Privacy Policy
1. Introduction
Squarehead Technology takes privacy seriously and therefore complies with all applicable laws and regulations in connection with it. That includes the EU Regulation (GDPR).
The purpose of this Privacy Statement is to make it as easy as possible for you to get an overview of how we collect, use, store, share, transfer, delete or otherwise process (further known as "processing") your personal data. Our measures to protect and secure your personal data are also covered by the statement. Finally, our statement contains contact information so that you can easily get in touch with us regarding questions, requests and/or complaints related to how we handle your data.
2. Covered parties and definition
This Privacy Statement refers to "you" and "your", which includes any covered individual. “We”, "us", "our" and "Squarehead Technology" include Squarehead Technology and all associated entities.
“Personal data” is any information that relates to an identified or identifiable living individual.
3. Scope of the privacy statement
The Privacy Statement applies to the organization of Squarehead Technology for all objectives and activities in the geographical areas where we operate and where the GDPR is applicable.
Furthermore, the Privacy Statement applies to the processing of personal data collected by us, directly or indirectly, from all individuals. This includes, but is not limited to, our current, past, or potential: job seekers, employees, consultants, users, consumers, children, suppliers/subcontractors, shareholders and third parties.
4. Collection and processing of personal data
IN ACCORDANCE WITH GDPR AND LOCAL LAWS
Your personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR) and potential and relevant local legislations.
LEGAL, FAIR AND TRANSPARENT
We guarantee that your personal data is processed in a lawful, fair and open manner. This means that we do not process personal data without legal basis (for more information, see the section "Legal basis for storage").
Please note, at the same time, there may be a need to process your personal data when necessary for the performance of a contract/service you are a part or recipient of, when necessary to comply with legal obligations we are subject to or other cases where it will be necessary, of course, then with your prior consent. Unless your rights and freedoms are set aside, we may also process personal data for our legitimate interests. In cases where we process your personal data, we will inform you of this through a notice or privacy statement. The information will include, among other things, who is responsible for the processing of your personal data, for what purposes the personal data is processed, who the recipients are, what your rights are and how you can exercise them (unless it is impossible or requires disproportionate efforts for us to implement this).
Where required by applicable law, we will seek prior approval from you before we collect sensitive data. For example, by checking box providing consent on our website, you agree that the personal information that you fill in/provide us may be used for the purpose formulated in your consent.
LEGITIMATE PURPOSE, LIMITATION AND DATA MINIMIZATION
We warrant that your personal data will only be collected for specific, explicit, and legitimate purposes and will not be processed in a manner that is incompatible with these purposes. The personal data shall also be adequate, relevant, and not too comprehensive in relation to the legitimate use for which it is facilitated.
Among other things, we collect information by contractual agreement on services with suppliers and business customers, filling in contact information on our website, contacting us by email, telephone, website, and social media and signing up for receiving newsletters. Any information collected in relation to our support portal are used exclusively for maintenance and ticketing purposes.
When we process personal data for our own purposes, these are mainly used, but not limited, to the following: customer care, sales and marketing activities, statistics and analysis, user customization of the website, recruitment management, HR and administration, accounting, financial management and associated controls and reporting, tax management, risk management, HSE, IT tools or internal websites and other digital solutions or collaboration platforms, IT support (including infrastructure, system management, applications, health and security management, administration of information security, management of customer relationships, bids, internal and external communications and event management, compliance with anti-money laundering obligations or other legal obligations, data analysis, legal corporate governance and implementation of compliance processes).
CORRECTNESS AND TIME LIMIT
We guarantee that your personal data is up to date and correct. We will take all expected measures to ensure that incorrect information is deleted or corrected.
We store your personal data with us only for as long as necessary for the purpose for which the personal data was processed or in accordance with statutory procedures. It includes any legal, accounting or reporting requirements, as well as if it is necessary for us to assert or defend ourselves against legal claims. The personal data will then be stored until the end of the relevant storage period or until the relevant requirements have been settled. To read more about our specific time limits for storing personal data, please contact us at privacy@sqhead.com.
We also guarantee that your personal data is not stored in a format that allows us to identify you for longer than is necessary for the use for which the data is facilitated. Upon expiry of the storage period, we will securely delete your personal data, in accordance with applicable laws and regulations.
5. Legal basis for storage
Regardless of the processing of personal data, Squarehead Technology shall always support at least one of the consequences of legal terms (cf. the Data Protection Data Protection Act, Article 6(1) (a-f) GDPR):
§ the data subject has consented to the processing of their personal data for one or more specific purposes
§ processing is necessary to fulfill an agreement in which the data subject is a party, or to act at the data subject's request before a conclusion of an agreement
§ processing is necessary to fulfill a legal obligation that is required by the controller
§ treatment is necessary to protect the vital interests of the data subject or another physical person
§ processing is necessary to carry out a task in the public interest or exercise the public authority required by the controller
§ the processing is necessary for purposes related to the legitimate interests pursued by the controller or a third party, unless the data subject's interests or fundamental rights and freedoms precede and require the protection of personal data, especially if the data subject is a child
6. Security measures
We guarantee that your personal data is protected from accidental or unlawful alteration or loss, or against unauthorized use, disclosure or access in accordance with our data security policies. To ensure such protection, we have implemented appropriate technical and organizational measures.
We ensure, where appropriate, that all reasonable security measures based on built-in privacy and privacy as the default setting are in place to protect the processing of your personal data. Depending on the risk level of the processing of the personal data, we also carry out data protection impact assessments (DPIA). We also have additional security measures for data that are considered sensitive.
7. Sharing personal data
We are very strict on who will access your personal data.
Personal data processed in connection with assignments (including potential) is provided to the principal in accordance with the laws and regulations that we are required to follow. Other recipients receive this information only as a result of legal requirements, other constitutional or government allotments.
We share your personal data under the following circumstances:
§ with third parties, including certain service providers we have retained for the purposes described in this Privacy Statement and the services we provide
§ with companies offering anti-money laundering and anti-terrorist financing control services, as well as other purposes aimed at fraud and crime prevention, and companies offering similar services, including financial institutions and regulatory bodies with which such personal data are shared
§ with courts, law enforcement authorities, supervisory authorities, government officials or lawyers and other parties where it is reasonably deemed necessary to establish, exercise or defend a legal or fair claim, or for a confidential alternative dispute resolution process
§ with service providers that we engage in or outside Squarehead Technology, domestically or abroad, e.g. shared service centers, to process personal data for one of the purposes listed on our behalf and only in accordance with our instructions
§ if we sell or purchase business or assets, we may share your personal data with the potential seller or buyer of such business or assets which are then assigned or assign some of our rights and obligations
8. Data transfer
In accordance with the GDPR, it is not permitted to transfer personal data to third countries outside the EEA who do not have the ability to guarantee an adequate and satisfactory level of data protection. Some third countries outside the EEA where Squarehead Technology operates do not offer the same level of data protection as your country of residence and are therefore not recognized by the European Commission as an adequate level of protection for privacy rights.
As data transfer to such countries will be required in certain cases, either to devices inside or outside Squarehead Technology, we have adequate security procedures in place to protect your personal data.
If you would like more information or documentation on data protection procedures, please contact us at privacy@sqhead.com.
Atlassian
Our help center is based on Atlassian. Atlassian has put in place a number of measures to ensure that EU, UK and Swiss data remains protected when it is transferred outside of Europe. For more information please read the Atlassian Data Processing Addendum.
9. Cookies
Our website use cookies. A cookie is a small text file that is stored on your computer, mobile or tablet by the website you are visiting. The file contains the address of the website and the codes that your browser sends back to this website every time you visit a page. The goal is to recognize your device and store information about your preferences or past activities. That way, your visit can be adapted to your needs and create a better user experience for you.
When you visit our websites, you will be notified of the types of cookies we use and how you can disable them. When required by law, you will have the opportunity to reject the use of cookies when you visit our websites. For more information, see our Cookie Statement.
10. Your rights
You have a number of rights when it comes to your personal data, and you have the opportunity to influence your information and what is stored. Among other things, you have the right to obtain information about what information we have stored. You may also require us to correct incorrect information or delete your information. You can contact us at any time and request that your information be deleted or that the use of the information be restricted. Below is a table that summarizes your various rights:
Right to insight and correction
You can request a copy of the information we have stored about you. You can also request that we correct errors or update incomplete data.
Right to deletion
You are entitled to request the deletion of your personal data in cases where:
§ data is no longer necessary for the purpose for which it was collected
§ you choose to withdraw your consent
§ you object to the processing of your personal data
§ your personal data is unlawfully processed
§ it is a legal obligation to delete your personal data
§ deletion is necessary to ensure compliance with applicable laws
Right to restriction
You may request that the processing of your personal data be restricted in cases where:
§ you dispute the accuracy of your personal data
§ we no longer need your personal data for processing purposes
§ you have opposed processing for legitimate reasons
§ There are exceptions to the right to erasure, ref. GDPR article 17.3 and article 9
Right to data portability
Where applicable, you may request to be provided the personal data you have provided to us. This data has the ability to be transferred to another data processor, if possible. This applies to the case where the processing of your personal data is based on consent, or a contract, and processing is automated.
You may also request that your personal data be transferred to a desirable third party (where technically possible).
Right to protest
You may object to the processing of your personal data. Keep in mind that in cases where your personal data is processed on the basis of a consent you have given, it is possible for you to withdraw such consent at any time.
Right not to be subjected to automated decisions
You have the right not to be subject to a decision solely based on automated processing, including profiling, which has a legal implication for you or adversely affects you.
Right to appeal
You can choose to file a complaint with the supervisory authorities where you live, where you work or where you feel the violation of your rights has taken place. This can be done regardless of whether it has/has not resulted in personal injury or loss.
You also have the right to lodge a complaint with the courts where the Squarehead Technology entity has a business or where you normally live.
If you wish to withdraw your consent or require an overview of information, correction or deletion, please contact us at the email address we have provided under the contact information section.
If you believe that your rights are not respected, feel free to contact us (see contact information below) or the Norwegian Data Protection Authority (postkasse@datatilsynet.no).
11. Updates
Updating this Privacy Statement may take place from time to time when there are changes in operation or otherwise. If any material changes are made, we will post information about this on our website when the changes take effect and, if applicable, communicate the change(s) directly with you.
Further information
For any questions, comments and/or requests associated with this Privacy Statement, please contact the Privacy Statement by email privacy@sqhead.com. You can also send a letter to the following address:
Squarehead Technology AS
v/Data Protection Officer
PO Box 13, Nydalen
0410 Oslo
Lastly updated: 26th of June 2023