Privacy and cookie policy

1. Introduction
Basefarm is committed to protect and respect your privacy. With this privacy policy Basefarm describes how it ensures that your personal data and other data is processed in accordance with applicable data protection laws and cookie legislation, including but not limited to the EU General Data Protection Regulation 2016/679, as nationally implemented, supplemented and amended from time to time (the “GDPR”), the EU ePrivacy legislation, and various national privacy laws.

2. Definitions

3. Scope

What information does this privacy policy relate to?

This privacy policy applies to Customer Personal Data that Basefarm processes in connection with its relationship with its Customers. This privacy policy describes our general Personal Data protection framework and does not change the content of any individual contract signed with our Customers.
This privacy policy does not apply to the Personal Data of natural persons who are contracting directly with Basefarm for the provision of a service such as natural persons who subscribe directly a mobile internet access service from Basefarm. The privacy policy of Basefarm in respect of the Personal Data of customers who are natural persons is provided together with the terms of use pursuant to which Basefarm provide the service.
Our services are not intended for use by children, and we do not knowingly collect Personal Data relating to children.

The importance of reading this privacy policy, and keeping us updated

It is important that you read this privacy policy together with any other privacy policy or related information we may provide on specific occasions, so that you are fully aware of how and why we use Customer Personal Data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
It is important that all Customer Personal Data that we hold is accurate and current. Please keep us informed if you become aware that any Customer Personal Data has changed during your relationship with us.

Third-party links

Our website www.basefarm.com may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share Personal Data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, please read the privacy policy of the other websites that you visit.

Changes to this privacy policy

We keep our privacy policy under regular review. This version was last updated in March 2021.

4. Data controller

Basefarm AS, reg. no. 982 211 743, Nydalen Allé 37a, 0484 Oslo, Norway, is the data controller in relation to personal data being processed on the Norwegian and English versions of the website.

Basefarm AB, reg. no. 556638-0639, Sveavägen 159, 113 46 Stockholm, Sweden, is the data controller in relation to personal data being processed on the Swedish version of the website.

Basefarm – Part of Log*in consultants Nederland B.V, Beechavenue 106, 1119 PP Schiphol-Rijk, Netherlands, is the data controller in relation to personal data being processed on the Dutch version of the website.

The aforementioned Basefarm entities are collectively referred to as “Basefarm” in the following. You will find Basefarm’s contact information under section 16.

5. Processor
The Basefarm entity you contract with as a Customer acts as a Processor in respect of all Customer Personal Data collected or generated by Basefarm in order to provide its services to the Customer, on its instructions, and not for any other purpose.
Each Customer defines the purpose of the processing of the Customer Personal Data by specifying the services it procures from Basefarm entities and its end-users to which the service must be provided. The means of the processing are described in the contractual documentation agreed by Customer and the Basefarm entity.
For further details on our processing activities and the type of Personal Data processed, please see section 7

6. When does basefarm collect personal data?
When you or your employer sets up an account or signs up for Basefarm’s newsletter;
When you apply for a job at Basefarm or otherwise send a job application to Basefarm;
In the event you turn to Basefarm with inquiries or requests via e-mail or telephone; and
If you have accepted the use of cookies, Basefarm may also collect your IP address. For more information about Basefarm’s use of cookies, please see section about Cookies.

Category Personal data in category
Billing Data the consumption data that Basefarm collects from services that it provides to its Customers in order to calculate charging and billing information, to the extent related to natural persons.
Contact Data first name, last name, email address, address and telephone numbers, job role within the Customer.
Support Data Customer Representative or End User service ticket information, Customer Representative or End User telephone recordings for incident.
Identity Data first name, last name, honorific (e.g. Ms, Mr. Dr.,…), username or similar identifier, password, ID document / number.
Location Data geographic location
Marketing and

Communications

Data

preferences in receiving marketing from us and our third parties and communication preferences.
Profile Data interest, preferences, comments, questions, feedback and survey responses.

7. What data may Basefarm collect?
The personal data Basefarm may collect includes information about your name and contact details such as address, telephone number and e-mail address, company and any other information you provide. If you apply for a job at Basefarm, Basefarm will process your CV as well as any other information you attach with your application.

Further information on Customer Personal Data which we process as Processor will be contained in our contract with you.

