About GDPR
1. What is GDPR?
The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD). It is a law on data protection and privacy for all individuals within the European Union (EU). The GDPR aims primarily to give control back to individuals over their personal data and to simplify the regulatory environment. Being a regulation, not a directive, it forces all countries within EU to implement GDPR by May 25, 2018.
The regulation builds on many of the requirements from the 1995 directive for data privacy and security, but includes new provisions to strengthen the rights of data subjects, the individuals whose personal data is processed, and it adds harsher penalties for companies and organizations that fail to comply with the regulation.
2. Read more
Cube has its main establishment in Norway and our lead supervisory authority is Datatilsynet. (https://www.datatilsynet.no)
You can learn more about the GDPR at EUs GDPR Portal.(https://www.eugdpr.org/)
Privacy Statement
1. Our commitment
Cube IT AS (“Cube”) has always made information security and customer privacy a top priority. On May 25, 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) replaces the 1995 EU Data Protection Directive (DPD) which significantly enhances the protection of the personal data of EU citizens and increases Cube’s obligations regarding lawful collection and processing of personal data.
We apply the principles of “Privacy by Design” and “Privacy by Default” and process just enough data to serve our customers, potential customers, consultant suppliers, consultants, visitors to our website and individuals participating in our events in the best way possible. We process all personal data lawfully, fairly and in a transparent manner. All our employees receive education in how to handle data in order to comply with the GDPR and other regulations and applicable laws.
This Privacy Statement describes Cube’ information practices, data collection and usage practices with respect to personal data, in compliance with the GDPR and other regulations and applicable laws.
This Privacy Statement describes Cube in the role as a data controller of personal data.
When Cube is the data controller, Cube decides the purpose and method of processing personal data. Cube is responsible for the data processed.
You can at any time opt in to receive information from us as well as opt out when you desire. The possibility to opt out is presented in every written communication you receive from us.
This Privacy Statement applies to contact persons at companies who are our customers, consultant suppliers, consultants, visitors on our web site, individuals participating in our events, individuals who are in contact with us for any other reason, and individuals who are contact persons at companies that we have flagged as potential customers, i.e. for anyone whose personal information we possess, we are the data controller.
2. Personal data – What kind, how, why and with what legal basis?
Existing or potential customers
Individuals at a company with which Cube has a frame agreement or where Cube & the customer has had contact to discuss a possible agreement.
Personal data type:
Name, Role, Employer, Phone number, e-mail, Free text notes, Employer, Social media account, Gender, Language skills.
Source of personal data:
Data Subject, Consultant Supplier, Customer, Official registers, Generated internally.
Legal basis:
Legitimate interest, Fulfillment of contract.
Purpose:
Relationship management, Prospects management, Sales, Assignment management.
Existing or potential supplier
Any individual at a consultant company who is in contact with Cube in any way due to applying to assignments on behalf of your consultants, ongoing assignments or that you have had assignments through Cube but are not the Consultant yourself. You represent the company where the consultant is employed.
Personal data type:
Name, Role, Employer, Phone number, e-mail, Free text notes, Employer, Social media accounts, Gender, Language skills.
Source of personal data:
Data Subject, Consultant Supplier, Client, Official registers, Generated internally
Legal basis:
Legitimate interest, Fulfillment of contract
Purpose:
Relationship management, Assignment lifecycle, Assignment management, Direct marketing
Consultant
Any individual who applied for an assignment or your employer applied for you, and your profile has been sent to our Customer with the hope that you will be chosen for the assignment, or a consultant on an assignment via Cube, or an individual who has had an assignment via Cube.
Personal data type:
Name, Phone number, e-mail, Address, Role, CV, Photos, Certificates, References, Evaluation, Personal identification number, Employer, Time report, Free text notes, Salary, Vacation, Social media accounts, Gender, Language skills..
Source of personal data:
Client, Consultant Supplier, Data Subject, Generated internally.
Legal basis:
Legitimate interest, Fulfilment of contract, Legal obligation
Purpose:
Matching & Profiling, Relationship management, Assignment lifecycle, Assignment management, Direct marketing, Accountancy
Portal user
Any individual with a registered account on portal.cube.no
Personal data type:
Account info (username/password/activity), IP address, Name, Phone number, e-mail, Address, Role, CV, Photos, Certificates, References, Social media accounts, Evaluation, Personal identification number, Employer, Time report, Free text notes, Salary, Vacation, Gender, Language skillsv.
Source of personal data:
Client, Consultant Supplier, Data Subject, Generated internally.
Legal basis:
Consent, Privacy policy.
Website user
Any individual using cube.no or any subdomains.
Personal data type:
Free text notes, Name, Phone number, e-mail, IP address, Location data
Source of personal data:
Data Subject, Generated internally
Legal basis:
Consent, Privacy policy
Purpose:
Support, Statistics
The type of personal data we collect by means of cookies and other technologies is described in Cookies Policy. https://www.cube.no/cookie_policy
3. For how long do we retain personal data?
Customers, consultant suppliers and consultants
We store your personal information as long as it is deemed necessary for the purpose for which the personal information was collected.
Compliance with the law
We retain your personal data for as long as we are required in accordance with applicable law. In regards of e.g. invoicing we are required to retain personal data for seven years.
Cookies and other technologies
For more information please see our Cookie Policy. https://www.cube.no/cookie_policy
Safeguard our legal interest
In case of a dispute regarding e.g. payment, we retain your personal data as long as necessary for us to defend, establish or exercise any claims.
Some data will be anonymized and used for service development. When you choose to opt out from any type of communication from us, your personal data will be erased.
4. How do we share your personal data?
We may share your personal data with:
- Customers or partners, with an intent to find assignments for you or your consultants.
- Companies supplying technology, storage services, administrative tools, crm tools, financial services, authorities that request personal data, any third party with which we arrange an event or conference (provided that you have given consent to such sharing).
We only collaborate with partners that administer personal data within the EU/EEA or with companies maintaining the same level of protection as within the EU/EEA. All transfer of personal data is executed in accordance with GDPR.
In a reorganization or sale of our company or assets, your data may be transferred, subject to the acquirer accepting the commitments made in this Statement and compliance with applicable law.
5. How do we protect your personal data?
We take appropriate administrative, technical and organizational security measures, consistent with GDPR and industry standards to ensure that all personal data we treat is protected from unauthorized access.
6. Links to external websites
For convenience and information, our sites may contain links to third party websites, apps and services that may be operated by companies not affiliated with Cube and are only meant for informative purposes. These companies may have their own privacy statements or privacy policies, and we strongly recommend that you read through them. As we do not influence the content on these platforms, we cannot be held accountable for what content is published. We do not take responsibility for damages or losses that occur while using aforementioned links.
7. Your rights and options
It is our duty to only process personal data that is accurate, relevant and necessary, taking into account our legitimate purposes, and you have the right to verify that this happens.
You have certain rights under the General Data Protection Regulation regarding your personal data, you may;
- Object to any processing that is not necessary
- Request a record of all data that Cube processes about you
- Know who has gained access to your information
- Demand that data that is incorrect is corrected
- Demand that data is deleted
- Leave a complaint with the data authority
If you have any questions regarding this Privacy Policy or our use of your personal information, please contact us at [email protected].
6. Changes of this Privacy Statement
We may update this Privacy Statement periodically and without prior notice to you to reflect changes in our personal information practices. If we make material changes to this statement, we will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective.