GELATO ASA

PRIVACY POLICY RELATING TO GNX APPLICATION

Gelato ASA has developed and operates this Gelato Partner Application available for use by the suppliers which form part of Gelato’s network (the “Application”).

This Application serves to help Gelato and its suppliers process and track printing and packaging services for the purpose of fulfilling orders placed by Gelato or its customers.

Gelato ASA is committed to protecting the personal data of the users of the Application (the “Users”).

This policy describes our data protection practices and how we use and collect the personal data. Our processing of your Personal data is needed for us to operate the Application and enhance its performance. We may also process your personal data to comply with our legal obligations as explained below or due to our legitimate interests.

1. PERSONAL DATA WE COLLECT

We will collect personal data from you in the following circumstances:

When you create a user account

As a general rule, you do not need to provide personal data  to use the Application, and you may elect instead to use a generic company account (such as printinghouseABC@xyz.com) or an individual account under a pseudonym (such as packager1@printinghouse.com)

If you choose to voluntarily create a personal account under your own identify, we will collect your first and last name, e-mail address, name of the company you work for, phone number, password, that you save under your account, information that you choose to save under your user account, communications and correspondence sent to and from your account, or account histories.

Automatically collected information

We collect and store certain information through technology, such as cookies and pixel tags, whenever you interact with our websites or the Application, some of which may contain personal data. Third party cookies help us to see which areas and features of the Application are popular, and improve its features and functionality. If you do not wish cookies to be stored on your equipment or, want to be notified of when they are placed, you may set your web browser to do so or withdraw your consent with us. Please note that if cookies are turned off, you may not be able to view certain parts of the Application that may enhance your visit and you may be unable to use some or all of the functionality of the Application. To learn more about how we use cookies and how to opt out of us collecting certain data, see our Cookie Policy.

2. PURPOSE AND USE OF PERSONAL DATA:

We use your personal data, for the following purposes:

• To operate the Application and to evaluate, modify and enhance the Application;
• To enable you to set up your account, if you have chosen to link the account to one specific individual;
• To communicate with you and to respond to your requests;
• To track the status of packaging tasks ;
• To report issues (linked to the main contract);
• To provide you with support;
• To help keep our Application safe and secure
• To improve the Application.

We may track Users’ activities on the Application. To do so, we will create anonymous data records from personal data by excluding information (such as your name) that makes the data personally identifiable to you. We use such anonymous data records to analyze request and usage patterns so that we may enhance services to our customers and improve Application’s navigation.

3. HOW WE SHARE YOUR PERSONAL DATA

We disclose your personal data as described below. Other than as set out in this policy, no personal data provided by you or that we may obtain automatically by your use of the Application, is not and will not be sold, rented, or shared by us with any third party without your prior consent.

Members of our group

We may share your personal data with any member of our group, which means our subsidiaries, our ultimate holding company and any of its subsidiaries to operate the Application.

Third Party Service Providers 

We may share your personal data with third party companies for the purpose of improving the Application, such as Google Analytics and Hotjar, or otherwise for operating and maintain the Application. Third Party Service Providers acting on our behalf are only provided with such personal data reasonably required (if any) to provide the particular service for which they are retained. Our Third Party Service Providers are obligated to keep all of your personal data confidential and to collect, use and disclose your personal data only to the extent necessary to provide the Services on our behalf.

Business Transfers

We may share some or all of your personal data in connection with or during negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal data may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the personal data that we have collected and will assume the rights and obligations regarding your personal data as described in this Privacy Policy. In such an event, the company will continue handling your data.

Compliance with Law, Court Order, and Other Disclosures

You hereby acknowledge and agree that Gelato may, in its sole discretion, release account and other personal data when we believe such release is appropriate: (a) to comply with an applicable law, statute, regulation, court order, or administrative proceeding; (b) in connection with any legal investigation;  (c) to investigate or assist in preventing any violation or potential violation of this Privacy Policy or our Terms of Use^[a]; or (d) to protect the rights, property, or safety of Gelato, our users, or others. This may include exchanging information with other companies and organizations for fraud protection and credit risk reduction.

Third Party Sites

The Application may contain links to third party websites or third party websites may otherwise be associated with the Application. This Policy does not apply to such third party websites.  Please consult the terms and conditions and privacy policies of such third party websites prior to use.  

Security of Your Personal Data

We employ security safeguards to protect your personal data against loss or theft, as well as against unauthorized access, disclosure, copying, use, or modification. When we transmit highly confidential information over the Internet, we protect it through the use of encryption technology, such as the Secure Socket Layer (SSL) protocol.  We also protect your stored password through the use of encryption technology.

International Data Transfers and Contractual Terms

Gelato may transfer personal data to countries outside of EU, for example, when we share such data with the Third Party Services Providers.  Such countries may not provide the same level of data protection as the country in which you reside.

When personal data is transferred to other countries outside of EU, we take necessary measures to ensure appropriate protection of it, including, where applicable, entering into a Data Processing Agreement and European Commission approved standard contractual clauses.

For further information, including obtaining a copy of the documents used to protect your information, please contact us on privacy@gelato.com.

4. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

General Communication

By being an active and existing User of this Application, we have a legitimate interest of sending communication about the Application. You can unsubscribe to this kind of communication in your customer account or at any time by following the unsubscribe instructions in communication sent to you. Despite your indicated opt-out preferences, we may continue to send you administrative and transaction related communications. By registering for an account or purchasing products, we may send you administrative and transaction-related communications.

Changing, Transferring or Deleting Your Personal Data

We retain your personal data for as long as necessary in relation to the purposes for which they were collected or otherwise processed, including for the purposes of satisfying any legal, accounting, or reporting requirements, until the end of the relevant retention period. You may access, review, update, correct or delete the personal data in your account either by using the account buttons or by contacting us directly using the contact information provided below. If you would like to have your personal data transferred to someone else, please e-mail us at privacy@gelato.com and we will provide you with a file of your data. If you completely delete all of your personal data, then your account will become deactivated. If you rather want us to delete your data, please contact us and we will fulfill your request.

5. IDENTIFYING DATA CONTROLLERS AND PROCESSORS

The EU GDPR regulation differentiates between the “Data Controller” and “Data Processor” of data.. Gelato is a Data Controller of your personal data towards you as a User.

When Gelato uses third parties, they will be Data Processors, which means they are processing the data on yours and Gelato’s behalf.

6. CHANGES TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time for any reason. If we change it, we will post the new one on our Application. Any non-material changes to this Privacy Policy will be effective as of the day they are posted. If we make any material change to this Privacy Policy, we will notify you by prominently posting notice of the changes on our Application. Any material changes to this Privacy Policy will be effective upon thirty (30) calendar days following our posting of notice of the changes on our Application. These changes will be effective immediately for new Users of our Application.  

7. DATA PROTECTION OFFICER AND CONTACT INFORMATION

Our contact details:                                                Contact our Data Protection Officer:

Gelato ASA                                                        privacy@gelato.com

Dronning Eufemias gate 8

0191 Oslo

Norway

If you believe that Gelato does not fulfill its obligations according to the EU GDPR regulation or other applicable privacy legislation, you also have the right to lodge a complaint with a supervisory authority.