Xeneta Privacy Policy
1. Introduction to this Privacy Policy
At Xeneta, we prioritize the privacy and security of our users and are transparent about how we handle your information. We are committed to protecting your personal data and ensuring your privacy. We only collect, use, and store your data in accordance with applicable laws and regulations. Our data handling practices comply with all relevant privacy laws and regulations, including but not limited to GDPR and CCPA. We have implemented industry-standard security measures, including encryption and access controls, to protect your data from unauthorized users, alteration, disclosure, or destruction.
This privacy policy provides details on how Xeneta collects and processes your personal data through your use of this website, including any information you may provide when subscribing to our newsletter. It outlines the types of personal data we gather and your associated rights and choices. We will never sell your data to third parties without your explicit consent.
Our website is not intended for use by children, and we do not knowingly collect information about them.
We encourage you to read this privacy policy in conjunction with any other privacy notices or fair processing notifications we may provide at specific times when collecting or processing your data, so you are fully informed about how and why we use your information. This policy acts as a supplement to other notices and is not meant to override them.
2. Who We Are
Xeneta AS is a company registered in Norway, under business registration number NO 915 736 076, and located at Biskop Gunnerus gate 14A, NO-0185 Oslo, Norway. We are the controller of your personal data (collectively referred to as “Xeneta,” “we,” “us,” or “our” in this policy).
If you have any questions regarding this policy or wish to exercise your legal rights, please contact the data privacy manager using the contact information provided below.
As the data controller, we are dedicated to ensuring that the collection and use of personal data comply with legal standards and is conducted securely. We respect your rights, including the right to access your personal data.
We occasionally collaborate with other organizations to collect and use your personal data. More information about these third parties can be found in Section 6. 3
For data protection inquiries and to exercise your rights as outlined in Section 8, please contact us at:
Xeneta AS
Biskop Gunnerus gate 14A, NO-0185 Oslo, Norway
privacy@xeneta.com
3. Links to External Websites
Our website, emails, and social media profiles may contain links to other companies, applications, or websites (“external websites”) that are not operated by us. This privacy policy does not apply to how those external websites handle your information. We recommend reviewing the privacy policies of any external websites you visit.
4. Why, what, and for how long we process your data
Purpose | Data processed | Legal basis | Retention period |
Deliver our service & products We process your data to deliver our services & products, contact you concerning our platform, carry out demos, workshops, and other services that can be ordered through the website. We also process your data to ensure that you can log into your account (as Customer or Vendor), send you notifications, register and identify you as a customer/vendor/user, process your payment, enable account and product features, and save the actions you take when you use our product and website, respond to your questions and provide you with service and support, including sending service related messages and product updates to you. |
• Contact details such as name, email, title and telephone/mobile number. • Company you work for, incl. their domain, address and country. • Your request, e.g. sign-up and use of our product, when you accepted our terms & conditions, when you signed up, when you requested a demo, when you contacted us for support etc. • If you email us, we will collect the content of your message. • Payment information, e.g. billing address and bank details of your company. • Login details and verification. • What choices you made when you set up your account, when you became a customer, your user role, when you are logging into our product. • Other interactions you have with us and our service, e.g customer support, account and product setup, user interviews, UX research, customer feedback etc. • Information about how you use our product and what services your company is subscribing to. We don’t process any sensitive data. From where we collect your personal data: • Directly from you • Online sources, e.g. social media that are publicly available (LinkedIn). |
To perform our contract with you (GDPR Article 6.1.b). • Comply with our legal obligations (GDPR Article 6.1.c). • To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f). • For the establishment, exercise or defense of legal claims, where necessary (GDPR Article 9.2.f). |
We will keep these data for as long as they are necessary for the purposes for which they are being processed. As a general rule, data will be kept for as long as you use our product or services or have an account with us plus two years following the conclusion of your account / relationship with us. Special circumstances or legal requirements may entail that such periods may be shorter or longer, including for the purpose of complying with legal requirements for the erasure or keeping of data. If you are employed by one of the customers or vendors, we will keep your data as long as we have a business relationship with that customer/vendor. |
Marketing We process your data for marketing-related purposes, incl. sending you newsletters, doing demos and webinars, tailoring our communication with you to accommodate your areas of interests and focus and sending you relevant product and service promotion and offers. |
• Contact details such as name, email, title and telephone/mobile number. • Company you work for, incl. their domain, address and country. • Interest areas and use of our digital services. • What newsletters you signed up for, when you asked to receive email marketing, when you asked to receive a demo. • When you gave consent. • Which events you have participated in, signed up for etc. We don’t process any sensitive data. From where we collect your personal data: • Directly from you • Online sources, e.g. social media that are publicly available (LinkedIn). |
• Your consent (GDPR Article 6.1.a). • Comply with our legal obligations (GDPR Article 6.1.c). • To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f). • For the establishment, exercise or defense of legal claims, where necessary (GDPR Article 9.2.f). |
