At NORRIQ as well as at our affiliates and subsidiaries we take the privacy and safety of our customers seriously, therefore we take a proactive approach to respect user privacy and ensure the necessary steps are taken to protect the privacy of our users, partners and customers. These efforts are made throughout all user and customer channels from visits to any of NORRIQ’s affiliated websites as well as the different services and solutions affiliated to NORRIQ. Furthermore, the efforts are made in connection to all personal information provided to us, regardless of how the information is provided, collected or stored.
1 What kind of information do we collect?
Information uploaded and thereby provided using Travel & Expense Management, thus collected by us can be, but is not limited to:
- Expense receipts, mileage registration and notes made in connection to these i.e. names of colleagues who participated in the expense
- Name, e-mail and address
- Geographical data in connection to mileage registration (such data is only collected after a determined and purposeful registration is made by you, and geographical data will therefore not be collected without your specific consent)
- Information collected automatically such as IP address, browser type and version or mobile device data and local settings etc.
- Use of the application does not require you to provide sensitive personal information, so we kindly ask that you do not to provide or upload any data or information of such kind in any form
Because Travel & Expense Management is an add-on application/solution to Microsoft Dynamics NAV/Dynamics 365 Business Central, some data and information exist in the demarcation of the solution and the system, because (with your consent) Travel & Expense Management can access the information from the system. However, the data and information are not collected or stored in Travel & Expense Management. The responsibility of storage, information usage etc. Of said information will therefore not be transferred to NORRIQ.
1.1 The principles we follow relating to the processing of your personal information
Due to our GDPR-compliance we have implemented the following principles amongst others into our processing of your personal data:
- Lawfulness, fairness and transparency – in our collection and use of information
- Data minimization – we only collect the information necessary to provide our services and solution in a satisfactory manner – no more no less
- Accuracy – you provide the information we use so you yourself is in charge of the information accuracy
- Integrity and confidentiality – all available security measures are in place to keep your information safe
- Accountability – we accept our responsibilities as solution provider and data controller
2 How do we use the information we collect?
The truth is – we actually don’t really use the information provided through Travel & Expense Management; you do. Why? Travel & Expense Management is a solution enabling users to digitize their travel costs, mileage registration and expenses, and to post these expenses inside Microsoft Dynamics NAV/Dynamics 365 Business Central. We only use the information to provide these services to you. The information provided is therefore limited to the information the user provides through the use of the application or solution, which makes the user in control of the information flow. NORRIQ’s responsibility is just to ensure that Travel & Expense Management is running and performing to the standards and expectations of the user, and to ensure that the information is kept secure.
The information is used in the following ways:
- To facilitate, deliver and provide the features and services of Travel & Expense Management for example but not limited to approval of expenses, registration of mileage and receipts, e-mail notifications and the digital archiving of expenses
- To identify you as a user in the system
- To enable the administration and betterment of Travel & Expense Management continuing to improve the quality of the solution
- To enable communication with you for example but not limited to when an expense is ready for approval or in support purposes
- To perform technical diagnostics
- To collect payments for the use of the solution in accordance to the User Agreement as well as securing the general compliance with the terms in the aforementioned agreement
- To allow you to post expenses in your Microsoft Dynamics NAV / Dynamics 365 Business Central
- To administer our website and marketing material (only regarding information provided on this website)
The information provided through the use of Travel & Expense Management will not be sold, exchanged, shared, transferred or given to any company outside NORRIQ or our trusted third-party providers. If the information is shared with such providers, it will only be for the sole purpose of delivering the features and services of the Travel & Expense Management solution. We will never share your personal information with authorities outside EU/EEA unless instructed to do so by you or a relevant European authority. We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within EU and under the GDPR as follows.
Regardless of the geographical location of aforementioned third-party providers, we strive to ensure that a satisfactory level of protection is given to your information at any time, and that the level of protection is consistent to the level of protection provided by NORRIQ.
2.1 How long do we keep your information?
NORRIQ will not retain your personal information longer than necessary. We will hold onto the information you provide either while your account is in existence, or as needed to be able to provide services to you, or (in the case of any contact you may have with our Customer Care team) for as long as necessary to provide support-related services. If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our User Agreement, we may also retain some of your information for a limited period of time as required, even after you have closed your account or it is no longer needed to provide services to you.
2.2.1 What are cookies?
Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and usage on websites. This allows the website through its server to provide the you with a tailored experience within this website.
We use anonymous session cookies (short-term cookies that disappear when you close your browser) to help you navigate the website and make the most of the features. If you log into the website, application or a course as a registered user, your session cookie will also contain your user ID, so that we can check which services you are allowed to access.
Should users wish to deny the use and saving of cookies from this website onto their computer’s hard drive, they should take necessary steps within their web browser’s security settings to block all cookies from this website and its external serving vendors.
3 What are your rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
b) The right to access the personal information we hold on you.
c) The right to have your personal information rectified if any of your personal information held by us is inaccurate or incomplete. However, due to the fact that most of the information is provided by you, the rectification is in most cases possible to do yourself. If you have any questions in this regard, feel free to contact us.
d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please see the information in section 2.1 and contact us to find out more.
e) The right to restrict (i.e. prevent) the processing of your personal information. Restriction of information will in some cases make the make us unable to provide our solution and will therefore mean discontinuing the use of the solution.
f) The right to object to us using your personal information for a particular purpose or purposes. In this case the same terms as section e) above is applied.
g) The right to information and data portability. This means that, if you have provided personal information to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means. In many cases you can ask us for a copy of that personal data to re-use with another service or business or we can give you access to retrieve the information you need for a specified period of time.
h) Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
4 How do you contact us?
For more information about our use of your personal information or exercising your rights as outlined above, please contact our Group Marketing & Communications team:
Att.: Group Marketing & Communications
Vibeholms Alle 20
Phone: +45 70 20 12 12.
If you have any cause for complaint about our use of your personal information, you have the right to lodge a complaint with the Danish Data Protection Authorities.