This privacy statement applies to SafeSpot, and personal information processed in connection with SafeSpot, in particular about upi who register visits or register a profile through SafeSpot. EYD AS delivers SafeSpot to our customers, which can be organizations, companies, restaurants, organizers, clubs and teams etc. In addition, you can create a profile at SafeSpot to simplify visitor registration and have an overview of places you have used visitor registration through SafeSpot and / or register other places you have been.
We take the processing of personal data seriously and are concerned that your personal data is processed correctly and that you know what we process of personal data about you and your rights in this connection.
Below we provide an overview of what personal data we process, how we process it and the rights of those to whom the personal data relates (who are referred to as the data subjects) as you.
We follow the current rules for the processing of personal data, including the Personal Data Act and the Privacy Regulation (GDPR).
If you have questions or want to know more about the processing of personal data, you can contact us:
+47 91 79 39 35
Org. nr.: 922 142 009
When using SafeSpot, EYD AS is the data processor, which means that we process personal data on behalf of our customers. Our customers may be organizations, companies, etc., with which you have registered in connection with a visit to one of their physical locations, events, etc.
Our customers are responsible for the processing of personal data, ie it is they who decide the purpose of the processing and how the processing is to take place. Our customers are called "processing manager" below.
If you have created a profile in SafeSpot, we are responsible for processing the personal data that is processed, see the section below on creating a profile.
We provide you here with information about the processing of personal data in SafeSpot, which may be in addition to information provided by the data controller in connection with you registering visits, etc. with the treatment manager.
The purpose and basis for the processing of personal data
The purpose of the processing of personal data in SafeSpot is that the data controller must comply with the infection control legislation and other regulations on registration of visitors etc. (visitor registration). The basis for the processing is that the processing is necessary to fulfill a legal obligation incumbent on the data controller (Article 6 (1) c of the Privacy Ordinance).
Principles for the processing of personal data
The following principles are followed for the processing of personal data in SafeSpot shall take place in a secure manner that minimizes the use of personal data:
Only the information necessary for the purpose for which it was collected (data minimization) is collected and processed.
Personal data that is collected and processed, do so only for specific, explicitly stated and justified purposes, and personal data that is incompatible with these purposes are not further processed (purpose limitation).
Personal information is not stored longer than necessary (storage restriction).
Only personal data is processed by the data controller himself or by us as data processors, as well as suppliers to us with whom we have entered into a data processor agreement. If personal data is transferred, it follows from this privacy statement or from information provided in the individual case to those about whom personal data is processed, as well as when there is no obligation to transfer personal data according to law (as to public authorities).
Personal information and deletion
For your use of SafeSpot, the following personal information is processed:
Places you have visited
Other related information provided when registered at a location
We delete information about your visits that are registered with SafeSpot in accordance with the national or local guidelines that apply to the storage of information during registration of visits. In addition, we delete the information when we are required by the data controller to delete it. Deletion will in any case take place within 14 days after your visit is registered. This does not apply if you have created a profile, see below.
Rights in the processing of personal data
You must contact the person you have registered your visit with, who is responsible for processing, in order to exercise your rights such as to request information about the processing or access to your personal data. If you contact us about your personal information that we process on behalf of a customer, we will pass on your inquiry to the customer. To give you insight into your rights for personal data that is processed about you when registering a visit, they will be as follows:
Insight. You can demand access to what personal data about you is processed and how the processing takes place. If you require it, you also have the right to receive a copy of the personal information that is processed, but you may have to specify which information you want a copy of, to make the disclosure easier. When handing over a copy of your personal information, you may be required to identify yourself, to ensure that no personal information is handed over to unauthorized persons. The information will normally be sent in digital form unless you request that it be transferred in another way.
Correction. You have the right to have personal information processed about you corrected if the personal information turns out to be incorrect.
Deletion. If it turns out that personal information about you that should have been deleted is stored or processed, see below about deletion, then you can demand to have it deleted. If personal data needs to be processed, however, you do not have the right to demand that the information be deleted. The information will then be deleted as soon as the processing is no longer necessary, see also above about deletion.
Violation of privacy. If you experience a breach of privacy, you can contact the person who processes personal information about you. You can also contact the Data Inspectorate, see below, but you should contact the data controller in addition, so that he or she can implement the necessary measures as soon as possible.