We keep your data for as long as you are subscribing to our newsletters, email marketing etc. If you ask us to unsubscribe you, we will keep your data for two years after your request so we can show that we have honored your request and to make sure that you aren’t receiving the material. We keep your information for up to two years after our most recent contact with you. If we have collected publicly accessible information about you for the purpose of being able to carry out marketing activities, we will keep such data for as long as the relevant activity is ongoing and for two years after that. Regarding events, seminars, courses etc. we’ll keep your personal data as long as they are necessary for the purposes of the course, the event or seminar in question and for evaluating them. |
Improve, optimize or modify the experience on our website and online service We process your data to improve and optimize the experience on our website, the services and in the product etc. We use the data to operate our services, enhance and protect the security and ensure their secure, reliable, and robust performance, to improve the content we show you, determine what content is most helpful and the usability of our website, apps and online services. You can read about the cookies we use on our website here. |
Here is the data we process: • When you visit our website, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details. • Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services. • We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information, and cookie information. From where we collect your personal data: • Directly from you • Online sources, e.g. social media that are publicly available (LinkedIn) • From the use of the cookies which you were presented with in visiting our website • From your computer or device automatically as you use our services — such as information about the device and browser you're using to access your account, or your usage information, such as your interaction with our product or emails. |
We process your data on these legal bases: • Your consent (GDPR Article 6.1.a). • Comply with our legal obligations (GDPR Article 6.1.c), incl. the Danish Marketing Practices Act and the ePrivacy Directive. • To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f). • For the establishment, exercise or defense of legal claims, where necessary (GDPR Article 9.2.f). |
We keep this data for up to two years and cookie information is kept in accordance with the cookie policy.
|
Business and product development We process your data to do data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities. |
• Your contact details such as name, email, title and telephone/mobile number • The company you work for, incl. their domain, address and country • How you are using our products and services • Purchase history, interest areas and use of our digital services. From where we collect your personal data: • Directly from you • Online sources, e.g. social media that are publicly available • From your computer or device automatically as you use our services — such as information about the device and browser you're using to access your account, or your usage information, such as your interaction with our product or emails. |
To perform our contract with you (GDPR Article 6.1.b). • To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f). |
We will retain data processed for this purpose for: • For as long as you have an account with us plus up to two years from when you are no longer using our services. |
Statistics We process your data to compile statistics for the use of our website and apps. |
• When you visit our website or apps, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details. • Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services. • We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information, and cookie information. From where we collect your personal data: • Directly from you • Online sources, e.g. social media that are publicly available (LinkedIn) • The use of cookies as described when you visited our website (of course depending on your acceptance of the different cookie categories) From your computer or device automatically as you use our services — such as information about the device and browser you're using to access your account, or your usage information, such as your interaction with our product or emails. |
Your consent (GDPR Article 6.1.a). • Comply with our legal obligations (GDPR Article 6.1.c), incl. the ePrivacy Directive. • To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f). |
We will retain your data up to two years from when you visited our website and/or used our services & products.
|
Comply with obligations Data is processed to comply with legal obligations and requirements, requests from public and governmental authorities, relevant industry standards and our internal policies, and protect our operations and our rights. |
• Contact details such as name, email, title and telephone/mobile number • Company you work for, incl. their domain, address and country • Information required to comply with public and governmental authorities • Purchase history and use of our digital services. |
We process your data on these legal bases: • Comply with our legal obligations (GDPR Article 6.1.c). |
The data retention period will be based on statutory requirements.
|
Additional Information
We do not sell or rent your personal information to marketers or third parties.
Some of the reasons for processing your data may overlap, meaning that multiple legal bases may justify our processing of your information.
We may utilize your data for additional purposes that we will communicate to you at the time of collection.
If you would like further information regarding our legal basis for processing your data, please don't hesitate to reach out to us using the contact information provided at the beginning of this policy.
Please be aware that specific circumstances or legal requirements might lead to shorter or longer data retention periods, depending on compliance obligations for the deletion or maintenance of information.
5. Safeguarding Your Data
We implement appropriate security measures to protect your personal data and maintain its confidentiality, integrity, and availability. This includes safeguarding against unauthorized or unlawful processing and minimizing risks of loss, accidental alteration, or unauthorized disclosure or access.
