Data privacy at ABAX

Data is our most important asset at ABAX, and data protection is our key priority. On these pages you can read more about how we process customer data and how we ensure that it is secure at all times.


Data Privacy

ABAX processes data in compliance with the General Data Protection Regulation (GDPR) and according to customer instructions. We do not collect, store or process personal data beyond what is necessary to perform our tasks as data controller or data processor.

Data Processing Procedures

We use both manual and automated systems to remove all unnecessary data and to ensure that data is anonymized. Our security procedures, access controls and tools protect your data at all times

Privacy By Design

Our service is based on the principles of privacy by design and privacy by default. Data is protected without requiring any input from users. Users of our service should not have to do anything to ensure their data is safe; it should be safe by default.


Anonymization

Data lake anonymization 

Data anonymization, often referred to as 'data sanitization', is a process aimed at protecting user privacy. Personally identifiable information in data sets is encrypted or removed to ensure anonymity.

The data we keep in ABAX comprises location data. 

Data lake replenishment is performed from backups and then anonymized using scripts (when established and verified). The data lake is only accessible by the data science team, and the data is used for analytical purposes such as improving algorithms on the tracking units. 

The data lake consists of the following information:

  • Distance
  • Maximum speed
  • When the trip started and stopped
  • When a trip was registered with our servers
  • Trip type (business or private)
    • A numeric ID for the driver (no link to privacy data). Used to provide the following information:
    • Company identity
    • Account type: user account or admin account
    • Active account
    • Language setting for the account
    • Date of last login
    • Date of last logout
    • Which interface/product is linked to the account
    • Whether the Show welcome page flag is set to true or false
    • Whether the Force password reset flag is set to true or false
    • Fiscal domicile
    • Whether the customer account has any trips
    • Whether the customer account has an active driver
    • Whether the customer account has left the company
    • Whether the contact info is updated
  • Date when the account was last modified
  • Trip settings
  • A numeric ID identifying the tracking unit
  • A numeric ID identifying the main office
  • A numeric ID identifying the vehicle

No personal information such as names, phone numbers and email addresses are transferred to the data lake. 

Positions are anonymized in such a way that it is not possible to identify the address the individual behind a data point or the exact location of the original datapoint. Trip start and trip stop locations will be grouped together with those for other tracking units in such a way that no location is started or stopped by one single tracking unit and no single start or stop location can be tracked back to an identifiable individual. 

In more technical terms 

Trips are anonymized by geohashing the start and stop locations. Geohashing converts a position (latitude and longitude pairs) into a hash code that identifies a rectangle in a grid overlaying the world map. The grid size depends on the length of the geohash  (see https://en.wikipedia.org/wiki/Geohash).

The anonymization process is iterative, and starts with a high value geohash (small rectangles). The geohash value starts with 12 (area size of 7 square cm) and goes down to 1 (area size of 25 009 930 square kilometres). If only one SIM card has a location inside a rectangle with the value of 12, then the geohash value is reduced by one and the process is repeated until other SIM cards have a position with the same geohash or until the geohash value is 4, at which point the area size represented is 762 square kilometres (ref. Figure 1).

Anonymization is also used when location data is sold to or shared with third-party users, in which cases a similar approach is used to anonymize the data.

geohashing ENG

Figure 1 – Geohashing, green squares as the new position (replaces the red positions within the square)

Data Processing

Data processor agreement 

In addition to our terms and conditions and privacy policy, all ABAX customers must sign a data processor agreement.  

The documentation for all our markets is available here: https://www.abax.com/uk/terms-and-conditions

Subprocessors in ABAX 

GDPR set out two alternative forms of authorization that must be obtained from the data controller before the processor may engage a subprocessor:  

  1. Prior specific authorization to use a subprocessor. This alternative is appropriate when tasks/services the data processor provides to the data controller are specific in nature, i.e. that the subprocessor is engaged to provide specific services to one or a small group of customers. This is typically the case where the solution provided by the data processor must be customised to the needs of the data controller.
  2. General authorization to use a subprocessor. This alternative is appropriate where the services provided by the data processor to the data controller are the same, or essentially the same, for a large number of customers. In these cases, the data processor must keep the data controller informed about the use of subprocessors and of any changes to the subprocessors used prior to engaging a new subprocessor. The data controller always has the right to object to the use of certain subprocessors.

