NAEVA – Data Privacy Notice and Terms of Use
We respect your privacy.
When using any Naeva service, application, software, component or device, or any connected, integrated or associated service, application, software or device (hereafter collectively called «the Service»), some necessary elements of your personal data may be collected, stored and processed. In certain cases the collection of such personal data is legally required, for instance when working at an active construction site (see the Norwegian regulations for safety, health and work environment on construction sites «Byggherreforskriften» of August 3 2009 nr. 1028). In other cases, collecting your personal data is necessary to provide the Service.
Below you will find more information about the following:
- NAEVA
- What general categories of data we collect
- How such data is stored and processed
- How and when such data may be shared with others
- Your rights in relation your personal data
About NAEVA
NAEVA is a Norwegian technology company that provides electronic devices, software, applications and associated services for our customers, who may for example be construction companies, site or equipment owners or managers, site operators or other businesses. Some examples of our products are electronic crew lists/rosters, access control systems, equipment/machinery/vehicles/property monitoring, training software/games, data analytics, reporting and other similar products. Additional similar services may be added in the future.
For more information about NAEVA, please visit www.naeva.no.
If you have questions about NAEVA or this policy you can reach out to us at privacy@naeva.no.
Data Privacy Roles
When providing the Service we will regularly collect and process personal data on behalf of our customer. This makes the customer the data controller an us the customer’s data processor.
For all information that relates to you as a person, you are considered the data subject.
The data controller is the party who actually owns and controls the collection and use of the data, and who has the obligation to follow all applicable laws and regulations for personal data.
A data processor is a party that processes personal data on behalf of the data controller subject to the data controller’s instructions.
Note that Naeva may also be considered the data controller for certain select uses of the personal data.
For information about who the data controller is in any specific case, feel free to contact us at privacy@naeva.no.
Purposes of Personal Data Processing
We process your personal data when legally required or otherwise required and relevant for the purposes of providing the Service for our customers. This may include the following primary processing purposes:
- Allowing our customer to monitor and control what personnel is or is not present at controlled sites, facilities, locations, equipment, machinery, or vehicles at any given time
- Allowing our customer to monitor and control what personnel is able to access, or currently accessing, controlled sites, facilities, locations, equipment, machinery, or vehicles
- Allowing our customer to verify your identity, certifications, qualifications, and clearance for the purpose of granting access to controlled sites, facilities, locations, equipment, machinery, or vehicles
- Allowing our customer to monitor the controlled sites, facilities, locations, equipment, machinery, or vehicles, including personnel presence and location, for HSE (health, safety and environment) reasons
- Allowing our customer to administer or manage HSE or proficiency training, tests, or screening requirements for personnel requesting access to controlled sites, facilities, locations, equipment, machinery, or vehicles
- Allowing personnel who are present within a given site or facility to identify and communicate with other personnel who are present at the same controlled sites, facilities, locations, equipment, machinery, or vehicles
- Allowing managers or owners of controlled sites, facilities, locations, equipment, machinery, or vehicles to identify and communicate with personnel who are present at, or performing work in connection with, such controlled sites, facilities, locations, equipment, machinery, or vehicles
- Allowing our customers or security/safety/medical personnel to access key information in an emergency, including emergency contacts or voluntarily provided medical information
- Allowing you and our customers to track your time spent at controlled sites, facilities, locations, equipment, machinery, or vehicles
- Enabling the customer to create, access, alter, close, or delete your user profile, credentials and/or account (where applicable) in the Service
- Providing the customer with data about usage and traffic at the controlled sites, facilities, locations, equipment, machinery, or vehicles, and use of the Service (where applicable)
- Enabling you access to the Service and/or to controlled sites, facilities, locations, equipment, machinery, or vehicles
- Enabling you to create, access or delete your user profile, credentials and/or account (where applicable)
- Providing our customer with data analytics and reports in relation to the above purposes
- Other similar purposes
Naeva may also process your personal data for additional secondary purposes, such as the following:
- Improving, diagnosing, maintaining, repairing, updating, and further developing the Service
- Creating, maintaining, updating, changing, or deleting your user profile, credentials and/or account
- Supporting documentation for generation or enforcement of contracts, agreements or invoices
- Complying with legally required requirements, disclosures or audits
- Improving and personalizing your Service experience
- Providing you with relevant information
- Providing user and/or customer support
- Communicating with you, if and when required, by using phone, email, mail, text message, notifications, push/pop-up/chat messages, and other available communications
- HSE purposes in relation to the Service and the sites/facilities, equipment, machinery, or vehicles/equipment/machinery/vehicles
- Compiling and generating usage and incident statistics and analytics, which may be shared with the customer; or with third parties in an anonymized fashion
- Other similar purposes
The above purposes are all important parts of the Service, which means that you cannot opt out of any or all of them at this time. If there are opt-out options added at a later time, these can be found in your profile and/or account settings.
