A cookie is is used for authentication and isset is associated with .NET Core Identity. It is used to handle identity management in the application
A cookie set by the publication solution to manage data about current user session and how content is presented.
The HubSpot cookie is used to register information about the use of the site in the same way as Google Analytics. If you register at the site, we can more easily provide you with relevant information at later site visits by the use of the Hub Spot cookie.
Version 1.0: first version published 2018.06.13
Processing of Personal Data by Communicate Norge AS (hereinafter “Communicate”)
When you use Archeo website and/or contact us by requesting our newsletter, Communicate will process Personal Data about you. Below you will find information about the Personal Data collected, why we collect this data and your rights related to the processing of Personal Data.
The Data Controller for the Personal Data we process is Communicate Norge AS c/o the General Manager/CEO. The contact information for Communicate is:
Address: Torget 5, 1767 Halden, Norway
Phone: +47 90 21 18 00
Company Registration No.: 980 719 766
For any questions you may have regarding our processing of your Personal Data, please contact us by e-mail: firstname.lastname@example.org switchboard: +47 90 21 18 00.
We collect and use your Personal Data for different purposes, depending on who you are and how we come into contact with you. We collect the following Personal Data for the purposes stated below:
We do not disclose your Personal Data to others unless there is a legal basis for such disclosure. Examples of such a basis will typically be an agreement with you or any legal basis that instructs us to disclose such information.
Communicate uses Data Processors to collect, store or otherwise process Personal Data on our behalf. In such cases, we have entered into agreements to ensure information security at all stages of the processing. Presently, we use the following Data Processors:
All our processing of Personal Data takes place within the EU/EEA area.
We store your Personal Data for as long as necessary for the purpose for which the Personal Data was collected.
This means, for example, that Personal Data we process on the basis of your consent will be deleted if you withdraw your consent. Personal Data we process to fulfil an agreement with you will be deleted when the agreement is fulfilled and all obligations arising from the agreement are fulfilled.
You may withdraw your consent for processing Personal Data at any time. The easiest way to do so is to cancel any subscription or “unfollow” our our newsfeed or unsubscribe to newsletters depeding on what withdrawal is desired.
If you believe that our processing of Personal Data does not match what we have described here or we otherwise violate any data protection regulations, you may lodge a complaint to the Norwegian Data Protection Authority.
For information on how to contact the Norwegian Data Protection Authority, visit the Norwegian Data Protection Authority’s website: www.datatilsynet.no.
If there is a change in our services or changes to the regulations on processing of Personal Data, this may also change the information you are provided here. If we have your contact information, we will notify you of these changes. Otherwise, updated information will always be available on our website.
Version 1.0: first version published 2018.06.07
This data processing agreement (the “Agreement”) is entered into between:
GDPR (General Data Protection Regulation) means EU Regulation 2016/679.
Personal Data means any information relating to an identified or identifiable natural person, cf. Article 4 (1) of the GDPR.
Data Subject(s) means any information relating to an identified or identifiable natural person of whom the Data Controller has Personal Data, cf. Article 4 (1) of the GDPR.
Processing means any operation or set of operations which is performed on Personal Data, cf. Article 4 (2) of the GDPR.
Data Controller means the natural or legal person under this Agreement, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data, cf. Article 4 (7) of the GDPR.
Data Processor means Communicate Norge AS, the legal entity that Processes Personal Data on behalf of the Data Controller, cf. Article 4 (8) of the GDPR.
Third Country means countries outside the EU/EEA which are not considered to ensure adequate level of protection for the Processing of Personal Data.
The Data Processor delivers a message tracking solution to the Data Controller], and will Process Personal Data on behalf of the Data Controller in this regard. The categories of Personal Data to be Processed pursuant to this Agreement are specified in Appendix 1 to this Agreement.
The purpose of the Data Processor’s Processing of Personal Data pursuant to this Agreement is:
The Data Controller confirms that:
The Data Controller shall ensure that Personal Data is processed in accordance with the GDPR, respond to the Data Subjects’ inquiries and ensure that adequate technical and organizational measures are taken to secure the Personal Data Processed, cf. Article 32 of the GDPR.
