We collect and use your personal data strictly in compliance with Norwegian data protection law, including the EU General Data Protection Regulation no. 2016/679 (GDPR) as incorporated into Norwegian law.
2 Who we process data about
- Our customers' contact persons
- Our suppliers' and partners' contact persons
- Visitors to our website, www.bazeport.com
- Users of our application*, and
- Job applicants
*During the course of 2024, we will be launching an application with which end-users of our services can create a personal user account log in.
3 Purposes, categories of personal data and legal basis
Below we have provided an overview of the purposes for which we process personal data, the types of personal data processed and the legal basis for the processing.
3.1 Entering into agreements
In order to enter into agreements, including negotiating, modifying, amending or concluding agreements, we collect and store certain data included in the agreements or that are otherwise necessary to process through the course of negotiating and entering into agreements.
This will typically be the name, contact information and title of our customer's, supplier's or business partner's representatives or contact persons. We may also store communications to and from the representative or contact person over the course of negotiations or inquiries regarding the agreement.
The legal basis for this processing is GDPR Article 6 no. 1 (f): the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, based on our legitimate interest in entering into agreements in the course of our regular business operations.
3.2 Administration and business operations
We process certain personal data in order to administer agreements and carry out our day-to-day business operations. This includes processing the following personal data relating to contact persons and representatives of our customers, suppliers and business partners:
- Name, title/role and contact information;
- Payment details;
- Communications with or pertaining to the contact person or representative.
We use these data in order to administer invoices and payments, archive and administer agreements, exercise our rights according to the agreements in question and carry out other regular business processes.
The legal basis for this processing is GDPR Article 6 no. 1 (f): the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, based on our legitimate interest in exercising our rights according to our agreements and carrying out other regular business operations.
Agreements, invoices and information regarding payments, including personal data which are included in such documents (typically name and contact information), may be subject to statutory data retention requirements under bookkeeping laws and regulations. When we store such data for the purpose of complying with bookkeeping laws and regulations, the legal basis for processing is GDPR Article 6 no.1 (c): the processing is necessary for compliance with a legal obligation to which the controller is subject. Please see section 7 below for further information regarding storage period for personal data.
3.3 Providing our services
We process some personal data for the purpose of providing our services. We may collect information (including personal data) about you when you:
- Contact us via contact forms on our website, e-mail or other means,
- Create a user account in our app, or
- Request and receive support services from us.
The data we process for this purpose include:
- Name and contact information,
- Account information such as settings, preferences, and password,
- Other information you may provide, and
- Communications with you relating to support requests or other inquiries from you.
The legal basis for our processing is GDPR Article 6 no. 1 (f): the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, based on our legitimate interest in carrying out our regular business operations, providing our services and answering or handling questions, inquiries and requests from you.
3.4 Marketing, newsletters
We process some personal data for marketing purposes. This includes processing the following personal data about persons who sign up to our newsletter:
- Name and contact information.
We use this information to share information and promotional content through our newsletters.
The legal basis for our processing for marketing purposes is GDPR article 6 no. 1 (a): consent. You can withdraw your consent at any time by clicking the "unsubscribe" link at the bottom of the e-mails you receive from us, or by contacting us directly at email@example.com.
We process personal data when recruiting for positions in our company. This includes information such as:
- Contact information,
- Certificates and diplomas,
- References, and
- Notes from interviews and communications with references.
When we process personal data for this purpose, the legal basis is GDPR Article 6 no. 1 (b): the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, as the processing is necessary to implement measures prior to entering into an employment contract with the job applicant.
If we make enquiries other than contacting persons provided as references, investigating by searching for history, etc. personal data is processed on the basis of GDPR Article 6 no. 1 (f): the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, based on our necessary legitimate interest in ensuring that we recruit the right candidate for the position. For the latter, we have assessed that our legitimate interest in recruiting new employees outweighs the individual's privacy.
We encourage you not to include special categories of personal data, such as health, religion, political opinions, trade union membership, etc. in your application or other documents that you share with us during the recruitment process.
We may collect data such as:
- IP address,
- Location data,
- Data about your device and bandwidth,
- Data about how you use the website (e.g., information about which links you click, which content you interacted with and how long, and from which website you reached our website)
We require this information to understand your needs and provide you with a better service. For example, we may use the data to ensure that the website functions properly (e.g., if you are on a mobile device, our mobile website view will be shown), detect security incidents, and improve our website.
Necessary cookies are always enabled. The legal basis for our use of necessary cookies is GDPR Article 6 no. 1 (f): the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, based on our legitimate interest in ensuring the proper functioning of our website.
You can also remove or block cookies using the settings in your browser. For more information, please also visit http://www.youronlinechoices.com/.
4 Third party recipients of your personal data
We may in some cases disclose personal data to others to the extent necessary for the administration of our operations and to be able to conduct our business.
