Last updated at November 08, 2022 - 10:00 AM
Inspera AS and its subsidiaries (collectively referred to as “Inspera”, “we”, “us”) are committed to protecting and respecting your right to privacy. This privacy notice (“Privacy Notice”) explains how Inspera processes personal data as Controller in accordance with applicable data protection and privacy law. Please read this information carefully.
This Privacy Notice applies to anyone whose personal data we collect and process as Controller in the course of our business, including contacts at our customers, suppliers and other business partners, visitors of this website and our social media profiles, as well as end users and job applicants. As we provide identity solutions and integration, we also comply with the GÉANT Data Protection Code of Conduct as a requirement for managing identities.
This Privacy Notice applies to Inspera’s processing of personal data as Controller (where we decide the purposes and means of the processing of your personal data). The purposes for which we act as Controller are set out in the table below.
Please note that for a substantial part of our business, we act as Processor (where our business customer, such as universities and other educational institutions, decides the purposes and means of the data processing). Where we act as Processor, this Privacy Notice does not apply, and we kindly refer you to the privacy notice of the relevant Controller, such as your educational institution, if you would like more information about how your personal data is processed in that regard.
The table below explains how we typically process personal data as controller:
|Purpose||Categories of data||Data subjects||Source||Legal basis|
|To operate, administer, and troubleshoot our SaaS solution.||Client device IP address, pseudonymised test-taker ID and test session information.||Users of our Services.||From you and your device collected in log files.||The legitimate interest in operating our Services.|
|For customer relation management, including responding to customer requests and handling customer complaints and claims.||Name, job title or function, employer, e-mail address, phone number, company address, billing information and any personal data included in the request or complaint/claim.||Contacts at existing, previous, and potential customers.
|From you. The information is collected through our web forms, e-mail, or other means of communication with Inspera.||The legitimate interest in providing customer service.|
|To manage relationships with suppliers and other business partners.
|Name, job position, e-mail address and phone number.||Contacts at suppliers and other business partners.||From you.||The legitimate interest in business administration.|
|To market our Services, including sending out newsletters, event invitations and push notifications.||Name, e-mail address and phone number.||Contacts at existing, previous, and potential customers.
|From you.||Your consent, however, we may also rely on our legitimate interest in marketing our Services if we have an existing customer relationship with you or your business.
You may at any time withdraw your consent and opt-out by clicking the “unsubscribe” link at the bottom of any marketing email or by contacting us. If you no longer wish to receive push notifications from us, you can disable these in the settings on your device.
|To manage user accounts.||Username and password.||Users of our Services.||From you.
|The legitimate interest in administrating our Services.|
|To improve and develop our Site and Services.||Name, e-mail address, phone number and information collected in connection with your use of our Site or Services, including which of our online resources you have used and when.||Users of our Site and Services.||From you or your device.||The legitimate interest in improving and developing our Site and Services and ensuring a better user experience.|
|To manage our Site and enhancing the user experience.||Technical information (such as IP address, login information, browser type etc.), information about your visit (such as the full URL clickstream to, through, and from our Site, products you viewed or searched for, length of visits to certain pages etc.), information from other online accounts to which you have given us permission to collect data from within your settings or the privacy policies of these other online services (e.g. via social media features).||Visitors of our Site.||From you and your device, and third parties (such as advertising networks, analytics providers, and social media providers).
|To recruit employees.||Name, residential address, e-mail address, phone number, date of birth, CV, application, profile photo, resume, qualifications, and interview notes.||Individuals who apply for a job with Inspera.||Information provided by applicants collected through the online recruitment solution Homerun or through interviews and dialog with us.||The legitimate interest in recruiting employees and assessing if you are qualified for the position.|
|For security purposes.||Cliend device IP address, host and session information, and which of our online resources you have used.||From you and your device.||The legitimate interest in keeping our Site and Services safe and secure.|
|To administer our social media accounts.||Insight/statistics, communications (e.g. comments, likes, chats), profile information.||Visitors of our social media accounts.||From you and your device.||The legitimate interest in communicating with customers and other business relations on social media platforms.|
We may also collect or receive other types of data if required to fulfil the purposes listed above.
On a case-by-case basis, we may also use your personal data for certain purposes that are not incompatible with the purpose for which the data was originally collected or received, such as audits, analytics, reporting, innovation, dispute resolution and mergers and acquisitions.
We will not sell or rent your personal data to anyone.
