Data Protection Notice

I. General information and legal basis

The following statement informs you about the type of personal data collected on this website by us as the responsible body, for what purpose, and to what extent this data is made available to third parties.

1. Responsible body
Commaxx AS
Fredrik Selmers vei 6, 0663 OSLO
Tel.: +47 22 79 03 70
E-Mail: salg@commaxx.no

Data protection supervisor
You can contact our data protection officer by post at the above address or by e-mail at christian.raaness@commaxx.no.

2. Legal basis for processing
The processing of personal data requires a legal basis, which we would like to present to you below.

In the case of processing of personal data for which we obtain the consent of the data subject, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the case of the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also includes processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first interest, Article 6 (1) (f) GDPR serves as the legal basis for the processing. The legitimate interest of our company lies in the execution of our business activities as well as in the analysis, optimisation and maintenance of the security of our online offering.
 

II. Log Files, Hosting

The server statistics automatically store data that the browser transmits to us within the scope of our legitimate interest in analysis and for security reasons (so-called "log files").

Specifically, these are the following data:

  • Language and version of the browser software
  • Operating system used and its interface
  • Referrer URL (the previously visited page)
  • Host name of the accessing computer (IP address)
  • Date and time of the server request
  • Time zone difference to Greenwich Mean Time (GMT) 
  • Content of the request (specific page)
  • Amount of data transferred
  • Access status/ HTTP status code.

As a rule, we cannot assign this data to specific persons and are therefore not used for profiling or behavioral analysis. This data is not combined with other data sources. The data will be deleted within 90 days after a statistical evaluation and for the purpose of detecting possible misuse . Data whose further retention is necessary for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

We provide all webshop hosting services ourselves and do not use any hosting service providers for this. The hosting serves to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services in order to maintain the operation of this online offering.

In doing so, we process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in the efficient and secure provision of this online offer.
 

III. Contractual processing

The personal data provided by you for contractual purposes, e.g. in the case of quotation requests, such as name, address or e-mail address, will only be used internally to answer your enquiries, process your orders or provide you with access to certain contractual information.
 

IV. Contact, application data, events

1. Contact
If you contact us by e-mail, your details will be stored by us in order to answer your questions.

As a matter of principle, data will not be passed on to third parties, unless applicable data protection regulations justify a transfer or we are legally obliged to do so. You can revoke your consent at any time with effect for the future. To do so, please contact the responsible office of ALSO by post at the above address or by e-mail to the contact of the data protection officer mentioned there. In the event of revocation, your data will be deleted immediately, unless there is a legal exception for further processing. Otherwise, your data will be deleted if we have processed your request or the purpose of storage has ceased to apply and there are no other conflicting legal exceptions.

2. Applicant data
You can also apply to us, e.g. by e-mail. The data entered will be processed and used exclusively for the purpose of selecting applicants. With your application, you agree that you will be contacted and informed in writing and/or by telephone as part of the application process. Please note that your data will not be stored anonymously, but will be accessible to our HR department and the positions relevant to the position to be filled. We would like to evaluate all applicants only on their qualifications regardless of race, ethnic origin, gender, religion or belief, disability, age or sexual identity. We therefore ask you to refrain from providing such information in your application as far as possible. You can have your application changed or deleted at any time and revoke your consent. To do so, please contact the Human Resources Department of ALSO at the above address or by e-mail at susan.kaas@also.com.

3. Events
If you register for or participate in events, incentives, conferences or comparable events  of ALSO/Commaxx, your personal data will be collected for the purpose of enabling the planning, implementation and billing of these offers. This means that when you register for the event, ALSO/Commaxx processes and stores the personal data you provide (e.g. company, title, first and last name as well as e-mail address) for the purposes mentioned. You will be contacted by e-mail to provide you with the necessary information about your participation and the content of the event.

External Links
We may link to landing pages or invitations to external domains, such as those of event venues. The operators of the linked websites and not ALSO are responsible for the content of these websites and their compliance with applicable data protection regulations.

The legal basis for the processing of your data here is Art. 6 lit. b GDPR, i.e. the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject. The categories of recipients of your personal data are ALSO AS/Commaxx AS and, if necessary, employees of booking agencies, hotels and travel agencies.

