Powel Privacy Policy

1. Scope

This Privacy Policy applies to Powel’s processing of Personal Data concerning, or on behalf of, our customers, including but not limited to processing through Powel Solutions. 

Powel values data privacy very highly. This Privacy Policy explains what types of Personal Data we process, how Personal Data is processed by Powel and how Powel complies with relevant data privacy laws and regulations ( “Privacy Laws”), including the national laws of EU/EEA member states implementing or transposing Directive 95/46 EC or EU Regulation 2016/679 ( “GDPR”).

We may anonymize your Personal Data and use anonymized data on an aggregated level for statistical purposes or for improving the Powel Solutions.  When your data has been anonymized and is used on an aggregated level, the data is no longer Personal Data, and such use is not covered by this Privacy Policy.

1. Definitions

“Personal Data” means any information relating to an identified or identifiable natural person ( “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number; location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person;

‘We’ or ‘Powel’ refers to the legal entity Powel AS, VAT.no. 976 574 958, Klaebuveien 194, 7037 Trondheim, Norway, including its affiliates where Powel AS directly or indirectly controls a minimum of 50% of the shares;

‘Powel Solutions’ means all services, software and other products that are Powel-branded and/or offered via Powel websites, app stores, cloud services, mobile or tablet solutions etc.;

‘Processing’ means any operation or set of operations which is/are performed on Personal Data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘Data Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data;

‘Data Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller (and pursuant to the instructions given by the Data Controller);

1. What types of Personal Data does Powel process?

We collect, and associate with our customers’ accounts, information like names, email addresses, phone numbers, payment information, location data, physical addresses, and data regarding communication between our customers and Powel support at support@powel.no, etc.

 We also collect information from and about the devices our customers use for accessing our services. This includes information like IP addresses, the type of browser and device used and other identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the respective Powel Solution, but only if you have enabled location services on your device. 

Unless explicitly informed otherwise in the respective Powel Solution, we do not process any Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, or Personal Data relating to criminal convictions or offences.

1. Legal basis

The provision of certain Personal Data is a necessary requirement in order for the Powel Solutions to be provided to you. Powel has legal basis for processing such Personal Data in Article 6 (1) b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

Powel will not process your Personal Data for purposes incompatible with the purposes that they are originally collected for, unless you have consented to processing for other, specified purposes. Powel may, for example, offer optional features of the Powel Solutions that require further processing of Personal Data.

If and to the extent Powel processes any Personal Data on the basis of your consent, you may revoke such consent at any time.

1. Data Controller

Powel is the Data Controller in respect of the processing of the Personal Data that you have given Powel access to through the Powel Solutions or otherwise, if you have a direct customer relationship with Powel. 

If Powel processes your Personal Data on behalf of a business customer or partner of Powel, then Powel’s business customer or partner is the Data Controller, and Powel will process your Personal Data in accordance with instructions given by the Data Controller.

Inquiries regarding the processing of your Personal Data must be addressed to the Data Controller. If you do not know who the Data Controller is, please contact Powel on the contact information in Section 12, and we will help you out.

1. For which purposes may Powel process Personal Data?

Powel will only process your Personal Data for the purposes described in this Privacy Policy or, as the case may be, in accordance with lawful instructions given by the Data Controller, in accordance with a data processing agreement between Powel and the Data Controller.

Powel may process your Personal Data for the following purposes:

• to provide the services to you, and to maintain and improve the operability of the services
• to manage the customer relationship between you and Powel, including by providing relevant information to you and communicating with you regarding the services, e.g., by informing you about your account, security updates and product information
• to fulfil any obligations that Powel has towards you according to agreements between you and Powel, and to document such agreements

Powel will not use electronic communication methods to contact you for marketing purposes or user surveys unless you have explicitly consented to it, or Powel otherwise has legal basis for such communication.

1. How does Powel process Personal Data?

Powel uses Personal Data collected for processing within the respective Powel Solution as agreed with you in a service agreement or otherwise, or in accordance with lawful instructions given by a Data Controller, as the case may be.

We use technologies like cookies and pixel tags to provide, improve, protect and promote our services. For example, cookies help us with things like remembering a username, understanding how customers are interacting with our services, improving them based on that information, and providing information to you about services that we believe might be of interest to you. You can set your browser to not accept cookies, but please be aware that this might affect your service experience.

