PRIVACY POLICY

I. DATA CONTROLLER

I.1. This document is a description of the privacy policy of Moicon AS with headquarters in Kapp, at Fabrikkvegen 52, registered in the Legal Entity Register kept by Brønnøysundregisteret with organization number 920 131 360.

Its purpose is to define the rules, how to process and use data and information from users of websites administered by Moicon AS, including clients of Moicon AS and also contains information about the rights of natural persons with regard to personal data they have provided.

I.2. Moicon AS in its privacy policy is guided by the primary principle:

under no circumstances sells or discloses to third parties personal or address data of clients / users of its services, services, newsletters and applications.

I.3. Please read this policy carefully. By accessing the Moicon AS or by using them and sending us any personal data, you accept the terms of this privacy policy.

I.4. Please note that when leaving our pages (e.g. by navigating to a page in a different domain), the user goes to an area where this privacy policy does not apply.

Moicon AS is not responsible for the privacy policy rules applicable on websites operated by other entities.

I.5. Moicon AS has appointed a data protection officer (DPO) who can be contacted via email at: pp@moicon.net in any matter regarding the processing of personal data

II. DEFINITIONS

Administrator: Moicon AS based in Kapp, 2849, Fabrikkvegen 52, Norway.

User: A natural person, legal person and organizational unit without legal personality, visiting the Website or using the services of the Website.

Consumer: A User who is a natural person making a purchase in the Store not directly related to his professional or business activity.

Website: Websites and websites maintained by the Administrator on stationary and mobile terminal devices, through which the Administrator provides Users with content, digital or electronic files, and provides other services specified in each case in the Website Regulations.

Store: A separate part of the Services, through which the Administrator conducts the Sale of Files on the principles specified each time in the Store’s Regulations.

File: An electronic or digital file in which the content is contained (in particular an application, electronic library, plugin, e-book, audiobook, e-press, multimedia applications) intended for use, reading, listening or other reproduction (as described in in the Store) using an Electronic Device.

Electronic Device: The device is designed to include for downloading and saving digital files (e.g. personal computer, smartphone, tablet, reader).

File Sale: a paid access to the File by the Administrator on the User’s order carried out through the Store, enabling unlimited use of the File only with the use of Electronic Devices – on the terms set out each time in the Store’s Regulations.

Additional services: Services provided by the Administrator to Users registered on the Website (i.e. having an Account).

Account: Individual website of the User registered on the Website, through which the registered User may use Additional Services – on the terms specified each time in the Website Regulations.

Payment operator: payment institutions within the meaning of Art. 2 points 10A) of the Act of 19 August 2011 on payment services (consolidated text, Journal of Laws of 2017, item 2003) with which the Website cooperates

Order Payment: debiting the User’s bank account or payment card confirmed by the Payment Operator with the amount specified in the order.

GDPR: Regulation of the European Parliament and of the Council of Europe 2016/679 of 27 April 2016 on the protection of individuals with regard to processing and on the free movement of such data.

III. PROCESSING AND PROTECTION OF PERSONAL DATA

III.1. Collection and processing of data in connection with the use of the Website

III.1.1. In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide individual services offered on the Website, as well as information about the User’s activity on the Website.

By collecting any personal data, the Administrator saves where they were obtained. 

III.1.2. Personal data is obtained directly from the User through:

  • forms filled out online – information is collected through forms available on the Administrator’s websites for contact purposes, submitting questions, submitting applications and expressing comments;
  • contact outside the website – on the Administrator’s websites there are telephone and fax numbers as well as email addresses at which you can contact him;
  • telephone contact – conversations with the Administrator’s representatives at the numbers indicated on the Administrator’s websites may be recorded. If such a situation arises, the User will be informed about it each time;
  • data on network traffic and statistics on the frequency of visits to the Administrator’s websites – a record of information on traffic data is kept, which is automatically recorded by our server, such as the user’s IP address, URL visited before visiting our website, URL visited after visiting our site and pages visited. Statistics on the number of visits to the site and page views are also collected. The administrator is not able to directly determine the user’s identity based on traffic data and statistics about the use of the site.
  • when using the resources of websites managed by the Administrator – information about users is collected through files such as “cookies”.

III.1.3. The detailed rules and purposes of processing personal data collected during the User’s use of the Website are presented below.

