Hopp til innhold

Privacy Policy and Cookies

Overview

Vespa.ai AS (hereinafter “Vespa.ai AS”, “we” or “us”) is developing Vespa.ai and running the Vespa Cloud, helping our users to implement online big data serving.

Vespa.ai AS acts as the data controller for any processing of personal data in connection with providing you with information and offering you services on our websites vespa.ai, search.vespa.ai, blog.vespa.ai and console.vespa-cloud.com (hereinafter the “Services”). Further, Vespa.ai AS as the data controller for processing of personal data in connection with an existing or potential contract with you.

Personal data means any information relating to an identified or identifiable natural person. This can e.g. be name, location, phone number, e-mail address, IP-address, or a combination of these that make it possible to identify the person to whom the personal data belongs.

This privacy policy (hereinafter the “Privacy Policy”) describes how we process your personal data, and what rights you have pursuant to Norwegian data protection regulations, including the General Data Protection Regulation (GDPR), and the Norwegian Personal Data Act (hereinafter the “prevailing data protection legislation”).

When, why and what type of data do we collect?

General

In general, we collect and process your personal data to be able to provide you with relevant information related to our Services or to fulfil or be able to enter into a contract with you, including as required by legal obligations. When you use our webpages, subscribe to our newsletter, or fill out voluntary forms issued by us we process the following personal data:

IP address, and information regarding your visit;
Any comments left in the contact form as a visitor;
Contact information (such as name, address, phone number, and e-mail);
Payment details and purchase history;
Work place, including position and name of company;
Communication with us;
Any information regarding personal preferences that you choose to share with us

We collect and process this personal data to be able to fulfil contractual obligations with you (ref. GDPR art. 6(1) letter b), on the basis of your explicit consent (ref. GDPR art. 6(1) letter a ,), to uphold our legitimate interest in fulfilling our contractual obligations with the company you act on behalf of, to uphold our legitimate interest in providing you with the best experience possible in relation to our webpages information and provided Services, and to uphold our legitimate interest in processing any legal claims (ref. GDPR art. 6(1) letter f), as well as for compliance with our legal obligations (ref. GDPR art. 6(1) letter c).

We do in general not process any special categories of personal data about you, such as sexual orientation or health data. Further, we do only process your personal data to the extent that it is necessary for the performance of our Services or any other contractual obligations, including as required by legal obligations, for pursuing our legitimate interests, or to the extent you have consented to any processing.

Below we have listed all the specific ways to collect personal data from you and what categories of personal data we typically process, as well as the legal bases for such processing.

Websites

We collect certain information from your computer or internet connection when you visit our website and use our digital services, such as your IP-address, date and time of your visit, duration of your visit, content of your request (such as the specific site/page you visit), the website you were referred from, which pages you visit on our website, your internet service provider, your browser type and version, as well as your operating system.

We collect this information to uphold our legitimate interests in being able to display our website to you, measuring and improving the performance of our digital channels, as well as marketing our products and services (ref. GDPR art. 6(1) letter f).

Please see further information on our use of cookies in section 5 below, including what cookies that will require your explicit consent (ref. GDPR art. 6(1) letter a).

Creating an account, using and paying for the service

When you create an account in our system we will collect personal data about you . Such personal data includes your name, address, phone number, e-mail or workplace, your position/title/role, name of the company, payment information, purchase history, communication with us, as well as any other personal information you choose to provide us with.

We process this personal data to be able to provide you with the contractual service (ref. GDPR art. 6(1) letter b), and to uphold our legitimate interest in providing you with the best experience possible in relation to our Services, for statistical reasons (ref. GDPR art. 6(1) letter f). In some cases, we are also compelled to process your personal data for compliance with a legal obligation, such as compliance with the Norwegian Bookkeeping Act (ref. GDPR art. 6(1) letter c), or to uphold our legitimate interest in processing any legal claim (ref. GDPR art. 6(1) letter f).

Contact form

You may wish to contact us with questions or requests. When you contact us, either by filling out our contact form or by other means, you may provide us with information about yourself or your company. Upon doing so, we collect the information provided by you, such as: name, e-mail, phone number, company information, your location, as well as any other information that you enter into the form.

We collect this information to be able to carry out our contract with you or the company you act on behalf of (ref. GDPR art. 6(1) letter b or f) or to uphold the legitimate interest we have in replying to your requests or questions (ref. GDPR art. 6(1) letter f).

Newsletter

If you subscribe to our newsletter, we collect your name and e-mail address.

The legal basis for sending such e-mails to our customers is to uphold our legitimate interest in following up our customers by providing relevant news and relevant information about our services (ref. GDPR art. 6(1) letter f, see also the Norwegian Marketing Act art. 15(3)). If you are not an existing customer or user, the legal basis for sending such e-mails would be your explicit consent (ref. GDPR art. 6(1) letter a).

Anyone receiving the information items above can easily opt out using the link included in our e-mails.

Applying for a position with us

You are welcome to apply for a position with us. If you decide to do so, we will ask you to provide certain categories of personal data:

Basic information: e.g. name, date of birth and nationality;
Contact information: e.g. your address, e-mail and phone number;
Qualifications: e.g. your CV, application, diplomas and transcripts of records, language knowledge, courses, certifications and any other information you provide us with in your application or interviews with us;
Background information: e.g. information provided to us by your references, which we either collect through official sources or through references you provide us with; and
Our assessments: i.e. assessments and comments we make in relation to our internal assessment of your application.
You provide us with such personal information, as well as any other information that you might choose to share with us in this respect, on a voluntary basis. We will collect and process this information in order to respond to your application and to consider whether to enter into an employment contract with you (ref. GDPR art. 6(1) letter b). We will delete the information related to your application as soon as it is no longer relevant for this purpose.

