At portal.archeo.noarcheo.no we use the following cookies:
- Cookie used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
Two cookies used by Microsofts Application Insights software. This is used to collect statistical usage and telemetry information for Archeo. This cookie uniquely identifies you as a user, but it is used only for statistical purposes.A cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
- Two cookies is associated with the Microsoft Application Insights software, which collects statictical usage and telemetry information for apps built on the Azure cloud platform. This is a unique user identifier cookie enabling counting of the number of users accessing the application over time.
A cookie is is used for authentication and isset is associated with .NET Core Identity. It is used to handle identity management in the application
WordPress (Archeo product website)
A cookie set by the publication solution to manage data about current user session and how content is presented.
- Google Analytics
To provide us with information and statistics about how the site is used, a cookie by Google analytics is set.
- Google Tag Manager
To help us distributing various snippets on the site, i.e. Google Analytics.
The HubSpot cookie is used to register information about the use of the site in the same way as Google Analytics. If you register at the site, we can more easily provide you with relevant information at later site visits by the use of the Hub Spot cookie.
Version 1.0: first version published 2018.06.13
Processing of Personal Data by Communicate Norge AS (hereinafter “Communicate”)
When you use Archeo website and/or contact us by requesting our newsletter, Communicate will process Personal Data about you. Below you will find information about the Personal Data collected, why we collect this data and your rights related to the processing of Personal Data.
The Data Controller for the Personal Data we process is Communicate Norge AS c/o the General Manager/CEO. The contact information for Communicate is:
Address: Torget 5, 1767 Halden, Norway
Phone: +47 90 21 18 00
Company Registration No.: 980 719 766
For any questions you may have regarding our processing of your Personal Data, please contact us by e-mail: email@example.com switchboard: +47 90 21 18 00.
Why do we collect Personal Data and what data we collect
We collect and use your Personal Data for different purposes, depending on who you are and how we come into contact with you. We collect the following Personal Data for the purposes stated below:
- Authorisation to subscribe to, and use Archeo. This includes data required to guarantee monthly payments according to subscription plan.
- Answer any inquiries we may receive. Name, phone number, e-mail address and any Personal Data that may result from the inquiry. The processing of Personal Data is based on a weighing of interest. We have found that this is often necessary for us in order to assist you with what your inquiry.
- Distribution of marketing material, newsletters and to provide information about our business: E-mail address. The processing takes place on the basis of an agreement with you.
Disclosure of Personal Data to others
We do not disclose your Personal Data to others unless there is a legal basis for such disclosure. Examples of such a basis will typically be an agreement with you or any legal basis that instructs us to disclose such information.
Communicate uses Data Processors to collect, store or otherwise process Personal Data on our behalf. In such cases, we have entered into agreements to ensure information security at all stages of the processing. Presently, we use the following Data Processors:
- Microsoft Azure for infrastructure services
- HubSpot for CRM
- Stripe for online payments
All our processing of Personal Data takes place within the EU/EEA area.
We store your Personal Data for as long as necessary for the purpose for which the Personal Data was collected.
This means, for example, that Personal Data we process on the basis of your consent will be deleted if you withdraw your consent. Personal Data we process to fulfil an agreement with you will be deleted when the agreement is fulfilled and all obligations arising from the agreement are fulfilled.
Your rights when we process Personal Data about you
- You have the right to demand access, rectification or deletion of Personal Data we are processing about you. You also have the right to demand restriction of processing, to object to the processing and to demand the right to data portability. You can read more about the content of these rights on the Norwegian Data Protection Authority’s website: datatilsynet.no.
- To use your rights, you must, send an email to privacy@communicate and state your demand i.e. get insight to what Personal Data is stored. We will respond to your inquiry as soon as possible and no later than 30 days.
- We will ask you to confirm your identity or provide additional information before we allow you to exercise your right. We do so to ensure that we only provide access to your Personal Data to you – and not to someone who pretends to be you.
You may withdraw your consent for processing Personal Data at any time. The easiest way to do so is to cancel any subscription or “unfollow” our our newsfeed or unsubscribe to newsletters depeding on what withdrawal is desired.
If you believe that our processing of Personal Data does not match what we have described here or we otherwise violate any data protection regulations, you may lodge a complaint to the Norwegian Data Protection Authority.
For information on how to contact the Norwegian Data Protection Authority, visit the Norwegian Data Protection Authority’s website: www.datatilsynet.no.
If there is a change in our services or changes to the regulations on processing of Personal Data, this may also change the information you are provided here. If we have your contact information, we will notify you of these changes. Otherwise, updated information will always be available on our website.
Version 1.0: first version published 2018.06.07
Data Processing Agreement
This data processing agreement (the “Agreement”) is entered into between:
- Communicate Norge AS, a Norwegian limited company/company with registration number 980 719 766 (“Data Processor“); and
- The Data Processor Processes Personal Data on behalf of the Data Controller.
- This Agreement governs the Processing of Personal Data that the Data Processor performs on behalf of the Data Controller. The Data Processor shall process Personal Data only in accordance with the listed and agreed specified purposes under this Agreement.
- The Norwegian Personal Data Act with Regulations, and EU Regulation 2016/679, contains requirements for the governing of the relationship between the Data Processor and the Data Controller, and for the security and organizational measures that must be implemented to ensure lawful and secure processing of Personal Data. This Agreement has therefore been entered into to ensure that Personal Data is processed only in accordance with applicable laws and regulations, and only upon instructions from the Data Controller.
GDPR (General Data Protection Regulation) means EU Regulation 2016/679.
Personal Data means any information relating to an identified or identifiable natural person, cf. Article 4 (1) of the GDPR.
Data Subject(s) means any information relating to an identified or identifiable natural person of whom the Data Controller has Personal Data, cf. Article 4 (1) of the GDPR.
Processing means any operation or set of operations which is performed on Personal Data, cf. Article 4 (2) of the GDPR.
Data Controller means the natural or legal person under this Agreement, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data, cf. Article 4 (7) of the GDPR.
Data Processor means Communicate Norge AS, the legal entity that Processes Personal Data on behalf of the Data Controller, cf. Article 4 (8) of the GDPR.
Third Country means countries outside the EU/EEA which are not considered to ensure adequate level of protection for the Processing of Personal Data.
2. Processing of Personal Data
2.1 Personal data to be processed
The Data Processor delivers a message tracking solution to the Data Controller], and will Process Personal Data on behalf of the Data Controller in this regard. The categories of Personal Data to be Processed pursuant to this Agreement are specified in Appendix 1 to this Agreement.
2.2 Purpose of the Processing of Personal Data
The purpose of the Data Processor’s Processing of Personal Data pursuant to this Agreement is:
- Message tracking (searching) functionality for all types of message content.
3. Data Controller’s obligations
The Data Controller confirms that:
- There is adequate basis for the Processing of Personal Data;
- The Data Controller is entitled to and responsible for the legality of the transfer of Personal Data to the Data Processor;
- The Data Controller is responsible for the accuracy, integrity, content, reliability and legality of the Personal Data being Processed; and
- The Data Controller has notified the Data Subjects in accordance with the current statutory requirements.
The Data Controller shall ensure that Personal Data is processed in accordance with the GDPR, respond to the Data Subjects’ inquiries and ensure that adequate technical and organizational measures are taken to secure the Personal Data Processed, cf. Article 32 of the GDPR.
The Data Controller is obliged to report nonconformity to the relevant supervisory authorities and, if applicable, to the Data Subject without undue delay in accordance with applicable legislation.
4. Data Processor’s obligations
4.1 Basic obligations
Data Processor shall only process Personal Data upon, and in accordance with, instructions from the Data Controller and in accordance with the GDPR. The Data Processor shall not use Personal Data in messages for its own purposes.
The Data Processor shall not process Personal Data without prior written agreement with the Data Controller or written instructions from the Data Controller beyond what is necessary for the purposes specified in this Agreement.
The Data Processor shall assist the Data Controller in ensuring and documenting that the Data Controller complies with the obligations under applicable law on the Processing of Personal Data.
The Data Processor shall notify the Data Controller if the Data Processor believes it receives instructions from the Data Controller that violates the GDPR.
4.2 Data security
The Data Processor shall ensure, through planned, systematic, organizational and technical measures, adequate data security in relation to confidentiality, integrity and availability in the Processing of Personal Data in accordance with Article 32 of the GDPR.
4.3 Assistance to Data Controller
Data Processor shall provide assistance in such a way that the Data Controller can safeguard its own liability according to law and regulation, including assisting the Data Controller in:
- The Data Processor shall implement technical and organizational measures to assist the Data Controller in responding to inquiries regarding the exercise of the Data Subjects’ rights.
