Privacy Policy for Disputas

Disputas AS │ Last updated: 30.08.2021

This privacy policy applies to Disputas in relation with the “Ponder” service. We are responsible for processing personal data that is described in this privacy policy, and for controlling the use of said data. Our contact information can be found at the bottom of this page.

Disputas will not share personal data in other cases or in other ways that is described in this privacy policy, unless the user gives consent to this.

1 Who we will process personal data from

We mainly collect and process personal data from students. This privacy policy is directed towards our processing of personal data about the following persons:

  • Visitors of the website
  • Users of the Ponder product

2 Purpose, types of personal data and the legal basis for processing

Section 2.1 to section 2.4 of this privacy policy gives an overview of our purpose for processing of personal data, the kinds of personal data we process, and the legal basis for the processing of personal data.

2.1 Personal data processing related to the registration of a user account in Ponder

In connection with the registering and management of your Ponder user account, we process the following personal data:

  • Name and surname
  • Date of birth
  • Email address
  • Year of study and place of study

This personal data which is collected when you create a user account will mainly be used to deliver the Ponder service to you and to manage your user relations with us. For instance, when you use Ponder to work with texts, we will connect your user data to the text so that you can easily manage and recall your work at a later date.

For any processing that is described in this section, the legal basis for processing is either GDPR Article 6 a) (consent), Article 6 b) (necessary for the performance of Ponder), and Article 6 f) (legitimate interest).

The purpose of processing personal data in relation to your user account, is for us to use personal data to create data on the Ponder program based on demographics and place of study.

2.2 Interactive data processing related to the use of “Ponder”

In relation to your use of the Ponder program, certain information of your interaction with the program, such as comments, analyzes, classifications and assessments that you perform in the program, will be registered (“Interaction data”). This information will be processed in order for us to offer you access to the tools and services of the Ponder program, in addition to making it easier for you to access your own Interaction data. The legal basis for processing Interaction data is either GDPR Article 6 a) (consent) or Article 6 b) (necessary for the performance of Ponder).

We also wish to collect and aggregate information about our users, in particular information about their place of study, age, demographics, and similar data. We process such information with the purpose of creating statistics to improve our services. The legal basis for this sort of data processing is GDPR Article 6 f) (legitimate interest).

2.3 Anonymization of interactive data

Interaction data we collect from you will be stored in a database which is separated from your user data and your personal information. If you wish to delete your user account, any connection between the Interaction data, user data and personal data will be removed in a way which makes the Interaction data fully anonymized and impossible to track back to you as a person. This means that we can and will keep any Interaction data that you have produced if you delete your user account or request your personal information to be deleted.

We will also, regardless of whether you have deleted your account or requested deletion, periodically anonymize Interaction data for the purposes of developing our services or to cooperate with third parties. We may also hand over anonymous data to research institutions for research purposes.

2.4 Cookies

We use cookies when you use Ponder or visit our websites under the disputas.no-domain. These cookies are used in accordance with this privacy policy. A closer description of our use of cookies can be found in our cookie policy.

3 Data storage

Disputas reserves the right to store personal data connected to your user account in a time period of 12 months, and no longer than needed in order to fulfil the purposes of the processing, unless the user requests the data deleted in accordance with GDPR Article 17.

3.1 Who do we share personal data with?

Personal data will never be sold or transferred to any third parties, except when expressly stated in our privacy policy. We consider the user to be the owner of his or her own personal data.

In some cases we need to share your personal data with third parties that process personal data on behalf of us. In such cases, we will enter a data processor agreement which will ensure that any processing of your personal data takes place under our instructions.

Below is a general description of the data processors we make use of:

  • Our providers of ICT-services will have access to personal data if the data is stored at the provider, or if the provider gets access to the personal data in accordance with an agreement with us. This will for instance apply to our provider of cloud services, Google Cloud.
  • Our providers of Cookie-services will have access to personal information about you as far as is reasonably necessary for the cookies to work when you visit our website.

3.2 Google cloud

Personal data we collect about you will be stored in Google Cloud. This means that Google has insight in the stored personal information, as Google is responsible for the security of the storage.

3.3 Sharing of data with academic institutions

Through your use of Ponder, and with research and education purposes, Disputas reserves the right to transfer Interaction data to academic institutions. Personal data will not be shared alongside the Interaction data.

4 The user’s rights

The user has full ownership of its personal data. By using Ponder, you are given the rights described in the GDPR Chapter 3, including the right to:

  • Withdraw your consent If the user wishes to withdraw any consent regarding the processing of their personal data, this can be done at any time.
  • Request erasure or rectification: If the user wishes erasure or rectification of personal data we process, this will be arranged by Disputas. We will however remind the user that anonymous Interaction data created by the user will not be deleted, as they are not personally identifiable on their own. Only identifiable data will be erased or changed.
  • Get insight into any personal data we hold about you
  • Have your personal data delivered to you (data portability)

If you disagree with the way we process your personal data, you can contact us or the Norwegian Data Protection Authority.

5 Security

Disputas is committed to establishing procedures to handle your personal data with utmost care in accordance with applicable rules and regulations. The measures we undertake are technical and organizational in nature, and we will regularly carry out security assessments and control in our systems that are used to process the personal data.

6 Changes in the privacy policy

We reserve the right to make changes to this privacy policy. In the event of significant changes, we will notify you directly of the changes to the email address you have provided to us. You will always find the latest version of this privacy policy on our website.

7 Contact us

Disputas can be reached via email to post@disputas.no. The Norwegian Data Protection Authority protects your right to privacy, and can be reached on https://www.datatilsynet.no/en/about-us/contact-us/.