Please read this Privacy Policy carefully before you use NSystem, since by using NSystem you agree to this Privacy Policy, which is a legal agreement. If you use NSystem as a representative of an organisation, you agree to these Privacy Policy on behalf of that organisation.

You can contact us by telephone (+47 90 28 95 30) or email ([email protected]).

1. Definitions

“Application” means this application by which the Personal Data of the User is collected and processed.

“User” means the individual using this Application who, unless otherwise specified, coincides with the Data Subject.

“Data Subject” means the natural person to whom the Personal Data refers.

Personal Data (or Data) means Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

“You” or your” means the person or organisation that is registered with us to use the NSystem.

“We”, “our” or “us” means NORD HMS AS, a company registered in Norway with company number 918 113 231 and registered address at Fredheimgutua 12, 2070 RÅHOLT, Norway, our employees, directors, officers, affiliates and subsidiaries.

“NSystem” means our Application, Website and Services collectively.

“Services” means our Website, Application, other applications, our content and various third party services that make up NSystem, as the context requires.

“Privacy Policy” means our Privacy Policy and any other document mentioned in this Privacy Policy.

“Website” means our website and other websites that we may operate in the future including all subdomains and sites associated with those domains.

Section 13 (Data Processing) contains further definitions that are only used in that section of the Privacy Policy.

2. Licence

We grant you a non-exclusive, non-transferable licence to use NSystem, subject to you complying with these Privacy Policy.

3. Your obligations

To use NSystem, you must (a) agree to this Privacy Policy (b) be at least 18 years old and natural person (c) complete our registration process and provide accurate information as requested and in compliance with all applicable laws, rules and regulations.

You may not without our written permission (a) attempt to duplicate, modify, disclose or distribute any part of our Services (b) attempt to reverse compile, disassemble, reverse engineer our Services (c) assign or otherwise dispose of your rights or obligations under this Privacy Policy or (e) attempt to obtain, or assist others in obtaining, access to the Services, other than as provided under this Privacy Policy.

You may not link to our Website or use our logo or other reference to us without our prior written permission.

You are responsible for all content you provide and activities on your NSystem account.

You are responsible for configuring your devices and software in order to access our Website.

4. Intellectual Property

You grant us a royalty free, worldwide, transferable, sub-licensable, irrevocable and perpetual licence to use any feedback, recommendations or other suggestions that we receive from you.

5. Accounts

You are responsible and liable for keeping your username and password confidential and take reasonable steps to ensure that nobody accesses the Services using account(s) created with your username and password. You agree to notify us immediately if you if you suspect any unauthorised use of your account(s). We are not liable for any loss or damage due to stolen passwords or hacked accounts.

By submitting any individual’s personal information to us or our affiliates, service providers and agents, you agree, and confirm your authority from such other individual, to our collection, use and disclosure of such personal information in accordance with our privacy policy.

6. Cancellation, termination and suspension of account

We may at any time, at our absolute discretion and without notice, refuse to provide our Services to anyone or terminate or suspend your account and our Services.

If your account is cancelled or terminated it can be accessed for the duration of the accounts current billing period. At the end of the billing period your account will immediately be deactivated. Your account and data cannot be accessed, and we may, at our sole discretion, delete your data 30 days after terminating the account and warning given.

We are not liable for any loss or damage following, or as a result of, deactivation of your account, and it is your responsibility to ensure that any content or data which you require is backed-up or replicated before deactivation.

7. Your content

Your use of the Service will involve you uploading or inputting various content into the Service; including but not limited to: time entries, invoices, deviation images, tasks, attachments, project names, worker names and conversations.

We may view such content only as necessary (a) to maintain, provide and improve the Service (b) to resolve a support request from you (c) if we have a good faith belief, or have received a complaint alleging, that such content is in violation of this Privacy Policy (d) as reasonably necessary to allow us to comply with or avoid the violation of any applicable law, rules or regulation.

In order to better understand the manner in which our Service is being used, we may analyse (i) the content in aggregate and on an anonymised basis, and (ii) the use of our Services using third party analytics tools (including but not limited to Google Tag Manager, Google Analytics, Mixpanel, Kissmetrics and hotjar).

8. Location-based interactions. Geolocation (this Application)

This Application may collect, use, and share User location Data in order to provide location-based services.This Application collects location data to identify your proximity to a project location, even when the app is in the background. This data may be shared with the company’s clients for the purpose of proving to a client that during time tracking the user was at the project location.

Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, the User’s location data may be tracked by this Application.

Personal Data processed: geographic position.

Category of personal data collected according to CCPA: geolocation data.

9. Push notifications

This Application may send push notifications to the User to achieve the purposes outlined in this privacy policy.

Users may in most cases opt-out of receiving push notifications by visiting their device settings, such as the notification settings for mobile phones, and then change those settings for this Application, some or all of the apps on the particular device.
Users must be aware that disabling push notifications may negatively affect the utility of this Application.

