1. ECG247’s personal data protection statement
This personal data
protection statement and its associated terms and conditions provide the
information you are entitled to receive when your personal data are registered
via a digital platform. The document also provides general information
concerning the way we process personal data.
The terms and conditions are intended to give you, as our customer, sufficient information about the way that ECG247 handles personal details about you, as in accordance with current privacy legislation.
Personal data refers to information that may be linked to a physical person. Processing refers to any handling of personal data, e.g. collecting, recording, collating, storing and sharing.
At ECG247 we are keen to ensure that all personal details are handled in a way that makes you feel reassured your data are subject to the strictest confidentiality regime. We process the personal data we need for you to make use of our services, and to conduct analyses that will enable us to improve our range of services. All such analyses will be based on aggregated and anonymised data which cannot be used to identify you as an individual. Beyond this, all personal data are handled as in accordance with the express consent you have given us. You are free to withdraw this consent at any time.
This personal data protection statement and the associated terms and conditions will be updated from time to time, for instance because our services are extended or amended, and we will notify you if this requires further consent from yourself. The current version of the terms and conditions can be found on ECG247.no at all times. If major changes are introduced, we may also try to contact you direct through available channels such as email or by puting up a notice on our website and digital services.
2. ECG247’s digital platform
platform’ refers to our website, online sales, and ECG247’s app, data warehouse
and integration platform.
When you create a profile on ECG247’s digital platform, you will be asked to enter your personal details. ECG247 will process this information to ensure that we can offer you relevant and easy-to-use services. Our range of services is subject to constant development. We will also send you all necessary communications relating to the management of your customer account in relation to your use of ECG247’s digital platform. If you have consented to receiving digital marketing material, you will also be getting details of offers and news from ECG247.
By accepting the terms and conditions as you create a profile on ECG247’s digital platform, you confirm that you have read, understood and consented to the content of this document and ECG247’s processing of your personal details. Customers under the age of 13 need the consent of a parent or guardian. If children under the age of 13 nevertheless have given us their personal details, we will delete this information as soon as we become aware of the matter. Parents can contact us as explained later.
Copyright, other rights and the content of ECG247’s digital platform are the property of ECG247 or the company’s subcontractors and partners.
2.1 The ECG247 app
The ECG247 app allows you to use ECG247’s heart sensor. The app will also allow you to retrieve receipts for your purchases.
Before you can use the ECG247 app you need to register the following information:
- Mobile phone number
All purchases and payments are handled by the payment service provider, who acts as data controller on behalf of ECG247.
ECG247.com allows you to create a personal profile by entering your personal details.
You need to register the following information:
- Mobile phone number
2.3 Online sales
ECG247.com allows you to
buy ECG247 heart sensors, ECG247 electrode patches and cardiologist reviews.
You need to register the following information:
- Mobile phone number
- Credit card number
Your mobile phone number is registered to enable us to provide good and efficient customer services. If the mobile phone number has already been recorded in ECG247’s customer database, your purchase will be linked to the existing customer profile.
3. What personal data are processed and why?
Your personal data are stored on ECG247’s digital platform. We obtain personal data for the following purposes:
- In order to manage your customer account, we register basic details such as your name, email address, mobile phone number and date of birth. Date of birth is optional.
- Personal profile settings are stored to enable us to send you automated receipts, receipt listings and/or newsletters as in accordance with your wishes.
- Changes to your profile will be stored as information by Customer Services on request from passengers.
- Your card details will need to be saved to your profile if you want to order any ECG247 product.
- Electronic and technical information, including information about your mobile device and app, IP address, search terms, traffic data, app ID, app version, operating system and phone model is stored so that we can provide you with the best possible assistance as required and offer relevant updates.
- Network communication data are obtained because the ECG247 app requires network access to retrieve the information held in ECG247’s systems. Network access may be provided by a wireless network or a mobile network.
- If you get in touch with ECG247’s Customer Services, this contact will be logged to ensure that we provide you with the best possible assistance.
To avoid abuse of ECG247’s
services we will make use of registered data for control purposes.
ECG247 anonymises personal data before they are used to analyse customer behaviour. This is to enable us to improve your experience and our digital platform.
4. Consent to receiving digital marketing material
For your personal details to be used for direct marketing purposes, you will need to opt in by giving your express consent. You can withdraw your consent at any time.
5. Is providing information optional?
You are free to choose whether you want to provide your personal data, but for you to make use of ECG247’s heart sensor, some basic personal details have to be registered, see point 2. We will ask for your express consent for any further information.
6. Who is ECG247’s data controller?
ECG247, as represented by the managing director, is the data controller who under the Norwegian Personal Data Act is responsible for the company’s processing of personal data. The ‘controller’ is the person who determines the purpose of the processing of personal data and the tools to be employed in doing so.
7. What is the legal foundation?
ECG247’s procedures are subject to the Norwegian Personal Data Act and the legal foundation provided by its section 8, Conditions for the processing of personal data. Your acceptance of our terms and conditions constitutes our legal basis for processing your personal data. For any other purpose we will obtain your express consent.
8. Are my personal details safe?
You can be assured that no details relating to yourself eys may be abused by ECG247 in our capacity as controller of the personal data we process. All personal data will be securely stored and confidentially handled in accordance with:
- The Norwegian Personal Data Act of 14 April 2000, no. 31 and associated regulations.
- The industry standard for privacy and information security in electronic ticketing.
- Payment Card Industry Data Security Standard (PCI DSS).
ECG247 has implemented a set of rules and procedures to protect your personal data and privacy. To ensure that our data processing is securely conducted, only specially authorised personnel at ECG247 have access to the information you provide us with. Only a limited number of employees can hold such authorisation. All systems that we use to process customer data are subject to strict access control. ECG247 takes privacy seriously and the company carries out and updates privacy risk assessments.
Your personal data will never be transferred to a third party unless you have given ECG247 your consent that such transfer is acceptable.
If we share your personal data with a third party, we will ensure that there are arrangements and agreements in place to safeguard the information and prevent the third party from using the personal data for any purpose other than what has been agreed.
9. Will the data be shared with others?
ECG247 makes use of
subcontractors for the purpose of conducting its business. If a subcontractor
needs to process personal data on ECG247’s behalf, privacy is secured through
data processing agreements.
Data processors are subject to strict rules imposed by ECG247 and cannot make use of personal details for any purpose other than to provide the services they have agreed with us. We take precautions to ensure that subcontractors conduct their affairs in accordance with this personal data protection statement, the company’s internal data processing agreements and Norwegian privacy legislation.
If required by law, or if there is suspicion that a criminal offence may have been committed in connection with the use of our services, any information we hold about you may be submitted to public authorities.
10. How are the data stored and deleted?
We will not store your
personal data for longer and to a greater extent than necessary to fulfil the
objectives specified in this personal data protection statement, unless a
longer storage period is imposed by law at any point. Storage of anonymised
data is not subject to similar restrictions or requirements.
ECG247 has procedures in place for data deletion and anonymisation. You can also delete your own profile or enlist the assistance of ECG247’s Customer Services in doing so. If you choose to delete your profile, your personal data will also be deleted.
12. What are your rights and options?
You have a right to:
- Know what information we hold about you (within the restrictions set out in current legislation).
- Demand that erroneous, unnecessary, incomplete or outdated personal data be corrected, supplemented or removed.
- Withdraw any consent you may have given us to process the personal details you have provided us with. However, please note that this may render us unable to continue delivering some of our services or benefits to you.
ECG247 is committed to responsible and sustainable business practices. If you feel that we fail to comply with this personal data protection statement or the current legislation, please address your concerns to ECG247, or the Norwegian Data Protection Authority.
13. Contacting us
Please find contact information at ecg247.com