Puzzel complies with all data protection and privacy laws generally applicable to Puzzel’s provision of Puzzel Cloud Services.
Puzzel is committed to safeguarding the privacy of all our business processes. This policy sets out how we will treat your personal information.
Scope and acceptance
Whose data we process
Puzzel process data about contact persons and software users among our Customers, including persons representing potentially new Customers that approach us via Puzzel Sites or other channels. Our policy in these regards is to be found in the data controller section.
We also process data about our Customers’ employees and other persons’ data of which the Customer controls. Our policy in these regards is to be found in the data processor section. In this policy data subjects may also be referred to as persons or you.
Data Protection Officer
Puzzel’s Data Protection Officer can be reached at the following address:
Attn: Compliance Officer
0667 Oslo, Norway
Puzzel as a data controller
When Puzzel determines the purpose, and means of data processing we act as data controller. Puzzel controls personal data that we collect in the context of you being employed by a Customer that has or may have a business relation to Puzzel, or you declare that you want to receive information from us based on your own or your employer’s interests. When you represent a Customer of Puzzel, your rights are the same as if you were a private person only representing yourself.
Why we process your personal data
To manage our Customer relations in general and to meet our Customer commitments, Puzzel requires some information about you in your role as Customer contact person or user of a service. Our aims with this are:
a) Provide offers services that Customers or prospective customers have requested.
b) Inform about and present service offers that are closely related to the services the Customer already uses.
c) Perform deliveries in accordance with a customer agreement
d) Offer support to users of our services
e) Improve the quality of our services and Puzzel Sites
f) Detect and prevent security threats and perform maintenance and debugging
g) Prevent abuse of our software and services
h) Communicate information that is relevant for our deliveries and our customer relations in general
i) Process orders, invoicing, payments and other financial follow up of Customers j) Payment of services purchased through Puzzel Sites
Processing according to the above listed purposes (a to j) is necessary for us to manage our customer relations. Therefore, Puzzel does not, as additional ground ask for your consent to process your personal data. We do not consider that the processing disadvantages you in any way.
In addition, we will also collect information about you as a contact person or user of a service, for the following purposes:
k) To manage your access to our web-based services (cloud services)
l) To promote new products and services
The basis for Puzzel’s processing of personal data for the above purposes (k to l) is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. Your consent may be given freely on Puzzel Sites when applicable. Please note that the collection of individual personal data is required to gain user access to many of our programs and services and to access the information you have requested.
To protect your security and ours we will also store information about you when you visit our premises. You will be informed of your rights in this context when you register in our electronic visitor system.
How we collect your personal data
In general, Puzzel collects data directly from you or other persons linked to the Customer company where you are employed. These persons may be a manager or colleague. If the Customer you work for purchases Puzzel services via a Puzzel partner company, we may collect information about you from the partner company.
In some cases, we may also collect information about you from other legitimate sources if you have given your consent that the party collecting the personal data may share this with others. These sources may be third party data aggregators, Puzzel’s marketing partners, public sources or third party social networks. Puzzel will be able to combine personal data about you obtained from one source with data obtained from another source. This gives us a more complete picture of you as contact person, which also gives us the possibility of serving you in a more relevant way with a greater degree of personalisation.
Automatic data collection tools
Puzzel uses a variety of technologies to collect information about your movements on the web as well as interest and preferences you freely have made available.
Cookies are small text files that contain a string of characters and uniquely identify a browser. They are sent to a computer by website operators or third parties. Most browsers are initially set up to accept cookies. You may be, however, able to change your browser settings to cause your browser to refuse third-party cookies or to indicate when a third-party cookie is being sent. If you would like to know more about cookies and how they work, please visit www.allaboutcookies.org
Marketing Automation Tools
Google Analytics: This cookie allows us to see information on user Website activities including, but not limited to page views, source and time spent on a Website. The information is depersonalized and is displayed as numbers, meaning it cannot be tracked back to individuals. This will help to protect your privacy. Using Google Analytics, we can see what content is popular on our Website, and strive to give you more of the things you enjoy reading and watching.
Google Analytics Remarketing: Places cookies on your computer which means that after you leave our website, Google can show you advertisements about Puzzel that you might be interested in, based on your previous behaviour on our website. This information is not personally identifiable.
