Admincontrol Privacy Statement
This privacy statement covers our collection, use and disclosure of information collected through Our Websites: admincontrol.com, with subdomains
and the Admincontrol service (Our Service): app.admincontrol.net,
including any connected applications that have been developed by Admincontrol to work as a part of Our Service.
The use of information collected through Our Service and connected applications are limited to the purpose of providing the service for which the Customer has engaged Admincontrol AS.
Admincontrol as a Data Processor:
For Our Service; Admincontrol AS collects and processes information under the direction of our Customers. Admincontrol has no direct legal relationship with each individual user of Our Service. Each of our Customer acts as Data Controller whereas Admincontrol is the Data Processor. A Data Processor Agreement is entered into between our Customers and Admincontrol, included as part of the subscription agreement or Terms of Service (TOS). This agreement includes the necessary Data Processing provisions to ensure that the processing of our Customers data is in accordance with EU & UK GDPR.
Data processing
Data is processed in line with the requirements of GDPR, for some of the processing Admincontrol uses subcontractors. These subcontractors are typically vendors of cloud services or other IT hosting services.
When using subcontractors, Admincontrol will enter into a Data Processing Agreement (DPA) with subcontractors in order to safeguard your privacy rights and to fulfil our obligations towards our Customers. When subcontractors are located outside the EU/EEA, Admincontrol ensures legal grounds for such international transfers on behalf of you or our Customers, by using EU Model Clauses as transfer tool and supplementary measures to provide a data protection level equal of processing within EU/EEA.
For the Our Service all customer and personal data are processed under the control of Admincontrol AS in datacentres within the EU/EEA area. A more detailed description of our processing when we act as a Data Processor for our Customers is found here: www.admincontrol.com/data-processing/
Our contact details are as follows:
Admincontrol AS,
Lille Grensen 7,
0159 Oslo,
Norway
+47 22 83 61 00
[email protected]
Admincontrol as a Data Controller:
Admincontrol act as Data Controller for information we collect when you access Our Site and Our Service, including additional information obtained through the “Request a Demo”, Newsletter subscriptions and “Landing Pages”.
Information we collect
- Information obtained by completing any forms on Our Websites.
- Details of your visits to Our Websites and Our Service, including but not limited to, traffic data, location data, browser version and details, weblogs and other communication data, and the resources that you may access.
- Feedback you provide, by using our Customer Feedback form within Our Service.
- As a user of our Admincontrol service, we store and process your name and contact details such as phone number and registered e-mail address including any eID identifiers used to connect your personal eID to your Admincontrol user account.
Use of information
The information collected is maintained for the purpose of fulfilling our contractual obligations with our Client and is used as such or in order to contact you for the purpose of demonstrating our services.
The information we collect is not shared with any organisations, except to provide products or services requested, when we have your permission, or under the following circumstances:
- As required by law, such as to comply with a subpoena, legal proceedings, or similar legal process.
- To investigate potential violations of our Terms of Service
- To security approved Sub-contractors as stated in our Data Processing Agreement with our Customers
- To third-party service provider as stated under 3rd Party disclosure
- To other companies within the Visma group, when necessary to fulfil the purpose of the processing activity
If Admincontrol is involved in a merger, acquisition, or sale of all or a portion of its assets, our Customers will be notified via email and/or a prominent notice on our Our Site of any change in ownership.
Customer Feedback
In Admincontrol, we are eager to deliver a great experience for our customers. As a part of that, being in contact with, and receiving feedback from our customers is crucial to ensure that we keep current customers happy and attract new ones.
In order to handle your feedback, and if necessary, get in contact with you to follow up feedback that you have given, we register personal data alongside your answer. We register information related to the answer, application, customer, and user including but not limited to username/id, email, URL, company name, country, and pricing plan. We use such personal data to follow up the feedback with users and customers in order to fully understand the needs, and to inform when we have taken action on the feedback. The legal ground for processing your personal data is our legitimate interest in trying to ensure that Admincontrol lives up to our customers’ expectations and all contractual commitments. Personal data will be deleted when the data is no longer necessary for the above mentioned purpose of processing.
In order to handle your feedback, we may share your personal data with other companies within the Visma group. Visma does not share your personal data with external third parties other than subcontractors and partners. We will ensure your personal data and rights by entering into data protection agreements with such subcontractors. These subcontractors are primarily based within the EU. If any subcontractor is located outside the EU, Visma ensures the legal basis for transferring personal data to such parties/countries.
Cookies and Tracking Technologies
Admincontrol and our analytics provider use technologies such as cookies, beacons, tags and scripts, to analyse trends, administer Our Websites, tracking users movements and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.
To protect your privacy we utilise anonymization technologies when transferring data to our analytics provider, such anonymization technologies will remove your Personal Identifiable Information.
See our Cookie Declaration for an overview of all cookies on Our Websites, or to change your consent.
Log files
As is true for most web sites, we gather certain information automatically and store it in log files.
This information includes internet protocol (IP) addresses, Username and/or Account ID/User ID, browser type, referring/exit pages, operating system, date/time stamp and clickstream data and may be stored in server and system logs such as network, intrusion prevention logs, firewall logs, webserver and application logs in order to maintain our high level of security of our service and maintain service availability.