1. For how long will Powel store your Personal Data? Your rights

You have the following rights in relation to Powel’s processing of your Personal Data:

• You have the right to view your Personal Data being processed by Powel and to request a copy of such Personal Data, which shall be provided to you in a commonly used electronic format;
• You have the right to require that incorrect, incomplete or inaccurate Personal Data is rectified or erased;
• You have the right to obtain restriction of processing if you contest the accuracy of the Personal Data, the processing is unlawful and you oppose erasure, or if you for the sake of establishing, exercising or defending a legal claim require Personal Data no longer needed by Powel;
• If any Personal Data are used for direct marketing purposes, you have the right to object to the processing of your Personal Data for such purposes;
• You have the right to lodge a complaint with the relevant supervisory authority (in Norway: Datatilsynet), if you are of the opinion that Powel processes your Personal Data in violation of this Privacy Policy or the Privacy Laws. Contact information is found in Section 12.

1. How does Powel protect your Personal Data?

Personal Data processed by Powel is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems because they need access in order to perform work for Powel in connection with Powel’s provisioning of the services. Powel’s personnel and any person or entity working for or on behalf of Powel shall be under a contractual obligation to maintain the strict confidentiality of all Personal Data.

We are committed to keeping Personal Data secure and protected from unauthorized access, disclosure or any other deviant processing, and to maintain data integrity and secure data availability. As part of our commitment, we utilize reasonable and appropriate physical, technical, and administrative procedures and measures to safeguard the information we collect and process. We store our customers’ data in secure operating environments that are only accessible to Powel employees and subcontractors on a need-to-know basis. Powel requests its registered users to verify their identity by e.g. login ID and password. In addition thereto, we are continuously testing our Powel Solutions for vulnerabilities, and we are monitoring industry and technology developments in order to ensure that your Personal Data is always protected by state-of-the-art information security measures.

1. How long will Powel process your Personal Data?

We will only process Personal Data for as long as necessary in order to pursue the purposes for which the data is collected or to facilitate the services, unless we are obligated by law to store or process Personal Data for a longer period of time, e.g., to maintain appropriate financial records. Any Personal Data that we do not need in order to fulfil our legal obligations will be deleted without undue delay after your customer relationship with Powel has ended. If we are processing your Personal Data on behalf of a Data Controller, we will delete and/or return Personal Data in accordance with the relevant data processing agreement between Powel and the Data Controller.

1. Does Powel share your Personal Data with third parties?

Powel uses subcontractors such as vendors of cloud services or other IT hosting services such as Microsoft for the Microsoft Azure cloud. For more information about how Microsoft processes Personal Data in Microsoft Azure cloud, please see https://privacy.microsoft.com/en-us/privacystatement. When using subcontractors, Powel will always enter into a data processing agreement with such subcontractor that satisfies the requirements of applicable privacy laws, in order to safeguard your Personal Data. Powel is fully responsible for our subcontractors’ processing of Personal Data.

Powel will not transfer or give access to Personal Data outside the EU/EEA, except in accordance with transfer agreements based on the EU Standard Contractual Clauses for the transfer of Personal Data to data processors established in outside the territory of the EU/EEA or other countries which the European Commission has found to guarantee an adequate level of data protection. Powel will not transfer or give access to Personal Data for any person or entity located in the US unless such person or entity is certified according to the EU/US Privacy Shield framework. 

1. How to contact us or the supervising authority

For any inquiries, comments or questions regarding this Privacy Policy or Powel’s processing of Personal Data, please contact us using the following contact details:

Email (preferred): support@powel.com

Phone: +47 73 80 45 00

Visiting address: Powel AS, Klæbuveien 194, 7037 Trondheim, Norway

In case you want to lodge a complaint to the supervising authority, here is the contact information for the Norwegian Data Protection Authority (Datatilsynet):

Visiting address: Tollbugata 3, 0152 Oslo

Email: postkasse@datatilsynet.no

Phone: +47 22 39 69 00

Website: www.datatilsynet.no

1. Changes to this Privacy Policy

We will update this Privacy Policy whenever necessary to reflect customer feedback and changes in Powel Solutions. Should we decide to modify this Privacy Policy, we will post the revised statement here, with an updated revision date. If we make significant changes to our Privacy Policy that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect.