How we protect your data and private information
This Privacy Statement applies to Kongsberg.com/digital and services offered via Kongsberg.com/digital (hereafter referred to as "Kognifai").
Kongsberg Digital AS ("KDI" or "we") may act both in the capacity of controller and processor in relation to Kognifai (see section 2 below).
KDI is part of a group (the “Kongsberg Group”), of which Kongsberg Gruppen ASA (“KONGSBERG”) is the ultimate owner. KONGSBERG’s general privacy statement applies also to Kognifai and may supplement this Privacy Statement.
Each individual who a) has entered into a Kognifai related agreement with KDI, and/or b) is an employee of a Kognifai customer or partner (or otherwise related to a customer/partner), and who is identified and notified to KDI to be given access to one or more services on Kognifai is hereinafter referred to as an “Authorised User”. "You" refers to both Authorised Users and others who visits kongsberg.com/digital.
2. ROLES AND RESPONSIBILITIES INCLUDING PURPOSES OF PROCESSING
2.1 KDI as controller
KDI is also the controller with respect to the following processing purposes/activities:
- To prevent abuse and misuse of services
- Improve quality and functionality of Kognifai and Kognifai related services
- Detect, prevent and mitigate security threats and perform maintenance and debugging.
Personal data will only be processed in connection with these activities to the extent necessary and proportionate to fulfil the stated purposes.
2.2 KDI as processor
KDI processes personal data about Authorised Users in order to deliver services to our customers and partners on Kognifai, hereunder for the following purposes:
- To fulfil contractual obligations related to delivery of agreed services
- Provide requested information or assistance to customers
- Process orders, invoicing and other financial follow up
The customers/partners of Kognifai are the controller for these processing purposes, while KDI is the processor on behalf of the customers/partners. A data processing agreement may be entered into with the relevant customer/partner prior to the processing taking place.
3. CATEGORIES OF PERSONAL DATA PROCESSED
When you visit Kongsberg.com/digital or use the services on Kognifai, KDI may process the following data about you, depending on your use of Kognifai:
- Basic contact details such as name, address, telephone number and email
- Feedback, comments or questions about KDI, Kognifai and services running on Kognifai
- Unique user information such as login ID, username, password
- Webtraffic information as provided by browser such as browser type, device, language and the address of the website from which you arrived and other traffic information such as IP address
- Clickstream behaviour on Kongsberg.com/digital and other KDI websites, products and services
4. LEGAL BASIS FOR THE PROCESSING
When KDI processes personal data for the fulfilment of contractual obligations towards customer or partner (cf. section 2.2 above), the legal basis for processing is determined by customer/partner. KDI operates in accordance with instructions from customer/partner only.
When KDI processes personal data as a controller and for the purposes stated in section 2.1 above, the legal basis is the legitimate interests pursued by KDI. KDI deems the processing of personal data legitimate from a business perspective. All processing is carried out in a manner that does not infringe your privacy rights.
5. SHARING AND TRANSFERS OF PERSONAL DATA
KDI may share your personal data with other companies in the Kongsberg Group if this is necessary to fulfil a request from you.
KDI does not share your personal data with third parties except where such sharing is necessary to provide the Kognifai services. KDI use external third-party service providers, for example for website hosting, for processing transactions and for performing statistical analysis of our services. KDI will only share your personal data with the service providers to the extent it is necessary for them to deliver the services.
In the event that we sell or buy any business or asset, we may disclose your personal data to such prospective buyers or sellers. Moreover, KDI may share your personal data with public authorities or governments if required by mandatory law.
The KONGSBERG Binding Corporate Rules (“BCR”) provides a legal basis for transfer of personal data from group companies within the EEA to group companies outside the EEA. For more information about the KONGSBERG's BCR and group companies bound by the BCR, please see the public version of the KONGSBERG BCR.
KONGSBERG will not transfer personal data to a third country outside of the EEA that does not provide adequate protection of personal data unless appropriate safeguards are adduced or the transfer otherwise takes place in accordance with applicable data protection legislation. Examples of such safeguards are Binding Corporate Rules, EU Standard Contractual Clauses or if the receiving party is certified under the EU-US Privacy Shield.
6. SECURITY OF PROCESSING
KDI undertakes to process your personal data securely and will apply and maintain appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
8. YOUR RIGHTS
You may contact KDI for further information about the processing of personal data relating to Kognifai. If your inquiry concerns activities where KDI acts as processor (cf. section 2.2), KDI will assist you in identifying the relevant controller responsible for the processing activities who can answer your inquiries.
You will as a main rule have a right to access your personal data processed by KDI and/or to obtain a copy of the personal data. You also have a right to contact KDI to have inaccurate or incomplete personal data concerning you rectified, completed and under some circumstances deleted or restricted. If you believe that KDI's processing is not legitimate, you may also object to the relevant processing activities.
In some instances, you can have a right to receive the personal data concerning you in a machine readable format and to have it transmitted to another controller (data portability).
To exercise your rights as a data subject or if you have questions regarding this Privacy Statement, please contact our Corporate Privacy Officer by using email;
If you are not satisfied with this Privacy Statement or the way KDI treats your personal data, you may file a complaint to the Norwegian Data Inspectorate.