Admincontrol Privacy Statement

This privacy statement covers our collection, use and disclosure of information collected through Our Site: www.admincontrol.com

Our Webshop: www.shop.bp.admincontrol.com / www.shop.vdr.admincontrol.com,  

Our Help Centre help.admincontrol.com

and the Admincontrol service (Our Service): app.admincontrol.net,  

including any connected applications that have been developed by Admincontrol to work as a part of Our Service. 

The use of information collected through Our Service and connected applications are limited to the purpose of providing the service for which the Customer has engaged Admincontrol AS. 

Data collection
Admincontrol as a Data Processor: 

For Our Service; Admincontrol AS collects and processes information under the direction of our Customers. Admincontrol has no direct legal relationship with each individual user of Our Service. Each of our Customer acts as Data Controller whereas Admincontrol is the Data Processor. A Data Processor Agreement is entered into between our Customers and Admincontrol, included as part of the subscription agreement or Terms of Service (TOS). This agreement includes the necessary Data Processing provisions to ensure that the processing of our Customers data is in accordance with EU GDPR. 

Admincontrol as a Data Controller:

Admincontrol act as Data Controller for information we collect when you access Our Site, including additional information obtained through the “Request a Demo”, Newsletter subscriptions and “Landing Pages”.  

Data processing
Data is processed in line with the requirements of GDPR, for some of the processing Admincontrol uses subcontractors. These subcontractors are typically vendors of cloud services or other IT hosting services. 

When using subcontractors, Admincontrol will enter into a Data Processing Agreement (DPA) with subcontractors in order to safeguard your privacy rights and to fulfil our obligations towards our Customers.  When subcontractors are located outside the EU, Admincontrol ensures legal grounds for such international transfers on behalf of you or our Customers, hereunder by relying on Privacy Shield (US) or using the EU Model Clauses. 

For the Our Service all customer and personal data are processed under the control of Admincontrol AS in Norwegian datacentres within the EU/EEA area. A more detailed description of our processing when we act as a Data Processor for our Customers is found here: www.admincontrol.com/data-processing/ 

Our contact details are as follows:
Admincontrol AS, 

Lille Grensen 7,
0159 Oslo,
Norway
+47 22 83 61 00
[email protected] 

Information we collect 

  • Information obtained by completing any forms on our web site, www.admincontrol.com (Our Site). 
  • Details of your visits to Our Site, including but not limited to, traffic data, location data, browser version and details, weblogs and other communication data, and the resources that you may access. 
  • As a user of our Admincontrol service, we store and process your name and contact details such as phone number and registered e-mail address including any other kind of information you may enter or upload into our service. 

Use of information
The information collected is maintained for the purpose of fulfilling our contractual obligations with our Client and is used as such or in order to contact you for the purpose of demonstrating our services. 

The information we collect is not shared with any organisations, except to provide products or services requested, when we have your permission, or under the following circumstances: 

  • As required by law, such as to comply with a subpoena, legal proceedings, or similar legal process. 
  • To investigate potential violations of our Terms of Service 
  • To security approved Sub-contractors as stated in our Data Processing Agreement with our Customers 
  • To third-party service provider as stated under 3rd Party disclosure 

If Admincontrol is involved in a merger, acquisition, or sale of all or a portion of its assets, our Customers will be notified via email and/or a prominent notice on our Our Site of any change in ownership. 

Cookies and Tracking Technologies
Admincontrol and our analytics provider use technologies such as cookies, beacons, tags and scripts, to analyse trends, administer Our Site, tracking users movements and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis. 

To protect your privacy we utilise anonymization technologies when transferring data to our analytics provider, such anonymization technologies will remove your Personal Identifiable Information. 

See our Cookie Declaration for an overview of all cookies on Our Site, or to change your consent. 

Log files
As is true of most web sites, we gather certain information automatically and store it in log files.
This information includes internet protocol (IP) addresses, browser type, referring/exit pages, operating system, date/time stamp and clickstream data and may be stored in system logs such as network, intrusion prevention logs, firewall logs, webserver logs in order to maintain our high level of security of our service.
Admincontrol is the Data Controller for these logs and they are maintained for a period of 12 months. Our legal basis for this processing is our legitimate interest to maintain sufficient network and information security. 

3rd Party disclosure
For Analytics purposes and user profiling some personal data is transmitted to external services. This is to help us improve Our Site and the Admincontrol service and to be able to provide relevant content based on your interest. 

Our Site: 

Google Analytics 

We use Google Analytics as an Analytics Provider. For this only aggregated and anonymized data is transferred. 

