Privacy Policy

(Last Updated March 1, 2022)

These Privacy Terms apply to the SPGR Gyre Web application. By using our website and service, you consent to these Privacy Terms.

1. Background

SPGR Gyre Web (“the service”) is owned and operated by SPGR Institute AS.

As a user of the service, you grant us access to the personal data you register. The purpose of these privacy terms is to ensure that you, as a user, know what information we collect about you, the purpose of this collection, and your rights regarding your own personal data. Privacy is important to us, and we are committed to ensuring that your privacy is protected and treated with respect.

2. Purpose

The primary purpose of collecting personal data is to fulfill the obligations we, as a supplier, have towards you as a user or customer of the service. These obligations include using the service, sharing relevant information with you about, e.g., updates or changes to the service, terms of use, customer support, and administration. As a user, you have the right at any time to request that your information be corrected or deleted, and to access and receive the personal data we hold about you. You can view, correct, or delete your personal data at any time from the account settings in the service.

3. User's Personal Data

3.1 User Account

To use the service, you must either create a user account or be invited as a respondent.

To create a user account, you must provide the following information:

• Your name

• Your email address

The purpose of this information is to ensure a communication flow between you and us, e.g., for support needs, relevant information about updates or changes to the solution, and administration/invoicing. Your email address is also used as a security measure when changing passwords or usernames, where such changes must be confirmed via your email.

3.2 Personal Data in SPGR Gyre Web

In SPGR Gyre Web, you can create one or more groups for yourself or someone else. Information stored about a user or respondent includes (but is not limited to):

• Full name

• Email address

• Language

• Demographic data (age, gender, leader or not, industry one works in)

• Group, team, or department affiliation relevant for SPGR analyses.

• Responses to generated surveys and analyses entered by the user / respondent themselves.

Information about and from the individual is only available to those who are granted access to the specific person profile and responses. The person who creates groups and invites respondents automatically becomes the profile's administrator and can further transfer read/write access.

3.3 Consent

All personal data about living individuals, including name, demographic data, and responses, requires consent from the individual before it is entered into the system. Users may enter the names, email, and group affiliation of others to invite them to surveys. Each user is responsible for ensuring that individuals they share information about consent to this and understand that such consent can be withdrawn at any time.

4. Subcontractors

The subcontractors that SPGR Institute AS uses may not use personal data for any purpose other than providing the agreed-upon service. This is regulated through a separate Data Processor Agreement with each individual subcontractor.

4.1 Hosting Provider

For running the service and storing data, we use our provider Syse AS, which operates the underlying infrastructure that constitutes most of the service. See Syse's service agreement for more information.

4.2 Software Development

For the development of the web application SPGR Gyre Web, we use our provider Rubendahl Consulting AS, which has access to, among other things, the solution's databases, including personal data, for the operation, development, and support of the service.

5. Cookies

We use cookies to provide the best possible service and user experience. The cookies allow you, among other things, to log in and avoid having to enter your username and password regularly.

See our Cookie Policy for further details on our handling of cookies.

6. Data Storage

Databases containing personal data, i.e., names, email addresses, responses, demographic data, etc., are stored in Norway. (See "Hosting Provider" above)

7. Your Rights

Ultimately, you are the owner of your own personal data and have the right to choose who and where your information is stored. Your most important rights are:

• Access: Full access to what information we hold about you, where the information originated from, and the purpose of storing the information.

• The Right to Be Forgotten: Your right to have your information deleted from our systems. You can delete some of your own data by logging into the service. We will also delete your information upon request from you.

You can read more about your rights as a registered user on the Norwegian Data Protection Authority (Datatilsynet) website.

8. Retention and Deletion of Your Information

Your personal data will be stored as long as it is necessary to fulfill the purpose, i.e., use of the service, except where SPGR Institute AS is obligated to store such information under accounting and bookkeeping legislation. When you request that your data be deleted, it is permanently removed from our active systems.

9. Contact

If you have questions related to the processing of personal data, you can contact SPGR Institute AS at support@spgr.no.

10. Changes

In the event of changes in our processing of personal data, e.g., due to changes in the service or in legislation, and you are a registered user of the service, you will be notified to review the terms again.