Privacy Statement

This privacy statement describes the way we collect and process your personal
data when you are using Swairi’s website and portal.
We hold the role as data controller about the processing of personal data
described in this privacy statement.

Whose personal data do we process?

This privacy statement describes our processing of personal data related to the
following categories of individuals:
Contact persons and employees of customers who use the Swairi portal
Other private individuals that have been registered in the portal (e.g. next of kin)

Purpose, Personal data categories and legal basis

In the following we will specify the purpose of the processing of personal data,
which categories of personal data we process, and the legal basis for such
processing.

1. Processing of personal data in connection with implementing
and administration of the Swairi portal

In connection with registration and administration of an account in the Swairi
portal, we will process the following of your personal data:
● Name of user admin, contact person at the customer
● Job title
● E-mail address
● Personal username
Other information provided voluntarily by the customer, such as telephone
number.
Personal data registered when setting up a user profile will mainly be used for
providing service and support based on the information registered. We will, for
example, use your e-mail address for the purpose of providing the notification
services that your employer (our customer) has registered for.


In addition, personal data may be used for the purpose of documenting the use of
the Swairi portal, since all activities are logged for IT security reasons. When a user
logs into the portal, a unique ID is created. This ensures that the user does not
have to submit a username and password multiple times within a certain time
frame. The ID also enables the abovementioned logging of activities. Information
that is created as a result of the use of the portal, including IP addresses, is stored
on a central server belonging to Swairi. This information will solely be used in
connection with user support and will never be made accessible to a third party.

All processing described under this section will be based on either GDPR Article 6
no. 1 letter b) (agreement) or letter f) (legitimate interest).

2. Processing of personal data when we communicate directly
with you

Swairi aims at providing our customers with updated and solid information on the
different updates and other issues we deem to be relevant for the customers to
enjoy the services we offer. From time to time we will therefore publish
newsletters and other relevant information to individuals who have registered a
user profile in the Swairi-portal.


We will only communicate marketing content to you if you have expressly given
your consent to such communication. Consent is obtained when you register for
the Swairi portal and may be withdrawn at any time on your profile in the Swairi
portal. Our basis for this type of communication is GDPR Article 6 no. 1 letter a)
(consent) and the Marketing Practices Act section 15 (1).
We will also send you newsletters and other content containing general
information such as information on the product we provide you with, the tender
notification service, tender news, invitation to seminars/webinars etc. Such
communication will not include any marketing material, and our basis for such
communication is GDPR Article 6 no. 1 letter f (legitimate interest).

3. Use of cookies on the Swairi website

Swairi uses cookies and similar technology for gaining insight into user interactions
on our website. We use the following categories of cookies on our websites:
● Essential cookies: Cookies that are essential for providing the services SWAIRI offers
to its customer.


● Performance- and functionality cookies (HubSpot): Cookies that are used to improve
the website’s functionality. These cookies are not crucial for providing our services,
but are used for ensuring you the best possible user experience.
Analytical cookies (Google Analytics, HubSpot, Hotjar, Facebook Pixel, LinkedIn
Insight Tag): Cookies that are used to collect and aggregate information to help us
understand how our websites are used and monitor the efficiency of our marketing
campaigns. They also help us tailor our websites to user preferences.


● Social media cookies (Facebook Pixel, HubSpot, LinkedIn Insight Tag): Cookies that
ensure that you are able to share sites and content that you find interesting on our
websites through third party suppliers of social media and other websites (LinkedIn,
Facebook etc).


Our main purpose for such use of cookies is to gain insight into user interactions
on our website to be able to provide the best possible service. The personal data
that is processed in this context is Cookie-ID, type of device, type of browser and
IP address.
You may at any time withdraw your consent to use of cookies by turning it off in
your browser. However, it is important to emphasize that doing so might result in
reduced functionality on our websites.

4. Swairi as data processor

Swairi will hold the role as a data processor when customers, including employees
with the customer, enter information containing personal data in the Swairi
portal. The customer is then the data controller of the personal data and
therefore responsible for ensuring that such processing of personal data takes
place in compliance with GDPR. Swairi’s processing of personal data as data
processor, i.e. on behalf of customers, is regulated by a data processing
agreement with each customer.

5. With whom do we share your personal data?

Our IT-service providers may have access to personal data if the personal data is
stored with the provider or the provider has in another way gained access to your
personal data under the service agreements they have entered into with us. Our
sub-processor:

Hosting service – Deploi AS
Our cookies services providers may gain access to your personal data in
connection with your visit to our websites.
The abovementioned parties act in accordance with a valid data processing
agreement and under our instructions. We do not share personal data in other
instances or in other ways than what is described in this privacy statement, unless
you explicitly request or consent to this. However, in certain cases, Swairi reserves the right to release information regarding registered users to public authorities if required by law.

6. How can a user gain access to his/her personal
data, and how can one rectify the data?

Each user is responsible for ensuring that the registered information is valid and
correct, including making sure that only the necessary user information for using
the portal is registered on behalf of the company that the user belongs to. The
user may be suspended or permanently blocked from the portal if false
information is provided at registration, i.e. a false name or inaccurate contact
information.
Users that are logged on to the Swairi-portal can control and update their own
user profile. It is also possible to add and delete information that is not
mandatory, such as subscription/unsubscription from Swairi’s newsletters. All user
profiles that contain invalid information will be deleted without prior notification.
If a user has forgotten his/her password, a request can be submitted for
generating a new code, via e-mail.
If the user demands access to registered information connected to the user’s own
personal data, it will be logged in the Swairi-portal. The user can contact Swairi at
any time for information on the logged information or other things relating to its
personal data. Please see the contact information at the end of this document.

7. For how long will the personal data be stored,
and how can a user delete his/her data?

The data is stored for as long as required by law and Swairi will delete the data
when it is no longer required for the purposes described under this privacy
statement. This period is dependent on the type of information and why it is being
stored:
● User profiles that are registered in connection with purchase of Swairi licenses are
deleted when they have been inactive for a period of 12 months after expiry of the
license period.
● User profiles that are registered in connection with use of the Swairi-portal without
purchasing licenses are deleted when they have been inactive for 12 months.
Further information on the type of data we store and how you can have this
deleted can be retrieved by contacting Swairi. Please find the contact information
at the end of this document.

8. Your rights

According to the personal data legislation, you as the registered party have the
right to:
● Request access to all personal data we process about you;
● Request that the processed personal data is deleted or corrected;

● Withdraw your consent if you have previously consented to processing of
personal data.
Users who for instance do not wish to receive marketing material from Swairi can:
● unsubscribe from receiving newsletters and other information by updating
this on their user profile
● retrieve your personal data that you previously have submitted to Swairi
and transfer these to another data controller without Swairi’s interference
(data portability)
● file a complaint with the supervisory authority (Datatilsynet).

9. Changes to the privacy statement

We may make minor changes to this privacy statement. The latest version can
always be found on our website.

10. Customer service and contact with Swairi

We are always happy to help you. Our office is open from 9-16 (CET), Monday
through Friday. The office hours may vary on public holidays.
Issues regarding the data processing agreement: post@swairi.com