Google AdWords: By using Google AdWords code, we can see which pages helped lead to contact form submissions. This allows us to make better use of our paid search budget. This information is not personally identifiable.
Google AdWords Remarketing: Places cookies on your computer which means that after you leave our website Google can show you advertisements about Puzzel that you might be interested in, based on your previous behaviour on our website. This information is not personally identifiable.
You can prevent the information generated by the Google cookie about your use of our Sites from being collected and processed by Google in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser. This Add-on is available at https://tools.google.com/dlpage/gaoptout
What personal data we process
The type of data that Puzzel processes about you may be:
- Your own and the Customer’s contact details such as name, address, telephone number and email.
- Information about date of birth, age and gender
- Employment information about you at the customer company such as job title, position including preferences and interests in professional context
- Feedback, comments or questions about Puzzel as a supplier, or concerning our services
- Photos or video of you recorded at our premises
- Content you have uploaded such as photos and video
- Unique user information such as login ID, username, password and security question
- Financial information such as credit card information
- Traffic information as provided by your web browser such as browser type, language and the address of the website from which you arrived and other traffic information such as IP address
- Clickstream behaviour such as which links you click and when
- Other personal data contained in your profile on third party social networks (Facebook etc.)
- Call Data Records
We may also in some cases compare a collected IP address with a geographic map service to derive your general location.
If you make a post, comment or similar on any public forum or Puzzel Site, such information can be read and used by anyone with access to site and used for purposes over which neither Puzzel nor you have control. Puzzel is not responsible for any information you submit on such forums or Puzzel Sites. Puzzel will not post any comment, testimonial or similar made by you without your prior consent.
How we share your personal data
1. Puzzel shares your personal data within the organization to better serve you as a customer or interested party of us.
2. Puzzel does not share your personal data with third parties who intend to use the data for marketing purposes if you have not given your consent to this.
3. Puzzel may share your personal data with third parties for other purposes but only in the following contexts:
Puzzel may share your personal information with our partners in the event this is legitimate from a business perspective. For example, if you purchase a service on behalf of your employer that we provide through one of our certified partners.
The police and other authorities may demand the handover of personal information from Puzzel. In these cases, Puzzel will only hand over the data if there is a court order to do so.
In connection with mergers, acquisitions or divestiture of all or parts of Puzzel’s business, the acquiring entity as well as its consultants will obtain access to data managed by Puzzel. The acquiring entity and its consultants will enter into a NDA with Puzzel, which will also cover potential disclosure of personal data.
Access and rectification
You have the right to request a copy of your personal data. You may send us a request for this. You also have the right to request that Puzzel corrects any inaccuracies in your personal data. If you have an account with Puzzel for a Puzzel Site, this can usually be done through the appropriate “your account” or “your profile” section(s) on the Puzzel Site (if available) or inside your Puzzel cloud service. To manage subscription settings for Puzzel Newsletters, please click the “Manage my subscription” link at the bottom of the emails you receive. Alternatively, you can send us a request to rectify your data.
Right to erasure (‘right to be forgotten’)
If you no longer have any business with Puzzel, you can send us a request to delete your data.
Right to opt-out of marketing communications
You have the right to opt-out of receiving marketing communications from Puzzel and can do so by:
(a) Following the instructions for opt-out in the relevant marketing communication, or
(c) Contacting us via e-mail at firstname.lastname@example.org
Please note that even if you opt-out from receiving marketing communications, you may still receive administrative communications from Puzzel, such as order confirmations and notifications about your activities (e.g. account confirmations and password changes).
Data security and retention
Puzzel takes the trust you place in us seriously. Puzzel is committed to prevent unauthorized access, disclosure or other deviant processing of your data. Further, Puzzel is committed to ensure proper use of the information, to maintain data integrity and to secure data availability. As part of our commitment, we utilize reasonable and appropriate physical, technical, and administrative procedures and measures to safeguard the information we collect and process.
More information around security can be found here.
Please note that these protections do not apply to the personal data that you choose to share in public areas such as community websites.
How long we store your personal data
Puzzel will only retain your personal data for as long as necessary for the stated purpose, while also considering our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.
This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner. We may process data for statistical purposes, but in such cases, data will be anonymized.
Puzzel as a data processor
Puzzel provides different services to our Customers. These services involve processing of the Customers’ data and may include processing of personal data. The purpose of this processing is determined by our Customers and not by Puzzel. The Customer is then the data controller for the data subject’s data. Puzzel does in such cases act as data processor and process the data on behalf of and according to instructions given by the Customer. When acting as data processor, Puzzel is in accordance with General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) committed to enter into a data processing agreement (DPA) with the Customer. The Customer has agreed and guaranteed that:
- The Customer is the owner of or otherwise has the right to transfer the data to Puzzel for processing and has the responsibility for the accuracy, integrity, content, reliability and legality of the personal data
- It is the Customer’s duty as data controller to notify, to the extent required by applicable law, the relevant supervisory authorities and/or the data subject in the event of any breach or unauthorized disclosure of personal data
- Customer complies with applicable legal requirements for privacy, data protection, and confidentiality of communications related to its use of Puzzel Cloud Services
Customer Data Processing
When acting as data processor, Puzzel is responsible for providing technical and organizational security measures to safeguard your privacy on behalf of our Customer – the data controller.
As data processor, Puzzel will not process personal data in any other manner or for any other purpose than authorized in the agreement with the data controller. Customer Data will be used only to provide Customer the Puzzel Cloud Services. This may include troubleshooting aimed at preventing, detecting and repairing problems affecting the operation of the Puzzel Cloud Services and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to End-Users (such as malware or spam).
Data subjects having questions, comments, claims or any other issues regarding their personal data that Puzzel is data processor for, must submit these to the data controller.
As data processor, Puzzel will not give any data subjects access to their personal data without instructions given by the data controller to do so.
If governmental authorities or the police request disclosure of personal data, Puzzel will redirect the request to the data controller. As part of this effort, Puzzel may provide Customer’s basic contact information to the contacting agency.
Puzzel will provide non-public information about internal systems and routines for data processing to Customers and collaboration partners upon request and NDA.
Customer Data Processing Locations
Data Centre 1: Puzzel DC 1, Location: Oslo, Norway
Key compliance: ISO 9001:2015, ISO 27001:2013, PCI DSS
Data Centre 2: Puzzel DC 2, Location: Oslo, Norway
Key compliance: ISO 9001:2015, ISO 27001:2013, PCI DSS
Customer Data – Individuals’ Rights
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
For the Term of the Agreement for the Puzzel Cloud Services Puzzel will, as necessary under General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), either: (1) provide Customer with the ability to safely access, correct, delete, or download Customer Data, or (2) make such access, corrections, deletions, or download on Customer’s behalf.
Puzzel may hire other companies to provide limited services on its behalf, such as providing customer support. Any such subcontractors will be permitted to obtain Customer Data only to deliver the services Puzzel has retained them to provide, and they are prohibited from using Customer Data for any other purpose. Puzzel remains responsible for its subcontractors’ compliance with the obligations of the Agreement. Any subcontractors to whom Puzzel transfers Customer Data will have entered into written agreements with Puzzel requiring that the subcontractor provide at least the same level of privacy protection with respect to personal data received from Puzzel as is required by the relevant General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) principles.
Transfer of Customer Data
Customer Data that Puzzel processes on Customer’s behalf may be transferred to, and stored and processed in Norway or any other country within EU/EEA in which Puzzel or its Affiliates or subcontractors maintain facilities. Customer appoints Puzzel to perform any such transfer of Customer Data to any such country and to store and process Customer Data in order to provide the Puzzel Cloud Services
Puzzel will not transfer to any third party (not even for storage purposes) personal data Customer provides to Puzzel through the use of the Puzzel Cloud Services unless agreed upon in the Agreement between Customer and Puzzel.
Puzzel personnel will not process Customer Data without authorization. Puzzel personnel are obligated to maintain the confidentiality of any Customer Data and this obligation continues even after their engagement ends.
Puzzel stores your data in secure operating environments that are only accessible to Puzzel employees and subcontractors on a need-to-know basis. Puzzel also follows generally accepted industry standards in this respect.