Photo and film recordings
We reserve the right to take photos and film recordings during the event for marketing purposes. As soon as this is the case, we will inform you at the latest at the beginning of the event. As a rule, photos and film recordings are made of people who take on a special role (e.g. speakers, moderators, etc.) or show groups of participating people as well as depict the atmosphere of the event.

We publish these photos and film recordings on the ALSO/Commaxx website, on our social media presences such as LinkedIn, Twitter, Facebook and Instagram and use them to create a photo summary or a video with highlights of the event. If you do not wish to appear in these photos and films, we ask you to inform the photographer of this.

The legal basis for data processing with regard to photo and film recordings is our legitimate interest in accordance with Art. 6 (1) (f) GDPR. This consists of documenting the event with photos and film recordings for marketing purposes and using them for information and representation purposes. The legal basis for the creation of photo and video recordings of individuals is the obtaining of your consent in accordance with Art. 6 (1) (a) GDPR, which you can revoke at any time. If necessary, please contact the organiser ALSO/Commaxx, either by post to the above address or by e-mail to the address of the data protection officer given there.
 

V. Cookies

This site uses cookies. Cookies are small text files that are stored on your computer and through which certain information flows to the entity that sets the cookie. They are used to make the website more user-friendly and effective and/or to make it easier for you to navigate our website.

We only set cookies that are not strictly necessary with your consent. You can revoke this consent at any time for future use.

Consent is voluntary and you can also use our website without accepting cookies. You can also configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies or delete cookies that have already been stored. If you do not accept cookies, please note that in this case our offer may not work error-free. Unless we provide any other information on the individual topics mentioned in this privacy policy or in the cookie banner, the lifespan of the cookies refers to 24 months.

You can find out which function on our website sets cookies below under the individual functions.

You can opt out of the use of cookies at any time in our consent management tool (see point IX Usercentrics Consent Management) is managed. There you have the opportunity to change the decisions you have made and to give or revoke your consent retrospectively. The call is possible on the bottom of our website via the link "Privacy and cookies"/”Personvern og informasjonskapsler”.
 

VI. Credit check

In the case of new customers, a credit check is carried out by Experian Information Solutions Inc. before creating a customer account and thus concluding a contract. As part of this audit, certain personal data will be transmitted to and processed by these service providers and will be requested by the data controller. Depending on the type of company, this data may have a personal reference.

Personal data processed:
Crefo number
Identification number
Name of the company
Address (street, house number, postcode, city and country)

The processing of this data is necessary for us to assess the business risk and ensure that the available payment options are adequate. For this purpose, the legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 f GDPR. If you do not wish to provide us with the data, you will not be able to use our services.

The results of the credit check will be treated confidentially and will not be disclosed to third parties, unless applicable data protection regulations justify a transfer, or we are legally obliged to do so.

In return for the information, ALSO receives supplements over a period of 12 months in the event of current changes. After that, the monitoring takes effect, i.e. the supplementary period limited to the duration of the customer relationship. This can be terminated at the end of the month with Creditreform, with Schufa after 12 months after purchase.

This means that in both cases, ALSO stores your data for at least one year. Thereafter, ALSO may have the update discontinued at its own discretion on the basis of the risk assessment described above.
 

VII. Our social media presence

You can find us under online presences within social networks and platforms. We would like to use these presences to communicate with our customers, interested parties and users who are active there and to inform them about our services and our company.

The processing of the personal data of the users active there is carried out on the basis of our legitimate interests in communicating and providing information to and with the users. If consent to data processing by users has been given within the framework of the respective social platform, the processing is carried out on this basis of consent.

If you visit one of our social media presences, we are jointly responsible with the operator of the social platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, rectification, deletion, restriction of processing, data portability and complaint, see the following point "Rights of the data subject") both against us and against the operator of the respective social platform.

We would like to point out that, despite the joint responsibility, we do not have full influence on the data processing operations of the social platform and, if necessary, forward the rights request to the respective operator in order to better process the rights of the data subject. Our options are generally based on the corporate policy of the respective provider.

You can find our storage details below. We have no influence on the storage period of your data, which is stored by the operator of the social platform for its own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Depending on the following social platform, the data processing of users may also take place outside the area of the European Union.