ABAX uses the general authorization option for customers using our services. ABAX is continually developing and improving its services. New or improved functionality may require the use of new subprocessors. If ABAX had to obtain written approval from all its customers, this would make new developments impossible. 

An updated overview of the subprocessors we use is available at https://www.abax.com/uk/terms-and-conditions

Privacy

How is privacy handled in your service? 

Proactivity and Prevention

Privacy by design approaches the issues of privacy risks in a proactive manner. The issues must be prevented before they occur, and steps should be taken to mitigate the potential risks even before they become apparent. Poor security and privacy practices must also be recognized and improved early, before they do any harm.

This requires a commitment to consistently enforce privacy standards that are required by the GDPR. This is covered by the requirement to conduct data protection impact assessments before commencing with processing operations. The responsibilities of data controllers and processors are also clearly listed and must be followed. This requires a thorough commitment for proper implementation.

Privacy as the Default 

The principle of privacy by default mandates that the users’ data must be protected without requiring their input. Individuals should not have to do anything in order to ensure their data is safe – it should be safe by default.

This is covered in Articles 25 and 32 of the GDPR, while DPOs are tasked with ensuring these rules are adhered to. The GDPR also prominently includes the three basic elements of privacy as the default, including:

Purpose specification – individuals must be notified what their data will be used for

Collection limitation – collection of personal data must be lawful and transparent

Data minimisation – as little data as possible should be collected, and only for immediate processing purposes.

Privacy Embedded into the Design 

During the creation of technologies that will be used by companies and online services, due care must be taken to design them in such a way that privacy protection remains an integral part of the system.

Even before the systems reach the end-users, all good privacy protection measures must already be in place. Functionality for users should be unaffected by these privacy protection measures, and systems should be made in such a way that potential misconfigurations or errors do not degrade privacy. Again, this principle is mostly covered in Articles 25 and 32, along with several Recitals.

Full Functionality – Positive-Sum 

The aim of privacy by design is to create a win-win situation for all stakeholders. The idea is that these privacy protection measures will create benefits both for the companies and for the users. Instead of a zero-sum situation, where users can only benefit at the companies’ expense and vice versa, these privacy by design measures aim to create positive net effects without making these trade-offs.

End-to-End Security 

Security and privacy of data must be ensured from the point of collection to the eventual destruction of data. At every point of the data lifecycle, it must be continuously protected and accounted for.

The GDPR is notably very prescriptive in this regard. Its many provisions on data collection, storage and destruction fully capture the spirit of this rule. The aim is to ensure there are no gaps in data security, as security is considered an essential counterpart to privacy.

Thus, the GDPR requires the use of several methods for ensuring accountability (such as record-keeping) and security (anonymization, access controls etc.).

Visibility and Transparency 

The key to accountability (and GDPR compliance) is transparency. All stakeholders, partners and coprocessors must be vetted, audited and open to external verification. Without transparency and visibility, there is no real way to ascertain whether the privacy by design principles have been implemented properly.

Respect for Privacy 

The best way to achieve great result in implementing privacy by design features is to create products with end-users in mind. They should be designed to meet the users’ needs and include simple possibilities for them to control and oversee how their data is processed.

How do you secure privacy when introducing new features?

Even before we decide to implement a new feature or product we evaluate the privacy aspect thoroughly. We seek help from our DPO and from legal advisors (law firms) when in doubt. In addition our software testers pay extra attention to the privacy aspect, and all potential risks are closed before a feature are launched to the market.