10. Sentry (Functional Software, Inc. )

Sentry is a monitoring service provided by Functional Software, Inc.

Personal Data processed: various types of Data as specified in the privacy policy of the service.

Place of processing: see Privacy Policy.

Category of personal data collected according to CCPA: internet information.

11. Indemnity. Disclaimer. Liability

In the event of any loss or damage to your data, your sole and exclusive remedy shall be that we use our reasonable endeavours to restore the lost or damaged data from the latest back up of such data. We shall not be responsible for any loss, destruction, alteration or disclosure of data caused by any third party.

NSystem is provided „as is” to the fullest extent permitted by law without warranty of any kind. Neither us nor our affiliates and suppliers make any warranty of any kind all warranties, whether express, implied, statutory or otherwise, including without limitation, any warranties of merchantability, quality, fitness for a particular purpose, or non-infringement. We do not warrant that NSystem will be error-free or function without interruption. To the fullest extent permitted by law, in no event will we be liable for (i) any indirect, incidental, special, exemplary, punitive or consequential damages, or (ii) damages for loss of profits, revenue, business, goodwill, anticipated savings, data or data use, (in each case whether direct or indirect) incurred by you or any third party, whether in an action in contract or other basis of liability (including for negligence or breach of statutory duty), misrepresentation (whether innocent or negligent) or otherwise, even if we knew or should have known that such losses and/or damages were possible. We shall bear no liability for the outcomes resulting from the false data or other information provided by you (both in writing and orally). To the fullest extent permitted by law, our entire liability for damages under this Agreement, whether in contract or other basis of liability, shall in no event exceed the lesser of NOK 10’000 (ten thousand Norwegian krones) or the amount paid by you to us under the Agreement for the respective element of NSystem during the twelve months prior to the event giving rise to liability.

We undertake no obligation to respond to queries but endeavour to do so within a reasonable time. You agree that we are not liable for any delays or failure in performance of any part of the Services.

12. General provisions

We may contact you by telephone, email or any other contact details you have registered in your account with us.

We may make changes to this Privacy Policy. Any changes shall be effective when the Privacy Policy are updated on our Website and your continued use of NSystem is regarded as acceptance to this Privacy Policy.

Our failure to exercise or enforce any right or provision of the Privacy Policy shall not constitute a wavier of such right or provision.

This Privacy Policy are governed by Norwegian Law and you can bring legal proceedings in respect of the Services in the jurisdiction of Øvre Romerike tingrett.

13. Data Processing

In this section of the Privacy Policy:

“controller”, “processor”, “data subject”, “personal data”, “processing” (and “process”) and “special categories of personal data” have the meanings given in Applicable Data Protection Law;

“Applicable Data Protection Law” means the EU General Data Protection Regulation (Regulation 2016/679).

Our relationship: you appoint us as a processor to process the personal data described in this Privacy Policy or on our Website (the “Data“) and for the purposes described including, to provide you with, and update and improve, our Services (the “Permitted Purpose“). We must both comply with the obligations that apply to each of us under Applicable Data Protection Law.

Prohibited data: Unless you have specifically asked us and we have agreed that you may, you must not disclose (and must not permit any data subject to disclose) any special categories of personal data to us for processing.

Confidentiality of processing: we must ensure that any person we authorise to process the Data (an “Authorised Person“) must protect the Data in accordance with the confidentiality obligations we owe you.

Security: we will implement technical and organisational measures to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a “Security Incident“).

Subcontracting: you consent to us engaging third party sub-processors to process the Data for the Permitted Purpose provided that: (i) we impose data protection terms on any sub-processor we appoint that require it to protect the Data to the standard required by Applicable Data Protection Law; and (ii) we remain liable for acts and omissions of our sub-processor.

Cooperation and data subjects’ rights: we must provide reasonable and timely assistance to you (but at your expense) to enable you to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law; and (ii) any other communication, question or complaint received from a data subject, regulator or other third party that is connected with the processing of the Data. If we receive any communication, question or complaint directly we will promptly inform you and provide full details.

Security incidents: If we become aware of a confirmed Security Incident, we must inform you without undue delay and provide you with reasonable information and cooperate with you so that you can comply with any data breach reporting obligations you have under Applicable Data Protection Law. We must also take reasonably necessary measures and actions to remedy or mitigate the effects of the Security Incident and keep you informed of all material developments in connection with the Security Incident.

Deletion or return of Data: When you finish using our Services, we will, on your specific request, delete or return the Data in our possession or under our control (we will decide in what way we do this but will always act reasonably). This does not apply where we are required by applicable law to retain some or all of the Data, or to Data we have archived on back-up systems, and in that situation we will securely isolate and protect that Data from further processing.