Privacy Policy for Wittario

Wittario AS delivers a game-based platform that consists of two components; an online solution for creating games and a mobile app for playing called Wittario (the “Service”).

Wittario AS will process personal data through the Service. All processing of personal data is in accordance with the privacy rules in force at any given time, including the Norwegian Personal Data Act and the General Data Protection Regulation (GDPR).

You will find at the description below on the purpose and background for our processing of personal data as part of the Service, what data is processed, the purpose and the background for the processing and your rights with regard to the processing of your personal data. This policy only applies to the use of the Service.

We draw especially attention to the section below about the processing of personal data for minors/children.

If you have questions or want to know more about our processing of personal data, you can contact us - see contact information below.

Data controller and processor

If you use the Service by agreement directly with Wittario, Wittario is the data controller (i.e. the responsible for the processing of personal data) for the personal data which is collected and processed upon the use of the Service. Contact information for Wittario is:

Wittario AS
Address: Værftsgata 1C, 1511 Moss, Norway
Tel: 94019520
Email: post@wittario.com
Company registration no.: 915 979 025

If you use the Service through an organisation (such as a company, school, association, etc.), then this organisation will be data controller, and Wittario will be data processor processing personal data on behalf of the organisation. You must then contact the organisation responsible for the processing of your personal data if you want more information or for exercising your rights with regard to the processing of your personal data.

Purpose and personal data processed

The processing of personal data is necessary to make the Service and its functionality available to you. We only process the necessary minimum of personal data necessary.

The following information will be collected and processed when you use the app:

• User content: Answers to questions in games, such as free text, answers to multiple choice, pictures as part of games, use of games with virtual reality, etc.
• Product interaction: Operating system, device model, screen resolution, version of the app on your device, the connection to the network used (telephone network/wifi), whether the device is held horizontally or vertically, time and date of play, and IP address (IP address is deleted after 30 days)
• Diagnosis: Information and data such as technical logs, data, statistics, know-how, etc. about the use of the app and the Service and the content processed as a result of the Service
• Identifiers: ID connected to devices that are part of the game (deleted after 24 hours), code to the organisation (such as company, school, association, etc.) that has given you access to the Service and Global Unique Identifier (GUID).
• Location data (GPS data) for some types of games (stored and overwritten every 10 seconds)
• Third-party data: Maps used, searches made, reports on monthly use of maps, and feedback on the map from the user

The above is collected and processed to secure, analyse, develop, improve and support the Service, including machine learning and artificial intelligence.

The data will be anonymised and can therefore not be connected to you after four years. The data will, therefore, not be deleted as long as it is necessary for the purpose above. 

No data will be transferred from your device when the app is not in use.

As a registered user, the following personal data is processed:

• Contact information: Name, email address and telephone number
• Code for the organisation (such as company, school, association, etc.) that has given you access to the Service
• Password
• Device ID connected to Dashboard

The data is stored and processed as long as your account is active or until you delete the account. The account will be deleted if your account has not been active in the last 24 months. If your account is deleted, all data will be deleted or anonymised removing any connection to you.

On the computer or other device available to the organisation that has given you access to the Service (Dashboard), an account will also be registered, and the following information will be processed:

• Name and contact information of the person who created the account and is logged in
• Organisation (such as company, school, association, etc.)
• Results for games played, including answers to the games
• Any GPS data for certain types of games (stored and overwritten every 10 seconds)
• ID connected to devices that are in the game (deleted after 24 hours)

Other personal data may also be processed and in other ways, but then you will be informed.

Wittario is the data controller, processing will be based on Wittario having to fulfil an agreement with where the data subject is a party (GDPR Article 6 (1) b). If Wittario is a data processor, the processing will be on the basis which the data processor relies on.

For games that allow you to take pictures, do not take pictures of people or objects that can be linked to people, such as cars, houses, etc.

Especially about the processing of personal data about minors and children

The processing of personal data for minors will take place in the same way as for other users, and which is described in this policy. We minimise the personal data that is processed and secure the personal data appropriately and impose a level for the processing of personal data equivalent for minors for all users. 

Both the minor and the guardian on behalf of the minor may exercise the rights of the minor below.

Disclosure and transfer of personal data

Wittario does not transfer on your personal data to third parties.

Wittario uses data processors to collect, store or otherwise process personal data on our behalf. In such cases, we have entered into agreements to ensure information security in all stages of the processing.

All processing of personal data that Wittario carries out will take place within the EU / EEA area.

Security 

Wittario will take all necessary technical and organisational measures to secure your personal data. All processing and transmission are encrypted.

Your rights when we process personal data about you

Your rights below apply where Wittario is responsible for processing, see above about “Processing responsible. Data Processor”. If you use the Services as part of an organisation (such as a company, school, association, etc.), the organisation is data controller, and you must contact the organisation on exercising your rights on the processing of your personal data. Your rights will, in this case, be substantially as described below.

Right of access, correction, and deletion

You have the right to have access to, correction or deletion of your personal data. If you have registered an account, most of the data you have provided will be manageable in the app, if the data has not been deleted, see above.

In order to exercise your rights, you must contact us using the contact information included above in this policy. We will respond to your inquiry to us as soon as possible and within 30 days. If it takes more than 30 days, you will be notified.

As a registered user, you can also require that incorrect data is corrected or to delete personal data. You can also correct or delete your data through the app if you are a registered user. We will as far as possibly accommodate a request to delete personal data, as long as we do not need the data.

If necessary, we will ask you to confirm your identity or provide additional information before we allow you to exercise your rights. We are required to ensure that we only give access to your personal data to you - and not someone who pretends to be you.

Right to protest on the processing

You also have the right to have the processing restricted in certain cases, such as if:

• a) You dispute the accuracy of the personal data, for a period that enables Wittario to check the accuracy of the personal data.
• b) The processing is not lawful, and you oppose the deletion of the personal data and instead request that the use of the personal data be restricted.
• c) Wittario no longer needs the personal data for the purpose of the processing, but you need them to determine, assert or defend legal claims.
• d) You have objected to processing under GDPR Article 21 (1) pending the verification of whether Wittario’s legitimate interests take precedence over your privacy.

The right to data portability

For information that you have provided to Wittario and which is necessary to implement an agreement with Wittario, and which is processed automatically (i.e. not manually by Wittario), you can request that the personal data about you be disclosed or transferred to another supplier in a structured, commonly used and machine-readable format (data portability).

Automated decisions, including profiling

No automated decisions will be made, as mentioned in GDPR Article 22 (1) and (4) based on your personal data.

The right to complain to a supervisory authority

Wittaro uses the Norwegian supervisory authority (Datatilsynet) as the leading supervisory authority for cross-border processing pursuant to GDPR Article 56.

If you believe that our processing of personal data is not in accordance with what we have described here or that we in other ways violate the privacy legislation, then you set forth a complaint to the Datatilsynet.

You will find information on your rights and how to contact the website: www.datatilsynet.no.

Changes

Should there be a change in our processing of personal data or changes in the regulations on the processing of personal data, change in the information provided here may be required. If we have your contact information, we will notify you of the changes. Otherwise, updated information will always be available in the app or on our website.

‍