Information about the processing of personal data in IWMAC systems.
Here at IWMAC, we safeguard the privacy of our clients, suppliers, partners, as well as our clients’ customers. In this document, we’ll provide an overview of how, when and why we process personal data.
When referring to IWMAC, this covers IWMAC AS and all its subsidiaries.
IWMAC is responsible for processing personal data for all of our employees and job applicants.
Personal data we process about employees of our clients/suppliers/partners is carried out in accordance with the relevant data processing agreement.
IWMAC develops systems that facilitate the storage and processing of personal data. The personal data stored by or for our clients is owned by our clients, who act as the data controller. IWMAC is therefore the data processor.
1.1 Why do we process your personal data?
The personal data about our clients and end users will primarily be used to manage and maintain the client relationship, including to communicate with, follow up, carry out deliveries, and otherwise fulfil our agreements.
We may also use the personal data to send out information on offers and marketing materials, conduct customer surveys, and to assess when it would be appropriate to send out certain types of material to the individual client.
The same also applies to our suppliers and partners.
When IWMAC is the data processor, it is the data controller who submits personal data and defines the purpose of the processing within the framework of the system.
1.2 What personal data do we process?
In general, we will only process personal data about our clients and users as necessary to manage the client relationship or agreements.
More specifically, this may involve us processing information such as name, email address, telephone number, position/role, technical usage information, correspondence, audio recordings from Alarm Center/Support conversations, views on our products/services in the form of responses to customer meetings and meeting minutes.
We do not process any sensitive personal data on our users. See here for the definition of sensitive personal data:
1.3 How do we collect your personal data?
The source of the information we have about our clients/users will normally be the client themselves, by the client providing the information themselves, or after the client has been established.
1.4 What is the legal basis for the processing of your personal data?
We may in some cases obtain the consent from our clients to process personal data, but we will also process data without requesting specific consent where it is necessary to fulfil our agreement with the client, or for taking action at the request of the client before an agreement is entered into.
When IWMAC is the data processor, it is the data controller who holds the legal basis for processing and storing personal data.
1.5 Who has access to your personal data with us?
We will limit access to the personal data of our clients/users to the persons in IWMAC who need such access based on the purposes as set out in section 1 above.
1.6 Do we share your information with anyone?
We do not share, sell, lease or exchange your information with third parties without your consent, except when as described below.
1.6.1 Third-party service providers working on our behalf:
We may pass your information on to our distributors, agents, subcontractors or other associated organisations with the purpose of providing services to you on our behalf.
1.6.2 Third-party product suppliers we work with:
1.6.3 If required by law:
We will disclose your personal data if it is required by law, or if we as a company believe that this disclosure is necessary in order to protect the rights of IWMAC and/or to comply with any lawsuit or court order. However, we will do what we can to ensure that privacy rights continue to be protected.
1.6.4 Use of subcontractors (data processors and sub-processors)
If the subcontractor processes personal data outside the EU/EEA, such processing must comply with the EU-US Privacy Shield, the EU Standard Contractual Clauses for transfer to a third country, or any other specific legal basis for the transfer of personal data to a third country.
1.7 How and for how long do we store your personal data?
Personal data is retained for as long as it is needed for the purpose of the processing. Also note that we may be required to store personal data even after the purpose has been fulfilled, for example, following accounting legislation or other public law requirements.
It is the data controller who defines how and for how long the personal data is stored.
1.8 How do we secure the processing of your personal data?
IWMAC shall meet the security requirements in accordance with those are set out in the applicable Norwegian privacy laws. The level of security will take into account the nature of the personal data and the risk of a data breach of the data subject.
We have established procedures and measures at various levels to ensure that non-authorised persons cannot access your personal data, and that all processing of the data is performed in accordance with the applicable laws. The security measures include regular risk assessments, technical systems and procedures to ensure security of the information.
Further information about the above may be shared with contractual partners upon request.
1.9 What information requirements does the data subject have?
As the data subject, you have the right:
to gain access to the personal data about you that we process;
to request that incorrect, unnecessary, insufficient or outdated personal data is rectified or removed;
to object to the processing from direct marketing as well as to know about any profiling;
to withdraw any consent to the processing of personal data that you have granted us;
to download the personal data about yourself that you have given us and transfer it to another data controller (data portability);
to contact us if you have any input or questions related to our processing of personal data;
to complain directly to supervisory authorities if you consider that the processing of your personal data is in violation of the applicable laws.
1.11 How can you contact us?
If the Client has any questions or requirements related to our processing of personal data, they can contact our Data Protection Officer via firstname.lastname@example.org.
All enquiries related to personal data where IWMAC is the data processor should go directly to the data controller.