Privacy Policy for ProntoTV
Powered by SIGNATU  
Published: 7 months ago (May 24, 2018)
How to contact us

ProntoTV

Grev Wedelsplass 9 0151 Oslo
NORWAY
Org. ID981 106 431
Email info@prontotv.no
Phone +4722545060
What does our Privacy Policy cover?

When

Our privacy policy is:

  • effective as of:
    25.05.2018
  • published:
    01.05.2018

What and where

Our policy applies to:

  • our website:
    www.prontotv.no
  • other systems include:
    Our Content management system Pronto Publish
    Our Support systems
    Our Public network (Meraki)
Why and how do we process your personal data?
We undefined website activity from www.prontotv.no to make the ProntoTV site easier to use and to better tailor the ProntoTV site and our products to your interests and needs. Cookies may also be used to help speed up your future activities and experience on our site. We also use cookies to compile anonymous, aggregated statistics that allow us to understand how people use our Site and to help us improve their structure and content. We cannot identify you personally from this information.
Some of the information that is collected is:

We undefined contact information and usage data in ProntoPublish to We collect your contact info to:

  • enable you to log in to and use ProntoPublish,
  • identify your account,
  • provide you customer support

Information that we collect:

  • Username
  • First-/last name
  • Email adresse
  • Phone number
  • Company
  • Role

In addition we also store usage information:

  • IP adresse
  • Browser type and version
  • OS
  • Last login

We collect your encrypted password to :

  • authenticate you, and
  • authorize your access to ProntoPublish..
We undefined contact information in our support systems (CRM/Project mng/economy/etc) to to facilitate installation/on-site support and to provide our services and invoicing to the client.

Information that we collect:

  • First-/last name
  • Email adresse
  • Phone number
  • Company
  • Type of contract you hold with us

See privacy statements from our support-systems
https://www.visma.com/privacy-statement/
https://www.atlassian.com/legal/privacy-policy
https://forum.manuscript.com/privacy
https://www.pandadoc.com/privacy-policy/
https://www.pipedrive.com/en/privacy
https://wordpress.org/about/privacy/
.

We undefined network usage and unit identification (IP and MAC address) to operation of the network and to ensure the quality of our service. It is nessecary to make sure no one is using an extensive amount of ressources and to performe any assistance of troubles by uplink or use of the network.

Information that we collect:

  • Hostname
  • MAC-adresse
  • IP-adresse
  • Unit type
  • Unit OS
  • Type of anthenna and unit capasity
  • Data usage (MB up-/download)
  • Time
  • Issue/problems with uplink/downlink

See privacy statement from Cisco Meraki.
https://meraki.cisco.com/lib/pdf/eu_technical_organizational_measures.pdf.

Who is responsible for processing your personal data?

Responsibility

We decide why and how your personal data are processed.
We are responsible for processing your personal data.

From whom and how do we collect your personal data?

From whom we collect

We collect your personal data:

  • from a source that is accessible publicly:

  • from a source that is not accessible publicly:

    • ProntoPublish (CMS)

    User logging on our servers/behind the login of ProntoPublish, though google anlytics/vimeo analytics and through records our support systems through communication with our clients.

  • directly from you:

How we collect

We collect your personal data:

  • electronically with the use of a web form:
  • electronically by

    • storing information on your terminal equipment, or

    • accessing information stored on your terminal equipment, or

    • reading information emitted by your terminal equipment.

    • Google analytics, Vimeo analytics and Wordpress analytics

    • Local cookie for functionallity of ProntoPublish

  • with:

    • session login to ProntoPublish

Voluntary and/or obligatory to provide personal data

When you provide us with your personal data, your provision is:

  • permitted and voluntary.
    You can freely give us:
    ProntoPublish these items are voluntary:

    • your e-mail,
    • your name,
    • your address,
    • your phone number,

    Web analytics can be opted out from.
    https://tools.google.com/dlpage/gaoptout

  • permitted and obligatory.
    You must give us:
    In ProntoPublish these items are obligatory:

    • username
    • usage data
    • your company registration
    • your encrypted password

    In support systems:

    • your e-mail,
    • your name,
    • your address,
    • your phone number,

Consequence for not providing personal data that are voluntary to give

If you fail to provide us with your personal data and such provision is voluntary, then it can affect you:
Failing to deliver voluntary data can make it hard to contact you if there is no contact info present, but you will still have full functionallity of the CMS.

Consequence for not providing personal data that are obligatory to give

If you fail to provide us with your personal data and such provision is obligatory, then it can affect you:
ProntoTV will not be able to deliver its services to you.

Obligatory provision of personal data is:

  • a requirement that is necessary for the entry into a contract.
What are our legal grounds for processing your personal data?

Regular and/or "sensitive" personal data

We process your:

  • regular personal data.

