Privacy Statement for WonByOne
Privacy Statement (last updated 26 February 2024)
In WonByOne we take the protection of your personal data seriously. In order to show how we handle your personal data, we have updated our Privacy Statement in line with the EU’s General Data Protection Regulation (GDPR), which took effect on 25 May 2018.
GDPR has a positive impact on the protection of your personal data, and it changes the way we as an organisation are allowed to obtain and process your personal data. As a user with us you do not have to do anything, but we encourage you to read our Privacy Statement. It describes how we handle your personal data when you visit our web pages, register an account through one of our web pages/apps – or are in touch with us in some other way. Our Privacy Statement provides information on your rights according to GDPR when we process your personal data.
You may at any time unsubscribe and will then receive no more information from us – just click on the unsubscribe link in our newsletter or contact us by e-mail on contact@wonbyone.org
If you have questions about the processing of your personal data, please e-mail us on contact@wonbyone.org
Kind regards,
WonByOne
In WonByOne, protection of our users’ personal data is an important matter, and we would therefore like to inform you of an important change that affects the way we handle your personal data from now on.
The General Data Protection Regulation (GDPR) is a new EU directive that came into force on 25 May 2018 in the EU/EEA countries.
Our work of following the GDPR guidelines is a constant matter. Our website is continually being updated as to what GDPR entails and how we make sure your personal data will be processed correctly in the future. Here your rights will be described, and how you can make use of them.
Questions? Please contact us on contact@wonbyone.org
Privacy Statement for WonByOne
Updated 2021-04-26
This concerns WonByOne registered in Norway
This Privacy Statement applies from 28 May 2018 and replaces all previous versions.
Contents
Privacy Statement for WonByOne ........................................................................................... 3
General information ........................................................................................................... 4
What is personal data, and what is processing of personal data?................................ 4
Who is responsible for the personal data we collect?.................................................... 4
How do we collect personal data? .................................................................................. 4
What personal data do we collect and why? .................................................................. 4
How long do we retain information about you? ............................................................. 7
Do we share personal data? ............................................................................................. 7
Can children use our services? ...................................................................................... 8
How is your personal data protected? ............................................................................ 8
Social media ...................................................................................................................... 8
How do we use cookies? .................................................................................................. 8
What rights do you have? ................................................................................................. 8
How can you most easily contact us with questions about data? ............................... 9
Complaints to the supervisory authority ......................................................................... 9
1. General information
In WonByOne we respect your privacy. This Privacy Statement provides information on how we handle your personal data when you visit our web pages, set up an account through one of our web pages or through our app, use our products or services, or are in touch with us in some other way. The statement also tells you what rights you have according to GDPR when your personal data is processed.
We may make changes to our Privacy Statement in order to reflect changes in our activities or services, on our web pages or in current legislation. The latest version of our Privacy Statement will always be available on this website.
Please contact us if you have questions or comments.
2. What is personal data, and what is processing of personal data?
Personal data is all information that directly or indirectly (with or without other information) may be linked to you, e.g. your name, ID number/social security number etc., IP address or user history.
Any operation performed on personal data amounts to processing of personal data, such as collection, recording, organisation, storage, adaptation or alteration of personal data, reading, use, disclosure, dissemination or otherwise making the data available, alignment or combination, restriction, deletion or destruction of data.
3. Who is responsible for the personal data we collect?
WonByOne is the controller, or the one responsible for processing the personal data that are collected and processed by WonByOne in Norway. As controller, WonByOne has a duty to make sure all processing is performed in compliance with current legislation.
4. How do we collect personal data?
When you visit our web pages or our app as a logged-in user, use our products or services or are in touch with us in some other way, we collect personal data such as your full name, address, e-mail address, phone number, ID number/social security number etc., user history, IP address and other relevant information, such as the information you give our staff when you are in touch with them.
We may also collect and update your address information through third-party services for payment solutions, address updates as well as creditworthiness information from a credit appraisal agency, bank and other financial institution.