Data transfers to Google and Meta are made on the basis of the adequacy decision for the EU-US data protection agreement "Data Privacy Framework" (ensuring the level of data protection for data processing by data importers based in the USA). You can find more information about the Data Privacy Framework here: https://www.dataprivacyframework.gov/

As a rule, user data is processed by the platforms for market research and advertising purposes. For example, user profiles can be created from the user's usage behavior and resulting interests. In turn, the user profiles can be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies are usually stored on the user's computer, in which the user's usage behavior and interests are stored. Data can also be stored in the usage profiles, regardless of the devices used by the users. This is done in particular if the users are members of the respective platforms and are logged in to them.

For a detailed description of the respective processing and the possibilities for objection, we refer to the information of the providers linked below.

VIII. Disclosure of data to third parties

a) General and Contractual Purpose
We pass on data to third parties if this is necessary for the fulfilment of the contract and/or if we are legally obliged and/or entitled to do so in individual cases.

b) Tools for the economic operation of the website
In some cases, we use external service providers within the scope of your consent or our legitimate interests with regard to the analysis, optimisation and economic operation of the online offering. If you have given your consent for tools that are not necessary for the operation of the website, you can also have these settings changed at any time. Below we list our service providers.

If your data is to be used for other purposes, we will inform you in advance and only use the data if you have previously expressly given your further consent.

1. Google
Within the scope of your consent, we use services for the optimisation and economic operation of our online offering, for which Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") is responsible. Google is a participant in the EU-US data protection agreement "Data Privacy Framework" (ensuring the level of data protection for data processing by data importers based in the USA). You can find more information about the Data Privacy Framework here: https://www.dataprivacyframework.gov/

a) Youtube
We use YouTube, a service provided by Google, to embed videos.

These videos are stored on www.youtube.com and can be played directly from our site. YouTube uses cookies for data collection and statistical data analysis. YouTube uses cookies to, among other things, collect reliable video statistics, prevent fraud and improve the user experience. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to YouTube servers in the USA and stored there.  Your IP address cannot be assigned unless you have logged in to YouTube or another Google service before accessing the page or are permanently logged in. If you do not wish this, you will need to log out of your Youtube account and your other Google accounts.

Through the YouTube cookies, we receive statistical values for the retrieval of individual videos embedded in the website without any reference to the respective user.

The embedded videos from YouTube are used within the scope of the permitted use by YouTube, which all users must accept. If you see copyright infringement, please report it directly to YouTube. We use embedded YouTube videos in extended privacy mode. This means that YouTube does not store cookies for a user who views a website with an embedded YouTube video player, but does not click on the video to start playback. If the YouTube video player is clicked, YouTube may be able to store cookies on the user's computer. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Youtube. For more information on YouTube's official privacy policy, please refer to https://www.google.de/intl/de/policies/privacy/ and https://support.google.com/youtube/answer/171780?hl=de.

2. Meta
Within the scope of your consent, we use services of the social network facebook.com, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, for the analysis, optimisation and economic operation of our online offer ("Facebook").

Meta is a participant in the EU-US data protection agreement "Data Privacy Framework" (ensuring the level of data protection for data processing by data importers based in the USA). You can find more information about the Data Privacy Framework here: https://www.dataprivacyframework.gov/

a) Facebook Custom Audiences und Website Custom Audiences
Our website uses the advertising tools Custom Audiences and Website Custom Audiences. from Facebook. In this case, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes on its social platform and stored in the USA.

The Meta pixel is directly integrated by Facebook when you visit our website and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile. The data collected about you is anonymous to us, so it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we transmit data to Facebook for comparison purposes, it will be encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of establishing a comparison with the data that is also encrypted by Facebook.

Furthermore, when using the Meta pixel, we use the additional function "extended matching" (data such as telephone numbers, e-mail addresses or Facebook IDs of the users) to form target groups ("Custom Audiences" or "Look Alike Audiences") transmitted to Facebook (encrypted). Further information on "extended matching": https://www.facebook.com/business/help/611774685654668).

To prevent the collection of your data by means of the meta pixel on our website, please follow the following link: https://www.facebook.com/ads/website_custom_audiences/

If you click on the link, an "opt-out" cookie will be stored on your device. If you delete the cookies in this browser, you will have to click the link again. Furthermore, the opt-out only applies within the browser you are using and only within our web domain on which the link was clicked.

Also on the basis of our legitimate interests, we use the "Custom Audiences from File" procedure of the social network Facebook, Inc. In this case, the email addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The sole purpose of the upload is to determine recipients of our Facebook ads. We want to make sure that the ads are only shown to users who are interested in our information and services.

