Privacy statement

Privacy statement

Version 1. 0 – 01.10.2020

IN HJERTEPEGGY AS (“ Hjertepeggy "," We "or" us ") we care about your privacy. Therefore, we always have your privacy and our responsibility in mind when we collect and process personal information. HJERTEPEGGY AS is responsible for the processing of the information we process when you are a website user ("annpeggy.no") and use our services. The privacy statement describes which personal information is processed and how we collect and use your personal information. The declaration also describes the rights you have as registered with us and how you exercise these.

1.Your agreement with HJERTEPEGGY AS

This privacy statement is part of the Agreement between you as a website user and Hjertepeggy . The declaration describes the processing of personal data in all our services. It is therefore important that you read the content before you start using any of the services.

2.Legal basis for processing

Hjertepeggy 's processing of your personal data must have a legal basis to be lawful. It means that Hjertepeggy must have identified in advance whether there is a basis for treatment. If we do not have it, our processing of your personal data is illegal.

Below are the legal treatment grounds we use:

2.1 Required to fulfil an agreement with you

The purpose of Hjertepeggy 's processing of personal data is primarily customer administration, invoicing, execution of payment orders and delivery of other services in line with the agreements we have entered into with you.

2.2 Legal obligations

Hjertepeggy also processes personal data in order to fulfill its obligations under law, regulations or government decisions; such as the Personal Data Act, the Accounting Act, the Money Laundering Act and other relevant regulations, and extradition orders from authorities pursuant to law.

Examples of processing based on legal obligations:

  • prevention and disclosure of criminal acts, such as money laundering, financing terrorism and fraud
  • accounting requirements
  • reporting to law enforcement agencies, supervisory authorities and other authorities pursuing law

2.3 Legitimate interest

Hjertepeggy may process personal data if this is necessary to safeguard a legitimate interest that outweighs the interests of the individual's privacy. The legitimate interest must be legal, defined in advance, real and objectively justified in the business.

2.4 Consent

If no other basis for treatment is available, will Hjertepeggy 's processing of personal data is based on a voluntary, express and informed consent from you as a customer.

If you have given consent to Hjertepeggy , this can be withdrawn at any time. If you withdraw your consent, the processing will cease, and the personal data will be deleted if the storage of the data is based solely on the consent given.

3.The purpose of processing your personal data

The purpose of our processing of personal data by your use of Hjertepeggy 's website is primarily to fulfill those obligations Hjertepeggy has undertaken to carry out the Agreement, including carrying out payment orders and providing other services to you that you have used through the website.

IN Hjertepeggy personal data is also processed for the following purposes, among others:

  • Customer follow-up, statistics and marketing
  • Further development, testing and improvement of Hjertepeggy 's services
  • Safety monitoring
  • Prevention and detection of criminal acts
  • Hjertepeggy will also process personal data to the extent required by law or gives access to it or when you have consented to such processing.

4.What information we store

Hjertepeggy stores information that you provide on the website when you register, which is generated when you use the service or which is obtained from public registers. Hjertepeggy stores the following data and processes personal data for the following purposes and uses several of the legal processing grounds mentioned above in point 2:

  • When you register as Hjertepeggy user, you provide a number of personal information such as name, telephone number, address and e-mail address. The purpose is to identify you, as well as manage the customer relationship. Your address, e-mail address and any other contact information are also used for marketing purposes (see point 9).
  • For security purposes, we record which mobile device you are using and your device's operating system.
  • To allow you to be logged in with your browser and devices on which you choose to use this part of the service. For this we use cookies.
  • We store the content of messages you and the recipient, both private and business, send to each other in connection with the transaction. We are required by the Money Laundering Act.
  • We also store transaction history and generated screenshots. We are required by the Money Laundering Act.

5.Disclosure of personal data

Information that may be associated with you as a person will not be disclosed to others unless it follows from the Agreement, is legally permitted or that you have specifically consented to it. When you create a user profile, other users can search you in the solution using your user name.

6.Use of data processors
There are several subcontractors that process personal data on our behalf (data processors). The transfer of personal data to such data processors takes place in accordance with data processing agreements that ensure that the processing is carried out in accordance with the regulations, including preventing the data processor from using the data for other purposes.