- Observing duty of notification to supervisory authorities and Data Subjects as a result of non-conformity,
- Performing assessment of data privacy implications (“DPIA, Data Privacy Impact Assessments”),
- Performing preceding discussions with supervisory authorities when an assessment of data privacy implications makes it necessary,
- Notifying the Data Controller if the Data Processor believes that a Data Controller’s instruction is in violation of applicable data privacy regulations.
Such assistance as mentioned above shall be carried out to the extent required by the Data Controller’s needs, the nature of the Processing and the information available to the Data Processor.
All assistance to the Data Controller provided by the Data Processor, as described in this clause 4 and elsewhere in this Agreement, shall be compensated by the Data Controller in accordance with the Data Processor’s at all times applicable hourly rates and payment terms.
4.4 Procedures and notification at security breaches
The Data Processor shall without undue delay notify the Data Controller of any violation of this Agreement or accidental, unlawful or unauthorized access, use or disclosure of Personal Data, or that Personal Data may have been compromised or that the integrity of the Personal Data may have been violated.
The Data Processor shall provide the Data Controller with all necessary information to enable the Data Controller to comply with applicable law regarding the processing of Personal Data and enable the Data Controller to answer inquiries from data protection authorities. The Data Controller shall report nonconformities to the Data Protection Authority in accordance with applicable legislation.
The Data Processor has confidentiality in relation to Personal Data. The Data Processor shall ensure that anyone performing work for the Data Processor, either employees or hired staff, who have access to or are involved in the Processing of Personal Data under the Agreement (i) are subject to confidentiality and (ii) are notified of and comply with the obligations under this Agreement. Confidentiality also applies after the Agreement has been terminated.
4.6 Annual security audits
The Data Controller acknowledges that the Data Controller’s right to conduct audits under GDPR is fulfilled through the fact that the Data Processor ensures that an independent third party, appointed by the Data Processor, performs a systemic audit of the system on a regular basis. The main results of the audit are made available to the Data Controller on request for a fee decided by the Data Processor.
4.7 Processing of Personal Data for testing purposes
The Data Processor shall only Process Personal Data for testing purposes, including transfer to a Third Country, if the Data Controller has given its explicit and written pre-approval to such Processing in advance.
If the Data Controller has given such pre-approval, the Data Processor, shall ensure the Personal Data being processed during the testing are adequate, relevant and limited to what is necessary for the purposes they are being processed for (“data minimization”). In this context the Data Processor shall on an on-going basis assess measures such as pseudonymization and/or anonymization and/or other measures strengthening the level of data protection and privacy.
In addition, any use of subcontractors that is related to testing which may involve Processing of Personal Data, shall be in compliance with the provisions in the Agreement related to use of Subcontractors.
5. Use of Subcontractors
The Data Controller approves the Subcontractors as set out in Appendix 1. The Data Processor shall also be entitled to engage subcontractors acting as sub-processors under the condition that such subcontractors are bound by a written contract which states that it must adhere to the similar data protection, privacy and audit obligations as the Data Processor under this Agreement.
5.2 Agreement with Subcontractors
The Data Processor shall ensure that Subcontractors do not Process Personal Data covered by the Agreement in any way other than what is necessary to provide the service, and that the Personal Data is not left to others for Processing without this being in accordance with the Agreement or agreed in advance in writing with the Data Processor.
The Data Processor shall ensure that any agreement with a Subcontractor contains the necessary provisions regarding the Processing of Personal Data in accordance with Article 28 of the GDPR. The Data Processor is responsible for the Subcontractor Processing Personal Data in accordance with the requirements of the GDPR.
5.3 Change of Subcontractor
If the Data Processor plans to replace or use a new subcontractor, the Data Processor shall notify the Data Controller in writing two (2) months before the new subcontractor begins Processing Personal Data, and the Data Controller may within one (1) month oppose the change. In the event the Data Processor is unable to remove the subcontractor according to the Data Controller´s request, the Data Processor and the Data Controller are entitled to terminate the Agreement and the other terms and conditions between the Parties related to the Agreement with one (1) month written notice. The possibility to raise compensation claims on this basis against the other Party are hereby explicitly excluded.
5.4 Subcontractors outside the EU/EEA
If the Data Processor is to enter into an agreement with Subcontractors in countries outside the EU/EEA, this should only be done according to E.U. – U.S. Privacy Shield, EU’s model agreements for transfer of personal data to third countries or other applicable basis for transfer to third countries in accordance with Chapter 5 of the GDPR. The same applies even if Personal Data is kept or stored in the EU/EEA, when personnel with access to the data are located outside the EU/EEA.