We keep your personal data for as long as necessary for the purposes listed above. Some criteria that we use to determine when to delete your data are:
It is important to emphasise that special situations may lead to longer or shorter retention periods than the ones described above. We will in any case retain data as long as required subject to legal requirements, and in case special needs arise, e.g. by complaints or claims made against us or by us.
We may disclose your personal data to the following categories of recipients, to the extent necessary for the purposes mentioned above:
Personal data is not transferred to third parties without proper data processing agreements in place, to the extent required under applicable data protection law.
Our Services are global, and your personal data may be processed in any country where we have operations or where we engage service providers. Consequently, your personal data may be transferred to a destination outside the country where you are located, which may have data protection rules that are different from those of your country. By submitting your personal data, you acknowledge such transfer, storing or processing of personal data outside your jurisdiction.
We will take all steps reasonably necessary to ensure that your data is processed securely and in accordance with this Privacy Notice and applicable laws. This means that your personal data will only be transferred to a country that provides an adequate level of protection or where we have a valid transfer mechanism in place with the recipient in accordance with applicable law, such as the EU or UK standard contractual clauses.
We will provide you with further details about such international data transfers upon request. If you want to obtain a copy of the safeguards, please use the contact details below.
You have several rights as regards the processing of your personal data. Such rights include:
|Information||To receive further information on how we process your personal data.|
|Access||To receive a copy of the information we have on you.|
|Rectification||To request rectification and completion of the information we have on you.|
|Erasure||To request erasure of information if there are no applicable legal grounds for processing such information.|
|Restriction||To ask that we restrict the processing of your information.|
|Data portability||To ask that your information is transferred to you in a structured, commonly used and machine-readable format.|
|Objection||To object to our processing of your personal data. You also have the right to object to being subject to a decision based solely on automated processing.|
|Right to withdraw consent||If the processing of your personal data is based on consent, you have the right to withdraw this consent at any time.|
Please note that these rights are subject to conditions and limitations by law. Please contact us as set out at the end of this Privacy Notice if you want to exercise any of your rights or if you would like more information about the conditions/limitations that apply. We will respond to your inquiry as soon as possible and typically within one month at the latest.
To the extent that local data protection and privacy laws apply to the processing of your personal data, we will respect any additional rights you may have pursuant to such laws.
If you have any complaints about our use of your personal data, please contact us as set out at the end of this Privacy Notice. You may also file a complaint to your local data protection authority, such as:
|Country||Data Protection Authority|
|Norway||Datatilsynet, P.O. Box 458 Sentrum, NO-0105 Oslo, Norway|
|UK||The UK Data Commissioner, the ICO at, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England|
|Australia||The Office of the Australian Information Commissioner (OAIC) via the OAIC website: http://www.oaic.gov.au|
For all other individuals, please contact the data protection authority in the country in which you are located.
We do not knowingly collect or process personal data relating to children as Controller. However, should any parent or guardian be concerned that their child’s personal data has been collected by us, please contact us as set out at the end of this Privacy Notice.
For the avoidance of doubt, please note that customers of Inspera may use the Inspera Assessment SaaS solution to collect information relating to children. Where a customer collects such data about children, the customer, not Inspera, is the Controller for such personal data, and is responsible for having proper procedures and parental consent in place. This Privacy Notice does not apply to the processing of such data collected by customers.
We have pages on social media, including LinkedIn and Twitter, where we provide information about our Services and interact with the users. On such social media pages, we may receive anonymised insight, such as statistics about age, gender, and location of our users. We may also receive information that you decide to share with us, such as chat, comments and likes. Your experience on the social media sites will be governed by the privacy policies of those sites. As we are joint Controllers with the social media for data processed from your use of social media tools or links on our site, and for aggregated insight that we get from your use of our pages on social media, you may also contact us if you would like to have more information, or if you want to exercise your privacy rights. However, please note that we may not be able to respond to all requests, and that we may have to refer you to the social media company for further information.
Our Site and Services may also contain links to and from websites of our partner networks, advertisers, and affiliates. If you follow such a link, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check the policies before you submit any personal data to such websites.
We may change this Privacy Notice from time to time when deemed necessary. Any changes we make will be posted on this page. Please check back frequently to see any updates or changes to our Privacy Notice.
Please feel free to contact us if you have any complaints, questions, or comments about our privacy practices, or if you would like to exercise your privacy rights. Please use the contact form below or by mail to the following address: Tjuvholmen allé 3, 0252 Oslo, Norway.
The same details can be used to contact our Data Protection Officer (DPO).