top of page

Privacy Statement for WonByOne

Privacy Statement (last updated 26 February 2024)

In WonByOne we take the protection of your personal data seriously. In order to show how we handle your personal data, we have updated our Privacy Statement in line with the EU’s General Data Protection Regulation (GDPR), which took effect on 25 May 2018.

GDPR has a p
ositive impact on the protection of your personal data, and it changes the way we as an organisation are allowed to obtain and process your personal data. As a user with us you do not have to do anything, but we encourage you to read our Privacy Statement. It describes how we handle your personal data when you visit our web pages, register an account through one of our web pages/apps – or are in touch with us in some other way. Our Privacy Statement provides information on your rights according to GDPR when we process your personal data.

You may at any time unsubscribe and will then receive no more information from us – just click on the unsubscribe link in our newsletter or contact us by e-mail on contact@wonbyone.org

If you have questions about the processing of your personal data, please e-mail us on contact@wonbyone.org

Kind regards, 
WonByOne

 

 

 

In WonByOne, protection of our users’ personal data is an important matter, and we would therefore like to inform you of an important change that affects the way we handle your personal data from now on.

The General Data Protection Regulation (GDPR) is a new EU directive that came into force on 25 May 2018 in the EU/EEA countries.

Our work of following the GDPR guidelines is a constant matter. Our website is continually being updated as to what GDPR entails and how we make sure your personal data will be processed correctly in the future. Here your rights will be described, and how you can make use of them.

Questions? Please contact us on contact@wonbyone.org

 

 

 

 

 

 

 

 

 

 

 

Privacy Statement for WonByOne

Updated 2021-04-26 

This concerns WonByOne registered in Norway

This Privacy Statement applies from 28 May 2018 and replaces all previous versions. 

 

Contents 

Privacy Statement for WonByOne ...........................................................................................          3 

  • General information ...........................................................................................................         4 

  • What is personal data, and what is processing of personal data?................................          4 

  • Who is responsible for the personal data we collect?....................................................         4 

  • How do we collect personal data? ..................................................................................          4 

  • What personal data do we collect and why? ..................................................................          4 

  • How long do we retain information about you? .............................................................          7 

  • Do we share personal data? .............................................................................................         7 

  • Can children use our services?  ......................................................................................          8 

  • How is your personal data protected? ............................................................................          8 

  • Social media ......................................................................................................................          8 

  • How do we use cookies? ..................................................................................................         8 

  • What rights do you have? .................................................................................................          8 

  • How can you most easily contact us with questions about data? ...............................          9 

  • Complaints to the supervisory authority .........................................................................          9 

  •  

     

     

     

    1. General information 

    In WonByOne we respect your privacy. This Privacy Statement provides information on how we handle your personal data when you visit our web pages, set up an account through one of our web pages or through our app, use our products or services, or are in touch with us in some other way. The statement also tells you what rights you have according to GDPR when your personal data is processed. 

    We may make changes to our Privacy Statement in order to reflect changes in our activities or services, on our web pages or in current legislation. The latest version of our Privacy Statement will always be available on this website. 

    Please contact us if you have questions or comments. 

    2. What is personal data, and what is processing of personal data? 

    Personal data is all information that directly or indirectly (with or without other information) may be linked to you, e.g. your name, ID number/social security number etc., IP address or user history. 

    Any operation performed on personal data amounts to processing of personal data, such as collection, recording, organisation, storage, adaptation or alteration of personal data, reading, use, disclosure, dissemination or otherwise making the data available, alignment or combination, restriction, deletion or destruction of data. 

    3. Who is responsible for the personal data we collect? 

    WonByOne is the controller, or the one responsible for processing the personal data that are collected and processed by WonByOne in Norway. As controller, WonByOne has a duty to make sure all processing is performed in compliance with current legislation. 

    4. How do we collect personal data? 

    When you visit our web pages or our app as a logged-in user, use our products or services or are in touch with us in some other way, we collect personal data such as your full name, address, e-mail address, phone number, ID number/social security number etc., user history, IP address and other relevant information, such as the information you give our staff when you are in touch with them. 

    We may also collect and update your address information through third-party services for payment solutions, address updates as well as creditworthiness information from a credit appraisal agency, bank and other financial institution. 

