Data Protection Global Privacy Notice
Introduction

This Privacy Notice applies to Crayon Group, in the following referred to (collectively, “Crayon Group AS,” “we” and “us”). We are global software and cloud experts. We help you gain clarity from complexity, optimise the ROI from your technology investments and simplify and secure your journey to digital transformation. This privacy notice aims to inform you about how we collect, store, use and disclose information about you when you:

  1. 1. Interact or use our websites, including downloading materials from our resources page. 
  2. 2. Register and/or attend any of our events or conferences we attend.
  3. 3. If you use any of our products or services.
1. What are contact details of Crayon Group?

Crayon Group AS is the Controller for the Personal Data we process, unless otherwise stated.

  • Crayon Group AS

Postal Address:                  Sandakerveien 114a, 0484 Oslo, Norway

Address:                              Landsvägen 50A, 17263 Sundbyberg, Stockholm, Sweden

Telephone:                          +47 22 89 1000

Email address                   clouddesk@crayon.com

Registration Number:          981125592

 

Our Data Protection Officer

Name and Title:                   Dr. Scott Richardson

Postal Address:                   Landsvägen 50A, 17263 Sundbyberg, Stockholm, Sweden

Telephone:                          +47 22 89 1001

Email address                   dpo@crayon.com

If you have any questions or concerns regarding our privacy notice, please send a detailed message to dpo@crayon.com or by mail to the address listed above.

For urgent security or data protection matters, please contact our 24/7 Hotline: +47 22 89 1001

2. What information does Crayon Group collect?

Most of the Personal Data we process is provided to us for one of the following reasons:

Websites or Events:

We may collect Personal Data that you choose to send to us or provide to us such as your name, role/title, address, work e-mail address, or work phone number, for example, on our online forms, If you contact us through the Websites, we will keep a record of our correspondence.  

Services: 

Typically, the types of Personal Data we may collect directly from our customers and their users to provide our Services include, but are not limited to: Names, role/title, usernames, IT user accounts, User license subscriptions, location data (IP-address) work e-mail address and work phone.

3. How does Crayon Group use the information?

Websites or Events:

We will use the information we collect via our Websites or Events:

  • For website analytics, trend monitoring and marketing;
  • Managing a job application, connection with any job applications that you may make to us;
  • To improve the content and general administration of the website and our services.

Services:

We may use the information we collect from our customers and their users in connection with the Services we provide for a range of reasons, including to:

  • To set up a user account;
  • Provide, operate and maintain the Services;
  • Process and complete transactions, and send related information, including transaction confirmations and invoices;
  • Manage our customers use of the Services, respond to enquiries and comments and provide customer service and support;
  • Send customers technical alerts, updates, security notifications, and administrative communications;
  • For any other purposes about which we notify customers and users;
  • We use your Personal Data in this context based on the processing agreement that we have in place with you. Personal Data will be deleted or returned as defined in processing agreement.

And other processing necessary in connection with our legitimate interest to send you relevant information about our products and services.

4. How does Crayon Group share and disclose information?

The confidentiality and integrity of data stored on our IT systems are protected by controls to ensure only authorized employees have access to those capabilities required for their duties. All employees have signed a confidentiality and privacy agreement. 

Crayon Group Companies:

We may distribute your Personal Data to any member of Crayon Group, i.e. any of our subsidiaries, if it is necessary and reasonable for the purposes set out in this Privacy Notice. We have Binding Corporate Rules in place to ensure all the same consistent level of protection. 

Vendors, Consultants and Other Service Providers:

We may share your information with third party vendors, consultants and other service providers who we employ to perform tasks on our behalf, and require access to your information to carry out that work, such as provide customer support, etc. These service providers are authorized to use your Personal Data only as necessary to provide services.

Disclosures for National Security or Law Enforcement:

Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

5. How does Crayon Group secure your personal data?

Crayon protects your Personal Data and has internal Information Security rules, processes and controls in place to protect your Personal Data. Our Information Security is based on a thorough evaluation of the risks involved taking into consideration the categories of Personal Data and the types of Data Processing in question. 

Location of your Personal Data:

Crayon Group operates in over 20 countries within and outside the European Union (EU) and European Economic Area (EEA). As a result, your personal data may be subject to international transfers. 

Despite the limitations of the geographical scope of the General Data Protection Regulation (GDPR), we apply the same standards and principles governing data protection to every employee, contractor, consultant and agency staff employee working for any of our subsidiaries worldwide. 

To ensure a consistent high level of protection, we have put in place our corporate binding rules. To request a copy of our corporate binding rules, please contact our DPO on the Contact Details listed on the top of this page.

Access to your Personal Data:

The confidentiality and integrity of data stored on our IT systems are protected by controls to ensure only authorized employees have access to those capabilities required for their duties. All employees have signed a confidentiality agreement. 

We may distribute your Personal Data to any member of Crayon Group, i.e. any of our subsidiaries, if it is necessary and reasonable for the purposes set out in this Privacy Notice. We have Binding Corporate Rules in place to ensure all the same consistent level of protection. To request a copy of our corporate binding rules, please contact our DPO on the Contact Details listed here.

We do not disclose your personal data to any third parties, public or private without your prior consent, unless we are obligated to by EU or national law, or it is necessary to protect the vital interests of you or any other natural person that we process personal data concerning.

