Maze Privacy Policy 1.0

Reviewed and updated: 25. August 2017

1. Introduction to this Privacy Policy

Maze Feedback AS and its subsidiaries (”Maze”) is committed to respecting and protecting your right to privacy. This Privacy Policy will provide clear and comprehensive information to ensure that you understand how the processing of personal data affects you.

Maze has two roles when it comes to privacy:

  1. Maze will primarily process personal data on behalf of its customers, and functions as a data processor in this respect.
  2. Maze is responsible for the operation of www.mymaze.com and functions as a data controller in this respect.

This Privacy Policy will explain how personal data is used when Maze is the controller, such as what data is collected, how it is collected, how the collected data is used, and your options and rights regarding the collection of your personal data. Section 10 of the Privacy Policy will provide additional information regarding how Maze ensures protection of privacy when processing data on behalf of its customers. Maze also has a separate cookie policy, which gives information about how we use cookies and similar technology.

Our sites may have links to other third party sites or integration with social media. When you click onto third party links from our websites or use social media features such as ”like” or ”share”, you should be aware that third party sites may have different privacy policies than ours. If you submit private information to these sites, your information may be governed by other practices.

2. Personal data we collect

Personal data is information that can be used to identify a person. This information includes your name, location, phone number, IP-address, e-mail or a combination of these. When you use our digital services, the following information is collected:

Information provided by youMaze will collect the information you provide when you register with us, and other information that you voluntarily submit. For instance, when you visit www.mymaze.com as a prospective or existing client, and provide contact information or other personal data.

Information we collect when you use our services

Maze will collect information when you use our digital services. This may include your IP- address, browser type, internet service provider, network, time and date stamp, clickstream data etc. We also collect information about the use and traffic on our websites, such as the number of log-ins and users, the accessed content, and use and navigation patterns. When you subscribe to newsletters, we will also collect information regarding the e-mailed newsletters you open, your e-mail provider, your location when opening the letters, and what you click on.

Information we collect from others

Maze will collect information from social media regarding content from our sites. This may include the personal information of those who share, like and comment on such content.

3. Processing or your personal data

Maze will process personal data only when there is a legal basis and a defined purpose. Maze will process personal data for the following purposes, and based on the following legal bases:

Purpose Legal basis
Provision of newsletter

If you request our newsletters, we will process personal data as necessary to provide these newsletters

Performance of contract
Presentation of website

If you visit our website, we will process personal data as necessary to present to you our website

The legitimate interest of being able to present our website
Organising events and courses

If you register for a Maze event or course, we will process personal data necessary to organise the event or course

Performance of contract
Provision of support

If you ask for support when using our services we will process personal data necessary to provide this support

Performance of contract
Analysing behaviour on social media

We use personal data for analysing activity related to Maze on social media, such as who shares, likes and comments on content from our sites

The legitimate interest of improving our services.

4. Disclosure of personal data

Maze may disclose personal data to subsidiaries of Maze, and to companies who provide Maze with technical or administrative services connected to the operation of our digital publications and related services. Maze will ensure compliance with legal requirements when sharing information. When transmitting data to processors outside of the EEA, Maze will ensure that sufficient safeguards are in place, such as conclusion of EU Model Clauses or that the processors are certified under the EU-US Privacy Shield Framework. EU-US Privacy shield is available here, whereas EU Model Clauses are available here.

Accumulated and anonymized data may be disclosed to third parties.

5. Security of personal data

Maze is committed to protecting your personal data, and has implemented a comprehensive information security management system in order to protect the confidentiality, integrity and availability of personal data. This system includes the assessment and management of risks, documented and applied operational procedures and routines, as well as advanced technology to detect, prevent and respond to any unauthorized access and misuse. Our practices include storing data in certified high security data centres, applying industry best practices, segregating customer data, continuously scanning and monitoring our network, and role-based access control.

For more information on security, we refer you to the Maze Top-Level Security Policy section (v.3.5).

6. Storage

Maze will keep your personal data as long as this is necessary for the purposes for which they were collected, in accordance with this Privacy Policy and relevant legislation. When such objective needs no longer exist, your personal data will be deleted or anonymized.

Personal information that you have submitted yourself will be stored until the relevant purpose is no longer applicable. For example, the data given when signing up for our newsletters will be stored until you unsubscribe to these newsletters, data given in relation to an event or course will be stored until such event or course is completed, and data given when asking for support will be deleted when such support has been given.

Information we collect when you use our services, such as IP-address, information about the browser etc. will be stored for no longer than 12 months.

7. Your rights

Please contact Maze if you have any questions regarding the use of your personal data. Under certain conditions, you have the right to ask us to:

  1.  provide you with further details on how we use your personal data;
  2.  provide you with a copy of the information that you have provided to us;
  3.  update your personal data;
  4.  delete any personal information that we no longer have legal grounds to process;
  5.  provide you with your personal data in a structured, commonly used and machine- readable format or transmit the data to another controller;
  6.  stop particular processing where this is based on legitimate interests unless our reasons for processing the information outweigh any prejudice to your data protection rights; and
  7.  restrict how we use your information whilst a complaint is under investigation.

If the processing of your personal data is based on your consent, you may withdraw your consent at any time.

If you are of the opinion that Maze violates data protection law, you may lodge a complaint to the relevant regulatory authority.

8. Changes in this Privacy Policy

We may update this Privacy Policy at any time. You will be notified of such changes where this is appropriate; otherwise, they will be published on our home page. Any changes will apply only after the effective date of the change, and will not affect any dispute arising prior to this date.

9. Contact us

If you want us to update your personal information, you do not want us to send you information that you already requested, you want to opt-out of future marketing, or if you have any other questions or requests, please contact us.

Maze can be reached through our support (support@maze.com) or by contacting our Data Protection Officer (bjorn@mymaze.com).

10. Additional information for when Maze acts as a data processor

When Maze acts as a SaaS (Software as a Service) provider, the client is the controller. In this capacity, Maze will only operate as a data processor, under the instruction of the client. In these cases, the privacy policy of the client applies. However, Maze is committed to ensure protection of personal data also when acting as a data processor and to help its clients with ensuring compliance.

Users of the Maze Application that log on to the application by user name and password are in addition to the privacy policy of the client also subject to Maze’s ”Terms of Use”. The Terms of Use is a set of standard rules related to privacy and security.

When Maze is a data processor, we guarantee to implement appropriate technical and organisational measures to meet legal requirements. Maze will enter a contract with the client that will specify the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.

Copyright © 2017. Maze Feedback AS. All rights reserved.

Maze Privacy Policy 1.0 Published 25.08.2017