5. What personal data do we collect, and why?
a) We do it in order to manage your membership and “My account”
Personal data are processed in order to:
Give you permission to log in
Confirm your identity and age
Maintain correct and updated information
Set avatar image
Enable you to contact others in the same area
These are the categories of personal data that we process:
Name
Contact information (e.g. address, e-mail, phone number)
Username and password
User history
Settings concerning your profile and personal choices
Photos taken in app
Current position
Our legal reason:
To fulfil an agreement. The processing is necessary to set up and manage your membership pages in Mail Chimp.
Retention period
Until you close your account.
b) We do it in order to deal with customer service matters.
Personal data are processed to enable the following:
Communication and responding to customer service enquiries by phone, e-mail or in digital channels (including social media)
Identification
Handling complaints
These are the categories of personal data that we process:
Name
ID number/social security number etc.
Contact information (e.g. address, e-mail, phone number)
User information for My account (just for members)
Your correspondence
Geografical location
Our legal reason:
Legitimate interest. Our processing is necessary to satisfy your and our legitimate interest in dealing with customer service matters.
Retention period
The information will be retained until the customer service matter has been concluded and for a period of 12 months thereafter in order to provide better customer service, should the matter be raised again later on.
c) We do it in order to meet legal obligations (e.g. requirements in accounting legislation, product liability and product safety as well as protection of personal data in the IT system).
These are the categories of personal data that we process:
Name
ID number/social security number etc.
Contact information (e.g. address, e-mail, phone number)
Your correspondence
User information for My account (just for members)
Donor history.
Our legal reason:
A legal obligation.
Retention period
As long as we have a duty to retain the information according to current legislation.
d) We do it in order to prevent abuse of a service or to prevent or investigate a breach against the organisation.
Personal data are processed to enable the following:
Investigation or prevention of fraud or other violations of the law
Prevention of spam, phishing, harassment, attempts to log onto your user account illegally or other acts that are prohibited according to our organisation’s user terms
Improvement of the organisation’s IT systems and protection against attacks and hacking.
These are the categories of personal data that we process:
User-generated data (e.g. clicks and visits history)
ID number/social security number etc.
Chat correspondence (unlocked if reported)
Information on what devices you are using and their settings, e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform
Information on how our digital services are being used.
Our legal reason:
To fulfil a legal obligation (if one exists), alternatively, a legitimate interest. If there is no legal obligation, the processing is necessary to satisfy our legitimate interest in preventing abuse of a service or to prevent or investigate a breach against the organisation.
Retention period
From collection of the data and for a period of 36 months thereafter.
e) We do it in order to enable us to conduct and handle participation in competitions and events.
Personal data are processed to enable the following:
Communicate with participants in a competition organised by our organisation
Communicate with participants before and after an event (e.g. confirmation of applications, enquiries and evaluations).
Identify a participant and check his/her age – appoint winners and award prizes.
These are the categories of personal data that we process:
Name
ID number/social security number etc. or age
Contact information (e.g. address, e-mail, phone number)
Geografical location
Information provided in competition entries
Information provided in evaluations of an event.
Our legal reason:
Legitimate interest. The processing is necessary to satisfy your and our legitimate interest in handling your participation in competitions and/or events.
Retention period
From collection of the data and for a period of 36 months thereafter.
f) We do it in order to market products and services
Personal data are processed to enable the following:
To show relevant product and event recommendations
To send direct marketing by e-mail, text message, social media or similar electronic channels of communication and through the postal service to existing users
To conduct campaigns or send offers and invitations to events.
These are the categories of personal data that we process:
Name
Contact information (e.g. address, e-mail, phone number)
Age
Residential address
Geografical location
Information on purchases made
Purchase and user-generated data (e.g. clicks and visits history).
Our legal reason:
To fulfil an agreement with users who have My account
A weighing of interests for newsletter recipients and website visitors.
Retention period
When fulfilling an agreement: Until you close your account
When weighing various interests: Until you close your account.