    5. What personal data do we collect, and why? 

    a) We do it in order to manage your membership and “My account” 

    Personal data are processed in order to: 

  • Give you permission to log in

  • Confirm your identity and age

  • Maintain correct and updated information 

  • Set avatar image

  • Enable you to contact others in the same area

  • These are the categories of personal data that we process:

  • Name

  • Contact information (e.g. address, e-mail, phone number) 

  • Username and password 

  • User history

  • Settings concerning your profile and personal choices

  • Photos taken in app

  • Current position

  • Our legal reason:

  • To fulfil an agreement. The processing is necessary to set up and manage your membership pages in Mail Chimp.   

  • Retention period

  • Until you close your account. 

  •  

    b) We do it in order to deal with customer service matters. 

    Personal data are processed to enable the following: 

  • Communication and responding to customer service enquiries by phone, e-mail or in digital channels (including social media) 

  • Identification

  • Handling complaints

  • These are the categories of personal data that we process: 

  • Name

  • ID number/social security number etc.

  • Contact information (e.g. address, e-mail, phone number) 

  • User information for My account (just for members)

  • Your correspondence

  • Geografical location                                                                                         

  • Our legal reason:

  • Legitimate interest. Our processing is necessary to satisfy your and our legitimate interest in dealing with customer service matters. 

  • Retention period

  • The information will be retained until the customer service matter has been concluded and for a period of 12 months thereafter in order to provide better customer service, should the matter be raised again later on. 

  •  

    c) We do it in order to meet legal obligations (e.g. requirements in accounting legislation, product liability and product safety as well as protection of personal data in the IT system). 

    These are the categories of personal data that we process:

  • Name

  • ID number/social security number etc.

  • Contact information (e.g. address, e-mail, phone number) 

  • Your correspondence                                 

  • User information for My account (just for members)

  • Donor history. 

  • Our legal reason:

  • A legal obligation. 

  • Retention period

  • As long as we have a duty to retain the information according to current legislation. 

  •  

    d) We do it in order to prevent abuse of a service or to prevent or investigate a breach against the organisation.

    Personal data are processed to enable the following: 

  • Investigation or prevention of fraud or other violations of the law

  • Prevention of spam, phishing, harassment, attempts to log onto your user account illegally or other acts that are prohibited according to our organisation’s user terms

  • Improvement of the organisation’s IT systems and protection against attacks and hacking. 

  • These are the categories of personal data that we process:

  • User-generated data (e.g. clicks and visits history)

  • ID number/social security number etc.

  • Chat correspondence (unlocked if reported)

  • Information on what devices you are using and their settings, e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform

  • Information on how our digital services are being used. 

  • Our legal reason:

  • To fulfil a legal obligation (if one exists), alternatively, a legitimate interest. If there is no legal obligation, the processing is necessary to satisfy our legitimate interest in preventing abuse of a service or to prevent or investigate a breach against the organisation. 

  • Retention period

  • From collection of the data and for a period of 36 months thereafter. 

  •  

    e) We do it in order to enable us to conduct and handle participation in competitions and events. 

    Personal data are processed to enable the following:

  • Communicate with participants in a competition organised by our organisation

  • Communicate with participants before and after an event (e.g. confirmation of applications, enquiries and evaluations).

  • Identify a participant and check his/her age – appoint winners and award prizes. 

  • These are the categories of personal data that we process:

  • Name

  • ID number/social security number etc. or age

  • Contact information (e.g. address, e-mail, phone number)

  • Geografical location 

  • Information provided in competition entries             

  • Information provided in evaluations of an event. 

  • Our legal reason:

  • Legitimate interest. The processing is necessary to satisfy your and our legitimate interest in handling your participation in competitions and/or events. 

  • Retention period

  • From collection of the data and for a period of 36 months thereafter. 

  •  

    f) We do it in order to market products and services

    Personal data are processed to enable the following: 

  • To show relevant product and event recommendations

  • To send direct marketing by e-mail, text message, social media or similar electronic channels of communication and through the postal service to existing users

  • To conduct campaigns or send offers and invitations to events. 

  • These are the categories of personal data that we process:

  • Name

  • Contact information (e.g. address, e-mail, phone number)

  • Age

  • Residential address

  • Geografical location 

  • Information on purchases made

  • Purchase and user-generated data (e.g. clicks and visits history). 

