Nora privacy policy
Introduction
This privacy policy will explain how we (Nora Software AS, Colletts gate 15B, 0169 Oslo, Norway, "Nora") use the personal data we collect from you when you use our services (the “service” or “Nora service”).
We protect your data in accordance with the Norwegian Data Protection Act, the EU General Data Protection Regulation (GDPR).
If you have any questions about the privacy policy or any other questions regarding our privacy practices, please contact us at info@nora.team.
What data do we collect and why?
We process your personal data in order to provide the Nora service when using our services, as described below.
When you and others use the service
Your use. When you use the Nora service , we collect the following data:
- Personal identification information (name and email address)
- Video data, including voice
- Meeting notes, which may include personal data
- Website access data (see below)
- If you connect your Google account, we collect Google user data (see below)
If you decide to use the voice transcriber service feature, we may
- temporarily record your voice and share it with our partner in order to transcribe it to text. This recording is deleted within 24 hours.
- apply machine learning algorithms to both your utterances and your meeting notes, in order to summarize them and provide other information related to them.
The legal basis for the processing is the performance of our contract with you or to fulfill your request (GDPR art. 6 (1) b).
Collaborative use. When you request that we delete your account, we will delete all data we have collected about you, with some exceptions. The main exception is when your data is required for the use of other users.
A core premise of the service is to be able to retain a permanent record of meetings. To this end, for any meetings in which you have participated, the following data will be retained as long as any of the other participants remain as users of the service.
- Your name and the fact of your participation in the meeting
- Any agenda items and descriptions added by you
- Any notes, tasks, decisions and attachments added by you or involving you
Details from your own calendar will not be removed.
The legal basis for the processing is the legitimate interest of Nora (GDPR art. 6 (1) f). In order to provide key the functionality and benefits of the service, the above described data must be retained. The retention is in the interest of all users of the service, creating a win-win for all parties. These interests are legitimate. The retention of data will to a very limited extent violate your privacy, as most data will be business related and of low personal sensitivity. Thus, our legitimate interest will override your privacy related to this use of the data.
When you connect your Google account
If you grant permissions for us to access your Google account, we will process:
- Profile data, including e-mail address and name
- Events from your Google calendars
- Contacts from your Google account
When you create a new meeting in the Nora service, we will automatically synchronize this meeting to your Google calendar. In the Nora service calendar, you can also make changes to your calendar events. If you decide to add Nora service functionality to an existing calendar event, we will modify the event to reflect this. We will not make changes unless you ask us to.
We will not share your Google user data with any third parties for other purposes than data storage.
We store all your Google user data in encrypted form, and always transmit it over encrypted connections.
The legal basis for the processing is the performance of our contract with you or to fulfill your request (GDPR art. 6 (1) b).
Our copy of your Google account data will be deleted when you delete your account (see above).
When you visit our website
When you visit our website nora.team, we collect the following information from your device:
- IP address
- date and time of the access
- name and URL of the accessed file
- browser type and version
- further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, etc.)
We only process these data to ensure the proper operation of our website, for evaluating system security and stability, for analysis and administrative purposes.
The legal basis for the processing is the performance of our contract with you or to fulfill your request (GDPR art. 6 (1) b).
The legal basis for the analysis is the legitimate interest of Nora (GDPR art. 6 (1) f). In order to improve the service and thus stay in business, we must analyze how you and other users operate the service. These interests are legitimate. The retention of data will to a very limited extent infringe on your privacy, as most data will be business related and of low personal sensitivity. Thus, our legitimate interest will override your privacy related to this use of the data.
Data will be deleted after 30 days.
When you contact us via e-mail
In cases where we provide e-mail support, you may contact us via e-mail. In order to respond you your request or inquiry we process:
- Your name
- Your email
- Other personal data you choose to share with us
The processing is necessary for the performance of a contract with you or to fulfill your request (GDPR art. 6 (1) b).
Marketing via email
We send newsletters by e-mail so that you can receive different types of information and offers. It is voluntary to sign up to receive newsletters, and you will only receive e-mails if you have given your consent (GDPR. art. 6 (1) a). It is easy to unsubscribe from the newsletter, either by contacting us or by clicking on the unsubscribe link at the bottom of all newsletters from us.
For our newsletters to be relevant to you at all times, we may, if you have consented to this, use information about you to adapt our newsletters to you.
When sending newsletters, we can measure the opening rate of the newsletter and create aggregated statistics and analyzes to improve our newsletters.
The legal basis for this and our processing for marketing purposes is our legitimate interest in marketing through relevant newsletters (GDPR art. 6 (1) f)). The marketing related processing is required for us to stay in business. The processing constitutes a very limited infringement of your privacy.
