections. You may restrict our ability to collect location data through your device settings, but this may affect your ability to use the service and/or the quality of the service.
3.4 Device information
If your mobile phone or other connected device is used with our services, we may process information about its operating system, device identifier, sensors, carrier, language, battery performance, Wi-Fi or other network connections and other data that you permit our apps to access on your device, including through permissions on your device.
3.5 Service usage
4. How do we use information?
We process information about you to provide our services and for our own purposes, as further described below. If we request information about you that is not required for purposes of providing you with our services, you may decline to provide such information.
You may also decline to provide information that is required for purposes of providing you with our services, but this might restrict us from providing you with such services, certain features of such services, or affect the quality of the service. For example if you decline to accept cookies or turn off cookies in your browser, certain features on our website will not be available to you.
4.2 To provide our services
We process information about you as necessary to provide our services, including contact information, device information and usage data in connection with our customer service, to you. The legal basis for this processing is either because it is necessary for our performance of our contract with you, or because it is necessary for the purposes of the legitimate interests pursued by your employer or other relevant third party relating to our provision of services.
If location data is used in a service we provide to you, we may use available location data from your mobile phone or other relevant connected device to map your movements relating to such service. Such location data will be sent to our servers at different intervals, after which it is analyzed. The analyzed data and results of the analysis are stored in our database and are available to you through our web and mobile applications.
We may use information about you, including device and application type, location, and unique device, application, network and subscription identifiers to activate software and devices that require activation.
4.3 For our own purposes
We may also process information about you for the following purposes if you have explicitly consented to such processing:
(a) To develop our services, such as improving accuracy of tracking. For example, location data from different users may be used to train our algorithm to become more accurate in distinguishing one transportation type from another. The location data will be extracted and processed on an aggregated level, and your identity will not be retrievable.
(b) To improve our overall user experience, such as creating a better understanding of who our users are and how they use our services, to make our services fit better to our users’ needs.
(c) To deliver marketing and event communications to you across various platforms, such as e-mail, direct mail, online social media and through our websites. We may also send you invitations to trade shows or trainings relating to our products and services that occur nearby you, based on your address.
You may at any time withdraw your consent in the relevant app or by sending an e-mail to our group data protection officer at email@example.com.
5. How long do we process your information?
We process information about you for as long as is necessary to provide our services to you as requested, and for the duration of any consent to our processing that you may have granted. We are required by law to retain some types of information, such as financial records, for certain periods of time.
6. How do we share information?
We may share information about you with the following third parties as necessary to provide our services and to fulfill our own purposes with processing your information:
(a) Our contractors, sub-contractors and service providers that provide functions on our behalf, such as cloud hosting services and sharing payment data with banks and other entities that process payment transactions, located both within and outside of your country, including outside the European Union.
(b) Our agents and representatives who sell or resell products/provide services on our behalf, located both within and outside of your country, including outside the European Union.
(c) Your employer or other relevant third party, whose access to the information is necessary to provide our services to you, for example the owner of the charging station you have used in connection with our DEFA CloudCharge Service.
7.1 To collect and analyze mostly anonymous data
Cookies are small pieces of text used to store information on web browsers. Cookies are used to store and receive identifiers and other information on your devices. We also use the term “cookie” to refer to other technologies and methods used for similar purposes.
You may disable cookies from the settings on your device, depending on your device, however disabling cookies may also affect your ability to use some of our services and render some features unavailable or less functional.
We use Google Analytics, Google Remarketing and Facebook Pixel to create and analyze cookies. This means that Google and Facebook will process cookies generated and analyzed by these services.
7.2 Google Analytics
- __utma: Is stored for 2 years after the last visit.
- __utmb: Is stored for 30 minutes after the last visit
- __utmc: Is stored until the browser is closed.
- __utmz: Is stored for 6 months after the last visit.
- __utmv: Is stored for 2 years after the last visit.
- _ga: Is stored for 2 years after the last visit.
7.3 Google Remarketing
We use Google Remarketing to improve our online marketing. When you visit a website, a cookie is stored in your browser. When you visit other sites, ads from the site you first visited is retrieved and displayed in available ad spaces. These ads are designed to be relevant to your interests and needs. If no cookie is stored in your browser, another ad, which might not be relevant to you, is displayed instead.
The names of cookies used for Google Remarketing may vary between _drt_, FLC and exchange_uid. The sender is always doubleclick.net and this is the address you should look for in order to find the cookies we use.
7.4 Facebook Pixel
We use Facebook Pixel to collect anonymous data about your usage patterns and interests, to provide you with relevant ads and information on Facebook and other media outside of Facebook. It is not possible to identify you by using this data.
8. How do we keep information safe?
We are committed to protecting the security of any information about you that we receive. We use physical and technical safeguards/security controls to secure data and implement organizational security policies, procedures and employee training, in accordance with industry standards. Access to information is restricted to only those of our employees or other persons who have a valid need for access to fulfil valid purposes for processing your information.
Whenever we transfer information about you to third parties, such as a cloud hosting service, we require such third parties to provide at least the same level of security as used for our own processing of information. Such transfer of information is subject to a data processing agreement between us and the third party receiving your information.
Any transfer of information outside the European Union will be subject to the necessary further assurances, such as compliance with the EU standard contractual clauses.
9. What are your rights?
With regards to information about you that we process, you have the right to:
(a) Access information, including a copy of all the information about you that we have processed.
(b) Rectification of incorrect or misleading information.
(c) Erasure of information, primarily relevant if the information is no longer necessary for our purposes or if you withdraw your consent to our processing.
(d) Restriction of our processing in certain cases, primarily relevant if you have disputed the accuracy of the information or objected to our processing.
(e) Object to our processing of information for our own purposes and in any case if information is used for direct marketing purposes.
(f) Data portability, meaning the transfer of information that we have processed on the basis of your consent or an agreement with you to provide services.
(g) Complain about our processing to the Norwegian Data Protection Authority or to your local supervisory authority.
10. How can you exercise your rights?
You may enforce your rights by using the applicable functionality of our services and to manage your use or your information where available, by using the data request form available at www.defa.com/about-defa/dpo-requests/ or by contacting our group data protection officer at firstname.lastname@example.org.
In cases where a third party is the data controller, and we are the data processor you should exercise your rights by contacting such third party.
11. How will we make changes to this policy?
We may from time to time make changes to this policy as we see fit. We will notify you before making changes to this policy and give you the opportunity to review the revised policy as a basis for your continued use of our services. An up to date version of this policy is always available on our websites.