1. Processing of personal data
This data protection policy provides additional information on how and why we process personal data.
DIBkunnskap AS as data controller
DIBkunnskap AS "DIB” is the data controller in all DIB subsidiaries in connection with the processing of personal data of customers, users, customer contact persons and other persons as described in this data protection policy. In some cases, DIB also acts as a data processor on behalf of customers. For further information on this topic, see the general terms and conditions.
Please contact us at privacy(at)dib.eu with any questions about the data protection policy.
Services covered by this policy
This data protection policy relates to dib.no, dib.se, dib.eu and dflow.com (home pages), app.dib.no (dib), kontohjelp.no, kostrahjelp.no , app.dflow.com (dflow) and bompengekalkulator.no (the “Services”), which are developed by DIBkunnskap AS (974 379 511).
Purpose and basis for processing
Processing of your personal data is carried out to fulfil the User Agreement and for the legitimate interests of DIB.
If you consent to participate in surveys, receive marketing or other communication, DIB will process your data in accordance with Article 6(1)(a) of the General Data Protection Regulation (consent).
In addition, DIB processes the personal data provided by you or your employer to DIB for the purpose of fulfilling the agreement on the use of DIB's products, cf. Article 6(1)(b) of the General Data Protection Regulation.
DIB also processes the data generated by your use of our services on the basis of legitimate interests, cf. Article 6(1)(f) of the General Data Protection Regulation. The information is used to provide our service, for marketing, to improve our IT security, for communication and for the development of our products.
2. What data is processed?
Information you provide to us
How we use your personal data depends on which services you use and how you use those services. We use the data we have about you to provide support, customise and make our services available in a way that is relevant and useful to you.
We use your registration data to verify your identity and allow access to our services
We may communicate with you via email, for example about the availability of our services, security or other service communications. For example, emails on how to use the services, updates and reminders. You can always change your communication preferences. Please note that you cannot opt-out of service notifications from us, including notifications on security and legal issues.
We use data and content about users for invitations and communications that promote our services. We will only send you marketing information if you have consented to this, and you can withdraw your consent at any time.
We use data to conduct research to further develop our services to provide you and others with a better, more intuitive and personalised experience and increase engagement for our services.
We conduct surveys through our services. You are not obliged to answer surveys and you have the possibility to decide on the information you give us. You can opt-out of survey invitations.
We use the data (which may include your communications with us) necessary to investigate, answer and respond to complaints and problems with the service (e.g. errors).
We use your information to produce aggregated datasets, where it is no longer possible to identify you. For example, we may use your data to generate statistics about our users, their profession or industry, the number of ad impressions delivered or clicked on, or the demographic breakdown of visitors to a website.
We use your data (including your communications with us) if we believe it is necessary for security reasons or to investigate potential fraud or other violations of our License Terms, this Privacy Policy and/or attempts to harm our members or visitors.
Information from your employer
Your employer may provide us with information to enable you as a user to use DIB's platform. We may receive information about your work area, title, contact details and the IP address from which you are expected to access the service.
Use of services
We log usage data when you visit or otherwise use our services, including our websites, app and platform technology, for example when you view or click on a document or perform a search. We use logins, cookies, device information and internet protocol addresses ("IP addresses") to identify you and log your usage.
Cookies and other similar technologies
We collect data using cookies and similar technologies.
You can read more about how DIB uses cookies and similar technologies below.
You can also control the use of cookies through your browser settings and other tools.
Your device
We receive data from your devices and networks.
When you visit or leave our services (including our plugins, cookies or similar technology on other people's websites), we receive the address of both the website you came from and the one you go to. We also receive information about your IP address, proxy server, operating system, browser and add-ons, device ID and capabilities, and/or ISP.
Newsletters
We will only send you newsletters if you have an active subscription. If you no longer wish to receive our newsletter, you are always free to opt-out.
We process your personal data for as long as you are subscribed to the newsletter. If you unsubscribe from the newsletter, we will stop sending it to you.
By unsubscribing from the newsletter, we will keep your contact details, but you will of course no longer receive the unsubscribed newsletter.
Other information
Our services are dynamic, and we often launch new features that may require the collection of new data. If we collect new personal data or use your personal data for other purposes, we will notify you and we will amend this privacy policy as relevant.
3. Your rights as a data subject
As a data subject, you have a selection of rights that you can exercise by contacting us at the email address specified in section 6 or by sending us a letter.
Your rights include the right to request access to the personal data we process about you and the right to receive a copy of it.
In some cases, you have the right to object to our processing of your personal data, to request the rectification or erasure of your personal data that you believe is inaccurate, outdated, etc., or to request the restriction or erasure of the processing of your personal data.
As a data subject, you also have the right to data portability if specific conditions in data protection legislation are met. If technically feasible, you also have the right to have your personal data transmitted to another data controller.
In certain cases, a request to exercise your rights may be restricted in accordance with applicable rules, including consideration for critical private interests if these are deemed to override your interests as a data subject.
If you have previously given DIB your consent to the processing of your personal data, you have the right to withdraw your consent at any time. The withdrawal of your consent does not change the lawfulness of the processing carried out until the withdrawal. If you withdraw your consent, the processing of your personal data will cease and your personal data will be deleted, unless there is a legitimate or legal basis to keep it.
You can read more about your rights in the Norwegian Data Protection Agency's guide on rights of data subjects.
Please contact us at prvacy(at)dib.eu if you have any questions or would like to exercise your rights.
4. Storage of data
Data storage
We store your personal data for up to 8 years after the end of the cooperation, depending on the type of data and whether there is specific legislation requiring the storage of personal data.
As Karnov Group is listed on the Swedish Stock Exchange, there are in certain cases special requirements for storage, e.g. of financial information.
As a general rule, user information is deleted as soon as an account is removed, unless there are special circumstances justifying a longer retention period, see below.
Termination of online access
We will retain some of your data even if you terminate your online access, providing it is necessary for compliance with our legal obligations (including requests from official authorities), compliance with laws and regulations, resolving disputes, maintaining security, preventing fraud and abuse, or enforcing our user agreement.
Specific information for authors and experts
We retain and process some of your personal data in relation to previously published works or other literary works. The aim is to provide an overview of the author history and to present the author history to new authors and customers, thus maintaining a complete author history.
5. Transfer of data to third countries
DIB uses suppliers and subcontractors for the processing and storage of personal data in order to provide our online universe. Among these suppliers and subcontractors are companies that are either located in third countries or are connected to such companies by corporate law.
DIB strives to ensure that all processing of personal data takes place within the EU/EEA. If this is not possible, the necessary organizational and technical measures will be taken to ensure adequate protection of the personal data. An example of such a type of measure could be anonymization.
6. Disclosure of personal data
DIB does not disclose personal data to third parties, unless it is done as part of performing a task on behalf of DIB, including disclosure to other affiliated companies. This disclosure takes place on the basis of Article 6(1)(f) of the General Data Protection Regulation (legitimate interest). In cases where it is necessary, an appropriate data processing agreement will always be concluded.
Personal data will be disclosed to third parties when necessary in connection with legal proceedings or commercial transactions such as mergers or acquisitions, in line with our legitimate interest in pursuing such legal proceedings or implementing such commercial transactions (Article 6(1)(f) GDPR). We will also disclose personal data to public authorities or others when we are required to do so by law.
7. Amendment
If necessary, we may amend this privacy policy.
If you do not want to accept the amendments, you can terminate your access to the service pursuant to your subscription agreement. Your continued use of our services after we have published means that you accept the updated privacy policy.
8. Contact
Questions
If you have any questions about our processing of your personal data, please feel free to contact us at privacy(at)dib.eu.
Complaints
At any time, you may submit a question or complaint about DIB's processing of personal data to the Data Protection Authority of the relevant country.
This privacy policy was last updated in August 2024.
Changelog
Version | Change category (new / update / wording / other) | Description of main changes | Effective from |
2.00 | Update | Complete revision of privacy policy | 1 September 2024 |
1.72 | Update | Added EasyQuest as new subprocessor | 27 September 2021 |
1.71 | Wording | Minor editorial changes (numbering, headlines etc.) | 30 October 2020 |
1.70 | Update | Clarifications regarding processing purposes, legal basis for processing, disclosure to third parties, rights, and storage/deletion. | 22 October 2020 |
1.60 | Update | The EU-U.S. Privacy Shield, which was invalidated by an EU court, has been removed. Instead, an EU standard agreement has been signed with Intercom (located outside the EU/EØS) to ensure secure processing of personal data | 31 August 2020 |
1.51 | Wording | bompengekalkulator.no (ny) added under "Services" | 1 May 2020 |
1.50 | Update | Changes to comply with GDPR | 15 May 2018 |