Customer Personal Data for which we are Controller

Our Activity Types of

Personal Data processed

Our lawful basis for processing
Customer relationship management Contact Data

Identity Data

Profile Data

Billing data

Traffic/Connectio n Data

Marketing Data and

Communications

Data

Necessary for our legitimate interests (to develop and manage our sales activities and the relationship with our Customers, including ordering, billing and collection of payments)

Consent where required

Necessary to comply with legal obligations we may have under applicable laws (for example, electronic communications regulations and e-privacy regulation, tax laws etc…)

Build, operate and secure our network Traffic /

Connection Data

Necessary for our legitimate interests (to assess the amount of data moving across our network at a given point in time, to manage such data)
Necessary to comply with legal obligations (to prevent or detect fraud)
To assist national law enforcement / security agencies, to respond to requests from public, governmental and regulatory authorities, to comply with court orders, litigation procedures and other legal

processes

All Necessary to comply with legal obligations we may have under applicable laws (for example to provide lawful intercept and/or data retention by national law enforcement / security agencies)
To, complete a survey, provide customer satisfaction feedback, take part in service improvement programs, and attend any events that we organise Identity Data

Contact Data

Profile Data

Usage Data

Marketing and

Communications Data

Visual Data

Necessary for our legitimate interests (to study how Customers use our products/services, to try to increase and improve interaction with Customers, to find out how we can improve our services, and to develop and grow our business, to communicate about our events)
To make suggestions and recommendations to you about goods or services that may be of interest to you Identity Data

Contact Data

Profile Data

Usage Data

Marketing and

Communications

Data

Necessary for our legitimate interests (to develop our products/services, grow our business and maintain our Customer relationships)

Consent where required

Customer Personal Data for which we are Controller
Our Activity Types of

Personal Data processed

Our lawful basis for processing
To administer and protect our business and our websites Contact Data

Technical Data

•       Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

•       Necessary to comply with a legal obligation

To provide access to you, as an individual, to on-line portals for

your own individual usage

management

Identity Data

Contact Data

Technical Data

Profile Data

•       Necessary for the legitimate interests of your organisation, our Customer, to provide you with this feature to improve and facilitate your use of the service;

•       Necessary with our legitimate interests to study how you use our service, to try to improve interaction with you, to find out how we can improve our services, and to develop and grow our business

To use data analytics to improve:  our website, products/services, marketing or Customer relationships and experiences Depending on the activity, certain:

Contact Data

Support Data

Profile Data

Marketing and

Communications

Data

Technical Data

Usage Data

•     Necessary for our legitimate interests  to manage or improve/develop our products, services, offers, marketing strategy, keep our websites updated and relevant
Customer Personal Data for which we are Processor
Our Activity Types of Personal Data processed
Delivering, activating and implementing services and changes to services requested by Customer

(including intrusion detection and monitoring services ordered by Customer)

Identity Data

Contact Data

Support Data

Profile Data

Hosted Data

Incident management (troubleshooting, resolution and reporting) related to a specific Customer Identity Data

Contact Data

Support Data

Technical Data

Profile Data

Hosted Data

Providing reports to Customer on billing, usage, quality of service and other reports required by the Customer Identity Data

Contact Data

Billing Data

Support Data

Traffic/Connection Data

Profile Data

Location Data

Hosted Data

Providing access to Customer portals, on-line tools and other applications managed by Basefarm for the provision of services to its Customers (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity Data

Contact Data

Technical Data

Profile Data

Hosting Customer data and infrastructure Hosted Data

Marketing

We strive to provide Customers with choice regarding use of Customer Personal Data around marketing and advertising. You can ask us to stop sending you marketing messages at any time by contacting us at any time.
You will receive marketing communications from us if you have provided your consent to receive those communications (unless any exemption to us needing to obtain consent applies under applicable laws).

Cookies

We use necessary cookies to make our website work and we may also use optional cookies to help us improve our website. . For more information about the cookies we use and how to disable them, please see our cookie section.

8. How does Basefarm process personal data?
The personal data collected by Basefarm is used to manage customer relations, assess potential employees and assist customers and website visitors with any requests or inquiries made on the website. The information may also be used for monitoring and development of Basefarm’s business and website, for example by analyzing statistics of website visitors, and to protect Basefarm’s rights.
If you apply for a job, Basefarm only uses your personal data for the purposes for which you provided the information. However, Basefarm may save interesting applications even after the recruitment period is over. Such applications may also be transferred to other entities within the Basefarm group.

9. To whom may Basefarm disclose the information?

  1. Basefarm will not sell, lease or otherwise transfer any personal data collected to a third party. Basefarm may however transfer the personal data to other companies within the Basefarm group or to business partners if it is necessary to fulfil its obligations towards you.Personal data may be disclosed if it is necessary to:
    a) Comply with applicable law, regulation or similar or to comply with a legal process, request or order from an executive authority;
    b) Defend Basefarm’s legal interests; or to
    c) Detect, prevent, or otherwise avoid fraud, security breaches or technical issues.

As a Processor of the Customer Personal Data

We disclose Customer Personal Data to other Processors, whether other entities within Basefarm or external providers, that we engage in our capacity as Processor for carrying out specific processing activities on behalf of our Customer, the Controller.

We inform our Customers of all the Processors, other entities within Basefarm and, external providers or partners, we engage under a general written authorization (or specific authorization).

We may share some Customer Personal Data with third parties acting as Controllers in their own rights.  For example, to deliver you a parcel we share your Contact Data with courier companies.

As a Controller of the Customer Personal Data 

We may share Customer Personal Data in our capacity as Controller of such data with the parties set out below for the purposes set out in the table in section 7 above.