Security in the processing of personal data
All personal information processed about you in SafeSpot is subject to technical and organizational measures to ensure confidentiality, integrity and availability, so that no one has unauthorized access to the information, that the information is not inadvertently changed or deleted and that the information is available when needed. them.
Use of data processor and location for processing personal data
The data controller has entered into a data processor agreement with us which ensures the processing of personal data in a lawful manner. Personal data is only processed within the EEA area. If, in exceptional cases, personal data is transferred out of the EEA area, this is only done on the basis of approved transfer bases in accordance with the Privacy Ordinance. Such transfer will only take place to data processors with whom a data processor agreement has been entered into.
Treatment when profile is created
If you create a profile in SafeSpot, i.a. In order to simplify visit registration or to have an overview of your visits, we, EYD AS, are responsible for processing, ie we are responsible for processing your personal data related to your profile.
Processing in your profile will include the following personal information:
Telephone number and / or e-mail address
Places you have visited The purpose of the processing of personal data is to provide you with a service that simplifies visitor registration, and give you an overview of which places you have visited.
Processing takes place on the basis of consent (Article 6 (1) a) of the Privacy Ordinance, which you have submitted in connection with the registration of the profile. You can withdraw consent at any time in your profile or by contacting us.
All information included above for visit registration with our customers also applies to our processing of personal data in SafeSpot, but then as us as the data controller, so you must contact us to exercise rights, see contact information above. Access and correction of your information can be done on your profile in SafeSpot.
For deletion, you can delete all or some information stored about you on your profile, or by deleting your entire profile. If you have not used your profile for six months, the profile will be automatically deleted and you will have to register again. We also delete personal data if the basis for the processing no longer exists, or that the personal data is no longer necessary for us. We only delete your identifiable information, and the remaining information - which cannot be returned to you - is used for statistical purposes.
Treatment in other contexts related to SafeSpot and EYD AS
For the following processing of personal data, we, ie EYD AS, are responsible for processing, which means that we decide the purpose of the processing and which instruments are to be used for the processing. We have contact with potential and existing customers and suppliers related to SafeSpot. In this regard, will process personal information about contacts and others. The same applies when people contact us about SafeSpot. This may be contact information, as well as the reason why the person contacted us. After we have clarified why the person contacted us, the information about the person will be deleted, unless the information is retained for other reasons, such as that we will contact the person later.
n our daily work, we use email, telephone and other solutions for communication (such as Skype, Teams, etc.). In such communication, personal information is both stored and processed. We also store contact information etc. in our systems, documents, etc. that we need in our work. We will store such personal information for as long as is necessary for our processing, and then delete it according to our routines.
All treatment above, both the treatment related to contact persons and to internal work, is based on the fact that we have a legitimate interest as a company to have contact with customers, suppliers, etc. and to handle inquiries to us. This basis is found in the Privacy Ordinance Article 6 No. 1 letter f. We have considered that we can use legitimate interest as a basis since the scope and sensitivity of personal data that is processed is limited, and that the person who contacts us decides what information this gives us. The processing is therefore not very invasive, and in the data subject's control. We have also implemented measures to ensure that this information is processed in a sufficiently secure manner.
Users of our websites
If you are a registered user of the service or a vurrent or previous customer of ours, you will automatically be registered for our newsletter. You can also choose to sign up for our newsletter. We use external services for newsletters. We will be able to store your email, date of subscription to the newsletter and your IP address. You can choose to sign up for our newsletter or unsubscribe whenever you wish via the unsubscribe link in the email. If you choose to unsubscribe from the newsletter, your data will be deleted.
If you believe that our processing of personal data violates these rules or the privacy legislation, including the Personal Data Act or the Privacy Regulation (GDPR), then you can also complain to the Norwegian Data Protection Authority. You can find information on how to contact the Data Inspectorate on the Data Inspectorate's website: www.datatilsynet.no.
Changes to the privacy statement
We may at times need to change this privacy statement, such as when there are changes in our processing of personal data, or there is a change in the regulations that necessitate changes. The updated privacy statement will be available at the address of this page, and if we have registered your personal information and find that the changes are significant to you, we will notify you of the changes by email, SMS or in your profile if created.
If you wish to exercise your rights, or contact us for other reasons related to our processing of personal data, please contact email@example.com.