Privacy policy
Last updated: 14.06.2021
Izy AS (“Izy”, “us”, “we” or “our”) operates and is responsible for processing the mobile application (hereinafter referred to as “the service”).
We are concerned that you as a customer should trust us and how we process your personal information. In this privacy statement, we explain why we collect information about you, how we use this information, and how we take account of your privacy. Use of personal data must comply with the Personal Data Act. As controller, we will ensure that we use your personal information in accordance with the law.
For some users, there may be deviating terms as the use is linked to an employment where the employer has entered particular terms. In such case your employer will have informed you of this, see more if applicable:
Purpose and basis of treatment
The purpose of using the personal data collected is to provide the services and purchases that you enter into or agree to, as well as
- to notify you of changes to our service
- in order to provide you with customer support
- To enable you to use interactive features of our service if you choose to do so, for example via beacons
- To analyse anonymized personal information so that we can improve our service
- To collect valuable information so that we can improve our service
- To maintain our service
- To detect, prevent and solve technical problems
- To inform your employer of your purchases in cases where the employer is involved in payment, subsidy, and any salary deductions.
The legal basis for this will be agreement or consent and sometimes legitimate interest where we have assessed that the processing does not interfere with any privacy concerns for you (e.g. solving technical problems in the app). When it comes to sending you information about, for example, safety-related topics such as fire alarms and fire drills, about events in the building and other relevant information related to the workroom, the treatment basis is justified interest, but you can choose not to receive such information. The basis for processing is law for the storage of accounting information.
Any consent you give may be withdrawn at any time.
Types of information collected
When you use our service, we may ask you to provide us with certain personal information that is necessary to contact you and provide the service, as well as confirm your identity. Depending on what services you use, this is typically:
- E-mail address
- First name and last name
- Employer
- Department
- Purchase and order history
- Cookies, see our own cookie terms
When using the service from a mobile device, the usage data may include information such as the type of mobile device you use, unique ID of the mobile device, the IP address of the mobile device, the operating system and type of browser you use for the mobile devices, unique device identifiers and other diagnostic data.
Particularly on location information
We may use and store information about your whereabouts only if you allow us to do so. We use this information to provide features that help us render a better service to you and other users. An example may be that this information is used to render information about queuing time in the cafeteria.
You can enable or disable location services at any time when using the service by changing the device settings.
Retention
Izy will only retain your personal information for as long as necessary for the purposes set out in this privacy statement. Names, emails and contact information are retained as long as the service is in use, but other personal information that we are not legally required to retain is anonymized after 90 days. We will also retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain the information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Izy will also store usage data in anonymized form for internal analysis purposes.
Transmission of information
Your information is stored within the EU/EEA, but some of our vendors have support services outside EU/EEA. If such support services are used, any processing of your personal information will be governed by the EU SCC contracts or other recognized transfer mechanism with necessary extra measures. We are constantly working to ensure that we and our vendors follow privacy regulations, also for any transfer of personal information to third countries.
Disclosure of personal data
Your employer
We transfer your personal information and purchase history to your employer in cases where the employer is involved in payment, subsidy, and any salary deductions. This is a prerequisite for being able to provide the services to you as a user, in collaboration with your employer as our contractor for our services.
Cooperating companies
In order for you to be able to e.g. order and pay for food in the cafeteria and to shop in the kiosk with the app, we need to transfer necessary personal information to companies offering those services. These are typically those who run the cafeterias and similar services. This is necessary to fufill the agreement with you, anm may also occur based on your consent. Such recipients are controllers for the personal information that they receive.
Business Transaction
If Izy becomes the subject of a merger, acquisition or sale of assets, your personal information may be transferred. We will notify you before your personal data is transferred.
Data security
It is important to us that your data is secure, but keep in mind that no method of transmission over the Internet or electronic storage is 100% secure. Although we use commercially acceptable standards to protect your personal data, we cannot guarantee absolute security.
Your rights
The Personal Data Act and GDPR grant you a number of rights such as the right of access, rectification, deletion, data portability and limitation in and of your personal data with us. To assert such rights, contact info@izy.no.
Please note that we may ask you to confirm your identity before responding to such requests.
You have the right to complain to the Data Inspectorate if you are not satisfied with how we collect and process personal data about you, see more on www.datatilsynet.no.
Service providers
We may use third-party companies to organize our service, deliver the service on our behalf, perform service-related services or help us analyse how our service is used.
These third parties have access to your personal data only to perform these tasks on our behalf and are under no obligation to disclose or use the information for any other purpose.
Payment
We can provide paid products and / or services within the service. In that case, we use third-party payment processing services (such as payment processors).
We do not store or collect your credit card information. This information is provided directly to our third-party payment partners if your use of your personal information is subject to the privacy policy. Such payment partners are independent processing agents, such as Vipps, NETS and STRIPE. These payment processors comply with standards set by PCI-DSS. PCI-DSS requirements help ensure secure handling of payment information.
Other payment companies we work with are:
Apple Store In-App Payments
Their privacy statement can be read at https://www.Apple.com/
Google Play In-App Payments
Their privacy statement can be read at https://www.google.com/
Links to other websites
Our service may contain links to other websites not operated by us. If you click on a third party link, you will be redirected to the third party website. We strongly recommend that you review the privacy policy of each site you visit.
We have no control over, and assume no responsibility for, the content, privacy policies or practices of any third-party websites or services.
Changes to this Privacy Statement
We may need to update our privacy statement from time to time. We will notify you by email and / or post a prominent notice on our service 14 days before a change takes effect.
Contact Us
Feel free to contact us if you have any questions about this privacy statement: