Privacy policy – Izy App

Updated 14.10.2024

This privacy policy («Privacy Policy») provides information about the processing of personal data in connection with the IZY App (hereinafter referred to as «the Service«). The Service is a tool for communication and service to workers and others who frequent modern workplaces. We only act as an intermediary for products and services offered through the Service and we are not responsible for the services or products you order from other parties through the Service.

The Service is provided by IZY AS (organization number 922 177 775), (hereafter «IZY» or «we»). When you purchase and use the Service, we will collect, use, and process certain of your personal data. IZY takes your privacy seriously and processes your personal data in a reassuring and confidential way.

IZY is the data controller for the processing of your personal data when you use our Service, in accordance with this privacy policy. This means that IZY is responsible for determining the purposes of processing personal data and for complying with privacy legislation. This privacy policy explains which personal data we process as a data controller, how we process them, for what purposes and on what basis. The privacy policy also explains your rights and how you can enforce these rights concerning our processing of your personal data. If you have any questions about the Privacy Policy, please do not hesitate to contact us using the contact information you find at the bottom of this privacy policy.

IZY also processes certain personal data in the role of a data processor for other third parties. This applies, for example, when we receive and process information from an employer, property owner, or third parties who provide products and services in the building, and process the information for their purposes. Such processing is based on detailed instructions from such third parties who are then the data controller for this processing. This processing is regulated through a data processing agreement we have entered into with the relevant parties and is further described in the parties’ own privacy policies.

All processing of personal data in the Service is in accordance with the applicable privacy rules, including the Personal Data Act and the General Data Protection Regulation (GDPR). Terms in the Privacy Policy shall be interpreted in the same way as corresponding terms in GDPR Article 4.

For further information about the Service, you can read the «Terms and Conditions» by clicking here.

Purposes, Legal Basis, and Personal Data Processed

The purpose of processing your personal data is to make the Service and its functionality available to you, for example, so you get information about conditions related to the building, you can make bookings of meeting rooms, carry out orders of products or services from third parties, and have an overview of this in a simple way. In this connection, we will share some of your personal data with such data controller third parties who offer services or products in the Service. However, no data or personal information will be transferred from your device when the app associated with the Service is not in use.

We will also process personal data to improve the Service and to provide customer support for the Service. IZY may also compile aggregated/anonymized datasets with the intention to analyze, improve, support, and further develop the Service.

The legal basis for the processing of personal data through the Service is your consent, cf. the General Data Protection Regulation Article 6 (1) a. You give your consent to the processing that occurs to fulfill the agreement with you by accepting the terms of use of the Service.

In some cases, we will process your personal data based on our legitimate interest, which is to deliver the Service and functionalities to you in a secure and optimal manner (General Data Protection Regulation Article 6 (1) f).

The following personal data may be collected and processed when you use the Service:

  • Your name, e-mail address, possibly phone number, employer, and department at the workplace (contact information).
  • Whatever is possibly ordered through the Service, including purchase and order history.
  • Preferences – Favorites, for example, preferred food.
  • Feedback through the Service.
  • Possible location data (GPS data) related to the building where you use the Service if this is activated. You will be notified on your device if this is activated, where you can choose whether it should be activated, and where you can later deactivate it on your device, but then with the consequence that some functions will not work.
  • Product interaction and diagnostic data: Operating system, device model, screen resolution, version of the app on the device you have installed the Service, type of internet connection (cellular network/wifi), whether the device is held horizontally or vertically, time and date of use of the Service, IP address, browser type, browser version, which websites you have visited in connection with the Service, date and time, how long you have spent on these pages, unique device identifiers, and technical logs.

In addition, cookies are used, see separate information about the use of cookies here.

Personal data will be deleted as soon as there is no need for the information for the above purpose. This means that contact information is processed as long as you use the Service and until you possibly delete your user profile. Information about product interaction and diagnostics will be anonymized and then deleted after anonymization is completed, at the latest after 90 days. Information related to security and incidents will be deleted as soon as the incident is resolved.