III.2. The purposes and legal grounds for data processing on the Website

III.2.1. Use of the Website

Personal data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies), and who are not registered Users (i.e. persons without an Account) are processed by the Administrator:

  • in order to provide services electronically in the scope of presenting and selling Files in the Store and maintaining content posted by Users on the Website (e.g. entries, comments) – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 paragraph 1 letter b) ) GDPR),
  • for analytical and statistical purposes – then the legal basis for processing is the justified interest of the Administrator (art.6 par.1 lit.f) RODO), consisting in conducting analyzes of Users’ activity, as well as their preferences, in order to improve the functionalities and services provided;
  • in order to possibly determine, investigate or defend against claims – the legal basis for processing is the Controller’s legitimate interest (Article 6 (1) (f) of the GDPR) consisting in the protection of his rights;
  • for marketing purposes of the Administrator and other entities, in particular related to the presentation of behavioral advertising – the rules for processing personal data for marketing purposes are described in section III.2.5. Marketing.

The User’s activity on the Website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The administrator also processes this data for technical and administrative purposes, for the purposes of ensuring IT system security and management, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the administrator (Article 6 (1) (f) ) GDPR).

III.2.2. Registration on the Website

Persons who register on the Website are asked to provide their personal data necessary to create and operate an account, or share this data using their profile on the social network facebook.com. Providing data in the form of an e-mail address is mandatory, i.e. failure to provide them results in the inability to set up an account.

Personal data is processed:

  • in order to provide services related to the operation and maintenance of an account on the Website – the legal basis for processing is the necessity of processing for the performance of the contract (art.6 par.1 lit.b) RODO), and in the field of optional data – the legal basis for processing is consent (art. 6 para. 1 letter a) of the GDPR);
  • for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (art.6 par.1 lit.f) RODO), consisting in conducting analyzes of Users’ activities on the Website and how to use the account, as well as their preferences, in order to improve their use functionalities;
  • in order to possibly determine, investigate or defend against claims – the legal basis for processing is the Controller’s legitimate interest (Article 6 (1) (f) of the GDPR) consisting in the protection of his rights;
  • for marketing purposes of the Administrator and other entities – the rules for processing personal data for marketing purposes are described in section III.2.5. Marketing.

When registering or logging into the Account on the Website via the Facebook social portal, the User will choose this form of logging in, the Website, after prior consent by the User, will download from the User’s account on the social network only the data necessary for registration and operation of the account.
If the User places on the Website any personal data of other people (including their name, address, telephone number or e-mail address), they can do so only if they do not violate the applicable law and personal rights of these people.

III.2.3. Placing orders (using paid services on the Website)

The sale of a File to a User involves the processing of his personal data.

Placing an order requires having an Account on the Website or providing an email address in the purchasing process. Providing address details is necessary to issue and deliver invoices.

Personal data is processed:

  • in order to process your order – the legal basis for processing is the necessity of processing to perform the contract (art.6 par.1 lit.b) GDPR); in the scope of optional data, the legal basis for processing is consent (art.6 par.1 lit.a) RODO);
  • in order to implement the statutory obligations incumbent on the Administrator, resulting in particular from tax and accounting regulations – the legal basis for processing is the legal obligation (Article 6 (1) (c) of the GDPR);
  • for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (art.6 par.1 lit.f) RODO), consisting in conducting analyzes of Users’ activities on the Website, as well as their shopping preferences, in order to improve the functionalities used;
  • in order to possibly determine, investigate or defend against claims – the legal basis for processing is the Controller’s legitimate interest (Article 6 (1) (f) of the GDPR), consisting in the protection of his rights.

III.2.4. Contact Forms

The administrator provides the opportunity to contact him using electronic contact forms. Using the form requires providing personal data necessary to contact the User and answer the query. Failure to do so results in the inability to operate it.

Personal data is processed:

  • in order to identify the sender and service his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (Article 6 (1) (b) GDPR);
  • for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (art.6 par.1 lit.f) RODO), consisting in keeping statistics of queries submitted by Users via the Website in order to improve its functionality.

III.2.5. Marketing

The administrator processes Users’ personal data in order to carry out marketing activities that may consist of:

  • displaying marketing content to the User that is not adapted to his preferences (including contextual advertising);
  • displaying marketing content relevant to the User’s interests (behavioral advertising);
  • sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service);
  • conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means).

In order to implement marketing activities, the Administrator may use profiling in some cases. This means that thanks to automatic data processing, the Administrator assesses shopping preferences in order to best match the offer in the future.

III.2.6. advertisement

The Administrator processes Users’ personal data for marketing purposes in connection with directing advertising to Users, including contextual advertising (i.e. advertising that is not tailored to the User’s preferences).

