Privacy Policy

Effective Date: 6 March 2020

Noora AB (“Noora”) takes data privacy seriously. This Privacy Policy informs the users of noorahq.com and any other Noora-owned websites or applications on which this Privacy Policy is displayed how we, as controller within the meaning of the General Data Protection Regulation ("GDPR") and the ePrivacy Regulation ("ePrivacy Regulation"), collect and process the personal data and other information of such users in connection with their usage of the Noora website and the Noora platform (“the Noora platform”).

Categories of Personal Data and Processing Purposes

Website

The Noora platform is hosted on Amazon AWS. For more information, read their privacy policy at https://aws.amazon.com/privacy.

The Noora platform database is hosted on MongoDB Cloud Atlas. For more information, read their privacy policy at https://www.mongodb.com/legal/privacy-policy.

Third-Party Analytics

Noora uses third-party analytics services to help understand your usage of our services. If you choose not to provide this personal data, Noora will not be able to use these services to improve your website and Noora platform experience in a simple and data driven way.

Noora is using the following services:

Noora is using Google Analytics in order to gain further understanding of how the Noora website is used. Data such as pages viewed and time on site is stored in Google Analytics.

You can opt-out of having making your site activity available to Google Analytics by installing the Google Analytics opt-out browser add-on.

Noora is using Mixpanel in order to gain further understanding of how the Noora website and the Noora platform are used. Mixpanel is also used to communicate to users on the Noora platform. If we send you a targeted email which includes web beacons, cookies, or similar technologies, we will know whether you open, read, or delete the message.

Third-Party Advertising

Noora use third-party services to serve ads using retargeting and similar techniques. If you choose not to provide personal data Noora will not be able to personalise advertising targeted towards you in the same way.

Noora is using the following services:

Noora is using a so-called Facebook pixel to gather information about visitors for marketing purposes. Details about the cookies Facebook use and the data collected can be found in the Facebook Cookie Policy at https://www.facebook.com/policies/cookies/. It is also possible to opt out of all targeted Facebook advertising here: https://www.facebook.com/help/568137493302217.

Noora is using visitor data in order to serve advertising in the Google network (including AdWords), across the internet. The ads are based on visitor data. Google utilises cookies in order to be able to serve these ads. Visitors can opt out of Google’s use of cookies by visiting Google’s Ads Settings.

Noora Platform and Clients

Some personal information is needed in order to log in to and use the Noora platform. If you do not consent to Noora keeping this personal information we cannot provide you with access to our platform.

Personal information such as name is used to identify the user in the platform. For example, displaying what user is currently logged in to the platform.

In order to authenticate that the user has access to the platform, Noora needs access to some personal data when creating an account and logging in. In order to keep the platform operational and stable, Noora needs to log activity and process this personal data.

Noora is using the third-party services Google Analytics, Mixpanel and Facebook in order to track user activity in the platform. This data is used to analyse how the platform is being used. From the insights the data gives, Noora is equipped to take decisions on how the platform can be improved.

Noora communicates platform updates, scheduled maintenance, NPS surveys and other relevant information to all users from time to time. This is done by email or chat through Mixpanel and Intercom.

We may also use Intercom as a medium for communications, either through email, or through messages within our platform. As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience.

For more information on the privacy practices of Intercom, please visit https://www.intercom.com/terms-and-policies#privacy. Intercom’s services are governed by Intercom’s terms of use which can be found at https://www.intercom.com/terms-and-policies#terms. If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.

Categories of Recipients and International Transfers

We may transfer your personal data to third parties for the processing purposes described above as follows.

Within Noora: Noora may receive your personal data as necessary for the processing purposes described above. Depending on the categories of personal data and the purposes for which the personal data has been collected, different internal departments within Noora may receive your personal data. For example, our IT department may have access to your account data, and our customer success and sales departments may have access to your account data or data relating to product orders. Moreover, other departments within Noora may have access to certain personal data about you on a need to know basis, such as the legal department, the finance department, or internal auditing.