Sharing and Transfer of Personal Data

If paid products and/or services are provided through the Service, third-party services for payment processing may be used, where all information is handled directly by the third party. IZY does not store or collect your payment card information. This information is provided by you directly to third-party payment intermediaries, and IZY has no responsibility for the payment intermediaries’ processing. Such payment partners are independent data controllers, e.g., Vipps, NETS, and STRIPE. These payment intermediaries are responsible for complying with standards set by PCI-DSS. PCI-DSS requirements help ensure secure handling of payment information.

Other payment intermediaries may include:

Apple Store In-App Payments, see their privacy policy which can be read at https://www.Apple.com/legal/privacy/en-ww/

Google Play In-App Payments, see their privacy policy which can be read at https://www.google.com/policies/privacy/

We also use some subcontractors to deliver the Service to you, for example, those who provide the platform that supports the Service. We have data processing agreements with all our suppliers with access to personal data. Suppliers act according to our instructions set out in data processing agreements. More information about our data processors to be found here.

Your personal data is stored within the EU/EEA regulations, but some of our subcontractors have technical support services located outside the EU/EEA. When using these support services, any processing of your personal data will be regulated according to the EU/EEA standard contract for the transfer of personal data to third countries or other approved transfer mechanism with the need for possible additional safeguards. More information about which countries our subcontractors operate in, and which transfer bases we rely on, can be found in the subcontractor overview linked above. We are continuously working to ensure compliance with the rules on transfers to third countries.

Links to other websites outside the Service are beyond our control. In such cases, you should carefully review the privacy information on the relevant website.

Security of Processing

All required technical and organizational measures are used to secure your personal data. We regularly assess the security of all core systems related to the Service. The data processing agreements entered into with subcontractors require the supplier to ensure satisfactory information security.

If you have questions about the security of processing, you can contact us by sending an email to info@izy.no.

Your Rights

​As a user of the Service, the legislation gives you certain rights that you can exercise by contacting us:

Withdraw a consent

  • Consents you have given in the Service can be withdrawn at any time. Note that withdrawing consent does not necessarily mean that information already transferred can be deleted.

Request access and have data transferred to a new service provider:

  • You have the right to access which personal data are registered about you in the Service and to receive a copy of these. If it is legal and technically possible, there may also be access to have information transferred directly to a new service provider.

Request correction, deletion, or restriction of processing:

  • You can contact us to correct incorrect information registered about you in the Service, or ask us to delete personal data. Note that you can also correct and delete certain information yourself. You can also ask us to limit the processing of certain information. IZY will, as far as possible, accommodate a request to delete or limit the processing of personal data, but cannot do this if there are compelling or statutory reasons not to do so, for example, if the information must be stored for documentation purposes, or because of reporting obligations.

Object to a processing:

  • You have the right to object to the processing of personal data that has its basis in a balancing of interests. If you can point to specific reasons related to your situation that justify that the processing should cease, we will comply with this unless we have compelling legitimate reasons to continue processing the information.

We may, if necessary, ask you to confirm your identity or provide additional information in connection with the exercise of your rights under the privacy regulations. This is done to ensure that it is only you who are given access to your personal data – and not someone who pretends to be you.

If you disagree with the way IZY processes your personal data, we ask you to contact us via email at info@izy.no.

The right to complain to a supervisory authority

If you believe that the described processing of personal data is not in accordance with privacy legislation, you can complain to the Data Protection Authority. You can find information about your rights and how to contact the Data Protection Authority on the Data Protection Authority’s websites: www.datatilsynet.no.

Changes

If there should be a change in the processing of personal data or changes in the regulations on the processing of personal data, this may lead to changes in the information provided here. You will be notified by e-mail and/or we will post a prominent notice on the Service 14 days before a change is effective. Updated information will always be available in the mobile application.