We use Mailjet as our newsletter provider. Read Mailjet's privacy policy.
When you delete your account or request us to, we will delete your information from our marketing database.
Error data reporting
We use error reporting tools which may include personal data for the purpose of error reporting. The data will be processed solely for the purpose of testing and resolving compatibility issues, fixing and resolving bugs or other quality issues related to the service. The legal basis for the processing is the performance of our contract with you or enabling us to reply to your request for the service (GDPR art. 6 (1) b).
Any personal data that is included in our error reporting will be deleted after 30 days.
Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology (e.g. local storage).
How do we use cookies?
Nora uses persistent first-party cookies to keep you signed into the application. They expire after one year. We do not use third-party cookies.
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
The cookies we use:
Service |
Purpose |
|
---|---|---|
Google Analytics |
Analyze website traffic, user behavior, and interactions |
|
Google Tag Manager |
Simplify the process of managing and deploying various scripts and marketing tags on a website. |
|
Google Ads |
Advertising, retargeting and conversion tracking |
|
Hotjar |
Understand and visualize user interactions on the website, such as clicks, scrolls and mouse movements |
|
Delighted by Qualtrics |
Collect and analyze customer feedback |
|
Meta / Facebook |
Advertising, retargeting and conversion tracking |
|
Encharge |
Analyze website traffic, user behavior and interactions |
Where we process your data
Service providers
We do not process your data using third parties unless there is a legitimate and legal basis for doing so. We use third party services for a number of purposes, as listed below.
We will only process your personal data with third parties as described in this privacy policy and do not sell any personal data. The third parties will be responsible for any processing of personal data for their own purposes.
Our service providers are:
Service |
Purpose |
Legal basis |
|
---|---|---|---|
Amazon Web Services |
Hosting |
GDPR art. 6 (1) b |
|
Calendar, user data and advertisement |
GDPR art. 6 (1) b, f |
||
Mailjet |
Email service |
GDPR art. 6 (1) a |
|
OpenAI |
AI Analysis |
GDPR art. 6 (1) b |
|
Hotjar |
Usage analysis |
GDPR art. 6 (1) f |
|
Meta (Facebook) |
Advertisement and analytics |
GDPR art. 6 (1) f |
|
Encharge |
CRM system |
GDPR art. 6 (1) a |
We have an account on LinkedIn to present our products, services and Nora.
LinkedIn allows us to see posts, likes, follows, comments, messages, as well as aggregated statistics to help us understand the visitor’s actions on our pages. LinkedIn process personal data in the USA and other countries listed in their privacy policy. The European Union Standard Contractual Clauses (SCC) are the legal basis for the transfer from the European Economic Area (EEA) to the USA.
As the vast majority of the processing taking place will be by Linkedin as data controller, please read more in LinkedIn’s privacy policy.
Business transactions
Relevant personal data may also be provided to third parties such as lawyers, advisers, buyers and prospects in connection with a business transaction, including a prospective or completed merger, acquisition or stock sale (including transfers made as part of insolvency or bankruptcy proceedings). Non-disclosure agreements or professional obligations of secrecy will protect your personal data.
Safety measures
We are constantly working to protect your personal information and other confidential information. Our security measures include physical, technical and administrative measures.
Everyone at Nora who handles personal data has received training and guidance on how to handle personal data safely. We have routines and access control to prevent the loss or disclosure of your personal information. We adopt industry standard software and guidelines to protect your personal data and other confidential information.
Any violation of our security practices will be documented. We have procedures and capacity to detect and address security and privacy breaches. If such breaches are detected, this will be reported to management, the risk of security breaches will be assessed, and the Data Inspectorate will be notified if necessary. You will also be notified as a user if the security breach poses a high privacy risk to you.
How long we store your data
We will retain and use personal information only for as long as we have a legal basis for doing so. That could mean minutes, hours, days, months or years, depending on the type of personal data. See the various purposes under the section "What data do we collect and why?".
Your rights as a data subject
Subject to applicable law, you may have certain rights with respect to our processing of your personal data, including:
- the right to information about how we collect and process your data in.
- the right to access to a copy of, rectify, correct and update the personal data that we have about you.
- the right to restrict processing or have your data deleted, in certain cases.
- the right to withdraw any consents you have given at any time, in certain cases.
Please contact us at info@nora.team for any of the above or if you consider that our processing of your personal data infringes applicable law.
If you believe that we process your data in violation of your rights, you have the right to complain to the Norwegian Data Inspectorate (“Datatilsynet”) or your local data protection authority. Please contact us at info@nora.team before sending a complaint to the relevant authority, so that we can try to resolve or clarify the issue.