If the Data Controller approves such transfer, the Data Processor shall cooperate with the Data Controller to ensure the legality of the transfers.
6. Liability, limitation of liability
This Agreement shall apply from the date it has been signed by both parties until the Processing ends.
Upon expiration or termination of this Agreement, the Data Controller hereby instructs the Data Processor to delete the Personal Data within 30 calendar days after the last day of the subscription period.
The Data Processor is not entitled to retain a copy of Personal Data or other data provided by the Data Controller in connection with the Agreement in any format, and any physical and logical access to such Personal Data or Data shall be deleted.
The Parties shall revise this Agreement in the event of relevant changes to applicable laws.
8. Choice of law and legal venue
This Agreement shall be subject to and interpreted in accordance with Norwegian law. Legal venue shall be Oslo District Court.
Appendix 1: Overview of Personal Data being Processed, Categories of Data Subjects and Subcontractors.
10. Change log
Version 1.0: first version published 2018.06.07
- Overview of Personal Data being Processed, Categories of Data Subjects and Subcontractors
|Categories of personal data to be processed||Categories of Data Subjects||Subcontractors|
Whichever personal data is in the messages the user of this solution chooses to track, typically:
· Contact details,
· Payment card details, credit ratings,
· Purchase history
|Customers, Partners, and
Employees of the Controller
|Microsoft Azure for all data processing and storage.|
Information about us:
The use of the Service is offered to you by Communicate Norge AS (organization number 980 719 766, Torget 5, 1767 Halden, Norway (hereinafter “Communicate”, “we”, “us”, or “our”).
Information about the Service
The Terms concerns the ongoing provision of the Service via the Internet (“as-a-service” deliverables). The Service and the Site are owned by Communicate. Communicate may subcontract hosting, business continuity and back up of data.
Accessing the Service
Any Archeo subscription is established from the Site. Once a subscription is established, further access takes place via the user portal at portal.archeo.no or portal.archeo.io or any published API].
Individuals within your organisation who have been authorised to use the Service (“Authorised Users”) will either use third party identify providers such as Google and Microsoft or be provided with user credentials from the Site. Access to the Service is restricted to Authorised Users only.
If you have been given access to any part of the Service by mistake, if you know or suspect that anyone other than you has your user credential, or if you become aware of a breach of confidentiality or any unauthorised use of the Service, you must promptly notify us by email at firstname.lastname@example.org or by phone on +47 90 21 18 00. If you notify us by phone, please ask for Customer Support.
You are responsible for making all arrangements necessary for you to have access to the Service. Access to the Service is permitted on a temporary basis, and we reserve the right to withdraw or amend the service we provide on the Service at any time without notice. We will not be liable if for any reason the Service is unavailable at any time or for any period.
Fees and invoicing
Fees for the Software are according to the Archeo price lists, as published online, in the Software or otherwise made available from Communicate.
Unless explicitly stated otherwise in the price list or agreed in writing, all Fees are due in advance of each month of subscription and are non-refundable. There is no refund for unused messages, storage, users, or remaining days in Subscription Periods, unless the subscription plan is upgraded during the period.
Published fees are exclusive of all taxes, levies and duties. Communicate will add the value added tax (VAT) to the invoice for Norwegian and international customers according to applicable Norwegian legislation.
Annual price changes are effective from January 1st each year, unless explicitly stated otherwise in the price list or agreed in writing.
In addition, Communicate reserves the right to change the Fees, including the fee-model, on 2 months’ notice.
Prices expressed in USD are converted on basis of the official exchange rate at the date the subscription is established and at the official exchange rate the invoice data for succeeding subscription periods.
In case of fluctuations in the exchange rate, Communicate reserves the right to change the customer fees without further notice.
In the event of non-payment or late payment of the Fees by the Customer, Communicate reserves the right to suspend the Customer’s access to the Archeo or restrict the Customer’s access to read-only and charge penalty interest up to the maximum rate permitted by law. Unpaid invoices will be sent to collection. If the situation is not resolved within a reasonable time, Communicate reserves the right to terminate the Customer’s right of use to the Archeo.
Ongoing consideration will fall due for payment thirty (30) calendar days after the invoice date.
You must comply with all applicable laws and regulatory requirements relating to your use of the Service. You must also comply with all reasonable instructions we give you relating to the Service. You may only access and use the Service solely for your internal business purposes. You must not use the Service to advertise or sell any goods or services to any other users of the Service.
