Leasi AS (hereinafter “Leasi”, “we”, or “us”) is a Norwegian software company that offers a machine administration software. Leasi acts as a data processor for personal data that we process (which typically means collecting, storing and using personal data) on our customers' behalf. We have entered into specific software service agreements with separate data processing agreements with our customers, which regulates our processing of personal data in accordance with the EU regulation 2016/679 (“GDPR”) article 28. By utilising our software, Leasi’s customers may process personal data on behalf of third parties.

1. About this privacy policy
As data processors, we are responsible for ensuring that we use the personal data we have about you in accordance with applicable data protection legislation. This privacy policy will help you understand what information we collect, how we protect and use your data, as well as information about your rights in this respect. We value your privacy and will not use or share your information with third parties except as described in this policy.

2. What type of data do we collect, and when and why do we do it?
In general, we typically collect and process your data when you use our website, our digital services, subscribe to our newsletter and when you fill out forms issued by us. Below, we have listed all the specific ways we collect data from you, the categories of data we typically process, and the legal basis for such processing.  

The relationship between Leasi and the customer is regulated in a separate data processing agreement which ensures that both parties comply with principles for the processing of personal data, in accordance with Article 5 in GDPR. We only process your personal data to the extent necessary to fulfill the below mentioned purposes. 

Using our digital services
‍When you register for a user account for our Appfarm Platform, or when your employer or principal assigns a user account to you, and you log in to this account, we process information such as:
• Your name
• Username
• Address
• E-mail
• Phone number
• Profile image
• Work-related information such as geolocation and card ID. You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use the just-in-time reminders.
• Other personal information you have chosen to provide us or your employer or principal for registration.

We process this information to be able to provide the contractual service (GDPR art. 6.1 b).

Website
‍We collect information from your computer or internet connection when you visit our website and use our digital services (see also section 2.1 above), such as:
• Your IP address,
• Date and time of your visit,
• Duration of your visit,
• The content of your request (i.e., the specific site/page you visit),
• The website that referred you,
• Which pages you visit on our website,
• Your internet service provider,
• Your browser type and version, as well as
• Your operating system.

We collect this information to uphold our legitimate interest in being able to display our website to you (including for log-in identification purposes), as well as our legitimate interest in measuring and improving the performance of our digital channels, as well as the marketing of our products and services (GDPR art. 6.1 f).

Service updates and newsletters
‍If you subscribe to our newsletter and information on our service updates, we collect your name and email address. If you are an existing customer or user, we may send you such communication even though you do not expressly subscribe.

The basis for sending such emails to contact persons with our existing customers is to uphold our legitimate interest in following up our customers by providing relevant news and relevant information about our services (GDPR art. 6.1 f), see also the Norwegian Marketing Act art. 15(3)). If you are not an existing customer or user, the basis for sending such an email would be your express consent (GDPR art. 6.1 a).

Anyone receiving the information items above can easily opt-out using the link included in our emails.

Social media
‍When you visit our social media pages, such as our Facebook and LinkedIn pages, the social media providers will collect and process your personal data and use cookies. For information about how these providers use your personal data, we recommend reading their privacy policies.

‍Customer relations and support
‍When registered as a customer or user, you provide us with certain information that we collect and process in our customer relationship management system. This information includes your:
• Name
• Contact details,
• Company information,
• Payment information,
• Purchase history
• Communications with us, as well as
• Other information you provide through the customer relationship with us.

We collect and process this information to provide you with a contractual service (GDPR art. 6.1 b) and to uphold our legitimate interest in improving our relations to our customers and to provide you with good customer care and service (GDPR art. 6.1 f). In some cases, we are also compelled to process your information for compliance with a legal obligation, such as compliance with the Norwegian Bookkeeping Act, or when required by law, court orders, or legal processes (GDPR art. 6.1 c).

3. Do we share your personal data with third parties?
We will not share your personal data with others unless you either give us your consent to do so (GDPR art. 6.1 a) or if we have another legal basis to share your data, e.g., if it is necessary to provide you with a contractual service (GDPR art. 6.1 b) if we are required by law, court orders or legal processes to disclose your personal data (GDPR art. 6.1 c), or it can be justified on the basis of our legitimate interest in doing so (GDPR art. 6.1 f).

When we use third-party subcontractors or service providers in order to provide our services, we will take appropriate legal precautions and corresponding technical and organizational measures in order to ensure that your personal data are protected in accordance with applicable data protection law. Our service providers may be based in locations all over the world. This means that your personal data may be transferred outside the EU/EEA. If that is the case, we will implement appropriate security measures to protect your data, such as agreements with EU standard contractual clauses.

All the relevant third-party suppliers that we use will be stated on request.

4. How do we protect your personal data?
Our data processors and we have implemented appropriate technical and organizational measures to ensure a sufficient level of security when processing your personal data and to prevent loss or unlawful processing. 

Such measures are, for example, internal routines, data processing agreements, and IT security procedures to verify access rights. We will also carry out data protection impact assessments when it is likely that the processing of your data may result in high risk to your rights and freedoms concerning your personal data.

5. Cookies
We use cookies to customise our website and related services, and to ensure that various services on our website work. Cookies compile anonymous aggregated statistics so that we can improve and further develop the information offered on our website. Anonymous information cannot be traced back to the individual user. The fact that the statistics are aggregated means that all data is combined into a group and is not processed individually. The statistics say something about how many people visit the website, how long the visit lasts and which browsers are used.

We use Google Analytics in this context. Information from this tool is not disclosed by Leasi to other players.

6. What are your rights?
You have several rights under the applicable data protection regulations. Below is a list of the rights you can exercise in your relationship with us as a data processor. Below is a list of the rights you can exercise in your relationship with us. If you wish to exercise your rights, please contact us, and we will respond to your inquiry as soon as possible - no later than a month after the receipt of your inquiry.
• Access - you have a general right to access the personal data we have registered about you. Rectification and erasure: You have a general right to request that we rectify any incorrect personal data about you and erase personal data about you. Please note that personal data essential to the customer relationship cannot be deleted unless you explicitly request termination of the customer relationship with us.
• Restriction: You have a general right to ask us to stop (i.e., "freeze") the processing of your personal data, e.g., where you are of the opinion that we process personal data about you illegally and you do not wish us to erase these data pursuant to our routines for such erasure until the matter has been clarified.
• Objection: You have a general right to object to our processing of personal data about you if special circumstances on your part justify this.
• Right to appeal: If you disagree with how we process your personal data, you may submit an appeal to the Norwegian Data Protection Authority (Datatilsynet). We ask that you contact us beforehand so that we may clarify any misunderstandings.

7. Storage time
Your personal data will not be stored for longer than needed for the purpose mentioned in this privacy policy. This means that when our customer relationship with you is terminated, we will erase your personal data as soon as our purpose with processing such data is no longer relevant unless we are compelled by law to store this data any longer.

8. Do we keep this policy up to date?
Yes, we revise this privacy policy from time to time. We will notice you if we make any significant changes. The most up-to-date version of our privacy policy is available on our website. 

9. How can you contact us?
Please get in touch with us if you have any questions or comments or wish to exercise your rights.
Our contact details are: 

Leasi AS, Krambugata 2, 7011 Trondheim, Norway
privacy@leasi.io