Last updated: May 2018
Compusoft is an international technology based company. We are committed to safeguarding the privacy of visitors to our websites. Please read the following notice to understand how we will collect and use your information and the rights you have in relation to your information. References in this notice to “your information” are also to personal information that you provide to us. This notice was last updated on the above date and may vary from time to time so please check it regularly. Compusoft AS is the data controller of any information provided via our website. Our contact details are set out in section  below.
1. THE INFORMATION WE COLLECT
You are not required to provide any personal information on the public areas of this website, however, you may choose to do so by completing the application forms on various sections of our websites, including:
- “Contact Us” forms
- “Training request” form
- “Download test version” form
We also obtain personal information from your IP address, operating system and web browser that you use to access our website. Please see section 5 (Cookies) and section 6 (IP Addresses) below for more details about this. You may also provide us with personal information if you contact us by email, telephone or letter.
2. HOW WE USE YOUR INFORMATION
We will only use the information you provide to us on these sections of the website in order to process the relevant application form. We may also use your personal information to:
- conduct administrative or operational processes within our business;
- process and respond to requests, enquiries or complaints received by you;
- to provide products and services requested by you;
- to identify products and services you may be interested in;
- to communicate with you about our products and services;
- to invite you to events;
- monitor and analyze our business;
- form a view of you as an individual and to identify, develop or improve our services and/or products that may be of interest to you and to carry out market research;
- send you marketing.
For more details about how we use your information for marketing purposes please see section 3 below (Using your information for Marketing Purposes).
3.USING YOUR INFORMATION FOR MARKETING PURPOSES
We may ask whether you wish to receive marketing from us and this will be presented to you as an option on the relevant application form or page on our website where necessary. We will not send you marketing if you ask us not to. If you have agreed to receive marketing but then later change your mind and no longer wish to receive marketing, please let us know so we can remove you from our distribution lists. You can contact us on firstname.lastname@example.org or the contact details below in section 9.
4. HOW AND WHY WE SHARE YOUR INFORMATION
Please note that we may on occasion be required to share your information with Compusoft offices and branches and our associated firms around the world and any third parties who provide services on our behalf. However, we have taken steps to ensure that all such entities keep your personal information confidential and secure and only use it for the purposes that we have specified and have informed you of. In relation to any other third parties we will only disclose your information where you have given your consent or where we are required to do so or have the right by law. Find out further information about our offices.
6. IP ADDRESSES
When you visit our website our server will record your IP address together with the date, time and duration of your visit. An IP address is an assigned number, similar to a telephone number, which allows your computer to communicate over the Internet. It enables us to identify which organisations have visited this website. We use this information to compile statistical data on the use of our website to track how users navigate through our site in order to enable us to evaluate and improve our site.
We use up-to-date data storage and security techniques to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. All our employees and any third parties we engage to process your personal information are obliged to respect the confidentiality of your information. However, the transmission of information via the internet is not completely secure. Although we will do our best to try and protect your information, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk.
8. YOUR RIGHTS
You have the right to apply for a copy of the information we hold about you, for which we may charge a cost based fee. This is called a data subject access request and you can make a request by writing to us using the contact details below. We may require further information from you in order to verify your identity before disclosing any personal information to you. You also have the right to have any inaccurate information about you corrected. We want to make sure that your information is accurate and up to date. You may ask us to correct or remove any information that you think is no longer up to date. Please contact us using the contact details below if you would like any corrections made to your information.
9. CONTACT INFORMATION
If you have any questions in relation to this notice please contact us at:
Telephone: (+47) 69 13 70 00
If you currently receive marketing information from us which you would prefer not to receive in the future please email us at email@example.com.
All email messages sent to and from Compusoft may be monitored to ensure compliance with internal policies and to protect our business.
10. SCOPE AND PURPOSE
These Standards for processing Personal Data (the “Standards”) relate to
information about natural persons who can be identified from that information, whether
directly or indirectly (“Personal Data”).
The Standards define the standards applicable to the Compusoft Group Entities in
relation to Personal Data and apply to all processing and transfers of Personal Data by a Compusoft Data Controller in and outside of the European Economic Area (“EEA”)
11. DEFINITIONS AND INTERPRETATION
- “GDPR Directive” means Directive Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
- “Entity” means an entity within the Compusoft Group;
- “Individual” shall have the same meaning as ‘Data Subject’ (as defined in the Directive);
- “Compusoft Group Entities” (also referred to together as Compusoft Group) means the entities in the table Annex 1 [ ], comprising all entities controlled by Compusoft AS
- “Compusoft Data Controller” means a Data Controller that is a Compusoft Group Entity;
- “Personnel” means individuals employed by a relevant Compusoft Group Entity or consultants acting on behalf of, or embedded in, a relevant Compusoft Group Entity;
- “Personal Data”, “Sensitive Data”, “Data Subject”, “process/processing”, “Data Controller” and “Data Processor” shall each have the same meanings as are given to them in the GDPR Directive.
