Atea Group Data Privacy Policy

Personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is a person who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Personal data that we collect from you is stored within the European Economic Area (EEA) but may also be transferred to and processed in a country outside EU/EEA. Atea uses vendors for mail, cloud services, antimalware, firewalls etc. when personal data may be transferred to and processed in a country outside EU/EEA. Any each such transfer of your personal data is carried out with accordance with applicable laws. For transfers outside EU/EEA Atea uses Standard Contractual Clauses as an Appendix to our data processing agreements according to the Chapter V of the GDPR and following EDPB guidelines for measures that supplement transfer tools to ensure compliance with EU level of protection of personal data.

We may disclose your personal information to all companies in our group (i.e., subsidiaries, our ultimate holding company and all its subsidiaries) insofar that it is reasonably necessary for the purposes stated in this privacy policy.

We do not sell, trade, or otherwise transfer your personal information to third parties. Exceptions are trusted third parties that help us to run the site, conduct our business, deliver the goods you order or provide service, if these parties agree to keep the information confidential and not use it for other purposes that not agreed upon.

We collect your personal data only when have legal basis for it. For every specific process of personal data, we collect from you, we inform you whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.

The information we collect from you can be used for any of the following purposes:

• Give you a more personalized service
  Your information helps us better meet your individual needs. If you have enabled cookies in your browser, that information can be used to be able to provide a personalized user experience.
• Improve and optimize our website
  We are constantly striving to improve the supply of the site based on your information and views.
• Improve our customer service
  Your information helps us provide you with more efficient customer service and support.
• Process transactions
  Submit your goods and deliver the services you purchased from us.
• Improve our communication
  The e-mail address you provide can be used to send you information and updates about your order, company news, updates, information about other similar products and services, Atea’s events and newsletters etc. Note: you can cancel your subscription at any time by following the instructions at the bottom of each email. If you have enabled cookies in your browser, your cookie information can be combined with data you've provided on our site to improve the customer communication.

We will only store your personal data for as long as it´s necessary to perform our contractual obligations and if required by statutory storage time. When we store your personal data for purposes other than our contractual commitments, such as consent when you sign up to our events or receive newsletter via email, we save the data only if necessary and / or statutory for the purpose.

When there is no longer a purpose or legal obligation of storing the personal data, it is deleted or anonymized.

Personal data that is only collected for a specific purpose is kept to a minimum to be able to perform the purpose, also known as data minimization.

• Right to access:
  You can request access to information about the personal data we process about you at any time.
• Right to data portability:
  When Atea processes your personal data, in automated ways based on your consent or based on contractual obligations, you have the right to have a copy of your data transferred to you or to another party. This only includes the personal data you have registered with us.
• Right to correction:
  You have the right to have incorrect personal data corrected or supplemented if these are incorrect or misleading.
• Right to deletion:
  You can request the deletion of your personal data processed by Atea at any time. Please note that your right to erasure can be overridden in accordance with the GDPR.
• Right to limitation:
  You have the right to request that Atea limit the processing of your personal data under the following circumstances:
  
  - If you object to processing based on Atea's legitimate interest, Atea shall restrict all processing of such data pending verification of the legitimate interest.
  
  - If you believe your personal data is incorrect, Atea must limit all processing of such data pending verification of the accuracy of the personal data.
  
  - If the processing is illegal, you can object to the deletion of personal data and instead request a restriction of the use of your personal data.
  
  - If Atea no longer needs your personal data, but it is required by you to defend legal claims.

How do you exercise your rights?

If you wish to exercise your rights as stated above, or if you have any questions about our privacy policy or processing of your personal data, you are welcome to contact us. Information on contact points can be found below.

In the case of requests that are obviously groundless or excessive, especially due to their repetitive nature, Atea is entitled to charge an administration fee. In such cases, you will be notified of this in advance.

If you send a request, Atea will respond to you within one month or will inform you of any extensions in case of delay together with the reason(s) for the delay.

Please use the email address that refers to your country of residence below:

Atea ASA: dpo@atea.com  

Atea Norway: dpo@atea.no 

Atea Denmark: dpo@atea.dk 

Atea Sweden:  dpo@atea.se

Atea Finland: dpo@atea.fi 

Atea Baltics (Lithuania, Latvia, Estonia): dpo@atea.lt 

Atea Global Services: ags.dpo@atea.com 

You have the right to submit any complaints about the processing of your personal data to the national supervisory authority that refers to your country of residence below:

Denmark: Datatilsynet

Norway: Norwegian Data Protection Authority

Sweden: IMY

Finland: Tietosuojavaltuutetun toimisto

Lithuania: Valstybinė duomenų apsaugos inspekcija

Latvia: Datu valsts inspekcija

Estonia: Andmekaitse Inspektsioon

Information we collect about you can be processed, stored and transferred between all Atea subsidiaries in the countries we operate in. All Atea subsidiaries have signed an internal Data Processing Agreement having unified data protection across all subsidiaries. However, Atea will not transfer the personal data you provide us to countries outside the European Economic Area (EEA) without explicitly informing you about that transfer.

We may, at our discretion, publish or offer third-party products on our website at our discretion. These third-party websites have their own, independent privacy rules. We therefore take no responsibility for the content and activities of these linked sites. However, as we want to protect the privacy of our site, we welcome comments on these websites.

Atea reserves the right to update or change this Policy at any time and you should visit this site regularly to obtain the latest version.

Latest update: 09-04-2024

The Atea eShop is an eCommerce platform designed for companies (legal entities). When a company creates an account to purchase hardware, software and services, the personal data of the company representative is processed according to this Policy. This includes data provided through eShop placed orders including punchout.