The processing of personal data for this purpose takes place in connection with the implementation of the legitimate interest of the administrator (Article 6 (1) (f) GDPR).

III.2.7. Behavioral advertising

The Administrator processes Users’ personal data, including personal data collected via cookies and other similar technologies for marketing purposes, in connection with directing behavioral advertising to Users (i.e. advertising that is tailored to the User’s preferences).

Processing of personal data for this purpose may also include User profiling.

III.2.8. Newsletter

The Administrator provides the newsletter service to persons who have provided their e-mail address for this purpose. Providing data is required in order to provide the newsletter service, and failure to provide them or to send a request to delete data results in the inability to send it.

Personal data is processed:

  • in order to provide the newsletter sending service – the legal basis for processing is the necessity of processing to perform the contract (art.6 par.1 lit.b) GDPR);
  • in the case of sending marketing content to the User as part of the newsletter – the legal basis for processing, including profiling, is the justified interest of the Administrator (art.6 par.1 lit.f) RODO), in connection with the consent to receive the newsletter;
  • for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (art.6 par.1 lit.f) RODO) consisting in conducting analyzes of Users’ activities on the Website in order to improve the functionalities used;
  • in order to possibly determine, investigate or defend against claims – the legal basis for processing is the Controller’s legitimate interest (Article 6 (1) (f) GDPR).

III.2.9. direct marketing

The User’s personal data may also be used by the Administrator to direct marketing content to him via e-mail. Such actions are taken by the Administrator only if the User has given consent in this respect, which the User may withdraw at any time.

III.2.10. Social media

III.2.10.1. The administrator processes personal data of Users visiting the Moicon profile maintained in the Facebook social network. These data are processed only in connection with maintaining the profile, including to inform Users about the Administrator’s activity, promoting the Services, as well as answering short queries directed via Facebook messenger.

The legal basis for the processing of personal data by the Administrator for this purpose is his legitimate interest (art.6 par.1 lit.f) RODO), consisting in promoting his own brand and the necessity of processing to fulfill the obligation (art.6 para. 1 lit.b) RODO) to the extent that inquiries via the Facebook messenger relate to complaints. 

III.2.10.2. Personal data provided by the User on websites belonging to the Administrator when sending comments to articles, forum responses, etc. are available to all visitors of pages containing this data. The Administrator does not have technical capabilities to protect the User against private persons or companies that will use this data to send the User undefinable content.

Therefore, these data are not subject to the Privacy Policy.

In this situation, the User must be aware that he is providing personal data at his own risk and responsibility.

III.2.11. Cookies and similar technology

Cookies are small text files installed on the User’s device browsing the Website. Cookies usually contain the domain name of the website from which they originate, their storage time on the end device and a unique number. In this Policy, information on cookies also apply to other similar technologies used as part of the Website.

Turning off the use of cookies may cause difficulties in using some services within our Services, in particular those requiring logging in.

Turning off the option of accepting cookies does not, however, result in the inability to read or view content posted on the Administrator’s websites, except for those to which access requires logging in.

III.2.11.1. “Service” cookies

The administrator uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services.

Therefore, the Administrator and other entities providing analytical and statistical services to him use cookies, storing information or gaining access to information already stored in the User’s telecommunications terminal device (computer, telephone, tablet, etc.).

Cookies used for this purpose include:

  • cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
  • authentication cookies used for services that require authentication for the duration of the session (authentication cookies);
  • cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies);
  • session cookies of multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
  • persistent cookies used to personalize the User interface for the duration of the session or a little longer (user interface customization cookies),
  • cookies used to monitor website traffic, i.e. data analytics, including cookies:

* Google Analytics (these are files used by Google – i.e. the entity entrusted with the processing of personal data by the Administrator – to conduct an analysis of how the User uses the Website, including the creation of statistics and reports on the operation of the Website).

III.2.11.2. “Marketing” cookies

The administrator also uses cookies for marketing purposes, including in connection with targeting behavioral advertising to Users. For this purpose, the Administrator stores information or gains access to information already stored in the User’s telecommunications terminal device (computer, telephone, tablet, etc.).

The use of cookies and personal data collected through them for marketing purposes, in particular in the field of promoting services and goods of third parties, requires the consent of the User.

This consent may be withdrawn at any time.

