1 Who we will process personal data from
- Visitors of the website
- Users of the Ponder product
2 Purpose, types of personal data and the legal basis for processing
2.1 Personal data processing related to the registration of a user account in Ponder
In connection with the registering and management of your Ponder user account, we process the following personal data:
- Name and surname
- Date of birth
- Email address
- Year of study and place of study
This personal data which is collected when you create a user account will mainly be used to deliver the Ponder service to you and to manage your user relations with us. For instance, when you use Ponder to work with texts, we will connect your user data to the text so that you can easily manage and recall your work at a later date.
For any processing that is described in this section, the legal basis for processing is either GDPR Article 6 a) (consent), Article 6 b) (necessary for the performance of Ponder), and Article 6 f) (legitimate interest).
The purpose of processing personal data in relation to your user account, is for us to use personal data to create data on the Ponder program based on demographics and place of study.
2.2 Interactive data processing related to the use of “Ponder”
In relation to your use of the Ponder program, certain information of your interaction with the program, such as comments, analyzes, classifications and assessments that you perform in the program, will be registered (“Interaction data”). This information will be processed in order for us to offer you access to the tools and services of the Ponder program, in addition to making it easier for you to access your own Interaction data. The legal basis for processing Interaction data is either GDPR Article 6 a) (consent) or Article 6 b) (necessary for the performance of Ponder).
We also wish to collect and aggregate information about our users, in particular information about their place of study, age, demographics, and similar data. We process such information with the purpose of creating statistics to improve our services. The legal basis for this sort of data processing is GDPR Article 6 f) (legitimate interest).
2.3 Anonymization of interactive data
Interaction data we collect from you will be stored in a database which is separated from your user data and your personal information. If you wish to delete your user account, any connection between the Interaction data, user data and personal data will be removed in a way which makes the Interaction data fully anonymized and impossible to track back to you as a person. This means that we can and will keep any Interaction data that you have produced if you delete your user account or request your personal information to be deleted.
We will also, regardless of whether you have deleted your account or requested deletion, periodically anonymize Interaction data for the purposes of developing our services or to cooperate with third parties. We may also hand over anonymous data to research institutions for research purposes.
3 Data storage
Disputas reserves the right to store personal data connected to your user account in a time period of 12 months, and no longer than needed in order to fulfil the purposes of the processing, unless the user requests the data deleted in accordance with GDPR Article 17.
3.1 Who do we share personal data with?
In some cases we need to share your personal data with third parties that process personal data on behalf of us. In such cases, we will enter a data processor agreement which will ensure that any processing of your personal data takes place under our instructions.
Below is a general description of the data processors we make use of:
- Our providers of ICT-services will have access to personal data if the data is stored at the provider, or if the provider gets access to the personal data in accordance with an agreement with us. This will for instance apply to our provider of cloud services, Google Cloud.
- Our providers of Cookie-services will have access to personal information about you as far as is reasonably necessary for the cookies to work when you visit our website.
3.2 Google cloud
Personal data we collect about you will be stored in Google Cloud. This means that Google has insight in the stored personal information, as Google is responsible for the security of the storage.
3.3 Sharing of data with academic institutions
Through your use of Ponder, and with research and education purposes, Disputas reserves the right to transfer Interaction data to academic institutions. Personal data will not be shared alongside the Interaction data.
4 The user’s rights
The user has full ownership of its personal data. By using Ponder, you are given the rights described in the GDPR Chapter 3, including the right to:
- Withdraw your consent If the user wishes to withdraw any consent regarding the processing of their personal data, this can be done at any time.
- Request erasure or rectification: If the user wishes erasure or rectification of personal data we process, this will be arranged by Disputas. We will however remind the user that anonymous Interaction data created by the user will not be deleted, as they are not personally identifiable on their own. Only identifiable data will be erased or changed.
- Get insight into any personal data we hold about you
- Have your personal data delivered to you (data portability)
If you disagree with the way we process your personal data, you can contact us or the Norwegian Data Protection Authority.
Disputas is committed to establishing procedures to handle your personal data with utmost care in accordance with applicable rules and regulations. The measures we undertake are technical and organizational in nature, and we will regularly carry out security assessments and control in our systems that are used to process the personal data.
7 Contact us
Disputas can be reached via email to firstname.lastname@example.org. The Norwegian Data Protection Authority protects your right to privacy, and can be reached on https://www.datatilsynet.no/en/about-us/contact-us/.