Processing of personal data in IDEX Biometrics ASA (“IDEX”).
Last updated 2 June 2020
When you use our website and/or are in contact with us in connection with receiving market and business information (newsletter) from us, IDEX will process personal data about you. Below you will find information about personal data collected, why we do this, and your rights related to the processing of personal data.
The data controller for the personal data we process is IDEX. The contact information is:
For questions you may have regarding our processing of your personal data, please contact us.
- Why do we collect personal data and what information we collect
We collect and use your personal data for different purposes, depending on who you are and how we came into contact with you. We collect the following personal data for the purposes stated here:
- Send out marketing, newsletters and provide information about our business: name, position, email address, company, and website. The process takes place based on an agreement with you.
- Recruitment to new positions at IDEX: CV, application, attestations and references. Processing of personal data is based on the consent you have given.
- From our suppliers, customers and others we process personal data. This is based on individual agreements and legitime interests.
- Use of data Processors and sub-suppliers
IDEX uses data processors to collect, store or otherwise process personal data on our behalf. In addition to the data processor, IDEX may use vendors, service providers, and partners who may help with some of IDEX’s data processing and storage, including customer support services at IDEX’s partners. They may also assist with monitoring IDEX’s servers for technical reasons. These vendors (as well as IDEX personnel) can access certain information about you and your account to carry out their work. Such vendors are not allowed to use this data for non-IDEX purposes. In such cases, we have entered into agreements to ensure information security at all stages of the data processing.
- Transfer of personal Data to others
You are informed that the whole or any part of your personal data may be processed by IDEX, its affiliates and subcontractors in the United States, in the European Union and the rest of the world, and may be transferred outside the country in which you provided personal data. International transfers of personal data are made in compliance with relevant international data protection laws and regulation.
Our sub-supplier West LLC complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. West Unified Communications Services and West IP Communications have certified to the Department of Commerce that they adhere to the Privacy Shield Principles.
We store your personal information with us as long as necessary for the purpose for which the personal data was collected. This means, for example that personal data we process based on your consent will be deleted if you withdraw your consent. Personal data we process to fulfill an agreement with you will be deleted when the agreement is fulfilled and all obligations arising from the agreement are fulfilled.
- Your rights when we process personal information about you
You have the right to require access, correction or deletion of personal data we are processing about you. You also have the right to demand limited processing, objection to processing and claim the right to data portability. You can read more about the content of these rights on the Norwegian Data Protection Authority‘s website: www.datatilsynet.no.
To take advantage of your rights, you must send an e-mail to email@example.com. We will respond to your inquiry to us as soon as possible and no later than 30 days.
You may withdraw your consent for processing personal information at any time. The easiest way to do this is to use the unsubscribe function in an e-mail, or to send an e-mail to firstname.lastname@example.org.
If you believe that our processing of personal data does not match what we have described here or we otherwise violate privacy laws, you may appeal to the Norwegian Data Protection Authority.
For information on how to contact the Norwegian Data Protection Authority, visit its website: www.datatilsynet.no.
- Governing Law and Venue