Admincontrol is the Data Controller for these logs and they are maintained for a period of 12 months. Our legal basis for this processing is our legitimate interest to provide support to our customers and to maintain sufficient network and information security.
Your personal data is processed from a business perspective in a manner that we believe does not conflict with your privacy rights or freedoms.
3rd Party disclosure
For Analytics purposes and user profiling some personal data is transmitted to external services. This is to help us improve Our Websites and the Admincontrol service (Our Service) and to be able to provide relevant content based on your interest.
Our Service:
We use cookies and tracking technologies when you use Our Service, in order to optimize your experience of the Admincontrol service and improve our product. When accessing Our Service for the first time you will be presented with a Cookie Consent box, where you provide your consent for this collection. You can withdraw or change your consent from your personal settings page at any time.
Our Websites:
Google Analytics and Snowplow
We use Google Analytics and/or Snowplow to gather user behaviour analytics. For this only aggregated and anonymized data is transferred.
Facebook ads (including Facebook remarketing ads):
Based on your cookie consent, we use Facebook tracking pixels to show ads on Facebook based on one or more of the following criteria’s:
- Visits and/or behaviour on our Site
- Information from Facebook Profile, such as interests, group memberships, location and demographical information (aggregated data)
- Customer data
- Facebook Matching Audience feature
These tracking technologies facilitate the placement of advertising campaigns on the Facebook platform and enable Admincontrol to generate reports about the performance of these advertising campaigns.
LinkedIn ads (including LinkedIn remarketing ads):
Based on your cookie consent, we use LinkedIn Insight Tag to show ads on LinkedIn based on one or more of the following criteria’s:
- Visits and/or behaviour on Our Site
- Information from LinkedIn Profile, such as interests, group memberships, location and demographical information (aggregated data)
- Customer Data
- LinkedIn Matching Audience feature
These tracking technologies facilitate the placement of advertising campaigns on the LinkedIn platform and enable Admincontrol to generate reports about the performance of these advertising campaigns.
Salesforce Chat
We use Salesforce as a chat solution on on Our Site, Our Webshop and Our Help Centre. By clicking the consent form in the chat, you accept that your personal contact data may be shared with third parties outside of the EU/EEA. For more information, please visit the Salesforce GDPR Compliance Site. Additional information can be found at Salesforce’s Privacy Information site.
The main purpose of the chat is to support customers. We ask for Name, E-mail and Company as well as Subject in order to identify the customer in Salesforce, so that we may provide the most efficient support possible.
iOS Application
For our iOS Application, we use Firebase Crashlytics to analyse crash logs. Only aggregated and anonymized data is transferred to Crashlytics to help us improve the Application and our service. For more information about the data collected by this service, please refer to the: Crashlytics Data Processing and Security terms
Payment Processing
Admincontrol does not process payments for services on Our Site.
Access to your information
The Norwegian Data Protection Act and EU General Data Protection Regulation (GDPR) give you the right to access the information we hold about you.
An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the responsible person within their organisation for the agreement with Admincontrol. Admincontrol will make reasonable commercial efforts to promptly fulfil our Customers request. Requests relating to information we process for our own purposes may be directed to us to the address set out under “Further Information”.
Security
Admincontrol has security and the protection of our customer’s data as a top priority and is certified against ISO:27001:2022. The ISO 27001:2022 standard govern our information security work.
The following are our primary information security goals:
- Admincontrol must ensure the confidentiality, privacy and integrity to customers data.
- The Admincontrol services must be available to authorised users in accordance with Admincontrol’s SLA.
- Admincontrol must actively work to minimise the risks and any potential damage by preventing security incidents and their potential impact.
- Admincontrol must comply with relevant customer requirements, laws and regulations for information security.
For further details see www.admincontrol.com/information-security/
Compliance
Admincontrol complies with the following Norwegian laws and regulations concerning IT security for banks and finance institutions, including Norwegian and European (EU/EEA) regulations for protection of personal data:
- EU General Data Protection Regulation (GDPR)
- Norwegian Personal Data Act
- Regulations on use of information and communication technology (ICT)
All Customers need to ensure that any local laws and regulations within their sector and/or their country is covered. When ensuring compliance with your sector specific or local regulation needs, you may contact Admincontrol for a more detailed description of our security controls.
Admincontrol has taken appropriate steps to ensure compliance with the EU General Data Protection Regulation (GDPR) once entered into force.
Retention
Admincontrol will retain personal data we process on behalf of our Customers as long as needed to provide services to our Customers. Admincontrol will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Information we collect in order to demonstrate our services is maintained until the purpose of the collection has been fulfilled.
Cancellation or termination of account
Admincontrol can completely remove all the Client’s documents, files and meta-data upon request. If your account is terminated for any reason, please contact us with any request to access your data.
Changes to this Statement
We may amend this Statement from time to time. The latest version will at all times be available on Our Site. You are advised to consult this Statement regularly for any changes.
If we make significant changes to our Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our Site prior to the changes taking effect.
Data Protection Officer
To ensure proper Data Protection and Privacy is in place Admincontrol has appointed an internal Data Protection Officer that monitors Admincontrol compliance with GDPR, provide advise in privacy related matters and act as a point of contact for our Customers and the Data Protection Authorities.
Further information
For further data processing details, compliance or security,
you may contact the DPO on e-mail: [email protected]
The last update of this Privacy Statement was September 29th, 2023