Policy active as of 1 July, 2018
You may contact Apps at firstname.lastname@example.org or Vulkan 16, 0178 Oslo, Norway.
Protecting your privacy is a core part of the Apps mission. You trust us to take care of your data, and we strive to be worthy of that trust.
We pledge to:
By using Sonya, you agree to allow us to collect and process information as described below.
In case your employer has ordered Sonya for you as an end-user (“business end-user”), your employer is the data controller. If you have any questions or complaints, you will need to contact your employer. Apps is the data processor for your data, including any personal data you provide.
If you have downloaded Soya for your own purposes, Apps is the data controller. You may contact Apps regarding any questions you may have, including regarding access, rectification and erasure.
The purpose of processing your personal data is to digitalize different tasks in your workday, by time tracking your workday in Sonya Hours, handle work related expenses with Sonya Expenses, manage HSEQ with Sonya HSEQ and mileage reimbursement with Sonya Go.
What that means in terms of what data we collect and process, how and where we process it, and for how long, is described below.
It is important that you read this, as you by taking Sonya into use, gives us (and your employer, in case you are a business end-user) your consent to process your personal data.
If you use Sonya for your own purposes the legal basis for the processing of personal data is GDPR art 6 1 b) necessary for the performance of a contract to deliver Sonya to you. In case you are a business end-user, part of the processing is required in order to fulfil the agreement we have with your employer (the data controller). Any local tracking through Sonya Go is based on your consent. You may at any time withdraw this consent directly in the Sonya Go app.
Your personal data is processed in accordance with the Norwegian Data Protection act, which incorporates the EU general data protection regulation 2016/679 (GDPR).
This give you strong rights as a data subject. Hereunder you have the right to:
Norwegian law applies.
Any surrender of data is voluntary, but some basic information is needed to enable Sonya to operate.
The information we collect is used to provide, develop and improve Sonya, including information necessary to improve our service and safety features. We or our partners may use your contact details to send you information, or to ask you to participate in surveys about your Sonya use.
We may also use this information in an aggregated, non-identifiable form for research purposes and to help us make decisions on the direction of sales, marketing, product development and business activities.
We may use service providers to perform some of these functions. Those service providers are restricted from sharing your information for any other purpose.
We use industry-standard methods to keep this information safe and secure while it is transmitted over your network connection and through the Internet to our servers. Depending on your location and type of data, Apps may process your personal information on servers that are not in your home country.
All information and all files uploaded to Sonya are encrypted upon uploading to our cloud-based service, currently operated by Amazon Web Services (AWS). Your bank account number is also encrypted before it is saved to our database.
The personal data we collect from you is transferred to our European data processing centre. Currently this data centre is operated by AWS, which is the world largest data centre operator for cloud services. AWS is world renowned for its industry leading security and performance. Read more at aws.amazon.com.
The AWS data centres we use are placed within the European Union (EU) and/or European Economic Area (EEA). Audio and video data is never transferred out of the EU or EEA. In order to provide you with the best possible service, selected and limited parts of the Sonya services, such as SMS verification, may be performed by suppliers located outside the EU or EEA. If so, the data export will take place in accordance to EU requirements, such as in accordance with the EU Model Contract (Commission Decision 2010/593 or similar) or to entities certified under the EU US Privacy Shield arrangement.
Apps does not share personal information for any commercial or marketing purpose unrelated to the delivery of Apps products and services without asking you first.
The following are the limited situations where we may share personal information:
Apps generally stores your personal information on Apps’ servers for as long as you or your employer remain an Apps customer. To the extent there are legal requirements for duration of storage, such as for accounting purposes, we may store data for up to 10 years.