The Data Controller is obliged to report nonconformity to the relevant supervisory authorities and, if applicable, to the Data Subject without undue delay in accordance with applicable legislation.
Data Processor shall only process Personal Data upon, and in accordance with, instructions from the Data Controller and in accordance with the GDPR. The Data Processor shall not use Personal Data in messages for its own purposes.
The Data Processor shall not process Personal Data without prior written agreement with the Data Controller or written instructions from the Data Controller beyond what is necessary for the purposes specified in this Agreement.
The Data Processor shall assist the Data Controller in ensuring and documenting that the Data Controller complies with the obligations under applicable law on the Processing of Personal Data.
The Data Processor shall notify the Data Controller if the Data Processor believes it receives instructions from the Data Controller that violates the GDPR.
The Data Processor shall ensure, through planned, systematic, organizational and technical measures, adequate data security in relation to confidentiality, integrity and availability in the Processing of Personal Data in accordance with Article 32 of the GDPR.
Data Processor shall provide assistance in such a way that the Data Controller can safeguard its own liability according to law and regulation, including assisting the Data Controller in:
Such assistance as mentioned above shall be carried out to the extent required by the Data Controller’s needs, the nature of the Processing and the information available to the Data Processor.
All assistance to the Data Controller provided by the Data Processor, as described in this clause 4 and elsewhere in this Agreement, shall be compensated by the Data Controller in accordance with the Data Processor’s at all times applicable hourly rates and payment terms.
The Data Processor shall without undue delay notify the Data Controller of any violation of this Agreement or accidental, unlawful or unauthorized access, use or disclosure of Personal Data, or that Personal Data may have been compromised or that the integrity of the Personal Data may have been violated.
The Data Processor shall provide the Data Controller with all necessary information to enable the Data Controller to comply with applicable law regarding the processing of Personal Data and enable the Data Controller to answer inquiries from data protection authorities. The Data Controller shall report nonconformities to the Data Protection Authority in accordance with applicable legislation.
The Data Processor has confidentiality in relation to Personal Data. The Data Processor shall ensure that anyone performing work for the Data Processor, either employees or hired staff, who have access to or are involved in the Processing of Personal Data under the Agreement (i) are subject to confidentiality and (ii) are notified of and comply with the obligations under this Agreement. Confidentiality also applies after the Agreement has been terminated.
The Data Controller acknowledges that the Data Controller’s right to conduct audits under GDPR is fulfilled through the fact that the Data Processor ensures that an independent third party, appointed by the Data Processor, performs a systemic audit of the system on a regular basis. The main results of the audit are made available to the Data Controller on request for a fee decided by the Data Processor.
The Data Processor shall only Process Personal Data for testing purposes, including transfer to a Third Country, if the Data Controller has given its explicit and written pre-approval to such Processing in advance.
If the Data Controller has given such pre-approval, the Data Processor, shall ensure the Personal Data being processed during the testing are adequate, relevant and limited to what is necessary for the purposes they are being processed for (“data minimization”). In this context the Data Processor shall on an on-going basis assess measures such as pseudonymization and/or anonymization and/or other measures strengthening the level of data protection and privacy.
In addition, any use of subcontractors that is related to testing which may involve Processing of Personal Data, shall be in compliance with the provisions in the Agreement related to use of Subcontractors.
The Data Controller approves the Subcontractors as set out in Appendix 1. The Data Processor shall also be entitled to engage subcontractors acting as sub-processors under the condition that such subcontractors are bound by a written contract which states that it must adhere to the similar data protection, privacy and audit obligations as the Data Processor under this Agreement.
The Data Processor shall ensure that Subcontractors do not Process Personal Data covered by the Agreement in any way other than what is necessary to provide the service, and that the Personal Data is not left to others for Processing without this being in accordance with the Agreement or agreed in advance in writing with the Data Processor.
The Data Processor shall ensure that any agreement with a Subcontractor contains the necessary provisions regarding the Processing of Personal Data in accordance with Article 28 of the GDPR. The Data Processor is responsible for the Subcontractor Processing Personal Data in accordance with the requirements of the GDPR.
