This year, new rules for processing personal data are being introduced in the EU/EEA. The new General Data Protection Regulation (GDPR) is intended to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.
Read more about what the new data protection rules will mean for your business on the European Commission web-site.
What is GSGroup doing for you?
GSGroup will always ensure that our products and services comply with the data protection rules. We focus on data protection, and have long experience of processing personal information. GSGroup can assure you that data will be handled safely and securely, and in accordance with established standards within information security.
This Personal Data Policy describes information that we collect, process, share, and store, including personal information, for use within the services and solutions provided by GSGroup (collectively, the “Services”).
In this Policy, the terms “GSGroup”, “we”, “us” and “our” refers to GSGroup and its affiliates.
The Services is intended for use by employees and hired workers of organizations and in accordance with the organizations’ instructions. You are using the Services on an account issued to you by your employer or another organization (your “Organization”), that Organization is likely to have its own policies regarding storage, access, modification, deletion and retention of information that you submit or provide through the Services. This means that your Organization has the right to (i) control and administer your GSGroup account (“Your Account”) and (ii) access and process any data that you submit, generate or provide through the Services, including, for example, your positions and communications.
Your Organization is the data controller. GSGroup is the data processor, processing your personal data, including any personal data you provide by using the Services, on behalf of your Organization.
Please contact your Organization with any privacy enquiries regarding policies, including any enterprise agreements with GSGroup, that it has in place regarding your use of the Services. Complains may be filed to your Organization or to the National Data Protection Authority.
GSGroup is committed to protecting your privacy and developing technology that gives you the most powerful and safe online and offline experience.
By using the Services, you consent to the data practices described in this document, and you agree to allow us to collect and process information as described below.
The purpose of processing your personal data is to fulfill the contract GSGroup has with you or your company. What that means in terms of what data we collect and process, how and where we process it, and for how long, is described below.
It is important that you read this, as you by taking the Services into use, gives your Organisation, and us as your Organization’s data processor, your consent to process your personal data for the said purpose.
The legal basis for the processing of personal data is your agreement with your Organization, as using the Services is a natural tool for your work for the Organization. In addition, legal basis would also be your consent and the relevant data protection law. Our processing of the data is required in order to fulfil the agreement we have with your Organization.
Your personal data is processed in accordance with the applicable National Personal Data Act and the Personal Data Regulations, which from 25 May 2018 will include the EU General Data Protection Regulation, (EU) 2016/679 (“GDPR”). According to the GDPR you have the right to request for:
Access to your personal data,
Rectification or erasure the personal data
Portability of your data, extracting the personal data for transferring it to other service providers
Submitting your personal data is voluntary and you have the right to restrict our use of the personal data, but some basic information is needed to enable Services to operate.
If you have any such requests, you may contact your Organization, as described in Section 10.
Common data collection which applies for all GSGroups products (including all subcategories)
A) In addition Fleetsystems collects:
B) myFleet collects:
No other data than the common data collection for all GSGroup.
C) In addition Paikannin collects:
D) In addition Smartday collects:
a) Corporate customer:
b) Employee at customer:
c) Service objects at customer:
d) Debitters at customer:
E) In addition Spotguard collects:
Spotguard Insurance customers:
F) In addition Travellog collects:
The information mentioned above is either provided by you or your activity using the Services, or information we receive from your Organization.
The information we collect is used to provide, develop and improve the Services, including information necessary to improve our service and safety features.
We or your Organization may use your contact details to send you information, or to ask you to participate in surveys about your Services use.
We may also use this information in an aggregated, non-identified form for research purposes and to help us make decisions on the direction of sales, marketing, product development and business activities.
We use industry-standard methods to keep this information safe and secure while it is transmitted over your network connection and through the Internet to our servers located in Norway.
All information and all files uploaded to Services are encrypted upon uploading to our cloud-based service.
The personal data we collect from you is stored and processed on our own servers at Torp IT in Norway or in other countries within EU/ EEA.
GSGroup does not share personal information for any commercial or marketing purpose unrelated to the delivery of GSGroup products and services. The personal information will be shared with your Organization as part the purpose of the Services.
The following are the limited situations where we may share personal information:
With your explicit consent: We may share personal information when we have your consent.
Your personal information may be collected, processed and stored by GSGroup or its service providers within the European Union, the EEA, or locations regulated by EU style privacy regulations. As a result, your personal information may be subject to legal requirements, including lawful requirements to disclose personal information to government authorities, in those jurisdictions.
Legal requests: If we receive a subpoena, warrant, discovery order or other request or order from a law enforcement agency, court, other governmental entity or litigant that seeks data relating to the Services, we will make reasonable attempts to direct the requesting party to seek the data directly from your Organization. If we ask the requesting party to direct the request to the Organization, we will provide your Organization’s contact information to the requesting party. If legally compelled to produce information and unless legally prohibited, we will use reasonable efforts to notify your Organization so that they can notify you pursuant to your Organization’s policies and as permitted by law. We will direct any requests for information under data protection laws to your Organization, unless prohibited by law.
Aggregate or de-identified data. We may share non-personal information (for example, aggregated or anonymized customer data), to improve, support and operate GSGroup software, products and services, and to create and distribute reports regarding use of such products and services. We take steps to keep this non-personal information from being associated with you.
We use the information that we have to help verify accounts and activity and to promote safety and security on and off our Services on your Organization’s behalf, such as by investigating suspicious activity or violations of our terms or policies. We work hard to protect Your Account using teams of engineers, automated systems and advanced technology such as encryption and machine learning.
You and your Organization may access, correct or delete information that you have uploaded to the Services using the tools within the Services. If you are not able to do so using the tools provided in the Services, you should contact your Organization directly to access or modify your information.
Changes that you make to your information on the Services take immediate effect on your specific network, but data will be retained by GSGroup in backup copies for a commercially reasonable amount of time and as directed by your Organization.
If you would like to stop using the Services, you should contact your Organisation. Similarly, if you stop working for or with the Organisation, the Organisation may suspend Your Account and/or delete any information associated with Your Account.
It typically takes about 30 days to delete an account on behalf of your Organisation after account closure, but some information may remain in backup copies for a reasonable period of time as directed by your Organisation. Please note that content you create and share on the Services is owned by your Organisation and may remain on the Services and be accessible even if your Organisation deactivates or terminates Your Account. In this way, content that you provide on the Services is similar to other types of content (such as presentations or memos) that you may generate in the course of your work.
GSGroup generally stores your personal information on GSGroup’s servers for as long as you or your Organization remain a GSGroup customer. To the extent there are legal requirements for duration of storage, such as for accounting purposes, we may store data for up to 10 years.
As described above you have the right to request for the data to be deleted.