Compusoft will ensure that:
(i) adequate resource is provided to maintain compliance with the Standards. This includes ensuring appropriate senior management responsibility and oversight of the Standards;
(ii) those who have permanent or regular access to Personal Data, or that are involved in the collection of Personal Data, or in the development of tools used to process Personal Data, are trained and informed of their rights and responsibilities in respect of the Standards.
13. PROCESSING PRINCIPLES
Unless otherwise permitted by applicable law, a Compusoft Group Entity shall apply the following processing principles when acting as Data Controller.
(i) only process Personal Data for purposes permitted by applicable data protection laws;
(ii) process Personal Data fairly and lawfully;
(iii) if required by applicable law, inform the data subject when Personal Data is being processed. In addition the relevant entity shall provide its name and address, the purpose of processing, the recipients of the data and all other information required to ensure the processing is fair;
(iv) when notified of a change to Personal Data, update its records in accordance with the deadlines specified by applicable laws;
(v) adopt appropriate measures to retain Personal Data for no longer than is appropriate for the purposes for which it was collected, unless the Personal Data is otherwise required to be kept by agreement, consent, applicable law or regulation;
(vi) obtain Personal Data only for one or more specified and lawful purposes, and shall not further process the Personal Data in any manner incompatible with that purpose or those purposes; and
(vii) only process Personal Data which is adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
14. RIGHTS OF INDIVIDUALS
When acting as a Data Controller:
(i) A Compusoft Group Entity shall provide in an intelligible form, upon written request from an individual, and in accordance with the deadlines specified by applicable laws, the information that constitutes Personal Data processed by that Compusoft Group Entity in relation to the relevant individual, unless that Compusoft Group Entity is permitted by applicable law to refuse or only comply partially with the request.
(ii) A Compusoft Group Entity may, where permitted by applicable law, charge a fee for the provision of copies of Personal Data requested by individuals;
(iii) A Compusoft Group Entity shall amend, update or delete, as appropriate or upon notification, any Personal Data which is found to be incorrect;
(iv) A Compusoft Group Entity shall respect individuals’ statutory right to object to the way their data is processed by that Compusoft Group Entity. Objections may be raised with the individuals’ usual contact at the relevant Compusoft Group Entity, HR contact or to the Security Officer. All legitimate objections will be investigated and necessary action taken, including rectification, erasure or destruction of data, where appropriate; and
(v) A Compusoft Group Entity shall take account of individuals’ legitimate interests and inform them of the logic involved in respect of decisions that are made using their Personal Data purely by automatic means with no human involvement and which:
(i) are intended to evaluate certain personal aspects relating to the individual; and
(ii) produce legal effects concerning or significantly affecting the individual.
Compusoft Group Entities shall take reasonable technical and organisational measures with a view to protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing (including taking reasonable steps to ensure the reliability of employees who have access to the Personal Data).
16. INTERNAL PROCESSING OF PERSONAL DATA
Compusoft will procure that all Compusoft Group Entities which process Personal Data will follow the instructions of the relevant Compusoft Data Controller and will be bound by such instructions.
17. THIRD PARTY PROCESSING OF PERSONAL DATA
Before a Compusoft Group Entity transfers Personal Data to a third party in furtherance of an outsourcing or other data processing arrangement or uses the services of a third party to process Personal Data on its own behalf, it shall ensure that where the third party acts as a Data Processor it is contractually bound to only process Personal Data in accordance with the relevant Compusoft Group Entity’s requirements and instructions. The relevant Compusoft Group Entity shall ensure that third party Controllers and Processors to whom Personal Data is transferred afford a similar level of protection for that Personal Data as the Compusoft Group Entity.
Compusoft Group Entities shall not use Personal Data to send marketing information to any individual (including any employee) who has requested not to receive marketing material.
If an individual requests a Compusoft Group Entity to stop processing their Personal Data for marketing purposes, that Compusoft Group Entity shall stop processing the Personal Data for those purposes in accordance with the deadlines specified by applicable laws.
19. SPECIAL OR SENSITIVE CATEGORIES OF PERSONAL DATA
Each Compusoft Group Entity in a relevant country shall comply with any additional legal steps required by applicable data protection laws in that relevant country when processing special (or sometimes called sensitive) categories of Personal Data.
20. COMPLIANCE AUDIT
Compusoft shall evaluate, test and report on the Compusoft Group Entity compliance with the Standards on a regular basis. Where any noncompliance with the Standards is identified in such audits, remediation measures shall be designed, implemented and tracked.
To the extent permitted by applicable laws a Compusoft Group Entity will only disclose compliance information to its local DPA provided that: (i) such information relates to compliance with the Standards; (ii) the information does not contain any commercially sensitive information about or belonging to Compusoft, any other Compusoft Group Entity, or any of their respective clients; (iii) the information does not contain any confidential information about or belonging to a third party; (iv) the information is not subject to the law of privilege; and (v) disclosure of the information would not be contrary to applicable law.
