Tappin AS's processing of personal data
Personal information is information that can be linked directly to you as a person, for example name, e-mail address and company name. Such information is necessary for us to be able to serve you as a customer.
We would like to point out that it is not permitted to send sensitive personal data or national identification numbers by e-mail, unless the content is encrypted.
THE PURPOSE OF THE TREATMENT
The purpose of our processing of your personal data is to identify you as a customer, and fulfill the agreement you have with us.
Our processing of personal data is handled by our skilled employees. All employees of Tappin AS are subject to confidentiality. The duty of confidentiality applies not only outside the company, but also internally between colleagues and goods, even if the employment relationship has ended.
WHICH PERSONAL INFORMATION IS PROCESSED
Information processed at Tappin AS can be categorized as follows:
Administrative information such as e.g. name, telephone number, e-mail address, job title and which company you work for.
Information about behavior on our website, such as e.g. which articles you read and what you show interest in.
TREATMENT BASIS
Valid grounds for processing:
We only collect information about you to send you relevant information that you yourself request, to fulfill an agreement we have with you or because we consider that we have a legitimate interest that does not exceed the intervention in your privacy.
If we have to process sensitive personal data in order to fulfill an agreement with you, we will obtain your consent to this in advance of the processing. The consent limits the processing to only include the information that is necessary for Tappin AS to be able to fulfill the specific agreement.
We use cookies to collect user behavior on our websites. This is done based on your consent, which is given via our cookie banner.
You can withdraw your consent at any time. The processing of the relevant personal data will then cease.
When we base the processing on legitimate interest, we conduct a balancing of interests to ensure that the processing is not disproportionately intrusive to your privacy. Our balancing of interests is documented internally and can be made available upon request if you wish to see the assessment that underlies the processing.
When personal data is no longer necessary for the purpose for which it was collected, it is permanently deleted from our systems or anonymized if we wish to use the data for statistical purposes.
We base our processing of personal data on the following processing grounds in accordance with the General Data Protection Regulation (GDPR):
- Article 6(1)(a) – Consent: When you explicitly consent to our processing.
- Article 6(1)(b) – Contractual obligations: When the processing is necessary for the performance of a contract with you.
- Article 6(1)(f) – Legitimate interest: Where we have a legitimate interest which does not override your privacy rights.
PROVISION OF PERSONAL INFORMATION
Personal data may be disclosed to public authorities, if this follows from a statutory obligation to provide information or a duty to disclose.
Any third parties who receive personal data from us are subject to the duty of confidentiality, through the conclusion of an agreement.
If we share information with third parties for marketing purposes, this will only happen if you have given your explicit consent.
You can withdraw or change your consent to cookies at any time by using our cookie settings feature on the website.
If you consent to sharing with third parties for marketing purposes, we may share the following data: email address, phone number, and interactions with our digital services (e.g., which articles you have read). We do not share sensitive information.
THIRD PARTY MARKETING AND ANALYSIS
We use the following third-party services for marketing and analysis purposes:
- Google Ads and Google Analytics to understand how our users engage with our services and to target our marketing campaigns.
- Meta Ads (Facebook Ads) to target and optimize ads based on user behavior.
- LinkedIn Ads to reach professional users and target ads.
- HubSpot for CRM, email marketing, and to track user interactions.
STORAGE
We do not store personal data longer than is necessary to fulfill the purpose of the processing. If you have a customer relationship with us, personal data will be stored about you.
Personal data related to customer relationships is stored for as long as the customer relationship lasts, and up to 5 years after termination in accordance with the Accounting and Bookkeeping Act. Marketing data is stored for up to 12 months after the last interaction, unless you withdraw your consent earlier.
We use external vendors as data processors for the storage and processing of personal data, including HubSpot, AWS, and Microsoft Azure. These data processors are subject to data processing agreements that ensure compliance with the GDPR.
Some of our data processors store personal data outside the EU/EEA. When this happens, we ensure that the transfer is in accordance with the GDPR, either through standard contractual clauses (SCCs) or other necessary safeguards.
Tappin AS conducts regular assessments of risk and internal controls to ensure that personal data is processed securely and in accordance with applicable regulations.
In assessing legitimate interest, we take into account what data is processed, the purpose of the processing, the expectations of the data subject, and what technical and organizational measures we have implemented to reduce the risk.
We protect your personal information with industry-standard security measures, including encryption, access control, and regular security assessments.
Right to access, correction, deletion, data portability
Right to demand access:
You have the right to demand access to the information we process about you. You have the right to know which purpose and processing basis we use, which information about you we process, recipients or categories of recipients to whom the personal information is passed on, the storage length of the personal information, and where the information is obtained from.
Right to demand correction and deletion:
If you believe that Tappin AS has registered information about you that is inaccurate or incomplete, you have the right to demand correction of the relevant personal information. You can demand that we delete personal data about you if the data is no longer necessary to fulfill the purpose of the processing, you withdraw your consent if it is consent that has been used as a basis for processing, you oppose the processing and there are no other overriding legitimate reasons to continue the processing or that the information has been processed illegally.
When personal data is no longer necessary for the purpose for which it was collected, it is permanently deleted from our systems or anonymized if we wish to use the data for statistical purposes.
Right to data portability:
You have the right to receive personal data we have stored about you in a structured, commonly used and machine-readable format. You also have the right to demand that we transfer information we have received from you to another controller if it is technically possible and the processing is based on consent or contract.
To exercise your rights, you can contact us by email at gdpr@tappin.noWe will respond to your request within 30 days, in line with GDPR.
RESPONSIBLE FOR PROCESSING
The controller is the one who determines the purpose of the processing of personal data, and which aids are used. Tappin AS has established a role as data controller who must have an overview of the processes, business areas and systems that process personal data, and continuously follow up the internal control and the risk situation. The role of data controller has been assigned to Ingar Hagen, and can be contacted in the following ways:
Telephone: + 47 22 12 02 42
E-mail address: gdpr@tappin.no
Address: Drammensveien 288, 0365 Oslo
Tappin AS has appointed a data protection officer to ensure compliance with GDPR. You can contact our data protection officer at: gdpr@tappin.no
Complaint about the treatment
The Norwegian Data Protection Authority's job is to check that the privacy regulations are followed. If you experience something that you believe is a breach of the regulations, you can submit a written inquiry to the Data Protection Authority's postal address: Data Protection Authority, PO Box 8177, 0034 OSLO.
You can contact the Danish Data Protection Agency via email: mailbox@datatilsynet.no.