Skip to main content
All CollectionsTerms & Conditions
Data Protection Policy
Data Protection Policy
Updated over 3 months ago

1. Processing of personal data

This data protection policy provides additional information on how and why we process personal data.

DIBkunnskap AS as data controller

DIBkunnskap AS "DIB” is the data controller in all DIB subsidiaries in connection with the processing of personal data of customers, users, customer contact persons and other persons as described in this data protection policy. In some cases, DIB also acts as a data processor on behalf of customers. For further information on this topic, see the general terms and conditions.

Please contact us at privacy(at)dib.eu with any questions about the data protection policy.

Services covered by this policy

This data protection policy relates to dib.no, dib.se, dib.eu and dflow.com (home pages), app.dib.no (dib), kontohjelp.no, kostrahjelp.no , app.dflow.com (dflow) and bompengekalkulator.no (the “Services”), which are developed by DIBkunnskap AS (974 379 511).

Purpose and basis for processing

Processing of your personal data is carried out to fulfil the User Agreement and for the legitimate interests of DIB.

If you consent to participate in surveys, receive marketing or other communication, DIB will process your data in accordance with Article 6(1)(a) of the General Data Protection Regulation (consent).

In addition, DIB processes the personal data provided by you or your employer to DIB for the purpose of fulfilling the agreement on the use of DIB's products, cf. Article 6(1)(b) of the General Data Protection Regulation.

DIB also processes the data generated by your use of our services on the basis of legitimate interests, cf. Article 6(1)(f) of the General Data Protection Regulation. The information is used to provide our service, for marketing, to improve our IT security, for communication and for the development of our products.

2. What data is processed?

Information you provide to us

How we use your personal data depends on which services you use and how you use those services. We use the data we have about you to provide support, customise and make our services available in a way that is relevant and useful to you.

  • We use your registration data to verify your identity and allow access to our services

  • We may communicate with you via email, for example about the availability of our services, security or other service communications. For example, emails on how to use the services, updates and reminders. You can always change your communication preferences. Please note that you cannot opt-out of service notifications from us, including notifications on security and legal issues.

  • We use data and content about users for invitations and communications that promote our services. We will only send you marketing information if you have consented to this, and you can withdraw your consent at any time.

  • We use data to conduct research to further develop our services to provide you and others with a better, more intuitive and personalised experience and increase engagement for our services.

  • We conduct surveys through our services. You are not obliged to answer surveys and you have the possibility to decide on the information you give us. You can opt-out of survey invitations.

  • We use the data (which may include your communications with us) necessary to investigate, answer and respond to complaints and problems with the service (e.g. errors).

  • We use your information to produce aggregated datasets, where it is no longer possible to identify you. For example, we may use your data to generate statistics about our users, their profession or industry, the number of ad impressions delivered or clicked on, or the demographic breakdown of visitors to a website.

  • We use your data (including your communications with us) if we believe it is necessary for security reasons or to investigate potential fraud or other violations of our License Terms, this Privacy Policy and/or attempts to harm our members or visitors.

Information from your employer

Your employer may provide us with information to enable you as a user to use DIB's platform. We may receive information about your work area, title, contact details and the IP address from which you are expected to access the service.

Use of services

We log usage data when you visit or otherwise use our services, including our websites, app and platform technology, for example when you view or click on a document or perform a search. We use logins, cookies, device information and internet protocol addresses ("IP addresses") to identify you and log your usage.

Cookies and other similar technologies

We collect data using cookies and similar technologies.

You can read more about how DIB uses cookies and similar technologies below.

You can also control the use of cookies through your browser settings and other tools.

Your device

We receive data from your devices and networks.

When you visit or leave our services (including our plugins, cookies or similar technology on other people's websites), we receive the address of both the website you came from and the one you go to. We also receive information about your IP address, proxy server, operating system, browser and add-ons, device ID and capabilities, and/or ISP.

Newsletters

We will only send you newsletters if you have an active subscription. If you no longer wish to receive our newsletter, you are always free to opt-out.

We process your personal data for as long as you are subscribed to the newsletter. If you unsubscribe from the newsletter, we will stop sending it to you.

By unsubscribing from the newsletter, we will keep your contact details, but you will of course no longer receive the unsubscribed newsletter.

Other information

Our services are dynamic, and we often launch new features that may require the collection of new data. If we collect new personal data or use your personal data for other purposes, we will notify you and we will amend this privacy policy as relevant.