Privacy assistant 

Leave your GDPR hassle with us. Due to GDPR regulations, your employees now have the right to request what personal data you hold about them and the ‘right to be forgotten’. Some of your employees will probably ask you about this. Do you have time to handle all your employees requests, or do you want us to handle it for you? With the Privacy Assistant, we will handle most of the privacy dialogue with your employees, so you can focus on running a profitable business.

The Privacy Assistant will: 
  • Ensure your company is using ABAX products and services in a way that  keeps you GDPR compliant
  • Handle employee requests, so you can focus on running your business 
  • Inform your employees in an easy and compliant way with customized  documents specific to your business

Information security

Information security is a top priority in ABAX. Here are the answers to some of the most common questions our customers ask about information security on our website, abax.com.

Where does ABAX store its customers' data? 

Customer data is our most valuable asset, so our storage solutions must be secure and reliable. We use a combination of our own data centres and public cloud vendors. Our primary data centre is in Sweden. You can find a list of our public cloud vendors in our regularly updated list of data sub processors available at https://www.abax.com/uk/terms-and-conditions

How does ABAX encrypt our data when stored? 

The data stored in our data centre is stored on self-encrypting hard drives so that you as our customer can rest assured that your data is safe with us.

How does ABAX encrypt data in transit to its customers? 

When you use our products, either via your web browser or via our apps, all communication is encrypted with industry-standard TLS encryption. Your browser's address bar will display a padlock symbol showing that your connection is encrypted.

What kind of security standards does ABAX comply with? 

We comply with information security management system standard ISO 27001. This standard includes a range of controls to ensure that all processing is carried out securely and in a way that does not put our customers' data at risk. 

Which vendors does ABAX use to transfer data? 

Our hardware communicates through the mobile network using Telenor and its global network of partners. Multiple internet service providers (ISPs) facilitate communication between our customers and our systems via fully redundant solutions. ABAX’s infrastructure is connected to internet highways at several core internet exchange points. 

How does ABAX ensure security on its servers? 

To ensure that our servers stay secure, we always set up our infrastructure based on industry standards and  best practices. All infrastructure is kept up to date with the latest security patches released by our vendors. 

What kind of backup routines does ABAX have for its customers' data? 

We make regular backups of all our valuable customer data and store them at a secure off-site location. For you as our customer, this means that we can recover your data and minimize any data loss in the event of a disaster. 

How does ABAX secure customer data in its networks? 

To ensure that we keep our servers safe, we use network segmentation, meaning that we divide our  network into smaller segments. This protects our infrastructure from cyber-attacks.

How does ABAX ensure access control to its servers and systems? 

We use a widely used method of  access control called the principle of least privilege (POLP). What this means in practice is that we limit access to the accounts in our systems, granting them only the minimum access needed to perform specific tasks. To ensure that we adhere to the POLP principles, we perform regular audits on all accounts and their access rights as part of our ISO 27001 compliance procedures.

Onboarding

Onboarding the service: Get it right from the start 

Set a valid purpose for the service 

When you start using the ABAX service, you must remember to implement it correctly to make sure you comply with privacy regulations. This means that your company must have  a valid lawful basis for processing data, pursuant to the General Data Protection Regulation (GDPR), Article 6 (a)–(f), which reads: 

Processing shall be lawful only if and to the extent that at least one of the following applies:

(a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

(b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

(c) Processing is necessary for compliance with a legal obligation to which the controller is subject.

(d) Processing is necessary in order to protect the vital interests of the data subject or of another natural person.

(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Within the different ABAX domains some suggested purposes can be relevant and used for our customers.

SUGGESTED PURPOSES FOR THE ABAX TRIPLOG SERVICE 

Documentation for the tax authorities 

ABAX Triplog is implemented to document the business use of vehicles in accordance with regulations issued by the tax authorities. For commercial vehicles, there will be ongoing documentation on all completed trips. Routines will be established to ensure compliance with current regulations.