If the Data Processor plans to replace or use a new subcontractor, the Data Processor shall notify the Data Controller in writing two (2) months before the new subcontractor begins Processing Personal Data, and the Data Controller may within one (1) month oppose the change. In the event the Data Processor is unable to remove the subcontractor according to the Data Controller´s request, the Data Processor and the Data Controller are entitled to terminate the Agreement and the other terms and conditions between the Parties related to the Agreement with one (1) month written notice. The possibility to raise compensation claims on this basis against the other Party are hereby explicitly excluded.
If the Data Processor is to enter into an agreement with Subcontractors in countries outside the EU/EEA, this should only be done according to E.U. – U.S. Privacy Shield, EU’s model agreements for transfer of personal data to third countries or other applicable basis for transfer to third countries in accordance with Chapter 5 of the GDPR. The same applies even if Personal Data is kept or stored in the EU/EEA, when personnel with access to the data are located outside the EU/EEA.
If the Data Controller approves such transfer, the Data Processor shall cooperate with the Data Controller to ensure the legality of the transfers.
This Agreement shall apply from the date it has been signed by both parties until the Processing ends.
Upon expiration or termination of this Agreement, the Data Controller hereby instructs the Data Processor to delete the Personal Data within 30 calendar days after the last day of the subscription period.
The Data Processor is not entitled to retain a copy of Personal Data or other data provided by the Data Controller in connection with the Agreement in any format, and any physical and logical access to such Personal Data or Data shall be deleted.
The Parties shall revise this Agreement in the event of relevant changes to applicable laws.
This Agreement shall be subject to and interpreted in accordance with Norwegian law. Legal venue shall be Oslo District Court.
Appendix 1: Overview of Personal Data being Processed, Categories of Data Subjects and Subcontractors.
Version 1.0: first version published 2018.06.07
|Categories of personal data to be processed||Categories of Data Subjects||Subcontractors|
Whichever personal data is in the messages the user of this solution chooses to track, typically:
· Contact details,
· Payment card details, credit ratings,
· Purchase history
|Customers, Partners, and
Employees of the Controller
|Microsoft Azure for all data processing and storage.|
Information about us:
The use of the Service is offered to you by Communicate Norge AS (organization number 980 719 766, Torget 5, 1767 Halden, Norway (hereinafter “Communicate”, “we”, “us”, or “our”).
The Terms concerns the ongoing provision of the Service via the Internet (“as-a-service” deliverables). The Service and the Site are owned by Communicate. Communicate may subcontract hosting, business continuity and back up of data.
Any Archeo subscription is established from the Site. Once a subscription is established, further access takes place via the user portal at portal.archeo.no or portal.archeo.io or any published API].
Individuals within your organisation who have been authorised to use the Service (“Authorised Users”) will either use third party identify providers such as Google and Microsoft or be provided with user credentials from the Site. Access to the Service is restricted to Authorised Users only.
If you have been given access to any part of the Service by mistake, if you know or suspect that anyone other than you has your user credential, or if you become aware of a breach of confidentiality or any unauthorised use of the Service, you must promptly notify us by email at email@example.com or by phone on +47 90 21 18 00. If you notify us by phone, please ask for Customer Support.
You are responsible for making all arrangements necessary for you to have access to the Service. Access to the Service is permitted on a temporary basis, and we reserve the right to withdraw or amend the service we provide on the Service at any time without notice. We will not be liable if for any reason the Service is unavailable at any time or for any period.
Fees for the Software are according to the Archeo price lists, as published online, in the Software or otherwise made available from Communicate.
Unless explicitly stated otherwise in the price list or agreed in writing, all Fees are due in advance of each month of subscription and are non-refundable. There is no refund for unused messages, storage, users, or remaining days in Subscription Periods, unless the subscription plan is upgraded during the period.
Published fees are exclusive of all taxes, levies and duties. Communicate will add the value added tax (VAT) to the invoice for Norwegian and international customers according to applicable Norwegian legislation.
Annual price changes are effective from January 1st each year, unless explicitly stated otherwise in the price list or agreed in writing.
In addition, Communicate reserves the right to change the Fees, including the fee-model, on 2 months’ notice.
