Diri is a Norwegian company with legal entities, business processes, management structures and technical systems that cross national borders. Diri supplies software and services to private and public companies (customers) worldwide. Diri’s head office is in Gjøvik and is subject to European privacy legislation, including the General Data Protection Regulation (GDPR).
The top management in the company makes all strategic decisions about privacy in Diri.
Personal data is information that can identify you as a person, e.g., an e-mail address, street address, telephone number, etc. Processing of personal data is necessary for us to be able to serve our customers.
Diri processes personal data about job seekers, contact persons and users of services or products related to our customers. In addition, we process personal data about people who represent potential customers, e.g., contacts us via Diri websites or other channels. You can read more about how we process this type of personal data in the section dealing with Diri as the data controller.
Diri also processes personal data on behalf of our customers, with the customer as the data controller and Diri as the data processor. You can read more about how we process this type of personal data in the section dealing with Diri as a data processor.
When Diri determines the purpose of and the processing of your personal data, Diri is considered the data controller. This includes scenarios where Diri collects personal data in connection with you being a job seeker, contact person for a customer or potential customer, or when you are a user of our services.
To manage our customer relations in general and to fulfil specific obligations towards customers according to service agreements, Diri needs to process personal data about you in your role as customer contact or user of a service. The purpose of the processing of this personal data is:
1. Carry out sales and contract processes with customers and potential customers
2. Provide customers and potential customers with offers for products and services
3. Carry out deliveries by agreements with you or customers
4. Offer support to users of our products and services
5. Improve and develop the quality, functionality and user experience of our products and services, as well as on Diri’s websites
6. Detect, minimise and prevent security threats
7. Prevent misuse of our products and services
8. Process orders, invoicing, payments and other administration
9. Map displayed interests on Diri’s websites to provide you with content you seem to be interested in, with an effective option to “opt-out”
10. Operate online forums to provide training and facilitate interaction and dialogue between users and Diri
The legal basis for processing personal data according to the stated purposes in points 1 to 9 is essentially that Diri believes we have a legitimate interest in processing your personal data for these purposes from a business perspective, and because we believe that this does not constitute an encroachment on your right to privacy. The legal basis for processing personal data according to the purpose listed in point 10 is your consent.
Diri processes personal information about contact persons for potential customers for marketing purposes. To offer targeted and relevant content to potential customers, Diri builds an interest profile based on contact persons’ movements, choices and actions on Diri’s websites, as well as in connection with contact persons’ responses to e-mails from us. The legal basis for such processing is mainly the contact person’s consent.
You can read more about how we create such profiles and how you can adjust the profile and withdraw your consent below.
If you are a job seeker, we process your personal data to assess your opportunity and potential to be employed by Diri. The legal basis for such processing is your consent.
Diri generally collects personal data directly from you or other people associated with the customer. These people can be a manager or colleagues. If the customer you work for buys Diri’s products or services via a Diri partner, we can collect information about you from our Diri partner.
Sometimes, we may also collect information about you from other sources. These sources can be publicly available or on third-party social networks such as LinkedIn or proff.no. Diri can combine personal information about you from one data source with data obtained from another. This gives us a more complete picture of you and allows us to serve you in the best possible way.
Diri uses various digital tracking technologies to collect information about your movements on Diri’s websites and when interacting with us.
Google Tag Manager: A tool for adding functionality to websites.
Google Analytics 4: This cookie allows us to see information about the user’s activities on websites, including but not limited to page views, source and time spent on a website. IP addresses are not stored in Google Analytics 4. This helps to protect your privacy. With the help of Google Analytics 4, we can see which content is popular and less popular on our websites and work to give our users more of the things they like to read and watch. Data is stored in Europe.
You can prevent the information generated by Google’s cookies by downloading and installing the Google Analytics Opt-out Browser Add-on for your current browser. This add-on is available at http://tools.google.com/dlpage/gaoptout.
SalesIQ: Cookies are used to collect and analyse visitor data when they land on the website. This helps us provide the best user experience to our website visitors. It also allows the user to contact us via our Chat service.
The type of personal data that Diri processes about you can be:
Basic contact information such as name, address, telephone number and e-mail
As a data controller, Diri does not process sensitive personal data about you.