Protection of our Personal Data:

Crayon protects your Personal Data and has internal Information Security rules, process and controls in place to protect your Personal Data. Our Information Security is based on a thorough evaluation of the risks involved taking into consideration the categories of Personal Data and the types of Data Processing in question. 

We have put in place technical and organizational security measures to ensure that protect your Personal Data against unauthorized or unlawful processing and against accidental loss, destruction or damage.

Additionally, we ensure that only authorized persons gain access to your Personal Data. To prevent data loss, we continuously back up all data.

In the event of a data breach, we will notify the relevant supervisory authorities. If the data breach entails any risk for you, we will notify you immediately.

Our Data Retention Policy:

Your personal data is stored only for as long as it is necessary for to fulfil the purpose for which the personal data was obtained.

In cases where it is not possible for us to specify in advance the specific data retention periods, we will determine the period of retention based on an individual evaluation of the necessity and relevance for the purposes specified in Section 3.

If you wish to have your personal data erased, please refer to section 6 below on your right to erasure.

Legal Obligations:

Notwithstanding the other provisions of this Section 5, we may retain your personal data where such it is necessary for compliance with a legal obligation, or in order to protect your vital interests or the vital interests of another natural person.

6. What are your Data subject rights under the GDPR?

In the interest of full disclosure and transparency we have summarized your rights under GDPR Chapter 3 in this section. However, some these rights are complex, and you are therefore encouraged to read the relevant laws and/or guidance from your local supervisory authority.

The Right of Access:

You have the right to know whether we process your personal data. If we do, you have also the right to access this personal data, providing the rights and freedoms of others are not affected.

The Right to Rectification:

Should any of your Personal Data prove to be inaccurate or incomplete, you have the right to have this corrected/rectified.

The Right to Erasure:

The right to erasure is also known as the “right to be forgotten”. If any of the conditions in Article 17 apply, you have the right to have your Personal Data deleted from our records.

Please be aware that there can be certain exceptions to the right to erasure, such as exercising the right of freedom of expression and information, for compliance with a legal obligation, or for the establishment, exercise or defense of legal claims.

The Right to Restrict of Processing:

In some circumstances you have the right to restrict the processing of your personal data, for example if: 

  • You contest the accuracy of the personal data; 
  • We no longer need the Personal Data for the purposes of our processing, but you require Personal Data for the establishment, exercise or defense of legal claims; and
  • You have objected to processing, pending the verification of that objection; 
  • This list is not exhaustive, and we would like to refer you to Article 18 of the GDPR for the full list.

The Right to be Notified:

As a general rule, you have a right to be notified of:

  • Rectification of your personal data;
  • Erasure or your personal data;
  • Restriction of processing of your personal data.

The Right to Data Portability:

You have the right to receive your Personal Data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

The Right to Object:

You have the right to object to our processing of your Personal Data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for

  • The performance of a task carried out in the public interest or;
  • In the exercise of any official authority vested in us or;
  • The purposes of the legitimate interests pursued by us or by a third party.

If you object to us processing your Personal Data we will cease to process the data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims. You have the right to object to our processing of your Personal Data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your Personal Data for this purpose

7. How Can I Exercise My Data Subject Rights?

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.

Your Subject Access Rights (SAR):

If you would like to access, review, update, rectify, and delete any Personal Data we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR),  by submitting a "Subject Access Rights”(SAR). Also this can be done by forwarding a request in writing to our Data Protection Officer with a clear description of the information you seek. Our ISPD Team will examine your request and respond to you as quickly as possible.

Your Marketing Communications (Opt-Out):

You can opt-out of receiving certain promotional or marketing communications from us at any time, by using the unsubscribe link in the emails communications we send or simply send us a short email to: Opt-Out@Crayon.com.

If you have any account for our Services, we will still send you non-promotional communications, like service related emails.

Your Cookies:

You can accept or reject cookies through our Privacy Preference Centre, accessible by clicking the “cookie settings” button in our Cookie Notice. You can also do so by adjusting your web browser controls. Please consult our Cookie Notice for more information about our use of cookies and how to accept and reject them.

Your Right to Lodge a Complaint with a Supervisory Authority:

We take a service-oriented approach to facilitating your rights. However, should you experience that we have sufficiently answered your request, or that our processing of your Personal Data infringes data protection laws, please do not hesitate to submit a complaint to our DPO.

Submitting a complaint to our DPO does not prevent you from submitting a complaint to the relevant supervisory authority in parallel. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

8. Children

Our website and services are not intended for children under the age of 16. If you are under 16, please ask your parent or guardian before using our website or services.

9. Linked Websites

This website may from time to time contain links to and from external websites, as well as our partner and/or affiliate websites, that are outside our control and not covered by this Privacy Notice. We encourage you to review the privacy statements posted on those websites (and all websites) you visit. We recommend that you check the wording of the relevant privacy notices before you submit any Personal Data to those websites.

10. Changes to the Privacy Notice

We may amend this Privacy Notice to reflect changes in the law, our companies, our Services, our data collection use and practices, or advances in technology. Our use of the information we collect is subject to the Privacy Notice in effect at the time such information is used. Depending on the type of change, we may notify you of the change by posting on this page. Please carefully review any changes made to this Privacy Notice.

Last Revised: February 20, 2019