Facebook ads (including Facebook remarketing ads): 

Based on your cookie consent, we use Facebook tracking pixels to show ads on Facebook based on one or more of the following criteria’s: 

  • Visits and/or behavior on Our Site 
  • Information from Facebook Profile, such as interests, group memberships, location and demographical information (aggregated data) 
  • Customer data 
  • Facebook Matching Audience feature 

These tracking technologies facilitate the placement of advertising campaigns on the Facebook platform and enable Admincontrol to generate reports about the performance of these advertising campaigns. 

LinkedIn ads (including LinkedIn remarketing ads): 

Based on your cookie consent, we use LinkedIn Insight Tag to show ads on LinkedIn based on one or more of the following criteria’s: 

  • Visits and/or behavior on Our Site 
  • Information from LinkedIn Profile, such as interests, group memberships, location and demographical information (aggregated data) 
  • Customer Data 
  • LinkedIn Matching Audience feature 

These tracking technologies facilitate the placement of advertising campaigns on the LinkedIn platform and enable Admincontrol to generate reports about the performance of these advertising campaigns. 

Instapage 

We use Instapage as a tool for creating landing pages on Our site. By clicking the consent form on these landing pages, you accept that your personal contact data may be shared with third parties outside of the EU/EEA. For more information, please visit the Instapage GDPR page. 

Instapage is certified under the US Privacy Shield. Proof of certification can be found here: Instapage Privacy Shield Certification  

Salesforce Chat 

We use Salesforce as a chat solution on Our Webshop. By clicking the consent form in the chat, you accept that your personal contact data may be shared with third parties outside of the EU/EEA. For more information, please visit the Salesforce GDPR Compliance Site. Additional information can be found at Salesforce’s Privacy Information site

iOS Application

For our iOS Application, we use Firebase Crashlytics to analyse crash logs. Only aggregated and anonymized data is transferred to Crashlytics to help us improve the Application and our service. For more information about the data collected by this service, please refer to the: Crashlytics Data Processing and Security terms 

Payment Processing
Admincontrol does not process payments for services on Our Site.  

Access to your information
The Norwegian Data Protection Act and EU General Data Protection Regulation (GDPR) give you the right to access the information we hold about you. 

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the responsible person within their organisation for the agreement with Admincontrol. Admincontrol will make reasonable commercial efforts to promptly fulfil our Customers request. Requests relating to information we process for our own purposes may be directed to us to the address set out under “Further Information”. 

Security
Admincontrol has security and the protection of our customer’s data as a top priority and is certified against ISO:27001:2013. The ISO 27001:2013 standard govern our information security work. 

The following are our primary information security goals: 

  • Admincontrol must ensure the confidentiality, privacy and integrity to customers data. 
  • The Admincontrol services must be available to authorised users in accordance with Admincontrol’s SLA. 
  • Admincontrol must actively work to minimise the risks and any potential damage by preventing security incidents and their potential impact. 
  • Admincontrol must comply with relevant customer requirements, laws and regulations for information security. 

For further details see www.admincontrol.com/information-security/ 

Compliance
Admincontrol complies with the following Norwegian laws and regulations concerning IT security for banks and finance institutions, including Norwegian and European (EU/EEA) regulations for protection of personal data: 

  • EU General Data Protection Regulation (GDPR) 
  • Norwegian Personal Data Act 
  • Regulations on use of information and communication technology (ICT) 

All Customers need to ensure that any local laws and regulations within their sector and/or their country is covered. When ensuring compliance with your sector specific or local regulation needs, you may contact Admincontrol for a more detailed description of our security controls. 

Admincontrol has taken appropriate steps to ensure compliance with the EU General Data Protection Regulation (GDPR) once entered into force. 

Retention
Admincontrol will retain personal data we process on behalf of our Customers as long as needed to provide services to our Customers. Admincontrol will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. 

Information we collect in order to demonstrate our services is maintained until the purpose of the collection has been fulfilled. 

Cancellation or termination of account
Admincontrol can completely remove all the Client’s documents, files and meta-data upon request. If your account is terminated for any reason, please contact us with any request to access your data. 

Changes to this Statement
We may amend this Statement from time to time. The latest version will at all times be available on Our Site. You are advised to consult this Statement regularly for any changes. 

If we make significant changes to our Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our Site prior to the changes taking effect. 

The last update of this Privacy Statement was February 4th, 2020 

Data Protection Officer
To ensure proper Data Protection and Privacy is in place Admincontrol has appointed an internal Data Protection Officer that monitors Admincontrol compliance with GDPR, provide advise in privacy related matters and act as a point of contact for our Customers and the Data Protection Authorities. 

Further information
For further data processing details, compliance or security,
you may contact the DPO on e-mail: [email protected]