1. Introduction
Pone Biometrics AS (hereafter called “Pone”) with business registration number 918 881 344 and business address Universitetsgata 2, 0164 Oslo Norway, is a Norwegian company founded in 2017.
Pone develops, patent, and provide services in offline biometric authentication and password services on digital platforms and devices.
Pone is the data controller and responsible for ensuring that the information we have about you is processed in accordance with the data protection legislation.
This Privacy Policy describes how Pone collects, uses, share or in any other way process your personal data when you purchase our Product. If you have any questions or concerns regarding how we process personal data, please get in touch with us at: privacy@ponebiometrics.com
2. Definitions
Pone or “we”/ “us”: Pone Biometrics AS with business registration number 918 881 344.
You: The person purchasing Products for the Buyer.
Buyer: The entity purchasing Products.
Products: Any product offered for sale by Pone.
Terms and Conditions: The Sales Terms and Conditions that applies to all sales of Products by Pone: Terms and Conditions – PONE (Ponebiometrics.com).
GDPR: The EU’s General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC) which came into force in the EU on 25th of May 2018.
3. Why we collect AND PROCESS personal data and the information we PROCESS
To best serve your needs, we process certain information when you purchase our Products. Pone does not process any sensitive information.
We process the following personal information in order for you to buy our Products on behalf of Buyer:
- First name and last name
- Workplace / Company
- Email address
- Address
We process the following personal information to send out marketing, newsletters and provide information about our business:
- Name
- Email address
- Company
- Work position
- Country/Region/City
- Postal code
- Phone number
- Note to your order which could contain personal data
- Billing information / payment information
4. Legal basis for processing persondal data
Pone ensures that there is a legal basis for all processing of personal data. Pone processes your data on the following legal basis:
- Contract, cf. GDPR art. 6 (1) b): The processing is necessary to fulfil a contract, each purchase agreement, you on behalf of Buyer enters into with Pone as described in our Terms and Conditions.
- Consent, cf. GDPR art. 6 (1) a): To the extent you have given consent to processing of your personal data for a specific purpose, such as cookies for marketing or analytic purposes.
- Legal obligation, cf. GDPR art. 6 (1) c): We may process personal information if it is necessary for compliance with a legal obligation, in example the Accounting Act relating to any purchase agreement.
- Legitimate interest, cf. GDPR art. 6 (1) f): To the extent we have a legitimate interest in conducting, managing, and promoting our business to enable us to process personal data not covered by a legal basis mentioned above, we will inform you about such interest. If any proceccing of personal data is made due to security reasons (in example to avoid hacking) or marketing purpose (in example not possible to get consent), a balance test should be performed. In addition, more information about such activities should be part of this Privacy Policy (option for opt-pot if for marketing).
5. DISCLOSURE of personal data
We do not share your personal data with others unless there is a legal basis for such disclosure. Examples of such a basis may be that disclosure is necessary to fulfil an agreement with you, or because there is a legal duty to disclose the information.
Pone mainly processes personal data in Norway, EU/EEA and UK. The UK adequacy decision from EU from 28th June 2021 ensures unrestricted personal data flow between EU and UK for four years (till 27th June 2025, and may be extended).
We may share your information with the following third parties. Please see the list below:
- HubSpot Inc. – Marketing, newsletters and provide information about our business
- Ninja Forms – Marketing, newsletters and provide information about our business
- Berge & Lundal Revisjonsselskap AS – Audit firm
- Norian Regnskap AS – Accounting firm
- Microsoft Corporation (Microsoft Teams)
- DocuSign Inc.
- Tripletex AS
We share information with our third parties, such as IT suppliers and personnel systems, to the extent necessary for them to provide their services to us, e.g., within operations, administration, maintenance, or technical solutions.
The relationship with such suppliers/data processors will be regulated through a data processing agreement, which, among other things, ensures confidentiality and safeguards information security at all levels. The data processing agreements also ensure that the data processors do not use the data for their own purposes.
We will also share your information with the Norwegian Tax Administration and other public bodies to the extent that we are required to do so.
If disclosure involves the transfer of personal data out of the EEA, we will take steps to protect the personal data, such as entering into an agreement based on EU standard clauses with the recipient.
6. How long do we retain your information
We will not retain your personal data for longer than is necessary to achieve the specific purpose for which the personal data was collected. This typically involves:
- We keep your profile information for the duration of your account.
- We generally keep other personally identifiable data we collect when you use our Products and services for a maximum of 18 months.
- Where you violate our terms and conditions, we may keep the identifiers you used to create the account (i.e., email address or phone number) for five years to prevent repeat of policy offenders from creating new accounts.
The personal data will nevertheless be retained for as long as it is necessary for us to comply with statutory requirements and legal obligations, including requirements for storage following the accounting legislation. We will also retain the data longer if continued storage is necessary to establish, protect or defend legal claims.
7. Cookie policy
We receive information from cookies (small text files placed on your computer or device) and similar technologies to help us analyze and improve your experience and the services.
We also use various tracking technologies and analytics tools to enhance your experience on our website and to provide personalised content and advertisements. These tools help us understand how you interact with our site and improve our services. The tools we use include:
- Meta Pixel: We use Meta Pixel for marketing purpose to track your actions on our website. This allows us to show you targeted ads on Facebook and Instagram based on your interactions with our site.
- LinkedIn Audience Tag: We use LinkedIn Audience Tag for marketing purpose to track your interactions with our website. This helps us show you relevant ads on LinkedIn.
- Hotjar: We use Hotjar for analysis purpose to analyze user behavior on our site. Hotjar helps us understand how you interact with our website through heatmaps, session recordings, and surveys. This information helps us improve your user experience.
You can manage these tracking pixels/cookies as described in the pop-up when you visit our website and provide us a consent for each purpose other than essential cookies (essential cookies are deemed necessary and accepted if your device accepts cookies). Our cookie tool allows you to:
- Accept cookies and trackers used for any purpose other than strictly necessary.
- Reject all non-essential cookies and trackers.
- Customize your preferences for different types of cookies and trackers (including to withdraw a given consent).
For more detailed information about the cookies and trackers we use, please see our Cookie Policy.”
8. Your privacy rights
You have a right to access the personal data Pone process and have the right to request that we correct any inaccuracies regarding your personal data. You also have the right to request that we delete personal data if the purpose and legal basis for the processing activity no longer applies.
If we process your personal data based on your consent, you can withdraw your consent at any time without giving any reason.
The Norwegian Data Protection Authority (“Datatilsynet”) is the supervisory authority for the processing of personal data. If you consider that Pone´s processing of personal data is not in accordance with the Personal Data Act, you can complain to the Norwegian Data Protection Authority.
You can find more information about how you can get in touch with the Norwegian Data Protection Authority on its website www.datatilsynet.no.
We hope you get in touch with us if you have a complaint or want to exercise your rights. You can contact us at privacy@ponebiometrics.com.
9. Changes to the Privacy Policy
The processing of your personal data is subject to the latest version of this Privacy Policy, and we may update it periodically in response to changing legal, regulatory, or operational requirements.
If we should make substantial changes to this Privacy Policy that we consider important for your privacy rights, we will inform you and give you the chance to review the updated Privacy Policy before purchasing our Products.
Updated 20 march 2024