With data processors: Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data under appropriate instructions (“Processors“) as necessary for the processing purposes described above, such as analytics service providers, order fulfilment providers, customer care providers, marketing service providers, IT support service providers, and other service providers who support us in maintaining our commercial relationship with you. The Processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed.

Other recipients: We may transfer – in compliance with applicable data protection law – personal data to law enforcement agencies, governmental authorities, judicial authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition. We will not disclose your personal data to third parties for advertising or marketing purposes or for any other purposes without permission. Any access to your personal data is restricted to those individuals that have a need-to-know in order to fulfil their job responsibilities.

International transfers: The personal data that we collect or receive about you may be transferred to and processed by recipients that are located inside or outside the European Economic Area (“EEA“). For recipients located outside of the EEA, some are certified under the EU-U.S. Privacy Shield and others are located in countries with adequacy decisions, and, in each case, the transfer is thereby recognised as providing an adequate level of data protection from a European data protection law perspective. Other recipients might be located in countries which do not adduce an adequate level of protection from a European data protection law perspective. We will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us as set out in Section 6 below.

Retention Periods

Your personal data will be retained as long as necessary to provide you with the requested services. Once our relationship has ended, we will take steps to remove your personal data from our systems and records, anonymise it so that you can no longer be identified from it or otherwise see to that access to the personal data is highly restricted. The foregoing does not apply to the extent needed to comply with legal or regulatory obligations to which Noora is subject (e.g. taxation purposes).

We may retain your contact details and interests in our products or services for a longer period of time if Noora is allowed to send you marketing materials. We may also retain your personal data after the termination of the contractual relationship to the extent necessary to comply with applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on a need to know basis only. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.

Data from cookies and similar technologies is retained as follows:

• Intercom: https://www.intercom.com/terms-and-policies#cookie-policy
• Google Analytics: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
• Facebook: https://www.facebook.com/policies/cookies/
• Google AdWords: https://policies.google.com/technologies/ads

Your Rights

Withdraw Your Consent

If you have declared your consent regarding certain collecting, processing and use of your personal data (in particular regarding the receipt of direct marketing communication via email), you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. Please contact us as stated in Section 6 below to withdraw your consent. If you would like to withdraw your consent for cookies on this site, please email support@noorahq.com.

Additional Data Privacy Rights

Pursuant to applicable data protection law, you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing of your personal data; (v) request data portability; and/or (vi) object to the processing of your personal data (including objection to profiling).

Please note that these aforementioned rights might be limited under the applicable local data protection law. Below please find further information on your rights to the extent that the GDPR applies.

Personal Data

You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. This access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.

You may have the right to obtain a copy of the personal data undergoing processing free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

Request Rectification

You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Request Erasure (right to be forgotten)

Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.

Request Restriction of Processing

Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In such case, the respective data will be marked and may only be processed by us for certain purposes.

Request Data Portability

Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.

Right to Object

Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Such right to object may especially apply if we collect and process your personal data for profiling purposes in order to better understand your interests in our products and services or for direct marketing. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated in Section 6 below. Such a right to object may, in particular, not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded. If you no longer want to receive direct marketing via email, you need to withdraw your consent as explained above. To exercise your rights, please contact us as stated under Section 6 below. You also have the right to lodge a complaint with the competent data protection supervisory authority.

Cookies and other Tracking Technologies

This website uses cookies and other tracking technologies. Further information can be found in our Cookie Policy.

Questions and Contact Information

If you have any questions about this Privacy Policy or if you want to exercise your rights as stated above in Section 4, please contact us at: support@noorahq.com.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, regulatory or operational requirements. We will notify you of any such changes, including when they will take effect, by updating the “Last revised” date above or as otherwise required by applicable law. Your continued use of our website and service after any such updates take effect will constitute acceptance of those changes. If you do not accept updates to this Privacy Policy, you should stop using our website and service.

Communications

As part of your business relationship with Noora we might send you the communications about product updates, events, competitions and other products and services you may also be interested in. As described above you can unsubscribe at any time.