1. About this document
This Personal Data Policy describes information, including personal information, that we collect, process, share, and store for use in connection with the services and solutions provided by GSGroup (collectively, the “Services”).
In this Policy, the terms “GSGroup”, “we”, “us” and “our” refers to GSGroup and its affiliates. We refer to this Policy, together with our Data Processing Agreements, as our “Privacy Terms”.
The Services are intended for use by by our customers (or our customers’ end-customers), employees and hired workers of such customers or otherwise in accordance with the such customers’ instructions, consent or control. You are using the Services on an account issued to you either by us or by your employer or another organization (your “Organisation”) with whom we have entered into an agreement regarding the provision of our Services. That Organisation is likely to have its own policies regarding storage, access, modification, deletion and retention of information that you submit or provide through the Services.
Since it is you or your Organisation who buys our Services, it is you or your Organisation who is the data controller. The data controller has the right and responsibility to (i) control and administer the account where all information related to our Services to you are processed (“Your Account”), (ii) access and process any data that you submit, generate or provide through the Services, including, for example, your positions and communications, and (iii) to ensure information processed as part of the Services is done so legally.
If it is your Organisation who has purchased our Services from us, please contact your Organisation with any privacy enquiries regarding policies, including any enterprise agreements with GSGroup, that it has in place regarding your use of the Services. We are unable to process any such enquiries directly with you. We can only process such enquiries if received from the data controller (typically, your Organisation). Complains may be filed to your Organisation or to the National Data Protection Authority.
If it is you who has purchased our Services, you may contact us at firstname.lastname@example.org if you have any enquiries regarding this Policy or the personal data processed as part of the Services.
GSGroup is committed to protecting your privacy and developing technology that gives you the most powerful and safe online and offline experience. By using our Services, you consent to the data practices described in this Policy and the provisions of our Data Processing Agreement, and you agree to allow us to collect and process persona information on that basis.
3. Why we process the data
We process personal data to ensure we fulfil our contractual obligations with our customers. What that means in terms of what data we collect and process, how and where we process it, and for how long, is described in this Policy and our Data Processing Agreement. It is important that you read this information. By taking the Services into use, we are instructed to process personal data as a data processor for the purposes of providing those Services.
4. Legal basis for processing
The legal basis for the processing of personal data is the agreement for our Services, either with you or with your Organization. Our processing of the data is required in order to fulfil the agreement we have with your Organization.
Your personal data is processed in accordance with the applicable National Personal Data Act and the Personal Data Regulations, which from 25 May 2018 include the EU General Data Protection Regulation, (EU) 2016/679 (“GDPR”).
According to the GDPR you have the right to request for among other things:
- Access to your personal data,
- Rectification or erasure the personal data
- Portability of your data, extracting the personal data for transferring it to other service providers
- Submitting your personal data is voluntary and you have the right to restrict our use of the personal data, but some basic information is needed to enable Services to operate.
If you have any such requests, you may contact your Organisation who has bought our Services or from us if you have bought such Services directly from GSGroup, as described in Section 1 above and 10 below.
5. What data we process
Our Customers are in control of the data we process on their behalf. The data we process as part of our Services is set out in the Appendices to our Data Processing Agreements.
Common data collection which applies for all GSGroup’s Services (including all subcategories):
- User communications, feedback, suggestions and ideas sent to us
- Billing information;
- Information that you provide to us when you or your Organization contact or engage us for support, or similar queries regarding the Services.
- For some of our Services, we automatically collect certain information on your Organization’s behalf through the Services, such as your Internet protocol (IP) address and other browser or device identifiers, browser type, operating system, crash data, Internet service provider, the date and time of you are using the Services and other information about your activities within the Services. This is logged for diagnostic and security purposes.
B) In addition Smartday processes the following data:
b) Employee at customer:
- Certification number
- Cell number
- Car ID
- Position, address
- Vehicle states
c) Service objects at customer:
- Serial number
- Installation date
- Attention name
d) Debitters at customer:
- Cvr number
- Debitor note
- Attention name
- Note 1
- Note 2
- Form data
- Form signature
- Photo & files
- Attention name
6. How we use your data
The information we collect is used to provide, develop and improve our Services and safety features.
We or your Organization may use your contact details to send you information regarding our Services, or to ask you to participate in surveys about your Services use.
We may also use this information in an aggregated,
non-identified form for research purposes and to help us make decisions on the direction of sales, marketing, product development and business activities.
We use industry-standard methods to keep this information safe and secure while it is transmitted over your network connection and through the Internet.
7. Where we process your data
The location of our processing activities is set out in our Data Processing Agreements.
8. Disclosure of information
- GSGroup does not share personal information for any commercial or marketing purpose unrelated to the delivery of our Services. Your personal information may be shared with your Organisation if it is that Organisation that has purchased our Services. We may also disclose information in the following circumstances:
- When instructed in writing to do so or with your explicit consent: We may share personal information when we have been instructed to do so in writing by our customer (you or your Organisation) or with your explicit consent.
Legal requests: If we receive a subpoena, warrant, discovery order or other request or order from a law enforcement agency, court, other governmental entity or litigant that seeks data relating to the Services and are legally compelled to produce information, we will make reasonable attempts to inform you or your Organisation about the request (unless prohibited by law). If we ask the requesting party to direct the request to the Organization, we will provide your Organization’s contact information to the requesting party.
- Aggregate or anonymised data: We may share non-personal information (for example, aggregated or anonymised customer data), to improve, support and operate GSGroup software, products and services, and to create and distribute reports regarding use of such products and services.
9. Safety and security
We use the information that we have to help verify accounts and activity and to promote safety and security on and off our Services on your and your Organisation’s behalf, such as by investigating suspicious activity or violations of our agreement terms or policies. We work hard to protect your information using teams of engineers, automated systems and advanced technology such as encryption and machine learning.
10. Accessing and modifying your information
You and your Organization may access, correct or delete information that you have uploaded to the Services using the tools within the Services. You are thereby in control of the data we process. If you are not able to do so using the tools provided in the Services, you should contact your Organisation directly to access or modify your information, unless you have bought the Services directly from us in which case you can contact us directly as set out above.
Changes that you make to your information on the Services take immediate effect on your specific network, but original data will be retained by GSGroup in backup copies for a commercially reasonable amount of time and as directed by you or your Organisation.
11. Account closure
If the Services were bought by your Organisation and you would like to stop using the Services, you should contact your Organisation. Similarly, if you stop working for or with the Organisation, the Organisation may suspend Your Account and/or delete any information associated with Your Account.
It typically takes about 30 days to delete an account on behalf of your Organisation after account closure, but some information may remain in backup copies for a reasonable period of time thereafter. Please note that content you create and share on the Services is owned by your Organisation and may remain on the Services and be accessible even if your Organisation deactivates or terminates Your Account. In this way, content that you provide on the Services is similar to other types of content (such as presentations or memos) that you may generate in the course of your work.
If the Services were bought by you and you would like to stop using the Services, you can do so in accordance with your agreement with us.
12. How long we store your information
GSGroup generally stores your personal information for as long as you or your Organisation remain a GSGroup customer and as set out in instructions to us. To the extent there are legal requirements for duration of storage, such as for accounting purposes, we may store data for up to 10 years.
As described above you have the right to request for the data to be deleted. Such requests should be directed as explained above.
14. Data processing agreements