Where the words “We”, “Us” or “Our” are used in this Policy, this refers to Aispot International AS, a limited liability company incorporated under the laws of Norway, bearing the Norwegian organisation no. 915 939 678– and having its registered address at Bryggegata 3, 0250 Oslo, Norway. Please note that We are the data controller of Your personal data unless otherwise specified.
For the purposes of this Policy, the term “Service” means AISPOT, a local assistant that utilises AI, IoT, and Big Data to provide users with access to a collaborative platform for tourism, commerce, mobility and media purposes.
Please read Our Policy carefully to get a clear understanding of how We collect, use, protect or otherwise handle Your personal data. Please click on any of the topics below to be directed to the relevant information.
- Personal data
- Legal basis
- Data controller
- What are your rights?
- Third parties
- International Transfer
- Contact & Complaint
1 Personal data
1.1 Personal data is information relating to a natural individual who can be identified, directly or indirectly by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity. This Policy does not cover aggregated data from which the identity of an individual cannot be determined. We retain the right to use aggregated data in any way that We find appropriate.
2.1 We collect personal data when You inquire about, register or use Our Service, subscribe to a newsletter, respond to a survey or marketing communication, use Our website or certain website features, fill out a form, open a support ticket or otherwise enter information on Our website.
3.1 We process personal data to the extent necessary to market, provide and enable You to make use of Our Service and otherwise to fulfil Our legal obligations, including but not limited to processing pertaining to:
- Analysis: Anonymous analysis to improve Our Service. Such analysis will be conducted using aggregated and anonymised personal data, and this data will not be used to identify You as a person.
- Audio features: Process Your voice and audio information when You are using audio features.
- Dispute: Handle disputes and provide assistance to Our users.
- Improvement: Monitor, maintain, improve and analyse the Service.
- Insights: Under the “My interests” tab in Our Service, You can manage Your own interests such as events, health and exercise, museums, accommodation, shops, food and drink, activities and transport. The provision of such data is useful in the start-up phase, as it provides the Service with insight into Your interests which in turn enables Us to provide You with tips and offers. Through Your continued use of the Service, the Service will become more familiar with Your preferences and adjust accordingly.
- Internal processing: Conduct internal investigations and risk assessments.
- Marketing: If You have agreed to online marketing, We may also process Your personal data in order to provide You with information on product updates, offers and news.
- Membership synergies: If You are a member of a partner that is integrated with Our Service, the benefits of the membership will be linked to Your profile and You will receive tips on benefits at the right place and time.
- Reviews: We collect and displays reviews from users who have published information on relevant destinations, products and services.
- Service inquiries: Fulfil Your service inquiries.
- Survey: Manage a survey or Your use of the Service.
- Tickets: If You pay for a ticket with a partner that is integrated with Our Service, the ticket will be placed under Your
- Transactions: Process orders and transactions and send appurtenant information and updates.
- Threat detection: Register and prevent fraud, spam, abuse, technical issues, security incidents and other harmful activities.
- Tips and offers: We process Your location data in order to offer features such as tips for activities, places to eat or great deals nearby. This means that movement patterns are registered continuously, such as longitude, latitude, speed, altitude, time at different locations. You may adjust these settings on Your phone at any time.
- Notifications: We may use Your personal data to send You service or operating messages, such as updates, security alerts, and account alerts.
- Verification: Verifying You as a user and facilitate information that You have made available in the Service.
4.1 By using the Service, We may process personal data about You, including but not limited to:
- Activity on third-party apps
- Date of birth
- E-mail address
- Location data
- Memberships in assorted partners
- Phone number
- Reviews of destinations and products
- Unique identifiers such as IP addresses and UUID (unique ID that follows the phone number)
- Views and interactions with content
- Voice and audio information
4.2 The personal data collected from and about You is visible in Your profile. Here You may at any time gain insight into the personal data We collect from and about You and otherwise manage Your privacy settings and delete such data in a user-friendly way.
5 Legal basis
5.1 In order to use the Service, You must provide Us with certain personal data. If You do not wish to provide Us with such necessary data, We cannot grant You access to the requested Service. You will be asked to confirm that You have read and consented to the contents of this Policy and to Our processing of Your personal data. You may withdraw Your consent at any time by contacting Us as specified in Clause 13. Please note that such withdrawal may render it impossible for us to continue to enable Your use of Our Service.
5.2 If You wish to receive offers or newsletters from Us, You may consent to having Your personal data processed for the purpose of marketing. Such consent is not required in order to use the Service and You may at any time withdraw Your consent by contacting Us as specified in Clause 13.
6 Data controller
6.1 Unless otherwise specified herein or in the terms and conditions applicable to the Service You have requested, We are the data controller where the processing of personal data is collected directly from You. A data controller is the person who determines the purpose of the processing of personal data and the means to be used during such processing. It is the data controller who has the overall responsibility for the processing of Your personal data.
7 Your rights
7.1 As a data subject, You have the following rights:
- Access:You may request a copy of Your personal data that We process.
- Data portability:You may request to obtain the personal data that You have provided to Us or to have said data transferred to a third party in a structured, commonly used and machine-readable format.
- Erasure:You may demand that We erase all of Your personal data, unless We are required by law to keep the data for a certain period of time.
- Information:You are entitled to receive information concerning which categories of Your personal data that We process and how they are processed.
- Objection:You may object to Our use of Your personal data for the purpose of direct marketing, including profiling for direct marketing purposes. You may also object to being subject to decision based solely on automated processing, including profiling, which produces legal effects that significantly affects You.
- Rectification:You may require Your personal data to be rectified or supplemented.
- Restriction:You may request that We restrict the processing of Your personal data.
8.1 We keep Your personal data only for as long as it is required for the reasons it was collected from You or until You delete such data yourself. The time period in which We store personal data varies, depending on the category and the nature of the personal data.
8.2 When Your personal data is no longer required for Our purposes, We have procedures to destroy, delete, erase or convert it into an anonymous form.
9 Third parties
9.1 We may disclose Your personal data to governmental authorities, entities within Our group of companies or to individuals and organisations who are Our service providers and partners who are involved in marketing and business support, translation services, database management, maintaining, reviewing and developing Our business systems, procedures and infrastructure, including testing or upgrading Our computer systems or who otherwise facilitates Our Service, including but not limited to:
- iSolve Technologies Europe BV, developers
- Google Inc, hosting
- Viona AS, developers
9.2 Third parties will only receive access to Your personal data for the purpose of fulfilling Our obligations to You, deliver the Service, fulfil Our legal obligations or if You have otherwise consented to such transfer or access. If We were to disclose personal data to organisations that perform services on Our behalf, We will require those service providers to use such personal data solely for the purposes of providing services to Us and to have appropriate safeguards for the protection of that personal data.
9.3 All service providers who receive personal data from Us are obligated to adhere to Our standards for the processing of personal data, as well as obligations in accordance with the applicable privacy legislation.
9.4 You acknowledge that We cooperate with government authorities and law enforcement officials to enforce and comply with any applicable law. Please note that there are circumstances where the use and/or disclosure of personal data may be justified or permitted or where We are obliged to disclose personal data without Your consent.
9.5 Where personal data may be subject to transfer to another organisation in contemplation of a merger, financing, reorganisation or dissolution transaction of all or part of Us, We will do this only if the involved parties have entered into an agreement under which the collection, use and disclosure of the personal data is restricted to those purposes that relate to the transaction, including a determination of whether or not to proceed with the transaction, and is to be used by the involved parties to carry out and complete the transaction. If another company acquires Us or Our business or assets, that company will possess the personal data collected by Us and will assume the rights and obligations regarding Your personal data as described in this Policy.
10.1 Safeguarding Your personal data is Our highest concern. As such, We endeavour to adhere to the generally accepted industry standards and internal procedures to protect data submitted to us and otherwise employ and maintain and reasonable measures for the physical, procedural and technical security with respect to the offices and information storage facilities involved with Your personal data, so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of Your personal data. This also applies to Our disposal or destruction of Your personal data.
10.2 We generally process Your data with the help of identifiers, namely profile ID, consultation / conversation ID and analytic identifiers, in an effort to avoid personal identification.
10.3 We restrict access to production environments and monitoring of Your activities to a limited number of individuals who have special access rights to such systems and are required to keep the personal data confidential. We use computer systems with limited access housed in facilities using physical security measures.
10.4 Your personal data is contained behind secured networks and We securely encrypt, limit and restrict access to Your personal data using SSL. We encrypt all data at rest and any personal data is double encrypted with two keys at both the infrastructure and application level.
10.5 To ensure the security of Your data, We engage third-party providers for penetration testing (security testing) – a controlled form of hacking in which a professional tester, working on behalf of Us, uses the same techniques as a criminal hacker to search for vulnerabilities in the Our networks or applications. During security testing, the third-party provider may have access to Your personally identifiable data for the express purpose of carrying out its testing.
10.6 If any of Our employees misuses personal data, this will be considered as a serious offence for which disciplinary action may be taken, including termination of employment. If any individual or organisation misuses personal data – provided for the purpose of providing services to or for Us – this will be considered a serious issue for which action may be taken, including termination of any agreement between Us and that individual or organisation.
11 International transfer
11.1 As a general rule, Your Personal Data will only be processed in countries in the European Economic Area. Personal data may also be transferred, accessed and stored in the USA and India as necessary for the development of the Service. In that case, We take measures designed to provide the level of data protection required in the EU, including ensuring transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission.
13 Contact & complaint
13.2 We will investigate all complaints and if a complaint is found justified, We will take all reasonable steps to resolve the issue.
13.3 You are also entitled to file a complaint to the Data Protection Authority regarding Our processing of Your personal data. For information on how to contact the Data Authority, visit the Data Authority’s website.
13.4 To guard against fraudulent requests, We may require sufficient information to allow Us to confirm that the individual making the request is authorised to do so.