  • Our legal reason:

  • To fulfil an agreement with users who have My account

  • A weighing of interests for newsletter recipients and website visitors.

  • Retention period

  • When fulfilling an agreement: Until you close your account

  • When weighing various interests: Until you close your account.

  •  

    6. How long do we retain information about you? 

    Your personal data is retained only for as long as required to fulfil the purposes of the processing, or for as long as we must retain them according to legislation. Read more about specific retention periods under the relevant purpose in Item 5 of this Privacy Statement. 

    7. Do we share personal data? 

    We only share your personal data when it is required by law or when the legislation permits it. We may in certain cases make use of data processors who assist us in marketing or in carrying out agreements and orders, e.g. transport and logistics companies, bank and credit card enterprises or marketing agencies. In such cases we have signed an agreement with the data processor which ensures that security measures are in place to protect your data. When we share your information, it will be used for the same purpose(s) as we collected it for to begin with. 

    We minimise the transfer of personal data to countries outside the EU/EEA. In cases where it does happen, e.g. for system support and maintenance, it takes place according to particularly stringent requirements and agreements. 

    We also share your personal data with certain independent controllers, e.g. authorities or enterprises that offer independent payment solutions or general goods transport. Such enterprises maintain their own control of how the information must be processed in accordance with their privacy statements. 

    8. Can children use our services? 

    Our websites and services are not aimed at children, i.e. people under the age of 16. We do not deliberately collect information, including personal data, from children or other people who are not legally entitled to use our websites and services. If we find out that we have obtained data from a person under the age of 16, we delete such data unless the law requires us to save them. Please contact us on contact@wonbyone.org if you believe we have inadvertently obtained information on someone under 16. 

    9. How is your personal data protected? 

    We implement the necessary legal, technical and organisational security measures to protect your personal data against manipulation, being lost or destroyed or accessed by an unauthorised party. Our security routines are updated in step with technological advances and improvements. 

    10. Social media

    You can currently follow us in various social media, such as Facebook and Instagram. In these channels we are only responsible for any personal data which we publish ourselves or which we can influence the publication of.

     

    11. How do we use cookies? 

    At present we are not organised to use or save cookies. You can read more about cookies on www.ec.europa.eu

    12. What rights do you have? 

    Pursuant to GDPR you have certain rights with regard to the processing of your personal data. 

    Access to your personal data 
    You are entitled to demand access to (a printout of) your personal data. Since it is important not to disclose your personal data to someone else, an access request must be made in writing and be signed by you. Complete the form below to request access. We will respond to your request without undue delay and at the latest within a month. 

    Correction of personal data
    You are always entitled to demand that your personal data be corrected. You can log in to “My Account” and correct faulty information yourself, or you can contact our customer service. 

    Deletion of your personal data
    You can demand deletion of your personal data, provided we have no obligation to retain the data according to current laws and regulations. 

    Restriction of processing
    You can object to processing of your personal data at any time when the processing is based on a weighing of interests. You can also object to your personal data being processed for marketing purposes. That means you can refuse to receive newsletters or other marketing material from us. If you object to marketing, your personal data will no longer be processed for such purposes. 

    Data portability
    You are entitled to demand that personal data is moved from us to another enterprise, authority or organisation. This right is limited to information which you have given to us yourself. 

    13. How can you most easily contact us with questions about data privacy? 

    If you have questions concerning privacy and data protection or feel we have handled your personal data incorrectly, please contact us through our customer service on contact@wonbyone.org

    14. Complaints to the supervisory authority

    Anyone who believes personal data is being processed incorrectly, can lodge a complaint with the relevant authority that is responsible for supervision according to the current privacy legislation.

     

    ----------

    Request for access to my personal data held by WonByOne 

    Pursuant to Article 15 of the General Data Protection Regulation (GDPR 2016/679), I request a printout of the personal data which WonByOne has recorded on me. 

    Name: 

    Street address: 

    Post code and town/city: 

    Phone number: 

    E-mail address: 

     

     

    Place and date: 

    Signature: 

    Please note: Your request is only valid when it is signed. 

    Print out this form, complete and sign it. The form can either be e-mailed to us at contact@wonbyone.org 

    We will respond within 30 days of having received your request.

    bottom of page