Privacy policy
Privacy policy
IntroductionHere, we will explain how we collect, use and protect your personal data. We will also explain what rights you have with regards to your personal data and how you can exercise those rights.
We collect and process personal data in accordance with the provisions of Norwegian "Personopplysningsloven" (fully ratified GDPR in force from 2018) and other regulations, which are in force in Norway.
Data controller"MigrantSocial" is the data controller. That means that “MigrantSocial” determines the purpose of data collection and processing and data protection.
Data protection officerWe are not obligated to have a designated Data Protection Officer (DPO), but we have data privacy protection in mind at every step, according to GDPR "privacy protection by default".
Our users. What data we collect. Legal basis. What we use it for.We don’t collect your personal data from third-parties, but only directly from you.
This website doesn't record any private data, but only business related information for organizations that have their "Organization profile" created here.
A natural person who visits our platform for their personal purposes is not able to register and save their personal information.
Registered Organization and other legal entities saves only necessary official information, as well as a name of a contact person and relevant email and phone number (that eventually may be a private one). We need to keep these data in order to be in contact with a business organization. Therefore, we treat information pertaining to this person in their business capacity and not their individual private capacity. However, this does not diminish someone’s rights as a data subject explained below.
Retention periodRetention period for all data is 1 (one) full calendar year after all payments have been completed. Be aware that certain kinds of business-related data we keep even after that period due to a legal obligation (e.g. accounting and tax data) depends on legal requirements retention period can be up to 5 years.
Cookie policyWhile you are browsing the website anonymously, we store certain cookies to your browser depending on your explicit consent: necessary, preference, statistical and marketing cookies. These cookies contain no personal data. We use consent management platform "CookieBot", which scans the web site on a periodical basis and automatically generates a transparent "Cookie policy" page, where you can find all details regarding your cookie consent. Consent log report is anonymized on their servers in EU certified by ISO 27001.
More information about cookies you can find on page "
Cookie policy".
Links to other websitesThe website may contain a number of links to other websites and online resources that are not owned or controlled by our organisation. We do not have control over, and therefore cannot assume responsibility for the content or general practices of any of these third-party sites and/or services.
Therefore, we strongly advise you to read the privacy policy of any site that you visit as a result of following a link that is posted on our website.
Sharing your personal dataWe will not share your information with any third parties for the purposes of direct marketing, or any other purpose that is not mentioned here.
We use data processors who provide services for us and have data processing agreements with them. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Children’s privacyWe do not knowingly collect information from children (as defined by local law) and we do not target our website to children. If we learn that we accidentally collected any information from children, we will purge it immediately.
Data processorsThe data processor is a legal entity that processes someone’s personal data on behalf of the controller.
We rely on the data processors who assist in the service we offer to you as a customer. We have mandatory Data Processing Agreements (DPA) that regulate information security, personal data protection and confidentiality.
- "Hertzner", Germany – "Hertzner" is a hosting company (infrastructure processor). Our web servers, databases, SMTP service and backups are hosted within Hertzner’s Virtual Private Servers VPS. All data is stored inside EU, in the datacenter in Germany and Finland. Hertzner’s steps to ensure it is GDPR compliant include data hosting in European Union, ISO 27001 certified, Data Processing Agreement (DPA) signed.
- "CookieBot", Denmark - service does not collect, store or process any personal data. Therefore, under the EU General Data Protection Regulation Article 28. they are not a data processor.
Information securityWe have adopted physical, technical, and administrative measures that are designed to prevent unauthorized access or disclosure, maintain data accuracy, and ensure appropriate use of the personal information.
- We have signed separate "Data Processing Agreements" (DPA) with data processors that regulate information security, personal data protection and confidentiality.
- Cloud based solutions are located in EU in controlled facilities which have limited access in.
- We limit access to the information in our IT system to only those with a business reason to do so.
- Website stores password encrypted.
- When we transmit confidential or sensitive information over the internet, we protect it using encryption and other safeguards, unless you request or authorize otherwise.
- We will never ask our users for password in an unsolicited phone call or in an unsolicited email.
Your rights as a data subjectYour rights are as follows:
The right to be informedAs a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy and any related communications we may send you.
The right of accessYou may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requester, we will provide access to the personal data we hold about you as well as the following information:
- The source of the personal data (directly, or from third-party)
- The categories of personal data concerned
- The purposes of the processing
- The retention period or envisioned retention period for that personal data
- The recipients to whom the personal data has been disclosed
If there are exceptional circumstances, that should be explained.
The right to rectification (correction)If your personal data are inaccurate or incomplete, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
The right to erasure (the "right to be forgotten")Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. We will take all reasonable steps to ensure erasure.
The right to restrict processingYou may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
- The accuracy of the personal data is contested.
- Processing of the personal data is unlawful.
- We no longer need the personal data for processing, but the personal data is required for part of a legal process.
- The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
The right to data portabilityThis right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
The right to objectYou have the right to object to our processing of your data where:
- Processing is based on legitimate interest.
- Processing is for the purpose of direct marketing.
- Processing involves automated decision-making and profiling.
Your requestIf you are concerned about your privacy, or you would like to exercise your rights as the data subject, please download a contact form below, fill-in, and attach it to the email to
office@migrantsocial.org with specific request explained.
To process your request, we are legally obligated to ask you to provide two valid non-contradictory forms of identification for verification purposes.Be aware that it takes up to 30 days to send to you a complete answer.
Data protection authorityIn case that you believe you cannot exercise your right in communication with us, we are obligated to inform you that you have a right to complain to The Norwegian Data Protection Authority:
Datatilsynet
Postboks 458 Sentrum
0105 Oslo, Norway
www.datatilsynet.no
E-mail: postkasse@datatilsynet.no
Phone: +47 22 39 69 00
Change of the privacy policyIf there are any changes in how we use your private data, notification by email will be made to those affected by the change. Any changes to our privacy policy will be posted on our website 30 days prior to these changes taking place.
Last updated: the 27th of November 2024.