1. About this document
This Personal Data Policy describes information that we collect, process, share, and store, including personal information, for use within the services and solutions provided by GSGroup (collectively, the “Services”).
In this Policy, the terms “GSGroup”, “we”, “us” and “our” refers to GSGroup and its affiliates.
The Services is intended for use by employees and hired workers of organizations and in accordance with the organizations’ instructions. You are using the Services on an account issued to you by your employer or another organization (your “Organization”), that Organization is likely to have its own policies regarding storage, access, modification, deletion and retention of information that you submit or provide through the Services. This means that your Organization has the right to (i) control and administer your GSGroup account (“Your Account”) and (ii) access and process any data that you submit, generate or provide through the Services, including, for example, your positions and communications.
Your Organization is the data controller. GSGroup is the data processor, processing your personal data, including any personal data you provide by using the Services, on behalf of your Organization.
Please contact your Organization with any privacy enquiries regarding policies, including any enterprise agreements with GSGroup, that it has in place regarding your use of the Services. Complains may be filed to your Organization or to the National Data Protection Authority.
GSGroup is committed to protecting your privacy and developing technology that gives you the most powerful and safe online and offline experience. By using the Services, you consent to the data practices described in this document, and you agree to allow us to collect and process information as described below.
3. Why we process the data
The purpose of processing your personal data is to fulfill the contract GSGroup has with you or your company. What that means in terms of what data we collect and process, how and where we process it, and for how long, is described below. It is important that you read this, as you by taking the Services into use, gives your Organisation, and us as your Organization’s data processor, your consent to process your personal data for the said purpose.
4. Legal basis for processing
The legal basis for the processing of personal data is your agreement with your Organization, as using the Services is a natural tool for your work for the Organization. In addition, legal basis would also be your consent and the relevant data protection law. Our processing of the data is required in order to fulfil the agreement we have with your Organization.
Your personal data is processed in accordance with the applicable National Personal Data Act and the Personal Data Regulations, which from 25 May 2018 will include the EU General Data Protection Regulation, (EU) 2016/679 (“GDPR”).
According to the GDPR you have the right to request for:
- Access to your personal data,
- Rectification or erasure the personal data
- Portability of your data, extracting the personal data for transferring it to other service providers
- Submitting your personal data is voluntary and you have the right to restrict our use of the personal data, but some basic information is needed to enable Services to operate.
If you have any such requests, you may contact your Organization, as described in Section 10.
5. What data we collect
Common data collection which applies for all GSGroups products (including all subcategories):
- Your full name
- Contact information: Phone number, mobile number, Adress, email adress
- Location – GPS data, when using the Services, or using a vehicle or other objects connected to the tracking Services Vehicle registration number
- User communications, feedback, suggestions and ideas sent to us
- Billing information;
- and Information that you provide to us when you or your Organization contact or engage us for support regarding the Services.
A) In addition Fleetsystems collects:
- Login information:
- Username and password;
- Time of login
- Location – GPS data, when using the Services, or using a vehicle or other objects connected to the tracking Services;
- IP-address - We automatically collect certain information on your Organization’s behalf through the Services, such as your Internet protocol (IP) address and other browser or device identifiers, browser type, operating system, crash data, Internet service provider, the date and time of you are using the Services and other information about your activities within the Services. This is logged for diagnostic and security purposes.
B) myFleet collects:
No other data than the common data collection for all GSGroup.
C) In addition Paikannin collects:
- Driver identification
D) In addition Smartday collects:
a) Corporate customer:
- Attention name
b) Employee at customer:
- Certification number
- Cell number
- Car ID
- Position, address
- Vehicle states
c) Service objects at customer:
- Serial number
- Installation date
- Attention name
d) Debitters at customer:
- Cvr number
- Debitor note
- Attention name
- Note 1
- Note 2
- Form data
- Form signature
- Photo & files
- Attention name
E) In addition Spotguard collects:
- IP addresses, we automatically collect certain information on your Organization’s behalf through the Services, such as your Internet protocol (IP) address. This is logged for diagnostic and security purposes.The information mentioned above is either provided by you or your activity using the Services, or information we receive from your Organization.