Visits to our social media pages

When you visit our social media pages, such as our X and LinkedIn pages, the social media providers will collect and process your personal data and use cookies. For information on how these providers use your personal data, we recommend that you read their privacy policies.

Do we share your personal data with third parties?

We will not share your personal data with others unless you either give us your consent to do so (ref. GDRP art. 6(1) letter a), or if we have legal basis to share your data, e.g. if it is necessary to provide you with a contractual service (ref. GDPR art. 6(1) letter b), if we are required by law to disclose your personal data (ref. GDPR art. 6(1) letter c), or it can be justified on the basis of our legitimate interest in doing so (ref. GDPR art. 6(1) letter f).

If you subscribe to our newsletter, we share the required information with our provider Intuit Mailchimp.

When we use third party sub-contractors or service providers in order to provide our services, we will take appropriate legal precautions and corresponding technical and organisational measures in order to ensure that your personal data is protected in accordance with applicable data protection law. Our service providers may be based in locations all over the world. This means that your personal data may be transferred outside of the EU/EEA. If that is the case, we will implement appropriate security measures in accordance with chapter five of the GDPR, in order to sufficiently protect your personal data, such as agreements including EU standard contractual clauses (SCC).

On our Service Providers page, you will find an up-to-date list of Vespa.ai AS’s existing sub-contractors and service providers processing personal data on our behalf.

How do we protect your personal data?

Both our data processors and we have implemented appropriate technical and organizational measures to ensure a sufficient level of security when processing your personal data and to prevent loss or unlawful processing (ref. GDPR art. 32). Such measures are, for example, internal routines, data processing agreements and IT-security procedures to verify access rights. We will also carry out data protection impact assessments when it is likely that processing your data may result in a high risk with respect to your rights and freedoms in relation to your personal data.

Cookies

How do we use cookies?

Cookies are small text files that are saved on your hard drive and associated with your browser, and which provide us with information. They serve to make our web-services more user-friendly and efficient. We use cookies and similar technology to store your website preferences, combat fraud and illegal activity, analyse our services, improve our website and to fulfil other legitimate purposes. For these purposes, we use necessary, functional and analytic cookies. Some of those cookies are persistent, which means that they will be stored on your electronic device when you leave our website for a restricted period of time. For session cookies, those are deleted as soon as you leave our websites.

We also use website analytics (hereinafter the “Statistical Platforms”) for statistical purposes. This platform may set cookies to evaluate your use of the website, and create reports on website activity for us.

This information can be provided to third parties when the Statistical Platforms are legally required to do so, or to the extent that third parties process data. We do not have influence over this, nor do we allow the statistical platforms to use this data for other services provided.

The information collected by the Statistical Platforms is anonymized before being sent for processing – the last identifier of your IP-address is randomized, and transferred through a secure connection before being stored by the Statistical Platform on servers across the globe. See our list of service providers for the Statistical Platforms in use, and link to their privacy documentation.

These cookies are stored on your computer to remember your preferences regarding the use of cookies. These are required to know if you agree or disagree with the use of cookies on our website.

We use necessary cookies in order to uphold our legitimate interest in providing you with a functional webpage (ref. GDPR art. 6(1) letter f). For all other cookies we ask for your explicit consent (ref. GDPR art. 6(1) letter a).

What is the information used for?

The information we collect is used primarily to sell and operate Vespa Cloud.

Vespa.ai AS also uses your data for research and analysis to better our services and our website (including marketing), on the basis of GDPR art. 6(1) letter f).

Who is the information shared with?

Personal information is collected by our service and shared with our subcontractors and accountant, who also act in accordance with privacy rules and regulations.

What are your rights?

You have several rights under the applicable data protection regulations. We have provided a list of the rights you can exercise in your relationship with us as a data controller below. If you wish to exercise your rights, please contact us and we will respond to your inquiry as soon as possible, but no later than a month after the receipt of your enquiry.

Access: You have a general right of access to the personal data we have registered about you.
Rectification and erasure: You have a general right to request that we should rectify any incorrect personal data about you and erase personal data about you.
Restriction: You have a general right to ask us to stop (“freeze”) the processing of your personal data, e.g. where you are of the opinion that we process personal data about you illegally and you do not wish us to erase these data pursuant to our routines for such erasure until the matter has been clarified.
Data portability: You have a general right to request transfer of your personal data in a common, machine-readable format.
Objection: You have a general right to object to our processing of personal data about you if this is justified by special circumstances on your part.
Right to appeal: If you do not agree with the way in which we process your personal data, you may submit an appeal to the Norwegian Data Protection Authority (in Nw: Datatilsynet). We ask that you contact us beforehand, so that we may clarify any misunderstandings.
Withdraw your consent: If our processing of personal data is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

How long do we store your data?

Your personal data will not be stored for longer than needed for the purposes mentioned in this Privacy Policy, unless we are compelled by law or have other legal basis to store this data for a longer period.

Do we keep this policy up to date?

Yes. We may amend this Privacy Policy from time to time. You will be notified if we make any significant changes. The most up-to-date version of our privacy policy is available on our website.

How can you contact us?

Please contact us if you have any questions or comments or if you wish to exercise your rights. Our contact details are:

Email address: privacy@vespa.ai