Privacy Statement

This privacy statement describes how Skytale AS collects and uses personal data. Personal data is information that can be linked to you as an individual. All processing of personal data is done in accordance with Norwegian law, including the Personal Data Act and the EU General Data Protection Regulation (GDPR).

The privacy statement applies to all visitors to our website and our social media pages, those who use our app and register as users of the service, as well as contact persons at business customers, suppliers and partners, and individuals who are in contact with us for various reasons, including those who apply for jobs with us or already work with us.

Below you will find information about what personal data we process, the purpose and basis for such processing, how we ensure safe and responsible processing of the information, and what rights you have regarding our processing of your information.

The data controller for the personal data is Skytale AS, represented by the CEO. Contact information for inquiries related to the personal data we process is provided in section 8 below.

1. What personal data we process and on what basis

When your administrator registers you as a new user with Skytale, first name, last name, phone number, email, and temporary password are registered in our database. At your onboarding to our service, you will be asked to set your password. In addition, we will store the multi-factor authentication configuration linked to your user account, if you choose to use this option. This will be stored encrypted and secured. Users must ensure that this is not shared with others. This information is used to administer your account access and use of the service, and to be able to communicate with you about your user account. The processing takes place on the basis of what is necessary to perform the license agreement we have entered into with your employer/client.

We otherwise use your registered email address to send you newsletters, recommendations or other marketing, provided that you have consented to it or are a contact person for an ongoing customer relationship with us and that the communication is otherwise in accordance with applicable regulations. The processing takes place on the basis of a license agreement with us or your consent. You can withdraw your consent at any time or opt out of such future communications, either as indicated in our communication or by logging into your user account with us.

In order to be able to respond to certain inquiries, such as support requests, we sometimes need to register name, email and any other personal information that may follow from the inquiry. The processing takes place on the basis of the consent you have given by sending us your inquiry, and our legitimate interest in such processing to be able to help you with your request.

Any personal information relating to payment such as card information, etc. is handled by our payment solution provider, and in accordance with agreements the payer has with payment card and/or account issuer.

To get information about the use of our app and our websites, we use cookies. These include necessary, functional cookies and, for the website, also cookies for statistical and marketing purposes depending on your consent settings. The information is also used to prevent misuse and unauthorized access. You can read more about our use of cookies here [link to cookie policy/solution] and how you can change your consent settings.

In order to manage inquiries regarding recruitment for new positions, we register name, contact information, your CV, application, certificates, references and other submitted information about you. Processing takes place on the basis of the consent you have given by applying for the position, as well as our legitimate interest in such processing to be able to administer our recruitment processes. The information will be deleted when the position is filled, unless we have obtained consent from you.

We also have pages on LinkedIn, Finn.no, and Teamtailor, where we post and share content, job advertisements, news, activities and the like. We collect all communication, content and other information you provide us directly on our LinkedIn pages, for example if you post something there or send us a private message via the media platform. For this information, we are the data controller. LinkedIn (platform owner) also registers how you use these pages with the help of cookies and other, similar technology every time you visit one of their pages. They use this, among other things, to provide us with usage analyses, so-called «Page Insights» analyses, which contain statistics based on anonymized information about those who visit the profile pages. This allows us to optimize our pages and adapt to the interests and habits of the users of our social media pages. If you have a profile, we can see what you post there, i.e., your username and other profile information in addition to what you post publicly. The various media platforms also use your information for their own purposes, and more information about this can be found in their respective privacy policies.

2. Disclosure to others

We will not disclose your personal data to others unless there is a legal basis for such disclosure or it appears from this privacy statement. We do not have access to content in conversations or metadata about the communication, as this is an end-to-end encrypted communication solution. Such information will neither be shared with us nor with anyone other than the sender and recipient.

We use data processors to store or otherwise process personal data on our behalf. Examples of such data processors are our supplier who operates our cloud service and payment processing services. In such cases, we have entered into agreements to safeguard information security at all stages of processing and ensure that they process the information in accordance with the regulations. Our data processors cannot process your personal data in any way other than what has been agreed with us and described in this privacy statement.

3. Storage location

We and our data processors store personal data on servers in Norway. We do not store personal data in countries outside the EU/EEA. Any transfer of personal data outside the EEA area will in that case ensure that it takes place in accordance with a legal transfer basis and in accordance with applicable privacy rules and guidelines.

4. Storage time and deletion

We store your personal data as long as necessary to fulfill the purpose of the processing as described in point 1, or statutory obligations, for example obligations under the Norwegian Accounting Act (Lov om bokføring).

Contact information and other personal data will, as far as possible, be kept updated and correct, and will be deleted when they are no longer relevant.

Personal data we process on the basis of your consent will be deleted when the consent expires or is withdrawn, unless it follows from legal requirements or other processing bases that we must nevertheless keep the information in question for a certain period of time.

Storage of anonymized information is not subject to the above time limitations or deletion requirements.

5. Protection and information security

Protection of your personal data is a high priority task for us, and we work continuously to protect personal data and other confidential information. Our security work includes physical, technical and administrative measures.

Access to your personal data is limited to employees and hired consultants who have an official need for such access. We will provide training to employees and third parties where relevant, to promote awareness of our privacy policies and procedures.

The security work also means that we regularly review various factors such as risk exposure, available technology, business needs and legal requirements. This will ensure that we at all times have adequate security measures, including to prevent personal data from going astray.

6. Your rights

You have the following rights with respect to the personal data we process about you:

Access: You can request to know what personal data we have registered about you, but you will also find out most information by logging into the app and going to the «Settings» area.

Correction: You have the right to have incorrect, incomplete or irrelevant information about you corrected. Some of the information can be changed in «Settings» in the app.

Restriction of processing: You can request that we restrict our processing of your personal data.

Withdraw consent: You can at any time withdraw your consent to our processing of your personal data. This can be done in «Settings» in the app.

Data portability: You can request to have the personal data you have provided to us exported in a format that can be transferred to another business.

Deletion: You can request that we delete personal data we have stored about you without delay. Certain information can be deleted via «Settings» in the app.

Information in case of personal data security breaches: If a breach of personal data security poses a high risk to your rights and freedoms, we are obliged to notify you.

To exercise your rights, you can contact us as described under point 8 below. We will respond to your request as soon as possible.

If you believe that our processing of personal data does not comply with this privacy statement or that we otherwise violate privacy legislation, you have the right to complain to the Norwegian Data Protection Authority. For contact information and further information on the right to complain, see www.datatilsynet.no.

7. Changes

Skytale AS will change this privacy statement when necessary. We therefore recommend that you read through our privacy statement from time to time when you visit skytale.no or use the app.

8. Contact information

For questions about this privacy statement or our processing of your personal data, please contact us using the following contact information:

Skytale AS
Email: info@skytale.no
Tel: 917 55 037