Separate private and business trips for tax purposes

ABAX Triplog is used to separate private trips from business trips for tax purposes. Trip classification is performed by the driver, administrator and/or automatically by the system.

Customer queries

ABAX Triplog data can be used to help resolve customer queries and complaints. This should only be completed following a specific customer query, and only to resolve that particular query.

Safety

ABAX Triplog can be used to locate an employee if the employer has lost contact and suspects that an accident has occurred.

Invoicing customers

ABAX Triplog data can be used as a basis for billing customers for driving (time and mileage).

Incorrect time sheets

ABAX Triplog can be used if there is concrete suspicion that a time sheet is incorrect. The employee in question shall have the opportunity to be present during the check, and shall also be offered assistance from an employee representative or other party.

Service follow up

ABAX Triplog data can be used to follow up vehicle service intervals. Service notifications can be issued by email or text message from the system.

Efficiency

ABAX Fleet Management tracks the current location of your vehicles. This can be used to direct the vehicle located closest to a job.

Route planning

ABAX Fleet Management can show all trips driven on a specific day in the map. This can be used to optimise driving routes.

Reduce environmental impact

ABAX Driving Behaviour can score drivers on their driving behaviour. Higher driving scores reduces the environmental impact.

Social responsibility

ABAX Driving Behaviour can be used to mentor your drivers to drive more safely and more efficiently.

Improve driving standards

ABAX Driving Behaviour can be used to mentor your drivers to drive more safely and more efficiently and thereby reduce the number of incidents.

Reduce fleet-related costs 

ABAX Driving Behaviour can help optimize driving performance to reduce fuel and servicing costs.

 

SUGGESTED PURPOSES FOR THE ABAX EQUIPMENT CONTROL 

Track and trace

ABAX Equipment Control can be used to locate and recover lost equipment.

Efficiency

ABAX Equipment Control can be used to locate specific equipment for a specific job. 

Savings

ABAX Equipment Control can log the usage of self-powered equipment. This data can be used to reduce over-use.

Invoicing of actual use

ABAX Equipment Control can log the usage of self-powered equipment. This data can be used by the owner to invoice the customer based on actual use.

Invoicing per use in an area

ABAX Equipment Control can log the usage of self-powered equipment in a specific area. This data can be used by the owner to invoice the customer based on hours in a project.

Service follow-up

ABAX Equipment Control data can be used to follow up on equipment services. Service notifications can be issued by email or text message from the system.

Important to remember 

When implementing a new service that has control measures, the authorities recommend that the company involve the employees at an early stage in the process. (Typically a trustee would be a great fit for this involvement.) 

The company administration should arrange a meeting with the trustee and/or other relevant staff in the company to discuss the different control measures a service like ABAX will track. 

In addition, the company must state the purpose of the control measure, the possible consequences a measure can have (e.g. how the technology works, and what data is measured and reported to the administrator) and for how long the control measure will last (normally a contract period). 

The information can be given orally or in writing to the employees. In some cases the company may hold an information meeting to ensure that all employees are informed and to receive input from the employees. 

It is up to our customers to specify a purpose for processing that best fits their business. The suggested purposes are only suggestions; our customers may specify other purposes that better fit their requirements. According to the Working Environmental Act it is recommended that the employees are involved when implementing the ABAX services for a smooth onboarding for the entire company.

Each purpose must comply with a lawful basis stated in GDPR (Article 6 (a)–(f)). What is important to remember? The following key things should be relevant for our customers when implementing the purpose(s) and legal basis for processing data. 

