This Privacy Policy was last updated on the 30th of August, 2024.
The privacy and security of the data you entrust us with are our highest priority. This Privacy Policy describes how we collect, use and share information about you when you visit our website, create a Ledidi user account, pay for any of our services, participate in events or otherwise interact with us. We also describe your rights and choices regarding the information we collect about you and how you can contact us about any privacy concerns.
The Privacy Policy describes how we treat your personal data, and we encourage you to read it carefully. We only collect personal data when we have a legal basis for doing so, and we only collect the minimum required information.
When does it apply
This Privacy Policy applies to the information we collect about you when you interact with us or use our services. It describes how we handle information about you in our capacity as a controller.
When does it not apply
This Privacy Policy does not apply to the data that you store or process (“user content” or “content”) when you use our software applications related to your Ledidi user account. You are responsible for your content and are the controller of any personal data it may contain. We process your content on your behalf and on your instructions in our capacity as a processor. The rights and obligations related to your content are governed by the Terms of Service you sign when creating a Ledidi user account. You must enter a data processing agreement with us if your content contains personal data. More information about the security of our services can be found in the security documentation on our website.
Legal basis for the processing of personal data
We rely upon several legal bases to process your personal data, such as our contractual obligations to you when you order services from us, compliance with our regulatory and legal obligations, or to pursue our legitimate business interests. In some situations, we rely on your explicit consent. In particular, we will need your consent to send you newsletters that may contain marketing elements if you are not our user or customer yet. In these cases, you will be asked to consent by clicking an "accept" checkbox.
The personal data we collect
We collect information about you when you interact with us directly. Irrespective of the type of interaction, we always collect the minimum amount of information required for that specific purpose. We also automatically collect information related to you when you visit our website and use our software. The types of information we collect include:
1. Your name, email address, phone number, position, profession, organisation and country.
2. The content of the messages you send us, such as requests via our website, emails or support tickets.
3. Payment details, including payment card information.
4. Feedback from surveys or questionnaires.
5. Information that is collected automatically when you visit our website or use our software applications.
When and why do we collect information about you
Some information is collected automatically when you visit our website, but most of the information we collect about you is information you directly provide us with.
Information that is collected automatically:
1. When you visit our website (ledidi.com). Our website (ledidi.com) uses cookies and similar technologies. Some of these cookies are functional, while others are used for analytical or marketing purposes. The use of non-essential cookies is based on your consent when you visit our website. For more information on the cookies we use on the site and their purpose, please see our Cookie Policy.
2. When you use our software applications. We use analytical tools to monitor the security of our systems to improve performance, uncover technical issues and analyse use patterns. We also collect information related to your user account (the amount of data stored and processed, the number of projects, the number of collaborators and the number of projects you take part in as a collaborator). Our legal basis for collecting this information is our legitimate interest to preserve the security and performance of our systems and to improve our services and offerings, and our contractual obligation to provide you with our services according to the Terms of Service.
Information you provide us with depending on the purpose:
1. When you send a request or a message to us. If you send us a message through the contact forms on our website, we collect your name, email address and the content of your message in order to respond to your request. We encourage you to be careful about disclosing any sensitive information about yourself or others. If you request a copy of our security documentation, we also collect information about your position and organisation. We store this information and any following correspondence in our customer relationship management (CRM) system. The information is deleted three years after your last interaction with us. The lawful basis for this data processing is our legitimate interest to be able to respond to inquiries from you, and to have documentation in case we receive complaints, grievances or legal claims.
2. If you are approached or contacted by our sales representatives and signalise a wish to continue the dialogue, we collect your name, contact information and documentation from correspondence or meetings. Processing your data in our CRM system is based on a legitimate interest in establishing customer relationships.
3. When you create a user account. When you create a user account, we collect your name, email address, phone number, organisation and country to uniquely identify you to provide you with our services. We also collect information related to your type of user license, subscription type, and whether you have signed up for a user account as an independent user or by invitation from an organisation or another user.
When you have created a user account, we use your email address to send you important service notices and useful information (e.g., updates, new features and improvements) related to our services in accordance with the Terms of Service. We will also send you information about significant changes in our Terms of Service or Privacy Policy. When you sign up for a user account, our legal basis for collecting information about you is our contractual obligation to provide you with our services according to the Terms of Service.
As our user and/or customer, you can also receive marketing. The legal basis is a legitimate interest to offer you more options. You can unsubscribe from these emails using the unsubscribe link at the bottom of the mail at any time.
You have the option to provide additional information about yourself in your user profile. This information can be shared with other users, making it easier for users to recognise each other and establish collaborations. Ledidi may collect this information (e.g., academic degree, position and role) and combine it with information on use patterns as part of our efforts to understand our users' needs. This information is anonymised and only used statistically. Our legal basis for using this information is our legitimate interest in improving our services and offerings.
