The data controller for our sites and apps is BusGroup. This means that we are responsible for deciding how and why we hold and use your personal data.
BusGroup also acts as the processor on behalf of our costumers based on their instructions as the data controller.
Personal data is data which can identify you as a person, for example your e-mail address, phone number or name.
2. From whom do we collect personal data?
BusGroup process personal data from job applicants, contact persons, employees and users of services of our costumers’ products.
We also process personal data about potential customers, who make contact through our websites or our other related channels. Information about how we process this category of personal data can be found below in the section about BusGroups responsibility as the data controller.
Information about how BusGroup process personal data as the processor can be found below.
3. BusGroup as the data controller
BusGroup acts as the data controller when we decide the scope and purpose of the processing of your personal data. This includes situations where you act as a job applicant, contact person for a costumer, a potential costumer or a user of our services.
A. Why we process your personal data
About customer contacts and users
We collect your to:
- a) Complete processes for sales and contracts with costumers and potential customers.
b) Provide our customers and potential customers information about our products and services upon a request from the data subject
c) Deliver our services to our customers in accordance with our agreements.
d) Offer support to the users of our products and services.
e) Improve and develop the quality, functionality and user experience on our products and services.
f) Detect, minimize and prevent security threats.
g) Prevent misuse of our products and services
h) Process orders, billing and payments
j) Operate the internet forum to train and facilitate interaction and dialogue between the users and BusGroup.BusGroup process your personal information for the above-mentioned purposes a)-j) on the basis of legitimate interest.BusGroup will delete your personal data when you are no longer a costumer or user of our services.
About work applicants
We collect your name, phone number, information about current employer and …. (insert more information) to consider your application in BusGroup and contact you about possible job possibilities based on your consent to do so.
B. How we collect your personal data
BusGroup collects personal data directly from our data subjects or other persons which are connected to our customer/ member service. These persons can be the data subject’s leader or colleague.
We can collect your personal data from your employer if they are a member of BusGroup Norway.
We also use «cookies» and other tracking technology methods when you use BusGroups websites.
More information about how we use tracking technology can be found below.
BusGroup may collect your personal data from public sources or third-party services such as Linkedin or proff.no.
Automatic data collection tools
BusGroup uses different types of digital tracking technology tools to gather information about your movements on BusGroups websites.
Cookies and pixel tags
A cookie is a small file that can be placed on your device that allows us to recognize and remember you. This recognition can be used to tailor the content on the website to your preferences.
Pixel tags are codes which operates when a user visits a website or opens an email. The pixel is not visible and can only be seen in the HTML address to the website or email. The use of pixels will give your browser a unique identity and be useful to tailor content on webpages to your preferences.
To find more information about cookies and how they work, visit www.allaboutcookies.org.
Cookies and technology from Google
Google Tag Manager: A tool for adding functionality on a website.
Google Analytics: This cookie provides information about a user’s activity on webpages, included page views, source and time used on a webpage.
BusGroup will anonymize your IP address before sending them to Google, which mean it cannot identify any data subjects.
Google Remarketing (DoubleClick): This cookie will enable Google to show advertisements based on activity on BusGroups webpage on other webpages. This information will not be able to identify any data subject.
Google AdWords: Using a Google AdWords code will give BusGroup information about why data subjects chose to contact us through our contact form. This enable us to optimize our advertising in search motors. This information will not be able to identify any data subject.
Hotjar: This tool place cookies in the user’s computer to analyze use of our webpages, for examples through scrolling. All data is anonymized before it is stored and will therefore not identify any data subject.
You can prevent the collection of information which is generates by Googles cookies by downloading and install Google Analytics Opt-out Browser Add-on to your internet browser.
This tool is available at http://tools.google.com/dlpage/gaoptout
C. Type of data processed
The type of personal data that BusGroup processes are:
- Basic contact information: name, phone number and e-mail
- Professional information: employer, title, and position
- Feedback, comments or questions about BusGroup or our services and products
- Login credentials, username, and encrypted password
- Invoice information: address and organization number
- Other personal data that you have made publicly available on third-party sites such as social media.
If you are a bus driver affiliated with BusGroup using our Teq Driver application, we may process:
- Android Device ID: We collect the device ID and store it whenever the App is installed on the device. The Device ID is used uniquely for mapping the device to the physical bus vehicle.
- Android Advertising ID: The third-party platform Fabric is used to analyse the application performance and app crash reports. Fabric may collect the Android Advertising ID to generate analytical data.
BusGroup does not process sensitive personal data.
D. How we share your personal information
BusGroup Norway – Internal
BusGroup consists of several different bus companies. Therefore, it is probable that a customer has contact or appointments with more than one bus company. It’s important for us to give the best customer service and experience, which is why coordination might happen between different bus companies. To get a complete overview and insight in what customers and contact persons connected with a company within BusGroup, a bus company might share your data internally with another bus company. The bus companies are aware that the purpose of data collection limits and restricts the use of the data.
BusGroup Norway – External
BusGroup may share your data with external third parties under these circumstances:
If you post, comment or share content on i.e. forum.busgroup.no, this information might be read or used by other users with access to this online forum. Your posts can therefore be used for a purpose outside the regulations of your and our control. BusGroup is not liable for information you share on online forum.
BusGroup can share your personal data with our partners in compliance with current regulations.
The police or other authorities can demand access to your personal data. In these situations, we will provide the authorities with your personal data if, and only if, a warrant or court order is presented.
Fusions and buy-outs
In the case of fusions, buy-outs, or restructuring of the BusGroup Business, the transferee, and its consultants, will get access to data processed by the BusGroup unit or business, and can in some cases include personal data. In these cases, the external parties will sign a confidentiality agreement with BusGroup.
4. Your rights
You have the right to access your personal information and may request an overview of the personal data we process. You have the right of data portability, meaning that you can transfer your personal data from one business to another. You have the right to correct personal data and may request BusGroup to correct any errors in your personal data.
5. How we protect and store your personal data
BusGroup is concerned with building a trusting relationship with our Customers. We are working with preventing unauthorized access to and disclosure of your personal information. BusGroup processes your personal data confidentially and preserves the integrity of your data. Your data should be available on your demand, in accordance with current regulations.
As a part of our commitment, we use organizational and technical measures to protect the personal data we process, considering the type of data and the risk imposed on you and our client in the case of incidents. These are some of our measures and safeguards:
- The steering committee of BusGroup makes all the strategic decisions, and monitors and governs the boards work with privacy
- We have Data Protection Agreements with our sub-contractors that process data.
- Classification of personal data to ensure that the security safeguards implemented suits our risk assessment.
- Limit access to personal data to include only those who need access to fulfill their duties under our service agreements or legislation
- How long we process personal data
BusGroup only processes your personal data as long as necessary for the purpose communicated to you or the Customer in compliance with the collection of personal data; while taking into account our need to answer questions from you, resolve disputes, as well as comply with legal obligations under applicable laws. This means that BusGroup can keep your personal data for a reasonable period of time after your and our Customer’s last interaction with us.
When personal data no longer serves the purpose of the collection, they are deleted. We can process data for statistical purposes, but in these cases the data will be pseudonymized or anonymized, as personal data are not interesting for these purposes.
6. BusGroup acting as the processor
BusGroup delivers the TEQ system and other services to our costumer/ member companies.
This delivery of service makes it necessary for BusGroup to process personal data.
The scope and purpose of processing the personal data is set by our costumer/ member companies which means that they are acting as the controller. The relationship between the costumer as the controller and BusGroup as the processor is regulated by a data processor agreement.
The costumer´s and BusGroups duties
The costumer is responsible for making sure that personal data is processed in accordance with the applicable law. The customer is also responsible for a risk assessment and informing the data subject in the event of a breach of the law while processing of personal data.
BusGroup as the processor is also responsible for processing data in accordance with the law.
Both the customer and BusGroup will therefore collaborate to secure that the data subject rights are protected while processing personal data. BusGroup is obliged to provide the costumer all necessary information.
7. How BusGroup use subcontractors to process personal data
BusGroup use subcontractors to process personal data, which means that we will share our, yours or other customers personal data to other companies in or outside the EU. These subcontractors are mainly delivering IT or cloud services.
Before sharing personal data with subcontractors, BusGroup will sign a Data Processor Agreement to protect and secure the data subjects privacy in accordance with GDPR.
Before transferring personal data to a subcontractor outside the EU, we will make sure that there are sufficient security mechanisms established between BusGroup and the company outside EU.
To provide our customers and members with the best service, BusGroup relies on our strategic partners:
– Gture, Norway
– Brainstation 23, Bangladesh
– Google, US: Provider of document handling and analytic tools.
– Amazon, IRL and US: Provider of technical platform and email for our cloud services.
You can always ask for more detailed information about our subcontractors, and information about the legal grounds for transferring personal data to countries outside the EU.