If you would like to object to the use of Facebook Website Custom Audiences, you can also do so under https://www.facebook.com/ads/website_custom_audiences/. To do this, you need to log in to your Facebook account.

For further information on the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options to protect your privacy, please refer to Facebook's privacy policy under http://www.facebook.com/about/privacy/, as well as specifically for Facebook Custom Audiences under https://www.facebook.com/ads/website_custom_audiences/.

IX. Usercentrics Consent Management

We use the Usercentrics Consent Management Platform (Usercentrics) of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. Usercentrics collects log file data and consent data using JavaScript. This JavaScript allows us to inform the user of their consent to certain cookies and other technologies on our website and to obtain, manage and document them.

The legal basis for the processing of the data is Art. 6 (1) (c) GDPR. The aim is to know the preferences of the users and act accordingly. The data will be deleted as soon as it is no longer needed for our logging. The shelf life of the cookie is 60 days. On the one hand, the retention of the revocation certificate is based on our accountability pursuant to Art. 5 (2) GDPR. This obliges to comply with the processing of personal data in accordance with the General Data Protection Regulation.

You can permanently prevent the execution of JavaScript at any time by making the appropriate settings in your browser, which would also prevent Usercentrics from executing the JavaScript.

For more information about Usercentrics' privacy practices, please visit: https://usercentrics.com/de/datenschutzerklarung/
 

X. Data storage outside the EU/EEA

As indicated in the individual tool descriptions, we use third-party tools outside the EU/EEA. Insofar as this is necessary for the purposes communicated, it may happen that your IP address is processed outside the European Economic Area, where a level of data protection that meets the European standard is not consistently guaranteed and confirmed (e.g. by means of an appropriate guarantee within the meaning of Art. 46 GDPR or an adequacy decision of the European Commission pursuant to Art. 45 GDPR). Therefore, it cannot be ruled out in particular that security authorities in a third country gain access to your IP address without you being able to take legally effective action against it.

The transfer of the IP address to these third-party providers takes place in accordance with Art. 49 (1) (a) GDPR on the basis of your consent expressly given in the consent banner. This consent is voluntary. You can revoke this at any time with effect for the future. You will not suffer any disadvantages as a result.

In the opinion of some U.S. third-party providers, a level of protection corresponding to the European standard is already guaranteed on the basis of the conclusion of so-called standard contractual clauses as well as additional measures taken within the meaning of the Schrems II case law. However, since the suitability of such measures to ensure an adequate level of data protection is disputed, we have decided to transmit your IP address exclusively with your consent. In our own cases, we base data transfers to U.S. third-party providers on the EU-U.S. Data Privacy Framework.
 

XI. Automated decision-making

We use automated decision-making to match deliveries and personal data with export control and sanctions lists issued by the European Union and other countries from which exports may be made. Depending on the outcome of this review, we are obliged to implement appropriate measures within the framework of export control regulations specified by the European Union and other countries from which exports are to be made. The legal basis for the processing of the data is Art. 6 (1) (c) GDPR. The comparison ensures compliance with applicable export law.
 

XII. Rights of the data subject

You have the right to information about the personal data we hold about you. In accordance with the legal provisions, you also have the right to rectification of incorrect data, blocking, data portability and deletion of your personal data. If you have given your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

You can object to the future processing of your personal data at any time in accordance with the legal requirements. In particular, the objection may be made to the processing for direct marketing purposes.

To do so, please contact the responsible office at the Commaxx address mentioned above by post or by e-mail to the address of the data protection officer given there.

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the legal provisions.
 

XIII. Duration of storage of personal data

Unless we have provided storage information on the specific points, the following applies: We store personal data for the duration of the respective statutory retention period or for as long as the purpose of the collection exists. After expiry of the retention period, the data will be routinely deleted, unless there is a necessity for the initiation of a contract or for the fulfilment of the contract. Unless the user's data is erased because it is required for other purposes permitted by law, their processing will be limited as far as possible. Accordingly, the data will be blocked as far as possible and will not be processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.
 

XIV. Security

We make every effort to process your personal data by taking all technical and organizational means in such a way that the provisions of the data protection laws are complied with and thus to protect this data. Our website or communication with us via our website is encrypted via HTTPS.