The legal ground for our processing of your regular personal data is:

  • your consent.
    Personal data we process based on this legal ground is:
  • a contract to which you are a party.
    Personal data we process based on this legal ground is:
In which situations do we process your personal data?

Whose personal data

We collect personal data:

  • of customers and/or clients.

Our role

We are:

  • a recipient of your personal data.
  • an enterprise.
  • an international organization.

Sector

We process your personal data in the:

  • private sector.
  • public sector.

Situation

We process your personal data in a situation that concerns:

  • the offering of

    • goods, or
    • services.
  • an online activity.
  • a contract or that concerns an entry into a contract.
Do we perform automated decision-making and automated profiling?

No automatic profiling

We do not use your personal data to automatically evaluate aspects of your personality.

No automatic decision-making

We do not use your personal data to automatize decisions about you.

About our processing purposes

Purposes

We process your personal data for the purposes that are described in Section 3.

Our processing purposes are

  • real,
  • present, and
  • legitimate.

New purposes

We do not process your personal data for secondary purposes that are inconsistent with the primary purposes for which your personal data is collected initially,

  • without your prior consent,
  • without a legitimate interest, and
  • without legal ground.

Information about new purposes

We inform you before we process your personal data for secondary purposes

  • if we in the first instance collect your personal data initially for a primary purpose, and
  • if our secondary purpose is inconsistent with the primary purpose.
How long do we keep your personal data?
  • Storage periods

    We delete your personal data within a specified time-limit:
    We set the user to inactive1 year after the last login and anonymize the user information after 2 years. We also delete the custmer (not users) after 5 years.

Storage required by law

If the further retention of your personal data is necessary for the purposes that are specified by law, we can further retain your personal data.

Do we share your personal data?

Disclosure to recipients

We disclose your personal data to recipients.

The recipients are:
We use Google analytics to track, analyze and report how you use our website.
We use Vimeo to track, analyze and report how you use our website/watch content.

The recipients are: Google Analytics and Vimeo

We use Google Analytics and Vimeo analytics on our website prontotv.no

Google’s address is:
Google, Google Data Protection Office, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA.

Here is a link to Google Analytics Privacy Policy and Vimeo:
google.com/policies/privacy/
https://vimeo.com/privacy

You can install Google Analytics opt-out in your browser to tell the Google Analytics JavaScript not to send information to Google Analytics:
chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh?hl=en

We disclose the personal data to the recipients for the following purposes:
get information about end-users’ general use of Prontotv.no

The following subcontractors/vendors/processors (updated 24/05-18):

  • Google Analytics
  • Vimeo
  • Amazon Web Services
  • Atlassian
  • Pandadoc
  • Pipedrive
  • Microsoft 365
  • Fogbugz
  • Mailchimp
  • Wordpress
  • Visma
  • Cloudtrax
  • Modcam

The legal grounds on which we base the disclosure of your personal data to the recipients are:

  • your consent.

Information about future disclosures

If we in the future disclose your personal data to a recipient, then we inform you of

  • the time of the disclosure, and
  • the names of the recipients.
Do we transfer your personal data outside the EU or EEA?

Transfers countries outside the EU and EEA

We transfer your personal data

  • to countries outside the EU and EEA, or
  • to an international organization.

The transfer takes place to:
To Vimeo.com. We transfer user statistics from the vimeo videos on our site. See https://vimeo.com/privacy for their privacy statement.

We also transfer data to Google Data Storage and Processing Facilities under the EU-U.S. Privacy Shield legal framework. We have a signed DPA with GA.

The legal ground for the transfer of your personal data is:

  • an adequacy decision adopted by the Commission.
    We specify the name the adequacy decision and which personal data we process based on this legal ground:
    the EU-U.S. Privacy Shield adequacy decision (“Privacy Shield”)
Are your personal data secure?

Security

We secure your personal data

  • with appropriate technical measures,
  • with appropriate organisational measures,
  • with an appropriate level of security,
  • against unauthorised processing,
  • against unlawful processing,
  • against accidental or unlawful loss,
  • against accidental or unlawful destruction, and
  • against accidental or unlawful damage.
    Our data security policy can be found on www.prontotv.no/privacy

Measures to discover, document, contain security breaches

We have measures to:

  • discover security breaches.
  • document actions (and reasons for actions) to remedy the security breach.
  • recover personal data.
  • return to a normal state of processing personal data.

Actions when security breach is discovered

If we have a reasonable degree of certainty of a breach of the security of the processing of your personal data, then we will:

  • report the security breach to the management.
  • mitigate the immediate risk of a damage.
  • notify the Supervisory Authority about the security breach, if the personal data breach is likely to lead to a risk for your rights and freedoms.
  • notify you of the security breach

    • if the breach is likely to lead to a high risk for your rights and freedoms,
    • as soon as possible,
    • via appropriate contact channels, e.g. via email, SMS, prominent banners on our website, postal communications, prominent advertisements in media etc.

