This document describes how we treat Personal Data when you use the macroscope.no or macroscope.io website operated by Corelis AS, including information provided when you use the website. Our Private Policy is compliant to the Norwegian Personal Data Act (NO: Lov om behandling av personopplysninger) and the EU General Data Protection Regulation as implemented in Norway from the time it is implemented.
LATEST UPDATED: November 8th, 2017.
What is Macroscope?
Corelis AS provides teaching and learning services in economics to higher education sectors that can be used through web browsers or App and ancillary services. Our services are not intended to children under 13 years old. Corelis AS provides also an on-line blog which people can subscribe to.
- PERSONAL DATA
“Personal Data” identifies an accountholder as an individual or relates to an identifiable person. The term Personal Data shall be understood in accordance with the definition in applicable Norwegian data protection legislation.
In order to give users access to the service and ensure a good service, Corelis AS registers “Personal Data” including:
- Email address
- Profile picture
- Other biographical information (birth date, course name, professor name, etc.)
Collection of Personal Data
We and our service providers may collect Personal Data from accountholders in a variety of ways, including:
- Through the Services: We may collect Personal Data through the Services, e.g., when you create an account or populate your profile.
- Offline: We may collect Personal Data from you offline, such as when you contact user support.
- From Other Sources: We may receive your Personal Data from other sources, such as public databases, joint marketing partners and other third parties.
Use of Personal Data
We may use Personal Data collected from account holders:
- to fulfill our obligations to you,
- to maintain the service at the expected level of quality,
- to improve both the content of the Service and the user experience,
- to our business purposes such as data analysis and audit, or
- to comply with legal obligations and processes.
Disclosure of Personal Data
The Personal Data of account holders may be disclosed:
- To our third party service providers who provide services such as website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. Such disclosure is always subject to a data processing agreement between Corelis AS and the third party service provider.
- To identify you to anyone with whom you share messages through the Services.
- By you, on profile pages and other services to which you are able to post information and materials. Please note that any information you post or disclose through these services will become public and may be available to other users and the general public. We urge you to be very careful when deciding to disclose any information on the Services.
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- To comply with legal obligations and processes.
- OTHER INFORMATION
Other Information We May Collect
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:
- Browser and device information
- Usage data
- Information collected through cookies, pixel tags and other technologies
- Demographic information and other information provided by you
- Aggregated information
How We May Collect Other Information
We and our third party service providers may collect Other Information in a variety of ways, including:
- Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
- Using cookies: Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other anonymous traffic data. We and our service providers use the information only to support the internal operations of the Services, such as for security purposes, to facilitate navigation, to display information more effectively, to personalize your experience while using the Services and to recognize your computer in order to assist your use of the Services. We also gather statistical information about use of the Services in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them.
- Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services, measure the success of marketing campaigns and compile statistics about usage of the Services and response rates.
- IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for the purposes of providing support for the internal operations of the Services, such as calculating usage levels, diagnosing server problems, and administering the Services. We may also derive your approximate, general, location from your IP address.
- From you: Information such as your communications preference may be collected from you if you choose to provide us with it.
- By aggregating information: The information does not personally identify you or any other user of the Services.
How We May Use and Disclose Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Data. If we do, we will treat the combined information as Personal Data as long as it is combined. If we are required to treat Other Information as Personal Data under applicable law, then we may use it for the purposes for which we use and disclose Personal Data as detailed in this Policy. We have implemented technical and organisational measures, including principles of data protection by design and by default in order to prevent misuse of Other Information and in order to prevent such data to be linked to a natural person.
- THIRD PARTY SERVICES
- SENSITIVE INFORMATION
We ask that you not send us, and you not disclose, any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.
We seek to use reasonable organizational, technical and administrative measures to protect Personal Data within our organization, including adherence to principles of data protection by design and by default. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you have experienced that the security of your account has been compromised), please immediately notify us through the contact form available under the section “Contact”.
- CHANGE IN PERSONAL DATA
If you would like to review, correct, update, suppress or delete Personal Data that you have previously provided to us, you may contact us by email through the contact form available under the section “Contact”. We will try to comply with your requests as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
- RETENTION PERIOD
If you chose to unsubscribe, your account will be placed in quarantine for 90 days. Corelis applies this quarantine period to prevent fraudulent access and other unlawful acts where accounts are deliberately or mistakenly deleted by parties other than the account holder.
After the quarantine period, we generally delete your personal data from our systems or anonymize them for further use in an aggregated format for statistical purposes. There are however two exceptions:
- For accounting reasons, we are required by law to keep for a period of time certain information regarding payment transactions.
- For security reasons, we retain information which you have personally provided to us as well as login history so that we can investigate and prevent fraud or abuse.
You may opt-out from receiving marketing-related emails or other forms of messages from us on a going-forward basis or by contacting us through the contact form available under the section “Contact”. We will comply with your request(s) as soon as reasonably practicable.
- CROSS-BORDER TRANSFER
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers. If Personal Data is processed in a country outside the EU/EEA not ensuring an adequate level of data protection, we are obliged to ensure there is a legal basis for such transfer. We generally enter into EU standard contractual clauses prior to such processing unless there is another valid legal basis which can be relied on, such as the EU-U.S. Privacy Shield framework with respect to enterprises in the U.S.
Corelis AS, Oslo, Norway