1 Overview
This Privacy Notice ("Privacy Notice") is prepared by AquaCloud AS ("AquaCloud", "we", "our" or "us") to ensure that you receive the information we are required to provide to you, and which is necessary for you to exercise your rights under the General Data Protection Regulation (the "GDPR") and the Norwegian data protection legislation (together "data protection legislation").
This Privacy Notice describes how we process personal data about you, the purpose of our processing activities, and the legal basis for our processing activities. Furthermore, this Privacy Notice provides you with information about your rights under applicable data protection legislation and other relevant information relating to our processing of your personal data.
2 Contact Information
The data controller for the processing of your personal data is AquaCloud AS of Thormøhlens gate 51, 5006 Bergen, Norway, with organisation number 926 397 400. If you have any questions about this Privacy Notice, including how we process personal data, or would like to submit a request to exercise your rights, please contact us at:
AquaCloud AS
v/The Seafood Innovation Cluster
Thormøhlens gate 51
5006 Bergen
Email: post@aquacloud.ai
3 Generally about Personal data
Personal data means any information relating to an identified or identifiable natural person (a "data subject"). Your name, phone number, address and e-mail address are examples of information that generally is regarded as personal data. Depending on the circumstances, IP-addresses and similar identifiers may also constitute personal data.
4 Our Processing of personal data
The list below stipulates the categories of personal data that we process and the purposes these personal data are processed for:
Name, email address, organisation, login credentials and user ID. We process these personal data to provide you with access to our platform and to personalise your user experience. We will also use you email address to contact you or to provide you with necessary information.
IP-addresses, user ID and similar identifiers. We process these personal data to generate statistics in order to improve the functionality and performance of our platform and services. However, the personal data will not be used to analyse user behaviour at an individual level.
Depending on the circumstances, we may also process other categories of personal data, and/or the above listed personal data for other purposes. This may for example be the case if you contact us with questions or comments.
You may at any time request confirmation and/or information regarding the personal data which we process about you, by contacting us as described above.
5 The sources we obtain personal data from
Most of the personal data we process are provided to us by you when you register and use your user account.
In addition, we use analytical tools implemented in API Connect to collect some personal data, such as your user ID, IP-address, or other similar identifiers. However, we do not analyse user behaviour at an individual level.
6 Our Legal basis for Processing personal data
We base our processing of personal data primarily on our legitimate interests pursuant to article 6(1)(f) of the GDPR. Our legitimate interests are further described below:
Name, email address, organisation, login credentials and user ID. We have a legitimate interest in using these personal data to identify and authenticate you when you register a user and log in on our platform. Furthermore, we have a legitimate interest in using your email address to respond to your inquires or to provide you with necessary information.
User ID, IP-address and other identifiers. We have a legitimate interest in using these personal data to simplify the use of our platform and to generate statistics about the use of the platform and content therein, in order for us to develop and enhance the platform further.
If you are a personal license to access and use our services, our processing of your name, email address, login credentials and user ID is be based on it being necessary to provide the service to you pursuant to article 6(1)(b) of the GDPR.
7 Our use of Cookies
Cookies are small pieces of text used to store information on web browsers. Cookies are used to store and receive identifiers and other information on computers, phones and other devices.
Cookies help us provide, protect and improve our services, such as by personalising the content and providing a safer experience. The cookies that we use include session cookies, which are deleted when you close your browser, and persistent cookies, which stay in your browser until they expire or you delete them. While the cookies that we use may change from time to time as we improve and update our services, we use them for the following purposes:
Authentication: We use cookies to verify your account and determine when you're logged in so that we can make it easier for you to access our platform and show you the appropriate content and features.
Analytics: We use cookies to better understand how our services are used to improve them further.
You may disable cookies used on our platform through the settings in your internet browser. Please note that if cookies are disabled, some or all of our services may become unavailable or not function as intended.
