Data Privacy Policy


General

Atea ASA, organization number 920237126, Karvesvingen 5, 0579 Oslo, Norway and its subsidiaries (hereinafter – “Atea”, “we”, “us” and “our”) values the protection of personal data, therefore, we place great emphasis on protecting your privacy. This Data Privacy Policy (hereinafter – Privacy Policy) explains how Atea, as a data controller, treat your personal data in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679, the General Data Protection Regulation (hereinafter – GDPR).
This Privacy Policy applies when you visit and/or interact with Atea website and/or use other Atea services. By visiting our site, you agree that your personal data is processed in accordance with this Privacy Policy.

 

What is personal data?

Personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Where do we store your personal data?
Personal data that we collect from you is stored within European Union/European Economic Area (EU/EEA) but may also be transferred to and processed in a country outside EU/EEA. If personal data is transferred and stored in a country outside EU/EEA, Atea uses Standard Contractual Clauses as appendix to our data processing agreements according to the Chapter V of the GDPR. However, Atea will not transfer the personal data you provide us to countries outside the European Economic Area (EEA) without explicitly informing you about that transfer.

 

Recipients of personal data
We may disclose your personal information to all companies in our group (i.e., subsidiaries, our ultimate holding company and all its subsidiaries) insofar that it is reasonably necessary for the purposes stated in this Privacy Policy. All Atea subsidiaries have signed an internal Data Processing Agreement having unified data protection across all subsidiaries.

Atea uses vendors for email, cloud services, antimalware, firewalls, authentication etc. Where a vendor is located outside of EU/EEA your personal data may be transferred to and processed in a country outside EU/EEA. Each such transfer of your personal data is carried out with accordance with applicable data protection laws and subject to data processing agreement including Standard Contractual Clauses.

We do not sell, trade or otherwise transfer your personal information to third parties. Exceptions are trusted third parties that help us to run the site, conduct our business, deliver the goods you order or provide service, if these parties agree to keep the information confidential and not use it for other purposes that not agreed upon.

 

Why do we collect your personal data?

We collect personal data you voluntarily provide us only for the purposes stated in this Privacy Policy or to fulfill our legal obligations and legitimate interest. For every specific process of personal data, we collect from you, we inform you whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.

 

Retention policy
We only store your personal data for as long as it is necessary for the purpose it was initially collected as specified below in section Categories of Personal data we collect.
When there is no longer a purpose or legal obligation of storing the personal data, it is deleted or anonymized.

Personal data that is only collected for a specific purpose is kept to a minimum to be able to perform the purpose, also known as data minimization.

 

Your personal rights

Right to access:
You have the right to request information about the personal data we process on you at any time.

Right to portability:
Whenever Atea processes your personal data, by automated means based on your consent or based contractual obligations, you have the right to get a copy of your data transferred to you or to another part. This only includes the personal data you have submitted to us.

Right to rectification:
You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.

Right to erasure:
You have the right to erase your personal data processed by Atea at any time. Note that your right to erasure may be overridden in accordance with the GDPR.

Right to restriction:
You have the right to request that Atea restricts the process of your personal data under the following circumstances:

– If you object to a processing based Atea’s legitimate interest, Atea shall restrict all processing of such data pending the verification of the legitimate interest.
– If you have claim that your personal data is incorrect, Atea must restrict all processing of such data pending the verification of the accuracy of the personal data.
– If the processing is unlawful, you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead.
– If Atea no longer needs the personal data, but it is required by you to defend legal claims.

 

How do you exercise your rights?
If you wish to exercise your rights as set out above or if you have any questions about our Privacy Policy or our processing of your data, you are welcome to contact us at the contact details below. In case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, Atea is entitled to charge an administrative fee. In such cases you will be notified thereof beforehand.
If you make a request, Atea will answer you within one month or will inform you of any extension in case of delay together with the reasons for the delay.
Please, use the e-mail address referring to your country of residence below.

Atea ASA: dpo@atea.com 
Atea Norway: dpo@atea.no 
Atea Denmark: dpo@atea.dk 
Atea Sweden: dpo@atea.se 
Atea Finland: dpo@atea.fi 
Atea Baltics (Lithuania, Latvia, Estonia): dpo@atea.lt 
Atea Global Services: ags.dpo@atea.com 

You have the right to submit eventual complains about processing of your personal data to the national supervisory authority referring to your country of residence below.
Norway: Datatilsynet
Denmark: Datatilsynet
Sweden: IMY
Finland: Tietosuojavaltuutetun toimisto
Lithuania: Valstybinė duomenų apsaugos inspekcija
Latvia: Datu valsts inspekcija
Estonia: Andmekaitse Inspektsioon

Links to third parties
We may, at our discretion, publish or offer third-party products on our website at our discretion. These third-party websites have their own, independent privacy rules. We therefore take no responsibility for the content and activities of these linked sites. However, as we want to protect the privacy of our site, we welcome comments on these websites.

Last update to Data privacy policy
Atea reserves the right to update or change this Privacy Policy at any time and you should visit this site regularly to obtain the latest version.

