Privacy Policy Statement
*Last updated on December 22, 2021*
General
This privacy statement applies to Pegasi AS. It explains what kind of personal information we collect when you use our services, how we use them, and what rights you have.
1. What is personal information?
Personal information is any information that can be directly or indirectly linked to a physical person, such as name, postal address, email address, location, and mobile number.
2. Who is the data controller?
Pegasi AS, represented by the managing director, is the data controller for our processing of personal information. This means that we are primarily responsible for complying with privacy regulations.
3. What personal information do we collect, and where do we get it from?
To deliver the best possible services, we need to collect various types of information, including personal information about you. The type of personal information we process and its source depends on your role. We do not collect sensitive information. The following is an overview of how we typically collect personal information and what information it includes:
3.1 Information you provide to us
When you register on our website, you must provide certain information that we store, such as name, email address, and mobile number. In some cases, we may also need your address to reach you by mail or to learn more about your location. The information you provide may also be enriched through lookup services or social media to which you grant us access or through analysis.
3.2 Information we get when you use our services
When you use our services, we record information about the services you use and how you use them. We collect information about:
- Your device and internet connection
We may record information about the device you use, such as the manufacturer of your mobile/PC, operating system, and browser. We may also gather information about the connection to our services, such as IP addresses, network IDs, and cookies.
- Service usage or purchase
We record information about your use of the services, such as the pages you visit, when you are on the pages, and which features you have used on the pages.
* 3.3 Information we get about you from other sources
From time to time, we receive personal information from other sources, e.g., when you come into contact with our partners or if we obtain publicly available information (e.g., on the internet).
4. What do we use the personal information for, and what is the legal basis for our processing?
In this section, we provide an overview of the purposes for which we process personal information, the types of personal information we process, and the legal basis for our processing.
* Deliver and improve our services
We use personal information to deliver our services to you and ensure the best possible user experience, including customizing the display of content to your screen/device and ensuring the fastest possible page loading. The legal basis is GDPR Article 6(1)(b) (contractual obligation in line with our terms of service).
* Customize services, recommendations, and product information
We want to provide you with recommendations, product information, and service customizations that are as relevant to you as possible. This will be based on your own behavior, e.g., based on the products and services you have used, ads you have clicked on, or articles you have read, and on the behavior of other users with similar usage patterns as yours. The legal basis is GDPR Article 6(1)(b) (contractual obligation in line with our terms of service).
* Other marketing
We send newsletters to email addresses registered as customers and others who have requested to receive our newsletter. Recipients of the newsletter can easily unsubscribe from the service by using the link included in each communication. The legal basis is GDPR Article 6(1)(f) (balancing of interests) when we have received the email address in connection with a sale. If there is an existing customer relationship, marketing will be carried out in accordance with the Marketing Act § 15(3). In other contexts, marketing is based on the individual's consent, according to the Marketing Act § 15(1) and GDPR Article 6(1)(a).
* Compile statistics and understand market trends
We compile statistics and identify market trends to improve and develop our product offerings and services. As far as practically possible, we try to do this with anonymous information without knowing that the information is specifically linked to you. The legal basis is GDPR Article 6(1)(f) (balancing of interests).
* IT operations and security
Personal information stored in our IT systems may be accessible to us or our suppliers for system updates, implementation, or follow-up of security measures, error correction, or other maintenance. The legal basis is our legal obligation to have satisfactory information security, according to GDPR Articles 32 and 6(1)(c).
* Prevent abuse of our services
We use personal information to prevent abuse of our services. Abuse can include attempts to log into others' accounts, attempted fraud, "spamming," harassment, defamation, and other actions prohibited by Norwegian law. The legal basis is also our legal obligation to have satisfactory information security, according to GDPR Articles 32 and 6(1)(c).
5. How long do we store your personal information?
We do not store your personal information longer than necessary to fulfill the purpose of the processing. However, this does not apply if storage is required by law for a longer period than our purpose suggests.
For example, personal information processed based on your consent is deleted when the consent is withdrawn. If the legal basis is our legitimate interest, personal information will be deleted when such legitimate interest no longer exists. Information stored in accordance with legal obligations is deleted when the obligation ceases. A typical example of this is the retention obligation for accounting information according to accounting legislation.
6. Who do we share personal information with?
Pegasi AS, in some cases, shares personal information with other companies that perform services on our behalf. This means that these third parties process information about you on our behalf, primarily to provide you with a safer and better user experience. The main examples include:
* When others perform services on our behalf
For example, web and marketing agencies to operate the website and show you targeted marketing and create campaigns. These are not allowed to use this personal information for anything other than performing services for Pegasi AS. To safeguard your rights, we have entered into data processing agreements with our suppliers, including clauses stating that your personal information cannot be used for purposes other than those agreed upon with you.
* In cases of suspected wrongdoing, etc.
We may be required to disclose information to public authorities spontaneously or upon request. We may also disclose information in case of suspected fraud or information necessary to clarify specific disputes.
7. How do we transfer personal information to other countries?
Some of our subcontractors are located outside the EU/EEA. This means that your personal information may be transferred to, and processed in, so-called third countries. We only transfer personal information to countries outside the EU/EEA that the EU Commission believes provide an adequate level of protection or to subcontractors who have committed to protecting your personal information through EU's standard contractual clauses. Where necessary, we have implemented additional technical and organizational measures to achieve an appropriate level of protection.
8. What rights do you have?
Privacy regulations provide you with several rights related to the personal information we process about you. The rights you have depend on the circumstances. In this section, you will find an overview of important rights.
* Request access
You have the right to access the personal information we have registered about you, except where confidentiality obligations apply. To ensure that personal information is disclosed to the right person, we may require requests for access to be made in writing or verified in another way.
* Request correction or deletion
You can request us to correct any inaccurate information we have about you or ask us to delete personal information. We will, as far as possible, comply with requests to delete personal information, but we cannot do so if there are compelling reasons not to delete, such as a duty to document the information.
* Data portability
In some cases, you may have the right to receive personal information you have provided to us in a machine-readable format for transfer to another provider.
* Other rights
You also have the right to object to the processing of personal information, personal profiling, and automated decisions where relevant.
* Complaint to the supervisory authority
If you disagree with how we process your personal information, you can submit a complaint to the Data Protection Authority (Datatilsynet). Information on the procedure can be found on the Data Protection Authority's website: [www.datatilsynet.no](www.datatilsynet.no).
Rights may be limited according to the law. Contact us via email at peder@pegasi.no if you want to exercise your rights or need information about any limitations.
9. How do we secure your personal information?
We use appropriate security measures to protect personal information against unauthorized access, alteration, or deletion.
The data controller has established procedures and measures to ensure that unauthorized persons do not have access to your personal information, and that all processing of information is in line with applicable law.
The data controller has established procedures to ensure confidentiality, integrity, and availability. Measures are both of a technical and organizational nature, including encryption, authentication solutions, and procedures to verify access and correction requests.
The data controller conducts regular assessments of security in all key systems used for the processing of personal information, and agreements have been made with providers of such systems to ensure satisfactory information security
Access to personal information is limited to personnel who need access to perform their duties.
The data controller has adopted internal IT guidelines and provides regular training to employees regarding security and the use of IT systems.
10. How do we use cookies?
We use cookies on our websites. These help us customize content specifically for you. You can read more about how we use cookies and how you can change settings in your browser in our Cookie Statement.
11. Changes in the Privacy Statement
We may update or change the privacy statement periodically. You will always find the latest version on our website.
12. Contact Information
If you have questions about our privacy statement or our use of personal information, feel free to contact us at peder@pegasi.no.