Our technical and organizational security measures may involve data encryption and pseudonymization, logging, access controls, backup procedures, staff training, confidentiality agreements, and ongoing monitoring. We ensure that your data transmitted through our website and applications is protected during transit with appropriate encryption methods.
That being said, complete elimination of security risks is not possible, and some residual risks may remain. We also remind you to take precautions to secure your information, such as keeping your login credentials confidential and ensuring that your devices are free of malware and viruses.
6. Disclosure of Personal Data to Third Parties
In the course of using your information as described in Section 4, we may need to share data with third parties. Potential recipients of your information may include:
Affiliated Companies
Our parent and subsidiary companies under the Xeneta group may utilize your information for risk management and business development purposes.
Service Providers
To efficiently deliver our products and services, we collaborate with service providers both within Norway and internationally. These service providers act as "Data Processors," meaning they are legally obligated to use your information solely as directed by us. We have established data processing agreements with these third parties to ensure compliance with relevant laws and regulations, including implementing security measures like encryption and access control.
Please note that some service providers may process your information independently for their own purposes (for example, performing statistical analyses). These providers are required to inform you about their data collection and usage practices in their privacy statements.
Certain service providers may also hold your data as "Joint Controllers." This includes partners like our logistics provider, DHL, and social media platforms such as Facebook and Instagram, which enable us to promote our products and services through targeted marketing.
Regulatory Authorities
We may disclose your information to courts and other public authorities as required by law. Information will only be provided about your content if mandated by a court order; in such cases, we will seek all available legal remedies to protect your content. As of the date of this Privacy Policy, we have not been compelled to share information about our customers' content with authorities.
Other Entities
In the event of a sale or transfer of all or part of our business, we may disclose your data (including your personal information) to the parties involved in such transactions.
7. Transfers of Data Outside the EU/EEA
As outlined in Section 6, we share information about our customers and users with various parties, some of which may be located outside of Norway. As a result, your data may be processed in different jurisdictions.
When transferring personal data between Xeneta and a data processor located outside the EU/EEA, we ensure that the transfer includes appropriate safeguards, including but not limited to:
- The EU-U.S. Data Privacy Framework.
- Adoption of the EU standard contractual clauses as per implementing Decision (EU) 2021/914 of 4 June 2021 regarding the transfer of Personal Data to third countries under Regulation (EU) 2016/679.
- Any other safeguards recognized by the GDPR, such as adequacy decisions or approved codes of conduct.
8. Your rights
You have these rights:
- Your right of access and rectification - You have the right to ask us for copies of your personal data or ask us to rectify information you think is inaccurate. There are some exemptions, which means you may not always receive all the information we process but as a main rule you can always contact us and ask for your information.
- Your right to erasure - You can ask us to erase your personal information in certain circumstances.
- Your right to withdraw your consent: If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your 15 withdrawal will not affect the lawfulness of the processing carried out before you withdraw your consent. You may withdraw your consent by sending an email to privacy@Xeneta.com.
- Your right to restriction of processing and object to processing - You have the right to ask us to restrict the processing of your information and a similar right to object to processing.
- Your right to data portability: You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).
- Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you for such marketing.
We will make sure to answer your request without undue delay and in any event within one month of receiving your request. It can be that the period will be extended by two further months if your request is very complex.
There may be conditions or limitations on these rights. It is therefore not certain e.g. you have the right of data portability in a specific case - this depends on the specific circumstances of the processing activity. You are always welcome to contact us and ask. The same goes for some of the other rights.
9. Complaints
You can always lodge a complaint with a European data protection authority, for example, the Norwegian Data Protection Agency.
Website: https://www.datatilsynet.no
Email: postkasse@datatilsynet.no
Address: Tollbugata 3 0152 Oslo, Norway
Telephone: +47 22 39 69 00
Assistance and additional information
You can take steps to exercise your rights by using the contact details above. If you have questions about the policy, feel free to contact us by using the contact details in this policy.
How to unsubscribe to email marketing material? If you’ve subscribed to our newsletters or asked to receive marketing material from us, you can always unsubscribe. In all these emails we include an unsubscribe link and you can always click the link and easily unsubscribe.
You can also unsubscribe by sending us an email to privacy@xeneta.com.
10. Changes to the policy
We may change this policy to reflect our current practices. We will take reasonable steps to inform you about changes via our website.
If you are a registered user, we will notify you via email if significant changes are being made to the policy using the email address you gave us when you signed up.
If you continue to use our website or services after the notification, we will regard this as your acceptance of our privacy practices.
This policy was last updated on October 1st, 2024.