III.3. The period of personal data processing

III.3.1. The period of data processing by the Administrator depends on:

  • the time of termination of the contract, and after that time for other lawful purposes related to the contract. In the absence of a contract – until the completion of the service;
  • the time when the Administrator fulfills the obligations set out in specific legal provisions or perform tasks carried out in the public interest;
  • raising an objection to the processing, or until the expiry of the contracts with the Administrator;
  • withdrawing consents granted;
  • time of fulfillment of the Administrator’s legitimate interests constituting the basis for processing or objecting to such processing, no longer than for a period of 5 years;
  • period of maintaining the User Account.

III.3.2. All data is processed during the activities before the conclusion of the contract, performance of the contract, fulfillment of the legal obligation incumbent on the Administrator, based on the legitimate interest of the Administrator, validity of consents and the existence of the account, and immediately deleted or irreversibly anonymized after the expiry of the processing period or objecting to processing.

Anonymisation leads to irreversible identification. All data that could enable identification is blackened, which allows you to create a set of data from which it is impossible to extract a particular individual. Identifiers are removed from the document – information such as names, first names, addresses, dates of birth, PESEL and NIP numbers. Documents that have been anonymized are not subject to the law on the processing of personal data and can be made available to applicants or made public without the consent of the data subjects.

The purpose of anonymization is to prevent the use of personal or sensitive data to identify a natural person through “all the ways that the data controller or a third party can use.”

In addition, the data is deleted or irreversibly anonymized after submitting an effective objection to data processing in cases where the legal basis for data processing is the Administrator’s legitimate interest. 

III.3.3. Not all data can be anonymized immediately after submitting a request to delete personal data. By anonymizing documents, the Administrator checks whether the statutory retention period has expired and it is for tax documents – 5 years from the end of the calendar year in which the tax payment deadline expired.

III.4. The period of data processing may be extended if the processing is necessary to establish, investigate or defend against any claims, as well as at the request of competent public authorities, and after this period, only if and to the extent required by law . After the processing period, the data is irreversibly deleted or anonymized.

III.5. User permissions

III.5.1. The Administrator respects the rights of each User related to the processing of his personal data. In particular, every person whose data is processed has the right to:

  • obtaining information about the processing of her personal data,
  • the right to access data, request rectification, supplementation and amendment,
  • the right to delete data (“right to be forgotten”),
  • the right to limit data processing,
  • the right to transfer data,
  • the right to object to the processing of its data for the Administrator’s justified purposes, including direct marketing of its products and services, and profiling.
  • the right to lodge a complaint with a supervisory body dealing with the protection of personal data. 

III.5.2. To the extent that User data is processed on the basis of consent, it can be withdrawn at any time by contacting the Administrator via the communication channels indicated in the Website Regulations or the Store Regulations. 

III.5.3. The Administrator stipulates that in the absence of absolute identification of the User (for example in relation to the scope of the data provided by him), he may refuse to take action at the request of the User whose data is at the same time informing that User, unless that User provides additional information enabling him identify. 

III.5.4. If the User objects to further processing for marketing purposes, profiling or to transfer personal data to another data administrator, the objection shall be considered. The administrator may, however, leave in the data identifying a natural person only to avoid re-using that person’s data for the purposes of the opposition.

III.5.5. If personal data is processed on the basis of the consent of the data subject or on the basis of a concluded contract, and the processing takes place in an automated manner, the User has the right to receive, at his request, personal data concerning him in a structured, commonly used machine-readable format, as well as to request the transfer of his data in this format to the designated data administrator. When submitting a request for the transfer of personal data, the data subject must specify whether personal data concerning him or her are to be deleted (“the right to be forgotten”) by the Administrator and submit an appropriate request in this regard.

III.5.6. Users may exercise their right to information and access to their data, not more frequently than once every six (six) months. At the request of the data subject, the Administrator is obliged to provide the necessary information within 30 (thirty) days.

The more frequent use of the right to information and access to data will be subject to fees of NOK 500 (five hundred) paid to the account at Toten Banken, each time before the implementation of the submitted application by the Administrator. This fee constitutes reasonable costs incurred by the Administrator in connection with the exercise of the right of access and is legally permissible.

III.6. Right to object

The user has the right to object at any time to the processing of his data for direct marketing purposes, including profiling, as well as the right not to be subject to a decision that is based solely on automated processing, if the processing takes place in the light of the legitimate interest of the administrator.

The User also has the right to object to the processing of his data at any time for reasons related to his particular situation in cases where the legal basis for data processing is the Administrator’s legitimate interest (e.g. in connection with the implementation of analytical and statistical purposes, including profiling).

