Regarding users’ personal data, SIXTY AS, applies the General Data Protection Regulation (GDPR) (EU) 2016/679 to ensure that their privacy is protected.
Name and Address of the Controller
The Data Controller that will collect and process certain personal data is:
SIXTY AS company (Sixty, from now on), registered in Norway with registration number 984 718 497, and registered address C. Sundts gate 37, 5004 Bergen, Norway.
Purposes of the processing
The purposes for which personal data is processed are or may include the following:
Providing information requested by users.
Providing requested services.
Identifying users correctly.
Improving our services and products.
Understanding users and their needs through statistical studies (this is done with the data aggregated and therefore anonymised).
For management of basic administration processes.
Sending promotional emails and/or push notifications about Sixty and Sixty products or other information which we think users may find interesting using the e-mail address that the user has provided. In each e-mail the user may receive, we will provide the appropriate information for the user to exercise his/her right to revoke their consent/unsubscribe. A user’s consent to receive commercial information is always revocable in accordance with the applicable data protection regulations.
All data (if any) marked with an asterisk (*) that is requested through the website is required, as it is necessary for the provision of an optimal service to users.
The data shall only be stored for the time the user stays subscribed and in all cases for the time strictly required to provide services to you. Data shall promptly be deleted immediately thereafter, without prejudice to the legal storage obligations provided for by the law.
Legal basis for the processing
The legal basis for the processing set out herein is the consent provided by the user.
A user’s personal data will not be disclosed to third parties. Some personal data of users may, however, be stored in or transferred to a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA which provides services for Sixty, but only to the extent described herein.
Sixty may also disclose personal data of users as required by law, or when we believe in good faith that disclosure is necessary to protect our rights, protect the safety of our users or the safety of others, investigate fraud, or respond to a government request.
Rights of the Data Subject
Each user (data subject) has the following rights regarding their personal data:
Right of confirmation: to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. If a data subject wishes to exercise this right, he or she may at any time contact our data protection officer or another employee of the controller.
Right of access: to obtain from the controller free information about his or her personal data stored at any time and a copy of this information.
Right to rectification: to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Right to erasure (Right to be forgotten): to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies and as long as the processing is not necessary:
The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
The data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1) of the GDPR, or point (a) of Article 9 (2) of the GDPR, and where there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR.
The personal data has been unlawfully processed.
The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.
Right of restriction of processing: to obtain from the controller restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject; for a period enabling the Controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of its use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to data portability: to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided as long as the processing is based on consent and the processing is carried out by automated means. Furthermore, in exercising his or her right to data portability pursuant to Article 20 (1) of the GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and does not adversely affect the rights and freedoms of others.
Right to object: to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.
Right to withdraw data protection consent: to withdraw his or her consent to processing of his or her personal data at any time.
If the data subject wishes to exercise any of the aforementioned rights, he or she may at any time directly contact the data controller by sending the appropriated request at the following addresses:
C. Sundts gate 37, 5004 Bergen, Norway.
Finally, each data subject has the right to lodge a complaint before Datatilsynet (www.datatilsynet.no)
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, Sixty has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
For more information, visit our Cookies Policy.
Validity and modifications
The relations established between Sixty and the user will be ruled by what has been established in the current regulation on the applicable legislation and competent jurisdiction. Nevertheless, in the cases where the regulation foresees the possibility of the different parties submitting to a court, Sixty and the user, with express renunciation to any other dispute/court case that may relate to them, will submit to the courts of Bergen, Norway (Bergen Tingrett).