Prices expressed in USD are converted on basis of the official exchange rate at the date the subscription is established and at the official exchange rate the invoice data for succeeding subscription periods.
In case of fluctuations in the exchange rate, Communicate reserves the right to change the customer fees without further notice.
In the event of non-payment or late payment of the Fees by the Customer, Communicate reserves the right to suspend the Customer’s access to the Archeo or restrict the Customer’s access to read-only and charge penalty interest up to the maximum rate permitted by law. Unpaid invoices will be sent to collection. If the situation is not resolved within a reasonable time, Communicate reserves the right to terminate the Customer’s right of use to the Archeo.
Ongoing consideration will fall due for payment thirty (30) calendar days after the invoice date.
You must comply with all applicable laws and regulatory requirements relating to your use of the Service. You must also comply with all reasonable instructions we give you relating to the Service. You may only access and use the Service solely for your internal business purposes. You must not use the Service to advertise or sell any goods or services to any other users of the Service.
When using the Services, you agree of not doing none of the following:
Any Service can be cancelled on one (1) month notice by both parties.
You may cancel the Service by informing us via the Site. You acknowledge that there will be no refunds for partial months of service if you cancel the Service.
The Terms will not change the copyright, right of disposal or property rights held by the parties prior to the Terms, and which they retain during the performance of the Service.
No intellectual property rights are transferred from Communicate to you. You do not have exclusive access to the Service. Communicate grants you a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the Service subject to the restrictions set forth in these Terms.
You will retain the right of ownership of all data that is entrusted to Communicate for processing. The same will apply to the output from the Communicate’s processing of such data if applicable.
Communicate has a right to use traffic pattern and other metadata (“Metadata”) on an aggregated level in order to improve the Service.
Metadata is data which is generated by use of Archeo, either by an individual user or from general use of the system. As a cloud application, Archeo will have Metadata from interacting with your web browser, transmitting data via the internet, etc.
We have no intention of and will seek not to process personal data as part of Metadata.
Metadata is used for the following purposes:
Communicate will take appropriate measures to address the information security requirements associated with the performance of the Service.
This entails that Communicate will take appropriate measures to ensure the confidentiality of the Customer’s data, as well as measures to ensure that data does not fall into the hands of unauthorised persons. Furthermore, Communicate will take appropriate measures to protect against the unintended modification and deletion of data, and against virus and other malware attacks.
You must not misuse the Service by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to the Service, the server on which the Service is stored, or any server, computer or database connected to the Service. You must not attack the Service via a denial-of-service attack or a distributed denial-of service attack.
We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of the Service or to your downloading of any material posted on it, or on any webservice linked to it.
Confidential information of which the parties become aware in connection with Service and the implementation of the Service must be kept confidential and may not be disclosed to any third party without the consent of the other party.
The Service may contain links, or other features that provide you with access, to other websites,resources and/or services provided by third parties. We have no control over the contents of those websites,resources and/or services, and accept no responsibility for them or for any loss or damage that may arise from your use of them. You acknowledge sole responsibility for and assume all risk arising from your use of any third-party website, resources and/or services.
Nothing in these Terms will limit our liability for death or personal injury arising from our negligence, fraudulent misrepresentation or any other liability which cannot be excluded under applicable law. Subject to the preceding paragraph, to the maximum extent permitted by applicable law:
In no event will Communicate’s aggregate liability arising out of or in connection with the Terms exceed 1 months’ fees if you are registered for a paid subscription, and NOK 0 if you are registered for a free subscription, as applicable.
In the event of the loss or destruction of data that is due to circumstances related to you, you shall cover the documented additional costs of Communicate resulting from such circumstances.
Communicate shall not be liable to you or any third-party for any termination of your access to the Service. You agree not to attempt to use the Service after any such termination. In the event Communicate terminates these Terms for your breach, you will remain liable for all amounts due hereunder.
These Terms will be governed by, and construed in accordance with, the laws of Norway and each party hereby submits to the exclusive jurisdiction of the courts of Norway. Oslo City Court is agreed as the venue for disputes in the first instance.
Version 1.0: first version published 2018.12.20