We may, among other things, share your personal data with our supplier of IT systems and technical support, CRM systems and suppliers of contact form functionality and other functionalities on our website. These organisations process personal data as data processors, and their processing is subject to a data processing agreement. The suppliers are required to act on documented instructions from us and cannot use personal data for their own purposes.
In addition, we may in some cases disclose your personal data to other companies who will be responsible for how they process your personal data. We may, among other things, disclose your personal data to partners who handle payment services and public authorities if this is required by law or by legally enforceable judgement or order.
If Baze sells or buys any business or assets, we may transfer your personal data to a prospective seller or buyer of such business or assets.
If Baze or a substantial portion of Baze's assets are sold to another company, the personal data of our customers and business partners, i.e., contact persons of our customers, suppliers and other business partners, may also be shared in connection with the sale.
We take appropriate technical and organisational security measures in accordance with applicable data protection legislation to ensure that your personal data is handled securely when transferring or sharing personal data with a third party.
5 Transfer of personal data to countries outside the EU/EEA
As a general rule, we process your personal data within the EU/EEA. If your personal data are processed outside the EU/EEA, there will either a decision from the European Commission that the third country in question guarantees an adequate level of protection, or we will ensure that appropriate safeguards are in place to ensure that your rights under the GDPR are safeguarded. Such appropriate safeguards may include making the data transfer subject to the European Commission's standard contractual clauses or that the relevant third party follows an approved code of conduct.
If you would like more information about the safeguards we have implemented, please contact us via the contact details set out in section 11 below.
All our processing of personal data is secured with the necessary technical and organisational measures.
We manage personal data so that they are accurate, accessible and handled in accordance with the degree of sensitivity of the data. We also use a range of security technologies and information security procedures to protect personal data from unauthorised access, use or disclosure.
We have entered into data processing agreements with all our suppliers that process personal data.
We restrict access to personal data to the staff or third parties who will process the data on our behalf. These parties are subject to a duty of confidentiality.
7 Retention and deletion
We will retain your personal data for as long as necessary to fulfil the purposes of the processing of your personal data and will be deleted when they are no longer needed. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Personal data processed in connection with pre-contractual offers (including job offers in connection with a recruitment process) will be deleted within a reasonable time after an offer has been rejected or a recruitment process or other precontractual processes have been carried out, unless you consent to us retaining certain information (e.g., retaining contact information to reach out to you if a new offer or position becomes available).
Personal data processed in connection with the administration and execution of our agreements will be stored for a minimum of three years after the contractual relationship has ended in order to be able to process any complaints or warranty claims related to the contractual relationship.
In addition, we will have an obligation to store certain information as a result of statutory obligations such as accounting legislation and bookkeeping legislation. For example, accounting and invoicing material will typically be retained for five years in accordance with bookkeeping legislation.
Personal data associated with a user account in our app will be deleted shortly after the user account is requested to be deleted by the customer or individual user.
8 Your rights
Below is information about your rights with respect to the processing of your personal data. To exercise your rights, please contact us using the contact information set out in section 11 below.
Information and access
You also have the right to demand access to the personal data processed about you.
Rectification and erasure
You are entitled to ask us to correct incorrect information that we have about you or ask us to delete your personal data. We will, as far as possible, fulfil a request to delete personal data, but we cannot do so if we still need the data or are under an obligation to retain the data.
Restriction of processing and right to object
You have the right to have the processing restricted in certain cases, see GDPR Article 21, such as:
- You contest the accuracy of the personal data - the processing is suspended for a period that allows us to verify the accuracy of the personal data.
- The processing is unlawful and you object to the erasure of the personal data and instead request that the use of the personal data is restricted.
- We no longer need the personal data for the purpose of the processing, but you need the personal data for the establishment, exercise or defence of legal claims.
You may also object to processing pursuant to GDPR Article 21(1) pending the verification of whether our legitimate interests override your privacy.
You are entitled, upon request, to disclosure regarding your personal data that we are storing or are otherwise processing as a data controller. You are also entitled to have any incorrect personal data corrected and rights to blocking or deletion of your personal data.
For data that you have provided to us, and which are processed based on consent or for the performance of a contract with us, and which are processed by automated means, you may request to have your personal data disclosed to you or transferred to another provider in a structured, commonly used and machine-readable format (data portability).
If you have any concerns or complaints regarding our processing of your personal data, you are welcome to reach out to us using the contact information set out in section 11 below.
You are also entitled to file a complaint with your local data protection authority. To file a complaint with the Norwegian data protection authority (Datatilsynet), you can use the following contact information:
PO Box 458 Sentrum
You can find more information about complaints to the Norwegian data protection authority on their website: https://www.datatilsynet.no/en/about-us/contact-us/how-to-complain-to-the-norwegian-dpa/
10 Updates and changes
11 Contact information
Baze Technology AS
PO Box 1124
Phone: +47 94 800 600