Diri may share your personal data with external third parties in the following contexts:
Suppose you post a post, comments or similar on Diri’s online forum or other forums on Diri’s website. In that case, such information can be read and used by anyone who has access to such forums and used for purposes over which neither the users nor you have control. Diri is not responsible for information you make available in such online forums, Diri websites or other similar forums.
Diri may share your personal data with our partners by applicable data protection legislation. For example, if you buy a product or service on behalf of your employer that Diri offers through one of our partners. In such a situation, Diri and our partner may share your personal data to deliver the product or service to the customer.
The police and other authorities can demand the release of personal data from Diri. In such situations, Diri will only hand over personal information and data if there is a court order or similar.
In connection with mergers, acquisitions or reorganisation of Diri’s operations, the acquiring entity and its consultants can gain access to data managed by the company, which may in some cases include personal data. In such cases, external parties will sign a non-disclosure agreement with Diri.
You have the right to notify us that you do not wish to receive marketing from Diri. You can do this by following the instructions for reservations included in the marketing communication.
Please note that even if you choose not to receive marketing communications from Diri, you may still receive administrative communications such as order confirmations or notifications necessary to manage your account or the services we provide to our customers.
You have the right to access your personal data and can request an overview of the personal data we store about you. You may also have the right to take your personal data from one business to another (data portability). You also have the right to request that Diri correct errors in your personal data.
You also have the right to submit a complaint to the Norwegian Data Protection Authority regarding our processing of your personal data if you, e.g., consider the processing unlawful.
Diri takes the trust you and customers show us seriously. Diri is concerned with preventing unauthorised access to and forwarding of personal data. Diri must ensure that the personal data we process is treated confidentially, maintain the integrity of the personal data, and ensure that it is accessible in accordance with the applicable data protection legislation.
As part of our obligations, we use adequate organisational, technical and physical procedures and measures to protect the personal data we process, given the type of information and the risk you and our customers are exposed to in the event of a possible deviation. We believe in building a solid corporate culture where respect for and awareness of privacy among our employees is fundamental to ensuring legal processing and protection of personal information and data. The following measures are essential in this regard:
Diri only processes your personal data as long as it is necessary for the purpose communicated to you or the customer in connection with the collection of the personal data while taking into account our need to be able to answer questions from you or the customer, resolve disputes, as well as comply with legal obligations under applicable laws. This means that Diri can retain your personal data for a reasonable period after your and our customer’s last interaction with us.
When the personal data we have collected is no longer necessary to fulfil the purpose behind which it was collected, we delete it. We may process data for statistical purposes, but in such cases, the data will be pseudonymised or anonymised, as personal information is not interesting in this context.
Diri offers various services to our customers. Most of these services involve processing customer data, including personal information. Our customers determine the purpose of the processing of personal data. This means that the customer is the data controller, Diri is the data processor, and Diri only processes personal data on behalf of the customer. The relationship between the customer as a data controller and Diri as a data processor shall be regulated by a data processor agreement.
When the customer acts as data controller, following the applicable data protection legislation, this must ensure the legal basis for processing personal data. Furthermore, the customer must consider establishing ownership of the risk when processing personal data. Another critical aspect of the customer’s responsibility as a data controller is to comply with the obligation to provide information to the registered persons.
Diri is a natural part of the customer’s responsibility as a data controller because Diri’s services are part of the processing of personal data that the customer must ensure is in accordance with current privacy legislation. When Diri processes personal data on its customers’ behalf, we must follow the data protection legislation that applies to data processors.
In short, both the customer and Diri are obliged to cooperate to ensure the privacy of the registered persons. Diri must provide the information necessary for the customer to be able to comply with the applicable privacy legislation.
Diri uses subcontractors to process personal data and can export our or customers’ data to other companies within the EU. These subcontractors are usually providers of cloud services or other IT services.
When using subcontractors, Diri will enter into a data processor agreement to protect your rights to privacy by current privacy legislation and to fulfil our obligations to customers.
Diri depends on strategic partners to be successful with our business processes and to be able to offer you our services in an efficient, safe and cost-conscious way. These third parties include, but are not limited to:
You are always welcome to request an overview and more detailed information about Diri’s subcontractors, including documentation of the legal basis for international transfers.
You can also send us a written inquiry by post.
We treat all such inquiries confidentially, and our privacy officer will contact you to deal with your issues and outline the possibilities for a solution. We aim to ensure that all questions are handled efficiently and appropriately.