For eShop users, the following personal data is processed in eShop:

• First name, last name, email address, phone number, company, source IP address, last login, employee number. Optional default cost center.

From FreeChoice users the following personal data is processed in eShop:

• First name, last name, email address, private email address, phone number, company, source IP address, last login, employee number, default cost center.

The data is processed for the purpose of fulfilling contractual obligations, such as delivering goods, resolving warranty issues.

Personal data of eShop user accounts is anonymized 2 years after the last login as last activity.

Personal data of eShop FreeChoice user account is anonymized if user has not logged in for 2 years and it is 5 years after last asset expired.

Data from the Atea eShop is also transferred to the Atea business and financial accounting systems (ERP) for the purpose of invoicing, communicating with customers, fulfilling warranty obligations, and protecting legal interests. The data is processed and stored according to the country’s where Atea operates legal requirements and internal regulatory acts regarding archiving.

Access to My Atea portal is exclusively for authenticated eShop or ServiceNow users, granted through eShop or ServiceNow onboarding process. No personal data is replicated from the other systems to My Atea portal, and since My Atea does not store any personal data, data erasure routines do not apply to it.

If My Atea user enters personal data to User feedback & ideas, name and email address is processed in vendor’s feedback system. Personal data entered to User feedback & ideas chat is erased after 1 year.

When you call to our Servicedesk to inform about incident or a problem that has occurred in your company, we record and store all your inbound telephone calls for ninety (90) days for quality assurances and complains investigation purpose.

We always inform you before conversation starts that this call will be recorded. You can choose not to be recorded and continue the conversation.

When you contact Atea Servicedesk, your personal data will be stored in our ticketing system for the purpose to handle the case. The personal data processed is the data you provide when submitting the case/incident, like for example: Name, phone number, email address, organization, job title, department.

The personal data is processed by Atea as the data Controller since we need to register contact information for a case or incident to solve the case and be able to contact you regarding the case. Personal data is also stored for a historical purpose to be able to return to a case afterwards, both for learning purposes and for history. Based on this, the personal data is stored for 5 years after a case is closed.

After resolving the case you receive Atea User Satisfactory Survey email which is related to the case number. Atea User Satisfaction Survey will be stored for 2 years to be able to return to survey evaluation afterwards and to compare the results of customer support.

The legal basis for the processing of personal data is a legitimate interest. Atea's interest lies in the fact that we need contact information for the individual who has submitted a case so that we can carry out our tasks and handle the case. Included in the assessment of the legitimate interests are the type of personal data that only includes contact information.

We have control authorization mechanisms for you to safely authenticate to our systems. The authorization is handled by a trusted identity provider.

There are two ways to authenticate to be able to get access to relevant systems in Atea.

Atea authorization

User ID (email address) and password for authentication is used. Personal data in scope: email address, IP address. When you authenticate, your email address and password will be verified by our identity provider through secure API. IP address is logged during authentication process for your safety if someone attempts to tamper with your account.

Customer Active Directory authentication

Single Sign On for authentication is used. Personal data in scope: name, surname, email address, IP address. When you authenticate, your first name, last name, email address will be verified by customer Active Directory and will pass to identity vendor. IP address is logged during authentication process for your safety if someone attempts to tamper with your account.

We use your personal data to send company news, updates, information about other similar products and services, Atea’s events and newsletters etc. Personal data you provide to us by filling in the forms on our webpage is used only with your consent. We process following categories of personal data: name, surname, company name, email address, phone number. We store your data for direct marketing until you withdraw your consent.

If you have given a consent to receive newsletters from Atea eShop, personalized offers will be sent to you in your role as a representative of an organization or company. We analyze your purchase history from Atea eShop and from that we make analysis and assumptions about your interests and future needs. Our goal is for you to receive more customized offers from Atea.

To register for events organized by us, we process your contact information such as: name, company name, email address and phone number which we store for the period which is determined in the event registering form. Your personal data is only processed to the extent that is necessary to fulfill the respective purpose.

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Cookies are widely used to “remember” you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”). They ensure a consistent and efficient experience for you as a visitor, and perform essential functions such as allowing you to register and remain logged in. Cookies may be set by the site that you are visiting (known as “first party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on the website (“third party cookies”).

Atea uses cookies to personalize content and ads, to provide social media features and to analyze our traffic. Atea also shares information about your use of our site with our social media, advertising and analytics partners.

Below is a detailed list of the cookies we use on our websites. Our websites are scanned with a cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in the following categories:

• Mandatory Cookies
• Analytics Cookies
• Marketing Cookies

You can opt-out of each cookie category (except mandatory cookies) by clicking on the “cookie settings”.

Mandatory

These cookies are necessary for the website to function and cannot be switched off in our systems. This enables the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services Atea have added to our pages. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. Blocking these cookies may affect the performance of the site. These cookies do not directly store personal information but are based on uniquely identifying your internet browser and device.

Analytics Cookies

These cookies allow Atea to monitor traffic and sources to be able to measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated, and therefore anonymous. If you do not allow these cookies, Atea will be less able to optimize and analyze the site's performance.

Marketing Cookies

These cookies may be set through our site by our advertising partners and social media services. Anonymized data can be shared with third parties to build a profile of your preferences. They do not directly store personal information but are based on uniquely identifying your internet browser and device, which can be used to build up a profile. If you do not allow these cookies, you will experience less targeted advertising and will not be able to use or see these sharing tools.