Personal Data Categories
When providing the Service we may collect and process several categories of personal data similar to the following:
Personal Information
- Full name and any nicknames
- Basic contact data, including address, phone number and email
- Next of kin and/or emergency contact(s)
- Date of birth
- Health data (if voluntarily provided)
- It is voluntary to provide health data and it is not required to use the Service
- If you provide health data, this would be considered explicit consent for the processing of such health data for the purposes of ensuring your health and safety
- Contact us at any time if you want to withdraw your consent
Professional Information
- Relevant company information about your employer(s), company/companies, and/or customer(s) that are associated with the controlled sites, facilities, locations, equipment, machinery, or vehicles
- Your HSE-card data, including your picture
- Your picture and/or likeness
- Professional information, including qualifications, certifications, licenses, and line of work
- Your rights, privileges, or restrictions with respect to controlled sites, facilities, locations, equipment, machinery, or vehicles
Location and Service Data
- Location data and history, including distance travelled, when using the Service or accessing/exiting the controlled sites, facilities, locations, equipment, machinery, or vehicles
- Background location when the Service is inactive for the purpose of checking you in or out of a controlled location
- Your consents in relation to the Service
- Time and details about your use, access and navigation in the Service
- Device, browser, localization, and operating system information in relation to any phone, PC, tablet, PDA or similar device that you have used to access the Service
- You IP-address and general IP-address location (e.g. city and/or region)
- Your user data from using any part of the Service, including performance and results in any Naeva proficiency tests or screening procedures
- Any communications between yourself and Naeva, including any data privacy related requests or queries
The above list is not intended to be completely exhaustive. Additional categories of data that are similar to those mentioned above may also be collected.
Basis of Processing
We only collect and process your personal data when required or relevant to provide the Service and/or when required for other legitimate reasons. We may rely on or more of the following legal bases for processing:
- Legitimate interest: This applies when processing your data is necessary to maintain our and our customer’s legitimate interests and there is no strong reason that overrides such interest
- Legal obligation: This applies when processing your data is legally required by law, order or regulation
- Performance of a contract: This applies when you are party to a contract that requires the processing of your personal data
- Vital interest: This applies when processing your data is necessary to protect someone’s life or health
- Consent: This applies where you actively provide your explicit, voluntary and informed consent to specific data processing activities
If you want to know which basis or bases applies in any given instance, you can reach out to us at privacy@naeva.no.
Your Personal Data Rights
You have the following rights in relation to our processing of your personal data:
- You can freely change or withdraw your consent(s), where applicable
- You can require the correction of incorrect or incomplete personal data that we collect and hold
- You can request that we delete your personal data, but only where this is legally and practically possible
- You have the right to obtain a copy of your personal data held by us
If you would like to exercise your rights in relation to personal, or if you have concerns about the collection and processing of your personal data, you may reach out to our Data protection Officer at privacy@naeva.no. Alternatively you can reach out to your local Data Protection Authority for external guidance.
Personal Data Storage
We may keep some or all of your relevant personal data for as long as one of the following applies:
- For as long as you actively use the Service
- For as long as reasonably required to satisfy the processing purposes that are listed in this document
- For as long as legally required (e.g. for audits or record keeping purposes)
Once such purposes expire, your personal data will be either purged or completely anonymized.
Your personal data will be securely stored in line with all applicable legal and industry standard requirements. Only persons that require access to your personal data for legitimate purposes in accordance with this document will be given access to your personal data.
Your personal data will only ever be stored or accessed in countries that are recognized by the European Commission to offer adequate protection of your data. Note that Neave may in some cases use tools and systems from vendors in other countries to deliver the Services, including for example Apple (USA), Samsung (South Korea), Microsoft (USA), and more.
Personal Data Transmissions
Your personal data may be transmitted digitally or non-digitally between servers, systems, processors, devices, disks, or similar by means of wired or wireless networks or any other data transmission technology that is used at the controlled sites, facilities, locations, equipment, machinery, vehicles, or otherwise in connection the Service.
Sharing Data with Third Parties
Your data may be shared with third parties when legally required, when required by the customer and when necessary in order to provide the Service. All third party processors or subprocessors engaged by NAEVA will be required to comply with the terms of this document and all applicable data privacy laws and regulation.
NAEVA, the customer or other data processors may be required to disclose certain relevant parts of your data by law, or to protect certain legal rights, or in an emergency where the health or security of a person is endangered.
Terms of Use
In order to access and use the Service we ask that you read, acknowledge and accept these terms in relation to the collection and processing of your personal data.
By accessing the Service, you confirm as follows:
- That you have read, understood and accepted these terms
- That explicitly confirm that we shall be entitled to rely on this confirmation for the purposes of collecting and processing your personal data as indicated in this document
Please note that this does not mean that we rely on your consent in order to legitimately process your personal data, except where otherwise is explicitly indicated. The acceptance of these terms are intended to be a confirmation that you have received, read and understood the information provided and we will rely on your confirmation of these terms for that purpose only.
Thank you for taking the time to read this document. If you have questions about these terms or if something is unclear to you, contact us at privacy@naeva.no.
I acknowledge, understand and accept the above terms of use:
YES [ ]