4. When you pay for our services. If you buy or subscribe to any of our paid services, either on your own behalf or on behalf of others, we collect your name, email address, phone number, organisation and payment details (payment card information or required information for invoicing). This information is collected and stored both for us to be able to fulfil our contractual obligations with you and to comply with our legal obligations (e.g., accounting, tax purposes and fraud detection).
5. When you sign up to receive our newsletter. You may subscribe to our newsletter either by signing up on our website or by creating a Ledidi user account. In these cases, you consent to receive our newsletters either by filling out a subscription form or checking the Newsletter box when you fill out a contact form on our website. All users will automatically receive newsletters, according to the Terms of Service. You may unsubscribe from our newsletters by clicking “unsubscribe” at the bottom of a newsletter you have received from us.
6. When you register for a Ledidi event. When you sign up for an event hosted by Ledidi (i.e. webinar, meeting, educational course), we collect your name, email address, position and organisation. We use your personal information to inform you about the event and how to attend. Our legal basis for using this information is our legitimate interest to organise the webinar and adapt its content.
7. When you participate in surveys or answer questionnaires. If you have a Ledidi user account, we may also send you invitations to participate in user surveys or invite you to answer questionnaires. The legal basis for sending these invitations is our legitimate interest in improving our services. Responding is optional, and invitations will include a description of the purpose and how the information will be used.
8. Other purposes. We do not use personal data in any way that is not covered by the purposes detailed in this Privacy Policy unless you expressly authorise us to do so. In that case, we will ask for your specific consent.
How we share our personal information
We never sell or share personal information with marketers or unaffiliated third parties. We may share information about you with our trusted service providers for specific purposes such as payment processing, subscription plan management and billing, and to manage our relations with our customers and users. A complete list of our service providers can be provided by contacting us at dpo@ledidi.no.
Our service providers are subject to contract terms that limit their use of your personal data following applicable data protection legislation. We authorise them only to use or disclose your data to perform services on our behalf or to comply with legal requirements. We require all our service providers to contractually commit to protecting the security and confidentiality of the personal data they process on our behalf and to have appropriate safeguards and compliance measures to ensure an adequate level of protection of personal data.
International data transfers
Some of our service providers are registered in the United States (US), and personal data may be transferred and processed outside the EEA. We require all our service providers to contractually commit to protecting the security and confidentiality of the personal data they process on our behalf and to have appropriate safeguards and compliance measures to ensure an adequate level of protection of personal data. We only use providers on the condition that enforceable data subjects' rights and effective remedies for data subjects are available. Ledidi's existing measures to accommodate international data transfers include the EU Commission’s approved Standard Contractual Clauses (SCCs). We carry out a Transfer Impact Assessment (TIA) for each provider to identify and implement appropriate safeguards. Contact us at dpo@ledidi.no to get a copy of the SCC or TIA.
Retention of personal data
We retain your personal data as long as we are providing services to you or as long as it is required for us to fulfil the relevant purposes described in this Privacy Policy. Unless we are required by applicable laws and regulations to keep your information, we will either delete your personal data when the purpose of the processing has been achieved or within three years after your last interaction with us, or earlier if you instruct us to do so in accordance with this Privacy Policy and the Terms of Service, if you have a Ledidi user account.
How we protect your personal data
Ledidi has implemented technical, organisational and administrative security measures to protect your personal data. We continuously seek to ensure that the data we collect is protected against loss, destruction, corruption and unauthorised access. Our security framework is updated regularly in line with technological developments. Your personal data is only accessed by a limited number of personnel who need access to data to perform their duties. When we share data with our service providers, we authorise them only to use or disclose your data to perform services on our behalf or to comply with legal requirements. Before engaging any service provider, we perform a risk assessment.
Your rights and choices
You can request information about what data we store and process about you at any time. You have the right to request the correction, deletion and restrictions in the processing of your personal data, as well as the right to object to the processing of personal data about you in accordance with applicable data protection laws. You may also have the right to receive your data and transmit those data to another controller.
Consents that you have given can be withdrawn at any time. Withdrawal of your consent does not affect the legality of the storing, processing or transfer of your personal data before the withdrawal.
Any questions or concerns that you may have regarding this Privacy Policy can be sent to our Data Protection Officer at dpo@ledidi.no.
If you believe that we have not complied with your statutory rights in accordance with applicable data protection legislation, you have the right to send a complaint to the Norwegian Data Protection Authority (www.datatilsynet.no). However, we kindly ask you to contact us first so that we may address your concerns or resolve any misunderstandings.
Updates to this Privacy Policy
We will update this privacy policy when required by changes in our practice or in privacy legislation. In the event of material changes to our information practices, we will point out those changes on our webpage and, in some cases, send you a notification of changes by email. You agree to any modifications or changes by continuing to use our services after such information has been provided to you.
Contact information
If you have any concerns about privacy at Ledidi, please contact us at dpo@ledidi.no or at LEDIDI AS, Attn: Ledidi AS, Gaustadalleen 21, 0349 Oslo, Norway.