 

Categories of Personal data we collect

Atea eShop account and online purchase
When you create an account in eShop, we process personal data of the Customer Representative for the purpose delivery of products and services you ordered. We also handle the personal information you provide to us by filling in different types of forms. For corporate representative accounts in eShop we process personal information such as name, e-mail address and possibly mobile phone number (for 2-factor authentication). Personal data such as employment ID may also be saved at the customer’s request. If the account holder has not logged on up to 36 months, the account will automatically be deleted.

Inactive account retention period can differ between countries where the user has registered, so please read country Privacy Policy for specified storing time.

 

Call records
When you call to our Servicedesk to inform about incident or a problem that has occurred in your company, we record and store all your inbound telephone calls for ninety (90) days for quality assurances and complains investigation purpose.

Call record retention time can differ between countries where Servicedesk is placed, so please read country Data Privacy Policy for specified storing time.
We always inform you before conversation starts that this call will be recorded. You can choose not to be recorded and continue the conversation.

 

Servicedesk case and incident handling
When you contact Atea Servicedesk, we have contractual obligation to store your personal data in our ticketing system for the purpose to handle and document the case if any complains arise. For this purpose, the personal data is stored for 5 years after a case is closed.

The personal data processed is the data you provide when submitting the case/incident, like for example:
Name, phone number, email address, organization, job title, department.

You may receive Atea User Satisfactory Survey email with the purpose to evaluate how Atea handles incidents. Atea User Satisfaction Survey will be stored for 2 years to be able to return to survey evaluation afterwards and to compare the results of customer support. The legal basis for the processing of personal data is a legitimate interest.

 

Authorization to Atea systems
We have control authorization mechanisms for you to safely authenticate to our systems. The authorization is handled by Atea secure authorization solution.
There are two ways to authenticate to be able to get access to relevant systems in Atea (e.g., eShop, My Atea, Atea Cloud Portal).

Atea authorization
User ID (email address) and password for authentication is used. Personal data in scope: email address, IP address. On authentication, email address and password will be verified by our identity provider through secure API. Logging of authentication is handled according to Atea directive for security logging.

Customer Active Directory authentication
Single Sign On for authentication is used. Personal data in scope: name, surname, email address, IP address. On authentication, first name, last name and email address is verified by customers’ Active Directory and passed to Atea secure authorization solution. Logging of authentication is handled according to Atea directive for security logging.

Direct marketing
We use your personal data to send you company news, updates, information about other similar products and services, Atea’s events and newsletters etc. Personal data you provide to us by filling in the forms on our website is processed only with your consent. We process only following categories of personal data for direct marketing purposes: name, surname, company name, email address, phone number. We store your data for direct marketing until you withdraw your consent.

Atea events
To register for events organized by us, we process your contact information such as: name, company name, email address and phone number and store for the period which is determined in the event registering form. Your personal data is only processed to the extent that is necessary to fulfill the respective purpose.

For online events Atea is using a SaaS vendor for the following personal data:
– Event content: chat, video, event recording, event participation and registration date, CSV files with attendees’ list.

When you as attendee register to online event, after registration you receive email from Atea’s SaaS vendor with the link to be able to connect to online event. Therefore, you need to create a user account in Atea’s SaaS vendor event platform. Atea and SaaS vendor are considered as separate data controllers. Atea is not responsible for actions of the SaaS vendor where it acts as separate data controller.

Cookies
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Cookies are widely used to “remember” you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”). They ensure a consistent and efficient experience for you as a visitor, and perform essential functions such as allowing you to register and remain logged in. Cookies may be set by the site that you are visiting (known as “first party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on the website (“third party cookies”).

Atea uses cookies to personalize content and ads, to provide social media features and to analyze our traffic. Atea also shares information about your use of our site with our social media, advertising and analytics partners.

Below is a detailed list of the cookies we use on our websites. Our websites are scanned with a cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in the following categories:
– Mandatory Cookies
– Functional Cookies
– Marketing Cookies

Atea has implemented a tool to let you have control over the cookies in use. The tool also provides an exhaustive list of cookies in use and let you opt-out of each separate cookie in use by clicking on the “Your privacy settings”.

Mandatory
These cookies are necessary for the website to function and cannot be switched off in our systems. This enables the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services Atea have added to our pages. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. Blocking these cookies may affect the performance of the site. These cookies do not directly store personal information but are based on uniquely identifying your internet browser and device.

Analytics Cookies
These cookies allow Atea to monitor traffic and sources to be able to measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, Atea will be less able to optimize and analyze the Sites’ performance.

Marketing Cookies
These cookies may be set through our site by our advertising partners and social media services. Anonymized data can be shared with third parties to build a profile of your preferences and show you relevant adverts on other sites with your friends and networks. They do not directly store personal information but are based on uniquely identifying your internet browser and device, which can be used to build up a profile. If you do not allow these cookies, you will experience less targeted advertising and will not be able to use or see these sharing tools.

Last update 2022-06-28