Basefarm entities

The Basefarm entity which is the Controller of your Personal Data may share such Data with other Basefarm entities acting as Processors.

External parties

Service providers acting as Controllers in their own rights, in which case the processing of Customer Personal Data will be subject to these service providers’ privacy policies. For example, to provide transmission to carry traffic on our network we share Traffic/Connection Data with other regulated providers of electronic communications or to distribute third parties applications/software, which are used directly by the End-Users in accordance with the privacy policy of those third parties.

Service providers acting as Processors, such as providers of  IT and system administration services, maintenance, expert technical support  or hosting.

National authorities (such as tax authorities), agencies and regulators acting as Processors or Controllers who have the legal authority to require reporting of processing activities or disclosure of Customer Personal Data in certain circumstances.

10. International Transfers of Customer Personal Data

We may transfer and process Customer Personal Data to/in countries other than the country in which the Customer Personal Data is initially collected.

International transfers to Basefarm entities
We may transfer Customer Personal Data amongst Basefarm entities as Controller or Processor, inside or outside of the European Union (“EU”).
All Basefarm entities have signed an intra-group agreement for processing and transferring personal data, which includes the EU Commission standard contractual clauses. This intra-group agreement defines the adequate safeguards all Basefarm entities must put in place to protect Personal Data and its transfer. For more information about the transfer of Customer Personal Data to Basefarm entities for a specific processing activity, please contact us.
International transfers to external suppliers
When we transfer Customer Personal Data to an external supplier in another country, we make sure that a similar degree of protection is afforded to the Customer Personal Data. For transfers outside of the EU or to a country which the EU Commission has not assessed as providing an adequate level of protection (for further details, see the relevant page of the European Commission website here), we use the EU Commission standard contractual clauses or another appropriate safeguard.

11. Our data security practises

We may transfer and process Customer Personal Data to/in countries other than the country in which the Customer Personal Data is initially collected.

International transfers to Basefarm entities

We may transfer Customer Personal Data amongst Basefarm entities as Controller or Processor, inside or outside of the European Union (“EU”).

All Basefarm entities have signed an intra-group agreement for processing and transferring personal data, which includes the EU Commission standard contractual clauses. This intra-group agreement defines the adequate safeguards all Basefarm entities must put in place to protect Personal Data and its transfer. For more information about the transfer of Customer Personal Data to Basefarm entities for a specific processing activity, please contact us.

International transfers to external suppliers

When we transfer Customer Personal Data to an external supplier in another country, we make sure that a similar degree of protection is afforded to the Customer Personal Data. For transfers outside of the EU or to a country which the EU Commission has not assessed as providing an adequate level of protection (for further details, see the relevant page of the European Commission website here), we use the EU Commission standard contractual clauses or another appropriate safeguard.

12. Our data retention policy
How long will we retain Customer Personal Data?
We retain Customer Personal Data in respect of which we are Processor for the period agreed with our Customer, the Controller, unless applicable law requires us to retain it for a longer period (e.g. regulatory, tax or accounting obligation). We may also retain Customer Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with our Customers. Our contractual documentation agreed with our Customer describes the retention periods for the processing activities we perform as Processor for our Customer, the Controller. We retain Customer Personal Data in respect of which we are Controller only for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for Customer Personal Data in respect of which we are Controller, we consider:
• the amount, nature and sensitivity of the Customer Personal Data;
• the potential risk of harm from unauthorised use or disclosure of Customer Personal Data; and
• the purposes for which we process Customer Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

13. Links to external websites
Basefarm’s website may contain links to third-party websites. Basefarm is not responsible for the processing of your personal data on such websites.

14. Amendments
If this policy is amended, Basefarm will publish the amended policy at www.basefarm.com with information about when the amendments will enter into force. If Basefarm carry out any significant changes to the policy, Basefarm may choose to inform by e-mail or by publishing a message on the website.

15. Data subjects rights

What are the rights?

Under certain circumstances, individual Customer Representatives or End Users may have the following rights under data protection laws in relation to their Personal Data:

  • request access to, correction of, or erasure of Personal Data
  • object to processing of Personal Data
  • request restriction of processing of Personal Data
  • request transfer of Personal Data to another organisation
  • withdraw consent to processing of Personal Data
  • make a complaint to the relevant national data protection regulator

You have the right to require information about what personal data Basefarm is processing about you and for what purposes. You are also entitled to have any incomplete or inaccurate data rectified, erased or blocked. Please see the contact information in section 10 should you have any questions about how Basefarm processes your personal data.

16. Basefarm’s contact information

If you have any questions relating to Basefarm’s processing of personal data, or if you want to invoke your right to access data, please contact relevant Basefarm entity on the address set out below:

Norway/Global:
Basefarm AS
PO Box 4488
Nydalen
0403 Oslo

Sweden:
Basefarm AB
Gårdsvägen 6
169 70 Solna

Netherlands:
Motion Building
Radarweg 60
1043 NT Amsterdam Sloterdijk

How will Basefarm deal with my request?

Usually no fee

You will not have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we require

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

When we will respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.