Skip to content

Privacy Policy

Data controller

Groft AS (Groft) is responsible for processing personal data that Groft collects and uses in connection with the system, including user accounts, access to the Groft-hosted online service, support, troubleshooting, service statistics and related service administration.

In cases where the system is distributed by one of Groft AS’s partners pursuant to a separate distribution agreement, the partner will have joint controller responsibility with Groft AS for the processing of personal data in connection with customer support and the handling of enquiries from end users relating to the use of the system.

Groft and its partners will adhere to the European Commission Regulation on Data Protection (GDPR).

Personal Data

Groft may process the following categories of personal data when End Users access or use the system and related online services:

  • identification and account information, email address, phone number, company position, IP address

  • information registered by the End User or by the Customer’s company administrator, including information needed to grant access to the Customer’s subscription

  • support and troubleshooting information provided by the End User, the Customer, Partner of Groft, or generated through use of the service

Purpose of Processing

Groft processes personal data for the following purposes:

  • Providing and administering the system. To create and manage user accounts, authenticate End Users, provide access to the Customer’s subscription and maintain the Online Service.

  • Security, support and troubleshooting. To operate the service securely, investigate errors, provide support, troubleshoot technical issues and notify affected users where required in connection with privacy or security incidents.

  • Service statistics and improvement. To prepare statistics, understand use of the service, improve functionality and further develop the service.

  • User experience and preferences. To remember user preferences, support login functionality and display content that may be relevant based on previous visits or use of the service.

  • Customer administration and communications. To allow company administrators to register End Users and grant access to subscriptions

Groft relies on the following legal bases under Article 6 of the GDPR:

  • Performance of a contract, Article 6(1)(b), where processing is necessary to provide access to and use of the system, administer user accounts, deliver the Online Service, provide support and perform obligations connected with the service.

  • Legitimate interests, Article 6(1)(f), where processing is necessary for Groft’s legitimate interests in operating, securing, troubleshooting, improving and developing the system, preparing service statistics, preventing misuse, and communicating with Customers and End Users. Groft applies this basis only where those interests are not overridden by the interests or fundamental rights and freedoms of the End User.

Recipients of Data

Groft AS do not share personal data with third parties except where necessary for the purposes described in this section, where required by law, or where the End User has requested or consented to the disclosure.

Personal data may be disclosed to:

  • Groft’s employees, representatives, affiliates, contractors, advisors and consultants on a need-to-know basis and subject to appropriate confidentiality obligations

  • Groft’s subcontractors and service providers that host, store, support, maintain or otherwise process data on behalf of Groft

  • the Customer and the Customer’s company administrators, where necessary to administer End User access to the Customer’s subscription

Groft remains responsible for the performance of its affiliates and contractors when they are used to provide services under the agreement.

Retention Period

Groft retains personal data for as long as necessary for the purposes described in this section, including for the duration of the End User’s account, the Customer’s subscription, the applicable subscription term, and any period required to provide support, maintain service records, comply with legal obligations, resolve disputes or enforce agreements.

Groft will delete or anonymise personal data when it is no longer necessary for the purposes described above, unless continued retention is required or permitted by applicable law. End Users may request deletion as described below.

Transfer outside the EEA

Groft AS do not transfer personal data outside the European Economic Area. If in the future personal data is being transferred outside the EEA, Groft will ensure that the transfer is carried out in accordance with the GDPR, including, where required, by using an adequacy decision, the European Commission’s standard contractual clauses, or another lawful transfer mechanism under Chapter V of the GDPR.

End User Rights

The end user’s rights in relation to the processing of personal data are set out in Chapter 3 of the GDPR to the extent relevant.

Complaints

You may contact Groft AS at email groft@ren.no - or by mail at Fantoftvegen 2, 5072 Bergen - if you have questions or concerns about the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority. In Norway, this is the Norwegian Data Protection Authority (Datatilsynet).