21. CO-OPERATION WITH EU DATA PROTECTION COMMISSIONERS
Each Compusoft Group Entity shall respond to all reasonable requests for information from the local DPA which properly fall within that DPA’s ambit, to the extent that such requests are consistent with applicable law, regulations, professional standards and due process.
Each Compusoft Group Entity shall respect the decisions of the local DPA relating to the interpretation and application of the Standards to the extent consistent with applicable law, regulations, professional standards and due process and without waiving any defences and/or rights of appeal available to that Compusoft Group Entity.
22. RIGHTS OF REDRESS
Compusoft’s complaints procedure is available on the website www.compusoftgroup.com to any individuals who wish to raise concerns in relation to a Compusoft Group Entity’s compliance with the Standards.
For further information regarding the complaints procedure please contact the Security Officer indicated in paragraph [xx] above.
Where an individual has suffered damage as a direct result of a breach of the Standards by a Compusoft Group Entity the individual shall be entitled to bring a claim against Compusoft for remediation of the relevant breach of the Standards (where remediable) and/or compensation in the courts of Norway (the Selected Jurisdiction). An individual wishing to submit a claim in respect of a breach of the Standards must confirm to Compusoft that it agrees to submit to the exclusive jurisdiction of the Selected Jurisdiction.
A Compusoft Group Entity shall not be deemed to have breached the Standards if it has observed the standard of care appropriate in the circumstances or otherwise acted in accordance with common good practices or applicable law.
Subject to the other provisions of this paragraph, if an individual claims that a breach of the Standards has been committed outside the EEA by a Compusoft Group Entity based in a Non-EEA Country (a “Non-EEA Entity”), then a breach of the Standards shall be deemed to have occurred unless Compusoft demonstrates that either:
(i) no breach of the Standards has occurred; and/or
(ii) the relevant Non-EEA Entity was not responsible for the alleged breach of the Standards.
If it is held that a breach of the Standards has occurred, it shall be the responsibility of the individual who brought the claim to prove that he or she incurred damage as a result of such breach and to prove the amount of such damage.
To the maximum extent permitted by mandatory law, Compusoft shall not be liable to an individual for:
(i) punitive or exemplary damages (i.e. damages intended to punish a party for its conduct, rather than to compensate the victim of such conduct); or (ii) indirect loss, consequential loss or special damages, howsoever caused.
In any event, Compusoft shall only be liable for damages which have been: (i) agreed by Compusoft under a settlement or compromise agreement with the relevant individual; or (ii) awarded against Compusoft by a non-appealable judgment, order, or by any other legal award of a court or tribunal with valid jurisdiction.
If a Compusoft Group Entity has reason to believe that any applicable law prevents it from complying with the Standards and may have a substantial effect on the protections provided by the Standards, that Compusoft Group Entity will inform the Security Officer (whose contact details are set out in paragraph 3). Compusoft will make a decision on how to proceed and will consult the local DPA in cases of doubt.
If any applicable law requires a higher level of protection for Personal Data than that set out in these Standards, the relevant applicable law will take precedence over these Standards in respect of that aspect of the Standards.
Compusoft shall not be responsible for a breach of the Standards, to the extent compliance with the Standards is prevented by applicable laws in the relevant jurisdiction.
24. UPDATING THE STANDARDS
Compusoft reserves the right to amend the Standards (including, without limitation, the addition of new Compusoft Group Entity) at any time.
Compusoft Data Flow
1 The Standards shall apply to the processing of all Personal Data of the following kinds:
(a) human resources-related data;
(b) customer and supplier related data (predominantly contact details of individuals within such organisations); and
(c) other business-related data (e.g. contact details of third party suppliers).
2 A Compusoft Group Entity may transfer:
(a) personnel data;
(b) sound and/or visual images;
(c) client Personal Data; and
(d) marketing data.
Personal Data may also include Sensitive Data. However, such data will only be processed and transferred to the extent permitted by Applicable Law.
3 In the context of its global activity Compusoft Group operates as a boundless organisation and therefore Personal Data may be transferred between any of the Compusoft Group Entities worldwide. The majority of the processing is carried out at Compusoft AS.
4 The disaster recovery system necessitates additional replication between data centres to ensure data availability in the event of a data centre failure. Replication for key business systems is as follows:
Personal Data covered by the Standards is processed and transferred for the following core
(a) staff administration and human resources administration, including recruitment;
(b) advertising and public relations;
(c) licensing and registration;
(d) information and database administration;
(e) billing, accounts and financial records;
(g) information required for the prevention and/or prosecution of offenders.
Accordingly references to Compusoft means Compusoft AS and daughter companies or one or more of those entities as the context requires.
Compusoft is the business name and trademark for the activity carried out by the Compusoft Group.
The information on this site is for general information purposes only and does not claim to be comprehensive. Compusoft accepts no responsibility for loss which may arise from accessing or reliance on information contained in this site. Compusoft is not responsible for the content of external internet sites that link to this site or which are linked from it.
The contents of this site are protected by copyright under law and international conventions. Users are permitted to read the contents and make copies for their own personal use.
“Compusoft” is a registered trade mark.