This Privacy Policy was last modified on May 2018
Diffia AS. (“us”, “we”, or “our”) is a company organised under the laws of Norway with organisation number 912 220 036 and operates the www.diffia.com website and the Nimble mobile application (collectively, the “Service”). This page informs you of our policies and practices regarding the collection, use and disclosure of information which personally identifies you (“personal data”) when you use our Service. We will not use or share your information with anyone except as described in this privacy policy (the “Privacy Policy”). We use your personal data for providing and improving the Service. By using the Service, you agree to the collection and use of your personal data in accordance with this Privacy Policy.
We take your privacy extremely seriously and use your personal data only for legitimate reasons and in accordance with the European Union General Data Protection Regulation (GDPR), and any other applicable legislation. While using our Service, we may ask you to provide us with certain personal data that can be used to contact or identify you. Personal data may include, but is not limited to, your name, postal address, email address, and employer. We collect personal data for the purpose of providing the Service, identifying and communicating with you, responding to your requests/inquiries, servicing your purchase orders, research, maintenance of accounts and records, improving our Service, and the promotion of services.
Under GDPR, you have the right to request access to, update, remove, and restrict the processing of your personal data. You also have the right to object to the processing of your personal data or export your personal data to another service. Any requests should be addressed in writing to the Data Protection Officer at our registered office or at the following e-mail address: dpo@diffia.com. To protect your privacy and security, we will also take reasonable steps to verify your identity before updating or removing your information.
We collect information that your browser sends whenever you visit our website or use our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we may use third party services such as Google Analytics and Drift.com that collect, monitor and analyze this type of information in order to increase our Service’s functionality. These third-party service providers have their own privacy policies addressing how they use such information. When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device’s unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, your location information and other statistics. Please see the section regarding Location Information below regarding the use of your location information and your options.
We may use and store information about your location depending on the permissions you have set on your device. We use this information to provide features of our Service and to improve and customize our Service. You can enable or disable location services when you use our Service at any time, through your mobile device settings.
Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and transferred to your device. We use cookies to collect information in order to improve our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The “Help” feature on most browsers provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our Service and we recommend that you leave them turned on.
Personal data will be retained for the entire period of time necessary for the performance of the purposes described in this Privacy Policy, as well as following their completion in accordance with applicable legal requirements.
You may enhance the Services by enabling Diffia integrations with third-party products. If you provide third-party account credentials to us, you understand some content and/or information in those accounts (“Third Party Account Information”) may be transmitted into your account with us, and that Third Party Account Information transmitted to our Services is covered by this Privacy Policy. Further, Nimble software may request permissions to take actions on your behalf using your third-party account credentials.
We may employ third-party companies and individuals (our “agents”) to facilitate our Service, to provide the Service on our behalf, to perform Service-related services and/or to assist us in analyzing how our Service is used. Examples may include processing and storing data, delivering messages, analyzing data, providing marketing assistance, supplementing the information you provide us in order to provide you with better service, and providing customer service. We do not transfer data to non-agent third parties. These third parties have access to your personal data only to perform specific tasks on our behalf and are under written obligation not to disclose or use your personal data for any purpose other than those disclosed in this Privacy Policy. We will always secure your personal data with Data Processing Agreements when required to do so by the GDPR.
Notwithstanding such legal and contractual obligations between us and such service providers, we remain potentially liable for any misuse of your personal data. We may be required to disclose personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
We may use your personal data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
The security of your personal data is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure. However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the personal data we have collected from you.
Your personal data may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside Norway or EU/EEA and choose to provide personal data to us, please note that we transfer personal data to EU and process it there. Your consent to this Privacy Policy and your submission of personal data represents your agreement to that transfer.
If and when necessary or required, personal data processed for any of the purposes mentioned in this Privacy Policy may be transferred to other companies within the same group, suppliers and service providers, professional advisers and consultants, agents, survey and research organizations or to governmental or state authorities in accordance with applicable legal requirements. It may sometimes be necessary to transfer personal data overseas to other countries within the European Union/ European Economic Area or to other countries around the world. Any transfers made will be in full compliance with all applicable legal requirements.
Our Service may contain links to other websites or online locations that are not operated or controlled by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every online site or location you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Only persons who are age 18 or older have permission to access our Service. Our Service does not address anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you learn that your Children have provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under age 13 without verification of parental consent, we take steps to remove that information from our servers.
When we collect your personal data, we’ll give you timely and appropriate notice describing what personal data we’re collecting, how we’ll use it, and the types of third parties with whom we may share it. This Privacy Policy serves as such notice, and any changes to our collection, use or disclosure of your personal data will be reflected in revisions to the Privacy Policy posted on our website.
As established and described in this Privacy Policy, we’ll give you choices about the ways we use and share your personal data, and we’ll respect the choices you make.
If we transfer your personal data to another country, we may remain liable and will take appropriate measures to protect your privacy and the personal data we transfer.
We’ll take appropriate physical, technical, and organizational measures to protect your personal data from loss, misuse, unauthorized access or disclosure, alteration, and destruction.
We’ll collect only as much personal data as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent. We’ll take appropriate steps to make sure the personal data in our records is accurate.
If you wish to confirm the accuracy of your personal data or have it removed from our systems and records, you may contact us at the email address, telephone number or postal address provided in the How to Contact Us clause of this Privacy Policy.
We’ll regularly review our continued adherence to these privacy obligations, and we’ll provide and maintain the independent mechanism specified in this Privacy Policy as a way to resolve complaints about our privacy practices.
Further, we acknowledge our potential liability for misuse of your personal data by us or our third-party service providers, as further set forth in this Privacy Policy.
We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy. If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.
If you have any questions about this Privacy Policy, please contact us in writing at our registered address or via the e-mail address dpo@diffia.com, marked for the attention of the Data Protection Officer. You can also contact the Data Inspectorate (Datatilsynet) if you have concerns regarding your rights under GDPR.
Diffia AS,
Oslo Science Park, StartupLab,
Gaustadalléen 21, N-0349,
Oslo, Norway