Remember:

  • You must have a valid lawful basis in order to process personal data.
  • There are six available lawful bases for processing. No single basis is ’better’ or more important than the others. Which basis is most appropriate to use will depend on your purpose and relation.
  • Most lawful bases require that processing is ‘necessary’ for a specific purpose. If you can reasonably achieve the same purpose without the processing, you have no lawful basis.
  • You must determine your lawful basis before you begin processing, and you should document it. We have an interactive tool to help you.
  • Make sure you get it right first time – you should not specify a different lawful basis at a later date without good reason. In particular, you cannot usually swap from consent to a different basis.
  • Your privacy notice should include your lawful basis for processing as well as the purpose(s) for processing data.
  • If your purpose changes, you may be able to continue processing under the original lawful basis if the new purpose is compatible with your initial purpose (unless your original lawful basis was consent).
  • If you are processing a special category of data, you need to identify both a lawful basis for general processing and an additional condition for processing this type of data.
  • If you are processing criminal conviction data or data about offences, you need to identify both a lawful basis for general processing and an additional condition for processing this type of data.

Can I use the data in the system to do whatever I want? 

When implementing the ABAX service, you must specify exactly what you want to use the data for. You cannot use the data and information you have available in any way other than for the specified purpose.

If you change the purpose or specify an additional one, you must hold another meeting with the trustee/relevant employee and ensure that all employees are informed accordingly. Of course, the new purpose must be valid and have a clear connection to the legal basis in GDPR. 

The company must communicate the purpose that describe exactly what personal data shall be used for, not what it can be used for. In other words, the purpose must be specified and communicated, and should not be too broad or vague. The specified purpose determines what the personal data will be used for. Using personal data for purposes other than that specified constitutes a violation of the privacy regulations. 

Data protection impact assessments (DPIA)

The Data Inspectorate states: An assessment of privacy consequences (Data Protection Impact Assessment - DPIA) shall ensure that the privacy of those registered in the solution is safeguarded. This is a duty under the new privacy regulations. Article 35 defines when it is required to make a DPIA, what it should contain and who should implement it.

For our customers who introduce ABAX in their company, they must consider whether an assessment of privacy consequences should be completed. Some examples that require a DPIA include:
- The processing of location data in conjunction with at least one other criterion
- A systematic compilation of the data subject's location and traffic data from telecom operators or the processing of personal data about the subscriber's use of the telecommunications network or the telecom operator's services. (Highly personal information and systematic monitoring.)
- The processing of location data in combination with an employee group.

If unsure, the Data Inspectorate defines on its website  which processing activities always require a DPIA.
Guidance on how to perform a DPIA can be found here
 

Technology

GDPR in our Technology  

Termination and deletion 

Termination that results in deletion applies to data belonging to customers who terminate their contract and who have not purchased Data Storage. Data Storage is a product the customer can buy and by purchasing this storage we guaranty that we keep the customers data in a safe storage after termination of the contract. Deletion of data can be triggered to apply all data within the customer contract or triggered by a single user/driver within the customer. When a single user/driver request deletion, only the data linked to this specific user/driver will be deleted. The deletion for a single user is triggered through “Privacy Assistant” (ref. figure 2). The user specifies what kind of data to delete by filling out a form (companies can create a template form to ease up the process for the users). When a customer contract is terminated, all data linked to all their users/drivers will be deleted. 

As an extra quality check, we create a “wash list” containing all customers to delete. This list goes through a confirmation check where we remove customers from the list that for some reason should not be deleted (renewal of contract etc). 

When we receive a deletion request, data should be deleted within 30 days. This applies for both customer deletion and single user deletion.

When deletion starts, we use a specific service that issues commands to all our services in different domains. The commands will trigger deletion of data that can be linked to a person (privacy data) in all domains for the current customer or user.

Before deletion, we extract possibly valuable data points and run these through our data lake. Through our data lake routines, we anonymize the data so that it cannot be traced back to any customer or user. The plan in the future is to automize the data lake when we receive the data from the tracking units. Anonymized data is kept for analytical purposes even if a deletion is requested (ref. Anonymization). 

termination

Figure 2 - Termination Deletion Process

Politique de Confidentialité

Voici comment ABAX traite vos données à caractère personnel

Comme nous avons besoin que nos clients nous fassent confiance, il est important pour nous de protéger toutes vos données personnelles qui doivent être en sécurité chez nous. Celles-ci comprennent toutes les données pouvant être associées directement à votre personne, par exemple votre adresse, vos coordonnées, vos positions GPS et autres données à caractère personnel.