When using the Services, you agree of not doing none of the following:
- Store or gather information that are personally identifiable from other users of the Service without their explicit permission;
- Access, manipulate or use non-public areas of the Site, Communicate’s computer systems or the systems of Communicate’s providers.
- Try to explorate, scan or attempt to test the vulnerability of Communicate network, or system or try to break any security or authentication.
- Bypass any technological measure implementation by Communicate to protect the Service, this includes implementations by Communicate’s providers and other third-party suppliers.
- Try to search or access the Service using any software or tools this including robots, spiders etc. other than tools provided by Archeo or third-party web browsers like Crome, Microsoft Internet Explorer or the like.
- Obstruct or try to interfere with the access of any user, network or host. This includes sending virus, overloading, flooding, spamming, or mail-bombing the Site
- Impersonate, or knowingly allow or enable another person to impersonate, any person or entity or misrepresent your identity or affiliation with any person or entity.
- Violate any applicable law or regulation.
Any Service can be cancelled on one (1) month notice by both parties.
You may cancel the Service by informing us via the Site. You acknowledge that there will be no refunds for partial months of service if you cancel the Service.
Intellectual property rights
The Terms will not change the copyright, right of disposal or property rights held by the parties prior to the Terms, and which they retain during the performance of the Service.
No intellectual property rights are transferred from Communicate to you. You do not have exclusive access to the Service. Communicate grants you a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the Service subject to the restrictions set forth in these Terms.
You will retain the right of ownership of all data that is entrusted to Communicate for processing. The same will apply to the output from the Communicate’s processing of such data if applicable.
Communicate has a right to use traffic pattern and other metadata (“Metadata”) on an aggregated level in order to improve the Service.
Metadata is data which is generated by use of Archeo, either by an individual user or from general use of the system. As a cloud application, Archeo will have Metadata from interacting with your web browser, transmitting data via the internet, etc.
We have no intention of and will seek not to process personal data as part of Metadata.
Metadata is used for the following purposes:
- Software and user experience improvement
- Displaying relevant information
- Security related purposes
- Development and testing
Communicate will take appropriate measures to address the information security requirements associated with the performance of the Service.
This entails that Communicate will take appropriate measures to ensure the confidentiality of the Customer’s data, as well as measures to ensure that data does not fall into the hands of unauthorised persons. Furthermore, Communicate will take appropriate measures to protect against the unintended modification and deletion of data, and against virus and other malware attacks.
You must not misuse the Service by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to the Service, the server on which the Service is stored, or any server, computer or database connected to the Service. You must not attack the Service via a denial-of-service attack or a distributed denial-of service attack.
We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of the Service or to your downloading of any material posted on it, or on any webservice linked to it.
Confidential information of which the parties become aware in connection with Service and the implementation of the Service must be kept confidential and may not be disclosed to any third party without the consent of the other party.
The Service may contain links, or other features that provide you with access, to other websites,resources and/or services provided by third parties. We have no control over the contents of those websites,resources and/or services, and accept no responsibility for them or for any loss or damage that may arise from your use of them. You acknowledge sole responsibility for and assume all risk arising from your use of any third-party website, resources and/or services.
Nothing in these Terms will limit our liability for death or personal injury arising from our negligence, fraudulent misrepresentation or any other liability which cannot be excluded under applicable law. Subject to the preceding paragraph, to the maximum extent permitted by applicable law:
- all warranties, conditions and other terms implied by statute or common law are excluded from these Terms; and
- we will not be liable for any loss or damage of any kind, whether in tort (including negligence), contract or otherwise, even if foreseeable, arising out of or in connection with these Terms.
In no event will Communicate’s aggregate liability arising out of or in connection with the Terms exceed 1 months’ fees if you are registered for a paid subscription, and NOK 0 if you are registered for a free subscription, as applicable.
In the event of the loss or destruction of data that is due to circumstances related to you, you shall cover the documented additional costs of Communicate resulting from such circumstances.
Communicate shall not be liable to you or any third-party for any termination of your access to the Service. You agree not to attempt to use the Service after any such termination. In the event Communicate terminates these Terms for your breach, you will remain liable for all amounts due hereunder.
These Terms will be governed by, and construed in accordance with, the laws of Norway and each party hereby submits to the exclusive jurisdiction of the courts of Norway. Oslo City Court is agreed as the venue for disputes in the first instance.
Version 1.0: first version published 2018.12.20