III.7. Data recipients 

III.7.1. The Administrator declares that he does not sell, make available or transfer the Users’ personal data collected for processing to other persons or institutions, unless it is with the express consent or at the request of the User, or at the request of state authorities authorized under the Act for the purposes of by them, proceedings or activities related to security or defense, for statutory tasks carried out for the public good and when it is necessary to fulfill the legitimate purposes of the Administrator.

III.7.2. In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for operating IT systems for providing services, entities such as banks and payment operators, research companies, entities providing accounting, analytical services, couriers with the implementation of the order), marketing agencies (in the field of marketing services) and entities related to the Administrator.

If the User’s consent is obtained, his data may also be made available to other entities for their own purposes, including for marketing purposes.

III.7.3. The Administrator reserves the right to disclose information about the User to competent authorities or third parties who submit a request to provide such information, based on an appropriate legal basis and in accordance with applicable law.

III.7.4. In particular, the recipients of the data may be:

  • Toten Banken
  • Stripe

III.8. Transfer of data outside the European Economic Area

The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law.

For this reason, the Administrator transfers personal data outside the EEA only when it is strictly necessary and ensuring an adequate level of protection, primarily through:

  • cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued;
  • using standard contractual clauses issued by the European Commission;
  • applying binding corporate rules approved by the competent supervisory authority;
  • in case of transferring data to the USA – cooperation with entities participating in the Privacy Shield program, approved by the decision of the European Commission.

The administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection.

III.9. Security of personal data

III.9.1. The administrator ensures the security of personal data through appropriate technical and organizational measures aimed at preventing unlawful data processing and their accidental loss, destruction and damage. 

III.9.2. The administrator makes special care that personal information is processed in accordance with the rules for the processing of personal data specified in art. 5 GDPR, i.e.

  • principle 1 – in accordance with the law, fairly and transparently,
  • principle 2 – collected for specific and legitimate purposes and not further processed in a way incompatible with those purposes;
  • principle 3 – adequate, relevant and limited to what is necessary for the purposes for which it is processed;
  • principle 4 – correct and updated if necessary;
  • principle 5 – stored in a form that allows identification of the data subject for a period not longer than necessary for the purposes for which the data are processed;
  • principle 6 – processed in a way that ensures adequate security of personal data;
  • principle 7 – in a manner ensuring the implementation of the rights of data subjects;
  • principle 8 – not transferred without adequate protection to countries outside the European Economic Area or international organizations. 

III.9.3. The administrator conducts risk analysis on an ongoing basis to ensure that personal data are processed by him in a secure manner, ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform . 

III.9.4. The administrator ensures that all operations on personal data are recorded and carried out only by authorized employees and associates, having appropriate personal authorization of the Administrator. 

III.9.5. The administrator takes all necessary actions so that its subcontractors and other cooperating entities guarantee the use of appropriate security measures whenever they process personal data on behalf of the Administrator.

IV. FINAL PROVISIONS

IV.1. This Privacy Policy is available on the Website and at the Administrator’s seat.

The Privacy Policy Document, at the User’s request sent via e-mail to the following e-mail address: pp@moicon.net, will be provided to the User free of charge in an electronic version to the e-mail address provided by the User.

IV.2. This Privacy Policy may be changed by the Administrator.

The Administrator will inform registered Users with a 14-day notice of the planned change in the Privacy Policy in the scope of providing Additional Services.

Within 14 days of receiving information about the change, the User may refuse to accept it – by e-mail sent to the address: pp@moicon.net.

In this case, the User Account will be terminated on the day of entry into force of the change.

Purchases made in the Store that took place before the date of entry into force of the changes are subject to current regulations.

The current Privacy Policy applies to all Users.

IV.3. The Privacy Policy does not apply to websites and companies whose contact details are provided on websites and descriptions of applications and software belonging to the Administrator.

IV.4. If you do not agree with the above Privacy Policy, please do not visit our services, do not subscribe to newsletters belonging to the Administrator and do not purchase products and services offered by the Administrator.

IV.5. Privacy Policy in the wording taking into account the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC ( General Data Protection Regulation) is effective from May 25, 2018.

The existing additional services removed from the Website in accordance with the new wording of the Privacy Policy (for example: user profile, public account, private account and e-mail account) will operate until 24 May 2018 until 23:59.

Their removal is associated with the Administrator also removing Users’ personal data related to them.

Get started Today!

See the full potential of Moicon’s Factory Digital Twin for manufacturing

How it works