Spotguard Insurance customers:
- IP-address, we automatically collect certain information on your insurance company’s behalf through the Services, such as your Internet protocol (IP) address. This is logged for diagnostic and security purpos
F) In addition Travellog collects:
- Login information: username and password, time of login
- IP addresses, we automatically collect certain information on your Organization’s behalf through the Services, such as your Internet protocol (IP) address. This is logged for diagnostic and security purposes. ¸ The information mentioned above is either provided by you or your activity using the Services, or information we receive from your Organization.
6. How we use your data
The information we collect is used to provide, develop and improve the Services, including information necessary to improve our service and safety features.
We or your Organization may use your contact details to send you information, or to ask you to participate in surveys about your Services use.
We may also use this information in an aggregated, non-identified form for research purposes and to help us make decisions on the direction of sales, marketing, product development and business activities.
We use industry-standard methods to keep this information safe and secure while it is transmitted over your network connection and through the Internet to our servers located in Norway.
All information and all files uploaded to Services are encrypted upon uploading to our cloud-based service.
7. Where we process your data
The personal data we collect from you is stored and processed on our own servers at Torp IT in Norway or in other countries within EU/ EEA.
8. Disclosure of information
GSGroup does not share personal information for any commercial or marketing purpose unrelated to the delivery of GSGroup products and services. The personal information will be shared with your Organization as part the purpose of the Services.
The following are the limited situations where we may share personal information:
- With your explicit consent: We may share personal information when we have your consent. Your personal information may be collected, processed and stored by GSGroup or its service providers within the European Union, the EEA, or locations regulated by EU style privacy regulations. As a result, your personal information may be subject to legal requirements, including lawful requirements to disclose personal information to government authorities, in those jurisdictions.
- Legal requests: If we receive a subpoena, warrant, discovery order or other request or order from a law enforcement agency, court, other governmental entity or litigant that seeks data relating to the Services, we will make reasonable attempts to direct the requesting party to seek the data directly from your Organization. If we ask the requesting party to direct the request to the Organization, we will provide your Organization’s contact information to the requesting party. If legally compelled to produce information and unless legally prohibited, we will use reasonable efforts to notify your Organization so that they can notify you pursuant to your Organization’s policies and as permitted by law. We will direct any requests for information under data protection laws to your Organization, unless prohibited by law.
- Aggregate or de-identified data: We may share non-personal information (for example, aggregated or anonymized customer data), to improve, support and operate GSGroup software, products and services, and to create and distribute reports regarding use of such products and services. We take steps to keep this non-personal information from being associated with you.
9. Safety and security
We use the information that we have to help verify accounts and activity and to promote safety and security on and off our Services on your Organization’s behalf, such as by investigating suspicious activity or violations of our terms or policies. We work hard to protect Your Account using teams of engineers, automated systems and advanced technology such as encryption and machine learning.
10. Accessing and modifying your information
You and your Organization may access, correct or delete information that you have uploaded to the Services using the tools within the Services. If you are not able to do so using the tools provided in the Services, you should contact your Organization directly to access or modify your information.
Changes that you make to your information on the Services take immediate effect on your specific network, but data will be retained by GSGroup in backup copies for a commercially reasonable amount of time and as directed by your Organization.
11. Account closure
If you would like to stop using the Services, you should contact your Organisation. Similarly, if you stop working for or with the Organisation, the Organisation may suspend Your Account and/or delete any information associated with Your Account.
It typically takes about 30 days to delete an account on behalf of your Organisation after account closure, but some information may remain in backup copies for a reasonable period of time as directed by your Organisation. Please note that content you create and share on the Services is owned by your Organisation and may remain on the Services and be accessible even if your Organisation deactivates or terminates Your Account. In this way, content that you provide on the Services is similar to other types of content (such as presentations or memos) that you may generate in the course of your work.
12. How long we store your information
GSGroup generally stores your personal information on GSGroup’s servers for as long as you or your Organization remain a GSGroup customer. To the extent there are legal requirements for duration of storage, such as for accounting purposes, we may store data for up to 10 years.
As described above you have the right to request for the data to be deleted.
Data processing agreements
Data processing agreement Guard Systems
Data processing agreement Handyman
Data processing agreement Smartday
Data processing agreement Paikannin.com
Data processing agreement myFleet