Collecte des données à caractère personnel

ABAX traite les données à caractère personnel essentiellement dans le cadre du service à la clientèle, du suivi et de la gestion des clients, du marketing, de la facturation et des contrats conclus avec nos clients.

En général, ABAX se procure les informations directement auprès de vous. Parfois, nous les obtenons auprès d’autres sources, comme des institutions publiques ou privées. En plus, les positions GPS sont obtenues automatiquement grâce à certains de nos produits. Ces positions GPS doivent également être considérées comme des données à caractère personnel.

Lorsque nous nous procurons des informations à votre sujet, nous vous en informons et ABAX est responsable de leur traitement, à moins que la collecte soit imposée par la loi, qu’il soit impossible ou excessivement difficile de vous prévenir, ou que nous sachions que vous savez déjà que nous nous procurons ces informations. Si ABAX reçoit vos données sous forme de liste dans le cadre d’activités de marketing, vous avez la possibilité, lors de la première communication d’ABAX liée au marketing basé sur une telle liste, de refuser toute future communication basée sur une telle liste. Dans les cas où ABAX collecte des données à caractère personnel à la demande de nos clients, et agit ainsi en tant que sous- traitant pour le compte d’un de nos clients, notre client sera responsable des informations que vous recevez. Dans ces cas, nous pourrons aussi vous donner des informations directement, mais alors à la demande de notre client.

Parfois, nous enregistrons les conversations téléphoniques si vous y consentez.

Enquêtes auprès des clients

Lorsque vous avez été en contact avec ABAX, il peut arriver que nous vous demandions quelle a été votre expérience. Cela nous permet de mieux savoir comment améliorer les produits et les services que nous fournissons à nos clients. À l’aide de ces retours d’information, nous pouvons également évaluer l’effet des mesures d’amélioration et mettre en relation la satisfaction des clients et leur comportement dans la durée.

Si vous ne souhaitez pas partager avec nous ce type d’informations, vous pouvez vous abstenir de répondre au questionnaire que nous vous envoyons.

Newsletter et marketing

Vous pouvez recevoir des documents de marketing, des informations et des notifications d’ABAX. Ils peuvent arriver par mail, sur notre site Internet ou par d’autres canaux adaptés. Ces informations sont divisées en trois catégories :

  • informations et actualités, généralement sous forme de newsletter par mail ;
  • campagnes et invitations ;
  • notifications système concernant vos services d’ABAX.

Vous pouvez à tout moment vous inscrire ou vous désinscrire pour recevoir ces communications.

Divulgation de données à caractère personnel

Au sein du groupe

Nous disposons au sein du groupe ABAX d’un registre commun de clients, accessible à toutes les sociétés du groupe.

L’objectif de ce registre est de donner à nos clients le meilleur service possible, ainsi que des informations et des offres sur les produits et les services que nous proposons. Le registre de clients commun au groupe peut contenir les informations suivantes à votre sujet :

  • votre nom ;  
  • vos coordonnées ;
  • la société qui vous emploie ;
  • des informations sur la société dont vous êtes client ;
  • les services et les produits pour lesquels vous avez un contrat ;
  • l’historique de vos contacts avec ABAX.
Responsable du traitement

Le Responsable du traitement est celui qui définit l’objectif du traitement des données à caractère personnel. Au sein du groupe ABAX, le responsable du traitement est la société ABAX avec laquelle vous avez conclu un contrat. Pour les données à caractère personnel qui sont collectées au titre de l’exécution des contrats avec nos clients, c’est en général le client lui-même qui est responsable du traitement.

Sous-traitant

Lorsque le client d’ABAX est le Responsable du traitement, ABAX joue le rôle de Sous-traitant. À cette fin, un Contrat de traitement de données est conclu entre le client et ABAX.

