PRIVACY POLICY FOR HOSTED MENDER
Last updated: June 5, 2019
While our customers are companies, employees and other individuals related to our customers will interact with the Service and thereby submit personal information. In this privacy policy (the "Privacy Policy"), We explain which personal information We collect, why we collect it, and how We use the information. This Privacy Policy is part of Our Master Services Agreement for Hosted Mender (the "Agreement"). All capitalized terms used in the Privacy Policy shall have the same meanings as in the Agreement, except that the term "You" shall mean an individual acting on behalf of the customer.
1. Information We collect and how we use it
Information You provide to us
When You register an Account, You register Your name and your e-mail. Except from such Account information, You shall not submit to Us, use the Service to collect, or otherwise use the Service so that We receive, information that directly or indirectly identifies any natural person.
The personal data You submit when registering Your Account will be used only to administer the customer relationship, such allowing you to place orders, register devices, sending invoices and providing Service notices. Unless you notify us that you do not want such information, we will also use your information to send you electronic marketing relating to the Service.
When You sign up to receive Our newsletter, You register Your e-mail address. We will use the e-mail address to send newsletters as requested. You may withdraw Your consent at any time.
We need to process the above information in order to provide the Service as requested by You.
Information We register when the Service is provided
A list of data we collect can be found at https://northern.tech/legal/data.
This information is necessary to for Us to be able to provide the Service.
The information is also used (i) to better understand how our users access and use the Service, (ii) to better respond to users' preferences and wishes, (iii) to improve the Service as a whole, and (iv) for statistical and analytical purposes. Our processing of Your data for these purposes is based on Us having a legitimate interest in the processing. The legitimate interest We pursue is the fact that We need to continuously update and improve the Service to stay competitive and to provide the best possible user experience.
Processing of personal data based on Your consent
We will not process Your personal data for any other purpose unless you have consented to such processing by way of a declaration that you consent to such processing.
2. How we share your personal information
We only share your personal information with others if it is necessary to perform the service or we should be bound to such sharing by law, regulation or legal process.
Any sharing in addition to such sharing as mentioned in this paragraph requires your consent. This does not prevent us from using processors to process personal information on our behalf (subject to a data processing agreement). Some of our processors are located outside the EU/EEA. The processing of personal data by such processors is safeguarded by entry into of the EU's standard contractual clauses for transfer of personal data to third countries. Processors located in the USA may alternatively be Privacy Shield certified.
3. Data retention
Your personal data will not be retained by Us for a period which is longer than necessary for the purpose for which the data was collected. This means that We will delete Your data when they are no longer required in order for Us to provide the Service or we otherwise need the data, for example for invoicing or bookkeeping purposes.
4. Access, correction and deletion of personal data
You have the right to access the personal data we have registered about You. The information You have registered is visible on your Account. If any of the information We have registered about You is incorrect, We encourage You to make changes to Your Account. There, You may also delete Your personal information unless the information is necessary for Us to provide the Service. You may also withdraw any consents you have given at any time.
5. Cookies
We use cookies and other web technologies to enhance the user experience and make the most effective use of the Service. A cookie is a piece of data sent from a web server when You access the Service and stored locally on Your browser. The purpose is to use cookies to maintain data related to user preferences and account settings, as well as to evaluate and compile statistics about user activity. Most browsers accept cookies as default. You may decline your use at any time by making changes to the browser settings to not accept cookies. However, note that some parts of the service may not work properly if cookies are removed.
6. Information Security
We have implemented organizational and technical procedures and measures that will ensure that your personal information is not compromised, not unintentionally changed, and available when required.
7. Changes to the Privacy Statement
We will occasionally update this privacy statement to reflect any changes to the service. In such cases, a changed privacy statement will be published on https://mender.io
In case of major changes, we will notify You directly in the appropriate manner, either via the Service or by email.
8. Controller and contact information
Northern.tech AS, organization number 892 847 282, Gaustadalléen 21, 0349 Oslo, Norway, is the controller.
We can be contacted by mail: legal@northern.tech
You are entitled to lodge a complaint with the Norwegian Data Inspectorate if You believe we violate Your privacy rights, but You should always contact Us first so that we can try to resolve the issue first.
EU/US Privacy Shield
Northern.tech complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Northern.tech has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Northern.tech is subject to the investigatory and enforcement powers of the FTC. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Northern.tech has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU. Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
In cases of onward transfer of personal information to third parties of data of EU individuals received pursuant to the EU-U.S. Privacy Shield, Northern.tech remains liable.