3. Your rights as a data subject

As a data subject, you have a selection of rights that you can exercise by contacting us at the email address specified in section 6 or by sending us a letter.

Your rights include the right to request access to the personal data we process about you and the right to receive a copy of it.

In some cases, you have the right to object to our processing of your personal data, to request the rectification or erasure of your personal data that you believe is inaccurate, outdated, etc., or to request the restriction or erasure of the processing of your personal data.

As a data subject, you also have the right to data portability if specific conditions in data protection legislation are met. If technically feasible, you also have the right to have your personal data transmitted to another data controller.

In certain cases, a request to exercise your rights may be restricted in accordance with applicable rules, including consideration for critical private interests if these are deemed to override your interests as a data subject.

If you have previously given DIB your consent to the processing of your personal data, you have the right to withdraw your consent at any time. The withdrawal of your consent does not change the lawfulness of the processing carried out until the withdrawal. If you withdraw your consent, the processing of your personal data will cease and your personal data will be deleted, unless there is a legitimate or legal basis to keep it.

You can read more about your rights in the Norwegian Data Protection Agency's guide on rights of data subjects.

Please contact us at prvacy(at)dib.eu if you have any questions or would like to exercise your rights.

4. Storage of data

Data storage

We store your personal data for up to 8 years after the end of the cooperation, depending on the type of data and whether there is specific legislation requiring the storage of personal data.

As Karnov Group is listed on the Swedish Stock Exchange, there are in certain cases special requirements for storage, e.g. of financial information.

As a general rule, user information is deleted as soon as an account is removed, unless there are special circumstances justifying a longer retention period, see below.

Termination of online access

We will retain some of your data even if you terminate your online access, providing it is necessary for compliance with our legal obligations (including requests from official authorities), compliance with laws and regulations, resolving disputes, maintaining security, preventing fraud and abuse, or enforcing our user agreement.

Specific information for authors and experts

We retain and process some of your personal data in relation to previously published works or other literary works. The aim is to provide an overview of the author history and to present the author history to new authors and customers, thus maintaining a complete author history.

5. Transfer of data to third countries

DIB uses suppliers and subcontractors for the processing and storage of personal data in order to provide our online universe. Among these suppliers and subcontractors are companies that are either located in third countries or are connected to such companies by corporate law.

DIB strives to ensure that all processing of personal data takes place within the EU/EEA. If this is not possible, the necessary organizational and technical measures will be taken to ensure adequate protection of the personal data. An example of such a type of measure could be anonymization.

6. Disclosure of personal data

DIB does not disclose personal data to third parties, unless it is done as part of performing a task on behalf of DIB, including disclosure to other affiliated companies. This disclosure takes place on the basis of Article 6(1)(f) of the General Data Protection Regulation (legitimate interest). In cases where it is necessary, an appropriate data processing agreement will always be concluded.

Personal data will be disclosed to third parties when necessary in connection with legal proceedings or commercial transactions such as mergers or acquisitions, in line with our legitimate interest in pursuing such legal proceedings or implementing such commercial transactions (Article 6(1)(f) GDPR). We will also disclose personal data to public authorities or others when we are required to do so by law.

7. Amendment

If necessary, we may amend this privacy policy.

If you do not want to accept the amendments, you can terminate your access to the service pursuant to your subscription agreement. Your continued use of our services after we have published means that you accept the updated privacy policy.

8. Contact

Questions

If you have any questions about our processing of your personal data, please feel free to contact us at privacy(at)dib.eu.

Complaints

At any time, you may submit a question or complaint about DIB's processing of personal data to the Data Protection Authority of the relevant country.

This privacy policy was last updated in August 2024.

Changelog

Version

Change category (new / update / wording / other)

Description of main changes

Effective from

2.00

Update

Complete revision of privacy policy

1 September 2024

1.72

Update

Added EasyQuest as new subprocessor

27 September 2021

1.71

Wording

Minor editorial changes (numbering, headlines etc.)

30 October 2020

1.70

Update

Clarifications regarding processing purposes, legal basis for processing, disclosure to third parties, rights, and storage/deletion.

22 October 2020

1.60

Update

The EU-U.S. Privacy Shield, which was invalidated by an EU court, has been removed. Instead, an EU standard agreement has been signed with Intercom (located outside the EU/EØS) to ensure secure processing of personal data

31 August 2020

1.51

Wording

bompengekalkulator.no (ny) added under "Services"

1 May 2020

1.50

Update

Changes to comply with GDPR

15 May 2018

Did this answer your question?