    We are not obliged to notify you directly if

    • we have taken measures to that render your personal data are unintelligible to any person who is not * authorised to access them,
    • we immediately after the security breach took steps to ensure that the high risk to your rights and freedom no longer is likely to happen, or
    • it would involve disproportionate effort. In such a case, we will inform you via public channles.
Are we certified and do we follow a code of conduct?

No certification

We do not use an approved certification body to certify that we comply with the law.

No code of conduct we follow

We do not follow an approved code of conduct which demonstrates that we comply with the law when we process your personal data.

What are your rights?
We fulfil your rights that concern the protection of your personal data.

Right to access

You have the right to access your personal data.

If you request that we confirm whether or not we process your personal data, then you have a right that obliges us to confirm that we

  • process your personal data, or
  • do not process your personal data.

Your right to obtain confirmation from us that we process (or do not process) your personal data

  • does not include data that is anonymous.
  • includes the personal data that concern you.
  • does not include personal data that does not concern you.
  • includes pseudonymous data that can be clearly linked to you.

We must give you access to your personal data if

  • you request that we confirm whether or not we process your personal data, and
  • we process your personal data, and
  • you request to access your personal data.

We must provide you with a copy of your personal data if

  • you request that we confirm whether or not we process your personal data , and
  • we process your personal data, and
  • you request a copy of your personal data.

If you request further copies of your personal data, then we can charge you with a reasonable fee that we base on the administrative costs.

You have the right to the information about our safeguards for the transfer of your personal data to a country that is outside the EU and the EEA if

  • you request that we confirm whether or not we process your personal data , and
  • we transfer your personal data to a country that is outside the EU and the EEA.

Right to rectification

You have the right to the rectification of your personal data.

Your right to obtain rectification of personal data that are inaccurate

  • does not include data that is anonymous.
  • includes only the personal data that concern you.
  • includes pseudonymous data that can be clearly linked to you.

We must rectify your personal data if

  • we process your personal data, and
  • your personal data are inaccurate, and
  • you request to obtain the rectification of your personal data.

We must complete your personal data if

  • we process your personal data, and
  • your personal data are incomplete, and
  • you request to obtain the completion of your personal data.

You have the right to provide us with a supplementary statement.

We must communicate the rectification of your personal data to recipients of your personal data (if any).

We do not communicate the rectification of your personal data to recipients of your personal data if the communication to the recipient

  • is impossible, or
  • involves a disproportionate effort.

Right to erasure

You have the right to the erasure of your personal data.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • we process your personal data, and
  • your personal data are not necessary to the purposes for our processing of your personal data.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • we process your personal data, and
  • you withdraw your consent on which we base the processing of your personal data, and
  • another legal ground does not exist for our processing of your personal data.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • we process your personal data, and
  • our processing of your personal data is necessary for the performance of a task that we carry out in the public interest, or
  • our processing of your personal data is necessary in the exercise of an official authority that is vested in us, and
  • our processing is necessary for the purposes of the legitimate interests that we pursue, or
  • our processing is necessary for the purposes of the legitimate interests that a third party pursues, and
  • you object to our processing of your personal data, and
  • our processing of your personal data have a legitimate ground that does not override your objection.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • we process your personal data, and
  • you object to our processing of your personal data for the purposes of direct marketing to you, and
  • our processing of your personal data have a legitimate ground that does not override your objection.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • our processing of your personal data are unlawful.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • the personal data needs to be erased in order to comply with a legal obligation in Union or Member State law.

We must erase your personal data without undue delay if

  • you request to obtain the erasure of your personal data, and
  • your personal data is collected in relation to the offer of information society services.

We must communicate the erasure of your personal data to the recipients to which we disclose the personal data (if any).

We do not communicate the erasure of your personal data to recipients of your personal data if the communication to the recipient

  • is impossible, or
  • involves a disproportionate effort.

Right to restriction

You have the right to obtain from us the restriction of our processing of your personal data.

Your right to obtain restriction of our processing of your personal data

  • does not include data that is anonymous.
  • includes only the personal data that concern you.
  • includes pseudonymous data that can be clearly linked to you.

We must restrict the processing of your personal data for a period to verify the accuracy of your personal data if

  • you request to obtain the restriction of the processing of your personal data, and
  • you contest the accuracy of your personal data.

We must restrict the processing of your personal data if

  • you request to obtain the restriction of the processing of your personal data, and
  • the processing of your personal data are unlawful, and
  • you oppose the erasure of your personal data.

We must restrict the processing of your personal data if

  • you request to obtain the restriction of the processing of your personal data, and
  • we do not need your personal data for the purposes of our processing, and
  • you require your personal data to establish a legal claim, or
  • you require your personal data to exercise a legal claim, or
  • you require your personal data to defend against a legal claim.

We must restrict the processing of your personal data if

  • you request to obtain the restriction of the processing of your personal data, and
  • you object to our processing of your personal data that are necessary for the performance of a task that we carry out in the public interest, or
  • you object to our processing of your personal data that are necessary in the exercise of an official authority that is vested in us, and
  • you object to our processing of your personal data that are necessary for the purposes of the legitimate interests that we pursue, and
  • you wait to verify that our processing of your personal data have a legitimate ground that does not override your objection.

We must communicate the restriction of processing of your personal data to recipients of your personal data (if any).

We do not communicate the restriction of processing of your personal data to recipients of your personal data if the communication to the recipient

  • is impossible, or
  • involves a disproportionate effort.

If we restrict our processing of your personal data, then we can

  • store your personal data,
  • process your personal data on the basis of your consent,
  • process your personal data to establish a legal claim,
  • process your personal data to exercise a legal claim,
  • process your personal data to defend ourselves against a legal claim,
  • process your personal data to protect the rights of a person,
  • process your personal data for the reasons of a public interest of the Union or of a Member State.

If you obtain a restriction of our processing of your personal data, then we must inform you before a lift of the restriction.

Right to object to direct marketing

If we process your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, then you have the the right to object to our processing of your personal data for such purposes.

Your right to object to our processing of your personal data for direct marketing purposes

  • is a right you have at any time.
  • does not include data that is anonymous.
  • includes the personal data that concern you.
  • does not include personal data that does not concern you.
  • includes pseudonymous data that can be clearly linked to you.

If you object to our processing of your personal data for direct marketing purposes, then we must omit our processing of your personal data for such purposes.

If we process your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, then

  • we must explicitly bring this right to your attention at the latest at the time of the first communication with you, and
  • we must present this right clearly and separately from any other information.
How can you exercise your rights?

Communication about rights

We invite you to communicate with us about the exercise of your rights concerning the protection of your personal data.

Written requests

We only accept written requests since we cannot deal with verbal requests immediately without first

  • analysing the content of the request, and
  • identifying you.

Describe right to exercise

Your request should contain a detailed, accurate description of which right you want to exercise.

Identification document

You must provide us with a copy of an identification document to confirm your identity, for example,

  • an ID card or
  • a passport.

The document should contain:

  • an identification number,
  • country of issue,
  • period of validity,
  • your name,
  • your address, and
  • your date of birth.

Any other data contained in the copy of the identification document such as a photo or any personal characteristics, may be masked out.

We will not accept other means of assuring your identity.

If you wish to propose alternatives, we will assess them on a case-by-case basis.

Our use of the information on your identification document

  • is limited to verify your identity, and
  • will not be stored for longer than needed for this purpose.

Where send request

You can send your request that concerns the protection of your personal data to:

Answer to request

You receive our answer to your request that concerns the protection of your personal data at:

  • your postal address.
  • your email address.

No specific person to handle request

We do not have a person who is responsible for handling of your request that concerns the protection of your personal data.

Policy for handling request

We have policies that ensure that your requests concerning the protection of your personal data are

  • recognized, and
  • handled within the time-limits of the law.

Time to respond to request

We inform you of our handling of your request that we exercise your rights (regarding the protection of your personal) within:

  • a specified time of the reception of your request:
    Within 72 hours of the recipt of an request for information
Do you have a right to complain?

Complain to a supervisory authority

You can lodge a complaint to a supervisory authority

  • at your habitual residence in the EU and the EEA.
  • at the place of your work in the EU and the EEA.
  • at the place of the alleged infringement in the EU and the EEA.

The Supervisory Authority should within a reasonable period inform you of

  • the progress of the complaint, and
  • the outcome of the complaint.

Mandate an organization to complain

You can mandate that an organization lodges a complaint on your behalf with a Supervisory Authority.

The Supervisory Authority should within a reasonable period inform you of

  • the progress of the complaint, and
  • the outcome of the complaint.

Judicial remedy

You can seek a judicial remedy in the EU and the EEA against

  • a controller,
  • a processor, and
  • a Supervisory Authority.

Mandate an organization to exercise your right

You can mandate that an organization exercises your right

  • to a judicial remedy on your behalf.
  • to a compensation for a damage as a result of a breach of the law on the protection of the personal data on your behalf.
Can you choose your privacy settings?

No privacy settings

Currently, you cannot choose why and how we process your personal data.

Will you be informed about our privacy policy changes?

New Privacy Policy

If we change our privacy policy, then we publish a new version of it.

No publication of prior Privacy Policies

We do not make available the prior versions of our privacy policy.