Privacy Policy for TotalCtrl SaaS Solutions

TotalCtrl's SaaS solutions, TotalCtrl Retailer, TotalCtrl Home, TotalCtrl Restaurant, TotalCtrl Food banks and TotalCtrl Inventory are services owned by TotalCtrl AS, org. No: 920 004 210.
Our visiting and postal address is Holbergs gate 1, 0166 Oslo, Norway. This privacy policy provides an overview of how TotalCtrl AS collects and uses personal information through the use of TotalCtrl's Saas solutions. The privacy policy should be read and viewed in conjunction with our terms of use which you can find here for the TotalCtrl SaaS solution. We reserve the right to update this privacy policy without notice. The date of the latest version will always be here and it is the most recently updated privacy policy that applies.
Date of last update: 6 July 2020. ‍

1. Our Role In Our Privacy

1.1 Our responsibility

  • To process, store and process personal data in a safe and secure manner in accordance with the Personal Data Act and the laws on personal data in force in Norway at any given time.
  • To communicate our purpose of collecting personal information.
  • To communicate what processing basis we have for collecting, processing and storing personal information.
  • To assist users in enforcing their rights under the Personal Data Act.
  • To ensure that the services work as they should at all times.
  • To act as the data controller for the data and personal information we collect. Where we have data processors, we are responsible for checking and checking that these data processors’ regulations comply with GDPR’s requirements.

1.2 Our Purpose

Our purpose in collecting, storing and processing personal information is to provide services to you, as well as inform you as a user about updates and the development of the services.

1.3 Your responsibility 

  • Read this privacy policy.
  • By using this site and by providing us with personal information, you agree that we may collect this information and process it on your behalf for the purposes described in this privacy policy.

2. What is data / personal information?

Personal data, or personal information, in the GDPR and privacy legislation in Norway are defined as information that can identify a person. For more information on which personal data we process, please see section 3.1.

3. When do we collect data?

In some cases you give us data, such as name and email address, other times the data collection is automatic, such as when Google Analytics or Hotjar gives us information about which demographics visit our site.

3.1 Types of information we collect:

  • Name
  • Contact information (e-mail address)
  • Information on how to use the TotalCtrl page and which URLs are most visited. This information is not linked to information that could identify you, but is collected through Google Analytics and Hotjar. For more information about Google Analytics and Hotjar, please see the section “Third parties” – section 6.

4. Basis for processing: Why do we collect this information?

The Personal Data Act and the GDPR set out certain processing bases that must be present in order to process personal data.

4.1 Consent

We have access to some of the personal information because you have consented to it by giving the information to us. You give consent by signing up for our newsletter or contacting us in another way; either through email or through our chat feature on the website. 

You can withdraw your consent at any time, but be aware that the services TotalCtrl offers may not work as well or in the way we want.

4.2 Necessary to carry out contractual obligations

To download or purchase a solution, you must provide us with your name and email address so that we know where to send customer information. The legal basis for this is for us to be able to fulfill our obligations to you by sending you what you have purchased or downloaded.

4.3 Necessary to safeguard legitimate interests

We process personal data if it is in TotalCtrl AS’s legitimate interest to process these. Examples of this can be sending updates of the product to users or information that makes our service work best.

5. Security and storage

5.1 How secure is the personal information we collect?

We have physical, technological and administrative procedures in place to ensure that personal information is as secure as possible. If you fear that your personal information has gone astray, send us an e-mail as soon as possible at [email protected]

5.2 How long do we store your personal information?

We store your information until the purpose for which the information is achieved (for example, that we fulfill our obligations to you by sending you what you have purchased or downloaded, and also send you updates on the product), or as we are required by law. All our data is stored in Postgres which is in our Google Cloud solution.

If you use the TotalCtrl SaaS solution through a company, it will be up to the company how long the information and contracts are to be stored. Ask for the company’s privacy statement to find out more.

We do not disclose personal information to other companies in Norway, the EU / EEA or the rest of the world. Our servers are located in Amazon Web Services.    

6. Third Parties

We use some third parties to make our services work optimally. Here is an overview of which third parties we use in TotalCtrl to process personal data.

  • HubSpot: We use the service HubSpot for subscribing and sending out our newsletters. HubSpot’s personal data terms will apply. We get access to your name and email. This information is only available to a limited number of employees and access is password protected with two-step verification. You can delete yourself from the list at any time by following a link in the newsletter. We will then no longer have access to your name and email. You can also send us an email and we will delete you from the list: [email protected]. If you download a solution and agree that we can contact you regarding input for further development of the services we offer on TotalCtrl, your e-mail address will be stored in HubSpot.
  • Stripe: When you purchase a solution or register to receive one of our solutions when they become available, we will receive your name and email address stored in Stripe. If you pay for a solution, the payment information will be stored in Stripe, which is the program we use to carry out transactions on the site. TotalCtrl AS will never have full access to the information about the bank card used, but we can see when the purchase was completed. Only a limited number of employees have access to Stripe and access is password protected.
  • Google Analytics: We use Google Analytics to measure the traffic on our pages. For TotalCtrl, the IP address is registered, whether you use Windows or Mac, which browser you use and how long you stay on which pages. We are unable to see your name and email or other information about you through Google Analytics as the information is anonymous. For users through the TotalCtrl SaaS solution, we can in addition to the information already mentioned, see name and e-mail address. This information is password protected and only a limited number of employees have access to this information. Read more about Google Analytics and their processing of personal information here. 
  • Facebook: We get information from Facebook how many people like our campaigns and posts via the service. We do not receive any personal information nor do we store any personal information from Facebook. <br>
  • Hotjar: We use Hotjar to better understand our users’ needs for TotalCtrl’s solutions so that we can optimize the service and experience. Hotjar is a technology service that helps us understand users’ experiences (for example, how much time users spend on which pages, which links are clicked, what users like and dislike, etc.), and this allows us to build and maintain our services on based on user feedback. Hotjar uses cookies and other technologies to collect data regarding users’ behavior and their devices. This includes the device’s IP address (collected when you have used the service and stored in an unidentifiable form), the device’s screen size, the type of device you visit us on (unique device identifiers), browser information, geographical information (only the country you are in) ), and which language you prefer when visiting our site. Hotjar stores this information on our behalf in a pseudonymous user profile. Hotjar has a contractual ban on selling data collected on our behalf to others. We have also signed a data processor agreement with Hotjar. See Hotjar’s privacy policy here. 

7. How we use cookies

Cookies on our site are automatic. You can block these in settings in your web browser, and you can also delete them. If you choose to do this, please note that not all services and features we offer on our sites will work equally well.

8. Your rights

According to the Personal Data Act, you have the following rights with regard to your personal data:

  • Right of access: You have the right to know what personal information we have about you.
  • Right to correction: If you have been given access and believe that information we store or have stored about you is incorrect, you have the right to have this information corrected.
  • Right to delete: You have the right to delete if we have processed your personal data on the basis of the consent and you withdraw the consent. You also have the right to delete if the purpose of the processing of personal data has been completed. Please note that if you have signed a contract sent from TotalCtrl, you will not be able to have your name deleted from this contract as this may still be in use. Some agreements must be stored long after the relationship has ended as a result of legal provisions.
  • Right to data portability.
  • For a full overview of your rights under the Personal Data Act, please see Datatilsynets website.

9. Suggestions?

If you have input or questions about this privacy statement, please contact us at [email protected]