In other words, a valid legal transfer basis is required for such transfer under the GDPR, and some of the following conditions must be met:

  • The European Commission has decided that there is an adequate level of protection in the country in question.
  • Other appropriate security measures have been taken, and/or a data processor has provided the necessary guarantees that the personal data will be processed safely, in accordance with the GDPR and in addition to, for example, the use of standard contracts (EU standard clauses) approved by the European Commission, or the data processor has valid binding corporate rules (BCR).
  • Exceptions are made in special cases, such as fulfilling an agreement with you or cases where you give your consent to that particular transfer.

7.Customer follow-up, profiling and marketing

7.1 Customer follow-up

Hjertepeggy will register and use the necessary personal information about you to fulfill the obligations we have undertaken for the implementation of the agreement with you, as well as for customer administration and invoicing.

Without your consent, entities and companies in Hjertepeggy be able to share the following neutral information with each other; e.g. name, contact information, date of birth and which services or products you have agreed on.

7.2 Profiling and marketing

We want the information, news and marketing we send you to be relevant. In this connection, we can make a limited profiling. We therefore adapt the content based on the information we have about you. Examples of this information are which products and services you have entered into an agreement with us on, age and place of residence. Hjertepeggy may process this information if it is necessary to safeguard a legitimate interest that outweighs your privacy concerns. Hjertepeggy has, among other things, a legitimate interest in using personal information for marketing, product and customer analyzes. The analyzes form the basis for the type of marketing, as well as process, business and system development, including testing. The purpose is to improve our solutions and offer the best possible offers, products and services to our customers.

Products and services are marketed using electronic communication to you personally in other product categories than those that Hjertepeggy and you have entered into an agreement, consent is required from you to use customer information other than name and contact information, and what products you have.

8.Marketing in external channels: We want to provide you as a customer with relevant information and marketing on social platforms and websites. In order to achieve this, we need to know who you are when you use the relevant social platforms and websites. We do this by linking contact information such as phone and email that you have provided to us with information you have provided to the external channel.

Once the link is made, you will be able to receive messages and information that we assume is of interest.

You may choose at any time that your personal data should not be used for direct or targeted marketing by contacting us. You can find this option under "Contact" on the website.

9.Statistics
IN Hjertepeggy we process personal data for internal statistics, and to offer statistics to public and private companies. Statistics we share with others are never personal information and you will never be identifiable to these companies. The information can only be used to improve goods, services, communication and offers to consumers. Our basis for treatment for this purpose is legitimate interest. The statistics we create are based on demographic information, product information and transaction information. Examples of statistics can be groups of inhabitants who travel by public transport or time of day when there are most people in the grocery store, etc.

10.Your rights
You have the right to demand access, correction of incorrect personal data or the deletion of personal data we process about you. You further have the right to demand restriction in the processing and may on certain conditions object to the further processing of personal data or require your personal data transferred to yourself or other data controller (data portability).
You may withdraw your consents at any time. You can do this by "Contact" on the website. A withdrawal of consent does not affect the legality of a processing that was based on consent before the consent was withdrawn.
If you wish to use your rights, you can fill out our contact form at https://annpeggy.no/kontakt/ or post@annpeggy.no. We will respond to your inquiry as soon as possible, and no later than within 30 days.

11. Shelf life
Personal data will not be stored longer than is necessary to fulfill the purpose of the processing. After this, the information will be deleted or anonymised, unless the information is or can be stored beyond this as a result of law. This also applies if you delete your user profile. Information about your transactions will be stored by Hjertepeggy as long as the law requires it.
Personal data that we process on the basis of your consent will be deleted if you withdraw the consent, unless there is another legal basis for further processing.

12. Securing personal information
Personal information such as Hjertepeggy collects, stores and processes in a safe and secure manner. We have established and documented routines and measures to ensure the integrity, availability and confidentiality of the information in accordance with Article 32 of the GDPR.

13.Complaints
If you believe that our processing of personal data is in violation of data protection laws, please contact us on post@annpeggy.no or complain to the Norwegian Data Protection Authority.

Contact information for the Norwegian Data Protection Authority can be found at www.datatilsynet.no.

14.Changes
We may change this Privacy Policy to comply with legal requirements, when offering new and/or modified products, and changes to our own practices for the collection and processing of personal data.

15.Treatment manager
HJERTEPEGGY AS is responsible for the processing of personal data set out in this privacy policy. If you have questions around Hjertepeggy privacy policy, contact us at https://annpeggy.no/kontakt/ , or by e-mail post@annpeggy.no