PRIVACY POLICY
Blåst Spel provides this Privacy Policy to inform you of the collection, use and disclosure ("Processing") of personal data in the ibbi application.
Last updated: 27 April 2024
Blåst Spel has legitimate interests in collecting and maintaining the information needed to provide biodiversity-related evidence that supports scientific research and governance, as well as educate the public for a deeper understanding of biodiversity and the worlds ecosystems. Beyond that, we collect the minimum amount of personal information needed to fulfill the purpose of your interactions with us. We don't sell this information to third parties, and we process it only as described in this Privacy Notice. We comply with the General Data Protection Regulation (GDPR). Regardless of where you come from, where you are or where you live, we apply the same standard of privacy protection to all our users.
This summary is no substitute for the rest of the policy notice, so please read on for the complete details.
1.1. This Privacy Notice is intended to provide you with information on how Blåst Spel AS, Jøsokvegen 129, 6080 Gurskøy, Norway, Norwegian org.nr. 924 772 077 (hereinafter "Blåst", "we", "us", "our") process your personal data in the following situations:
1.2. This privacy notice applies to all personal data that you provide to us or that we collect via the ibbi application.
1.3. This Privacy Notice explains how and for which purposes we process your personal data. We will only process your personal data in accordance with this Privacy Notice and applicable law to which we are subject, in particular the General Data Protection Regulation (EU 2016/679) (hereinafter the "GDPR") and the Norwegian Protection Act.
1.4. Blåst is data controller in relation to your personal data. You can contact us by using the contact information in section 9.
2.1. When you use the ibbi application
The purpose of this processing is to learn how users use our application and to optimize the user experience and the functions of the application. The processing is necessary to maintain our interests in improving our application (article 6(1)(f) of the GDPR).
2.2. When you register yourself in the ibbi application
The purpose of our processing is to identify users signing up for a profile in the application. The processing is necessary to maintain our interests in making available our services to our users (article 6(1)(f) of the GDPR).
2.3. When you have questions or otherwise communicate with us
The purpose of the processing is to respond to your questions or to communicate with you in general. The processing is necessary to pursue our interests in communicating with our network and the public in general (article 6(1)(f) of the GDPR).
2.4. When you are the observer, collector or identifier of a species contained within a record in our database
The purpose of the processing is to assist researchers in evaluating the fitness-for-use of data accessed through GBIF as well as to acknowledge the named individuals for their recording, collection or expertise. Processing is necessary to pursue our and the public's interests to share the data for research purposes (article 6(1)(f) of the GDPR).
To the extent that we refer to our legitimate interest as the legal basis for the processing of personal data specified above we have conducted a balancing test for those interests to ensure that our interest is not overridden by your interests or fundamental rights and freedoms. Please contact us by using the email provided in Section 9 below if you wish to receive more information on the balancing test.
3.1. In most cases we receive the personal data directly from you. We will, however, also in some cases receive your data from third parties as further described below:
3.2. As you interact with our application, we may automatically collect Technical Data about your equipment, actions and patterns.
4.1. Our primary Internet services are hosted at and by Google cloud services. We have entered into a GDPR-compliant data protection agreement with Google to ensure that they only process data in accordance with our instructions and for our purposes.
4.2. While we ourselves do not collect personal data from third-party services that process data on our behalf, our use and integration of such services means that your personal data may also be shared with these third parties such as IT service and hosting providers, consultants and sms service providers. We enter into GDPR-compliant data protection agreements to ensure that such data processors are only allowed to process data in accordance with our instructions and for our purposes, as explained in this notice, with each of the following service providers.
4.3. Where required by law, third-party service providers may also disclose your personal data to public authorities.
5.1. We rely on several third-party service providers established in the United States and make permissible transfer of personal data under the following safeguards.
Third-party service | Location | Safeguard frameworks |
Atlassian | United States | Standard Contractual Clauses |
GitHub | United States | Standard Contractual Clauses |
Google Cloud | United States | Standard Contractual Clauses |
Google Play | United States | Standard Contractual Clauses |
Apple App Store and App Store Connect | United States | Standard Contractual Clauses |
Typesens | United States | Standard Contractual Clauses |
Twillio | United States | Standard Contractual Clauses |
Strapi | United States | Standard Contractual Clauses |
Slack | United States | Standard Contractual Clauses |
Sletta info om å kontakte ved ønske om å sjå kontraktene
6.1. Under certain circumstances, you have one or more of the following rights:
6.1.1. You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
6.1.2. You have the right to request correction of your personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
6.1.3. You may have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. To the extent that continued processing of your personal data necessary, for example in order for us to comply with our legal obligations or for legal requirements to be established, enforced or defended, we are not required to delete your personal data.
6.1.4. You have the right to object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
6.1.5. You may have the right to request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
6.1.6. You may have the right to request the transfer of your personal data to another party (also known as data portability).
6.1.7. In cases where we process your data based on your consent, you are entitled to withdraw it at any time. If you wish to withdraw your consent, please contact us by using the contact information in section 9.
6.1.8. If you have unresolved concerns, you also have the right to complain to the Norwegian Data Protection Agency or to the data protection authorities in the country where you live or work, or where you consider a breach of data protection law has occurred. The contact information for the Nortwegian Data Protection Agency are Postboks 458 Sentrum, 0105 Oslo, Norway, e-mail address postkasse@datatilsynet.no or telephone number +47 22 39 69 00.
7.1. Your personal data is kept for as long as it is necessary to meet the purposes described in this Privacy Notice.
7.2. If you register for a user profile through our application, we will delete it only upon request. We generally do not delete user profiles, or information associated with species data records that are assigned persistent identifiers, in order to preserve information relevant to research and policy purposes in ours and the public’s interest (article 6(1)(f) of the GDPR).
7.3. When you have questions or otherwise communicate with us, the collected information will be deleted after five years.
7.4. As an exception, we will not delete your personal data where we still have a legitimate interest to use your personal data (according to article 2 above).
8.1. We have put in place appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorized way, altered or disclosed.
8.2. In addition, we have limited access to your personal data to employees and contractors who have a relevant and reasonably required need to access your personal information to perform their work have access to them and have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
9.1. Blåst is data controller for the personal data, which are collected about you.
9.2. If you have any questions regarding this Privacy Notice or request to exercise your rights please use the contact information set out below.
Blåst Spel AS
Jøsokvegen 129
6080 Gurskøy
Norway
Norwegian Organization number: 924 772 077
Phone number: +47 977 66 471
E-mail address: are@blaastfilm.no
10.1. Blåst have the right to update and change this Privacy Notice from time to time. Any changes to this Privacy Notice will be made available in the application.