8 Disclosure of personal data to thrid parties
We use the following service providers in connection with the processing of personal data:
IBM Norge AS
These service providers will act as processors on our behalf. We have entered into data processing agreements with our processors which inter alia obligates the data processor to implement technical and organizational measures to ensure an appropriate level of security, confidentiality and integrity of the personal data, as well as to only process the relevant personal data in accordance with data protection legislation.
We will not disclose your personal data to any other third parties than the third parties described above, unless we are required to do so under applicable law, or if it is necessary in order to establish, exercise or defend legal claims.
9 Transfer of personal data to third countries
Some of our processors are based in a country outside the European Economic Area (EEA) and the processing may, therefore, involve the transfer, storage, and processing of your personal information outside of your country of residence, consistent with this Privacy Notice.
The country may not be on the list of countries deemed as adequate by the European Commission. However, whenever we transfer personal information to countries outside of the European Economic Area (“EEA”) or the United Kingdom, we take appropriate measures, in compliance with applicable law, to ensure that your personal information remains protected. Such measures include the use of Standard Contractual Clauses to safeguard the transfer of data outside of the EEA or the United Kingdom.
To request more information or to obtain a copy of the contractual agreements in place, please contact us by using the contact information above.
10 Retention and deletion
As a general rule, we will delete or anonymize personal data when they are no longer necessary in relation to the purposes for which they were collected or otherwise processed. If we process personal data to comply with our legal obligations, we will delete or anonymize the personal data when it is no longer necessary to process the data to comply with the relevant legal obligations.
We will delete or anonymize personal data in accordance with the following procedures:
Personal data that are processed to give you access to our portal will be deleted when these are no longer necessary to authenticate you or to provide you with access. This will, for example, be the case if we no longer have a contractual relationship with you or the organisation you represent.
IP-address and similar identifiers that are used for analytical purposes will be deleted or anonymized as soon as possible after they are no longer necessary to generate the respective statistics.
11 Your Rights
You have the following rights when we process personal data about you:
Access. You may contact us if you want to obtain confirmation with respect to whether or not we are processing your personal data, as well as access to and further information regarding our processing of your personal data. You may also request a copy of the personal data we are processing about you.
Correcting personal data (rectification). You may ask us to rectify any errors in your personal data.
Erasure (the right to be forgotten). You may ask us to erase your personal data, which request we will respect and comply with.
Restriction. You may ask us to restrict the processing of your personal data.
Object. You are entitled to object to certain processing activities. You are furthermore, on grounds relating to your particular situation (for example, a specific need for protection of your identity), entitled to object to processing of personal data based on legitimate interests, which we will comply with, unless there exists compelling legitimate grounds for our processing which override your interest, or if our processing is necessary for the establishment, exercise or defence of legal claims.
Data portability. You may ask us to provide you or others with your personal data in a structured, commonly used and machine-readable format.
Please note that the above rights may be subject to further exceptions and limitations in accordance with the data protection legislation.
You may contact us if you wish to exercise any of the above rights. Please note that we may request additional information from you if such information is necessary to confirm your identity.
12 Security
As a controller, we are responsible for the security and confidentiality of the personal data we process. We are furthermore responsible for implementing appropriate technical and organizational measures to ensure an appropriate level of security for the processing.
We are, for security reasons, not entitled to disclose detailed information on the security measures which we have implemented. However, we have implemented measures, policies and routines to ensure the security of our processing.
13 Questions and complaints
If you have additional questions on how we process personal data, or are dissatisfied with our processing, you are welcome to contact us. Please find our Contact Information above.
You may also lodge a complaint with the relevant supervisory authority. Please click here to access the contact information to the Norwegian Data Protection Authority. The contact details for all EU Supervisory Authorities can be found here.
Further details on your rights are available in the Data Protection Act and the General Data Protection Regulation (GDPR), which can be accessed by clicking here.
14 Changes
We may update the Privacy Notice from time to time. The Privacy Notice will, for example, be updated to comply with any legislative amendments or if we make changes to our processing of personal data.
The most recently updated version of the Privacy Notice will always be available here: https://dev.aquacloud.ai/privacy.