Before buying, and using, Whitestory AS’ products and services, you consent that we can treat personal information about you, and confirm that you have read, understood and content.
The declaration describes what kind of personal information we collect through our websites, and when using our products and services, and how the information and data is treated.
When you visit our websites data concerning the following is collected: web browser, Internet service provider (ISP), referral and exit sites, operating systems, data, time of day, clickstream and other user services as part of our service analysis. These data are not linked to other personal data we collect, and are anonymous.
This declaration includes detailed information concerning our service providers, so that we are transparent.
PERSONAL INFORMATION AND RESPONSIBILITY
Eckersbergs gate 4
Data Protection Officer:
If you have any objections with regards to privacy or the use of data that has not been treated in a proper matter, you can also form a complaint and send it to The Norwegian Data Protecion Authority.
Whitestory AS is responsible for the treatment of personal information in connection to visits to our website, or when ordering products and services from our company, and with contact to our Customer Service.
The following personal data is collected in order to identify and register (1) the customer relationship, (2) contact person(s) in the customer relationship, (3) user accounts in our systems.
- First name, surname, postal address, telephone number, e-mail address
- First name, surname, telephone number, e-mail address
- First name, surname, telephone number, e-mail address
And in order to deliver the service in accordance with our agreement, and to perform customer service at request. Due to security reasons the IP-address that is used when ordering, administrating, and using our services is saved. It is not voluntary to give out personal information unless something else can be seen from this declaration, or from the user interface of the services.
Personal information is saved on services owned and operated by Whitestory AS, and is localised in Norway and/or EU, unless other information is specified.
Whitestory AS is obliged to delete or correct personal information that is not correct. Personal information that is not correct or inconclusive will be updated by using third party information from, but not limited to, 1881.no, the Norwegian Post, Bring, Experian, The Brønnøysund Register Centre and other public sources to information.
Stripe, Bookly, iZettle, Facebook Ireland and Facebook Inc, GlobalSign, Google Analytics, Google Adwords
When paying with a debit- or credit card, the information on you card is saved at Stripe, which is PCI DSS-certified. Credit card information will only be accessible for Whitestory AS, in “anonymized” form. No parts of the card number is saved in our systems, only a reference to the transaction in Stripe.
Bookly operates the platform that is used to book appointments for trying our products. All information is registered and saved in e-mail correspondence with firstname.lastname@example.org is saved on servers owned and operated by PageLook.no (FaceLook AS).
When using a chat services, information concerning IP address and web browser version is saved. Other personal information is given to us on a voluntary basis, and you can use the service anonymous.
Facebook Ireland and Facebook Inc.
Facebook measures and the reach and results of our marketing campaings on Facebook.
GlobalSign provides SSL-certificates that we use for encryption of communication in our systems. Information collected in connections with registration of a SSL-certificate is saved on servers owned and operated by GlobalSign.
Whitestory AS use for Adwords for marketing on Google.
Received information is in accordance with Google’s policy for privacy.
Registrar services (International)
Personal Information which is collected in connection to registering domain name will be saved at Registrar for the relevant top level, and published at WHOIS in line with our Service agreement, and current regulations for the relevant top level, which you accepted when registering.
SUPPLIERS OUTSIDE EU
Suppliers outside the EU, that do not offer saving of data inside the EU, and in compliance with the EU-U.S. Privacy Shield framework agreement and the U.S. Swiss Safe Harbor framework agreement established by the US Deparment of Commerce, and commit to treating to all personal information from EU member countries with the trust the framework agreements implies, in accordance with the agreements current principles.
No personal Information is handed to third party suppliers without explicit consent from you. However, a supplier can pass on data to a third party functioning as an agent on their behalf. If so, the transfer will not happen without complying with the principles of the Privacy Shield for all trailing transfers of personal information from the EU, including the provisions concerning responsibility for further transfers.
Stripe Privacy Shield-certification:
Alternatively, you can contact us, and let us lead the case for you.
You can also, under certain conditions, further described Privacy Shield’s website, submit binding arbitration when other procedures for dispute Resolution is exhausted.
TREATMENT OF PERSONAL INFORMATION
Personal information is collected so that Whitestory AS can perform those tasks and services that we are imposed to execute in accordance to law, regulations and/or agreements. The treatment of personal information is at any time in accordance with current law and regulations.
If there is a, by law, need for disclosure to public authorities, registered personal information will be sent to the authorities according to their claims.
Please note that the treatment of personal information with regards to specific services and products can be regulated by separate agreements which are made available through our Service Agreement. This includes, but is not limited to, domain name and information registered in WHOIS.
Access and correction
At any time, you have the right to access the information that is registered. You can at any time see and edit your personal information through our Control Panel.
You can also contact Customer service, which will answer your request within 1 working day.
Storing and deleting
Information that is no longer needed for the purpose they are saved for, will be deleted consecutively.
Whitestory AS saves personal information concerning customers, at all times compliant with the current law. When you delete, or terminate, services, some of your personal information, primarily contact information, order- and invoice logs, and copies of correspondence, will remain in our registers to the extent that is needed to protect legal rights, or legislative demands to documentation.
You have the right to data portability. This means that you can collect your personal information in a machine-readable format.
CONFIDENCIALITY AND SECURITY
We combine a combination of physical, electronical and procedurally security to protect personal information.
Information on your account is password protected. Furthermore, your password is protected is saved with a one-way hash-algorithm with a variable work factor.
All data transfers that occur over the Internet is password protected. All transactions are treated by a SSL/TLS-connection, with a minimum 256-bies encryption. However, there is no guarantee that someone might get access to this kind of information, or that they can be compromised, changed if there is a breach in a fire wall or in a secure server software.
Since no data transfers via the Internet is 100% secure, we cannot guarantee or promise the security of the information you send us.
If Whitestory AS is known to that there has been a breach in our security systems, we will inform you in writing per SMS or via e-mail, so that you can make needed protective measures. By using our services or by giving us personal information, you consent to that Whitestory AS can contact you electronically with regards to issues regarding security, personal data or administrative problems, related to your uses of our services.
Whitestory AS is also obliged to warn the The Norwegian Data Protection Authority within 72 hours that we are aware of any breach in our security.
You have the responsibility to implement needed security measures when using our services. That includes, but is not limited to, using a secure password, encrypting you password, secure storage of encryption keys, installation of security updates in third parties software and components.
Whitestory AS is not responsible for the information you choose to save via our services, and we cannot guarantee for the consequences as a result of breaches in security.
SENSITIVE AND CONFIDENTIAL PERSONAL INFORMATION
None of Whitestory AS’ services demands that sensitive and confidential personal information is given to us. Registering this information in Whitestory AS’ interfaces is not allowed, and shall not be given to Whitestory AS under any circumstances.
In any case you are required to send a copy of your ID, you shall blackline your social security number.
THIRD PARTY FUNCTIONALITY AND WEBSITES
Third party functions may also collect sensitive information, for instance financial information (credit card) to dispatch purchases of products and services.
Whitestory AS is obliged to notify the Customer of any significant changes. Significant changes includes any matter that restricts the Customer’s rights, or that changes the parties commitments or rights. Changes in significant shall be notified by e-mail to the address given as contact information in the customer relationship.