Means any information about an identified or an identifiable physical person.
Personal Data is typically a name, postal address, phone number, email address, and IP address.
The Data Subject
Means the person who is directly or can be indirectly identified by f.ex a name, personal number, postal address, IP-address or one or several aspects that are special for that person’s physical, genetic, mental, economic, cultural or social identity.
Means the organization that determines the purpose of processing Personal Data and the means to be used for the task.
Webstep is the data controller for the Personal Data we process about you and our customers.
Means the usage of Personal Data, including for example collection, registration, storage, transformation, usage and delivery.
About Webstep AS. Contact information.
Webstep provides a range of services which involve collecting Personal Data about our customers, potential customers, candidates for employment, business partners and visitors to our websites (The Data Subject). This means that Webstep processes Personal Data about The Data Subject.
About privacy in Webstep
Most information we collect about our customers is required in order to manage our customer relationships, and fulfill our contractual obligations in agreements with customers. In the cases we use consent as the legal basis for processing data we require the consent to be given freely, and The Data Subject shall be provided sufficient information about how and why we collect their Personal Data.
- Be open about how we gather, use and store your Personal Data.
- Only use your data in accordance with the purpose we have gathered it for.
- Not gather or process more Personal Data than we need.
- Use the least privacy-invasive setting as default in all our systems and solutions (privacy by design).
- Not store Personal Data longer than necessary.
- Provide you with access to your Personal Data, and ensure deletion and correction of Personal Data that is incorrect or that you don’t want to be used.
- Use adequate security policies and tools to protect your data.
Why do we gather Personal Data about you, and what do they include?
Personal Data is gathered primarily for the purpose of administering our customer relationships and in order to deliver our services to our customers. We also need to gather information about our business partners. A lot of the information we gathered is not defined as Personal Data, such as company name and business addresses, but we also need to gather the name of contact persons, names of employees, phone numbers and email addresses, postal addresses, purchase history, bank information and more.
The agreements with our customers and business partners are the lawful basis for processing this required data.
All Personal Data we gather about our customers and business partners is collected directly from these entities and stored in Webstep’s systems.
It is voluntary to provide Webstep with Personal Data, but some of the information is required in order to provide our services and invoice our customers correctly.
As part of our customer and employee relationships we will send newsletters and invitations about seminars, courses and other events to relevante contact persons working with you, the customer, or our business partners. You shall always be given the opportunity to opt out from receiving these communications from us and we will inform you about this in all our communications.
As part of any communication with our potential clients and potential employees we will gather consent before we store information about persons in both groups.
We also process Personal Data about participants attending seminars, courses and other events, and we may process Personal Data and other information when sending newsletters. This information is stored first in our CRM-system after gathering consent for this purpose. Participants of events can at any time withdraw their consent by contacting us at firstname.lastname@example.org.
When you visit webstep.com your IP-address is registered. Webstep does not use this information to identify you as a person. The time you spend on our website is stored and anonymised.
We also gather statistics about how our website is used in order to improve the user experience and navigation of the website. The data stored in these cookies are anonymised and cannot be used to identify you as a person.
In order to reserve yourself against tracking by cookies you need to change the settings in your browser.
How do we secure your Personal Data?
We are continuously working to ensure your Personal Data and other confidential information. Our security measures include physical, technical and administrative policies.
Our colleagues are given training and guidance for processing and managing Personal Data in a secure manner. We maintain security routines and access management to prevent unauthorised loss and access to the systems storing Personal Data.
We ensure that processing of Personal Data is secure and in accordance with the law, and that all processing protected from any malware.
Any breach of our security routines is documented and we have adequate capacity to discover and manage security breaches. Upon discovering a security breach our management is informed, the risk of the breach is evaluated, and our Data Protection Agency in Norway (Datatilsynet) is informed if necessary. The Data Subject will also be notified in case the breach represents a risk to you and your rights.
In case you discover a breach in our security on webstep.com, we ask you to please contact us immediately at email@example.com.
The Data Subject’s rights. Data retention period.
You have the right to receive the following information
- Confirmation if Webstep has stored Personal Data about you
- Access to the Personal Data, in a common format as well as a machine-readable format
- Detailed explanations of the Purpose of processing Personal Data and a copy of the Personal Data we store about you
The right to correct information about the Data Subject:
You can demand that Webstep corrects any incorrect details in the Personal Data stored about you in case these are provided by you, or if this information is incomplete or incorrect.
The right to be forgotten (deletion):
You can demand that your Personal Data is deleted when they are no longer needed to achieve the purpose of processing and when a consent is withdrawn. You can contact us at firstname.lastname@example.org in case you want to access, correct or delete the Personal Data we have stored about you.