ABAX a également conclu des contrats avec des sous-traitants concernant le traitement des données. Des contrats de traitement de données spécifiques s’appliquent à toutes les données à caractère personnel qui sont partagées avec nos sous-traitants. Nos sous-traitants ne peuvent pas utiliser ces données à d’autres fins que celles qui ont été définies par le Responsable du traitement.

Vos droits

Accès

Vous avez le droit d’obtenir des informations sur les données à caractère personnel que nous traitons et la manière dont nous les traitons. Vous pouvez voir une bonne partie des informations dont nous disposons sur vous en tant que client dans votre profil. Toute demande d’accès plus étendu doit être adressée au Responsable du traitement de ces informations.

Pour les salariés des entreprises qui sont clientes d’ABAX, certains champs de données sont uniquement visibles par le salarié lui-même et non par l’employeur (notamment les trajets privés dans ABAX Triplog). Si, par l’intermédiaire de l’employeur (le Responsable du traitement), une copie de toutes les données enregistrées au sujet de l’employé est demandée, nous attirons votre attention sur le fait que, dans ce processus, ces données peuvent alors aussi être visibles par l’employeur.

Rectification

Il est important que nos informations à votre sujet soient exactes et nécessaires à l’exécution des contrats que nous avons conclus avec vous et à la fourniture d’un service de qualité. Vous pouvez exiger la rectification et l’effacement d’informations à votre sujet si elles sont incomplètes ou inutiles. Toute demande de rectification doit être adressée au Responsable du traitement de ces informations.

Effacement

ABAX efface les données à caractère personnel lorsqu’elles ne sont plus nécessaires à la réalisation de l’objectif pour lequel elles ont été collectées. Cela signifie que, tant que vous avez un contrat avec nous, nous conservons les informations nécessaires à votre sujet. À la fin de la relation contractuelle, nous effacerons les données, sauf si un contrat a été signé concernant la poursuite de leur conservation.

Pour plus d’informations sur l’effacement, consultez les conditions de nos services. Toute demande d’effacement d’informations doit être adressée au Responsable du traitement. Si la loi exige une durée minimum de conservation, par exemple pour les données comptables, l’effacement ne pourra pas être exigé avant l’expiration de cette durée minimum.

Cookies

Objectif

Les cookies sont de petits fichiers qui stockent des informations sur la manière dont vous utilisez un site Internet. Ces informations sont stockées dans le navigateur que vous utilisez, donc chez vous.

ABAX utilise les cookies sur son site Internet pour :

  • connaître votre comportement afin de pouvoir améliorer les fonctions de notre site Internet, son contenu et votre expérience en tant qu’utilisateur ;
  • adapter le contenu afin qu’il corresponde autant que possible à vos besoins ;
  • vous donner des informations commerciales appropriées et adaptées sur d’autres sites Internet que vous consultez.

Il se peut que vous voyiez nos publicités sur d’autres sites Internet, en fonction du contenu et des pages que vous avez consultés sur notre site Internet. Les cookies utilisés à cette fin contiennent uniquement des informations sur les pages de notre site Internet que vous avez consultées et aucune information susceptible de vous identifier en tant que client.

Les informations que nous collectons dans le cadre de l’utilisation de notre site Internet peuvent, dans certains cas, être combinées à des informations sur notre relation avec vous par ailleurs.

Si vous utilisez notre site Internet sans désactiver la fonction des cookies dans votre navigateur, vous acceptez l'utilisation des cookies par ABAX. Malheureusement, il n’est pas techniquement possible de se connecter à notre site Internet si vous n’acceptez pas que nous déposions des cookies dans votre navigateur.

Comment éviter les cookies

Si vous ne souhaitez pas accepter le stockage de cookies sur votre ordinateur, vous devez désactiver la fonction dans le navigateur. Sachez que vous perdrez alors des fonctions sur www.abax.no et d’autres sites Internet.

Vous pouvez supprimer les cookies en suivant les instructions pour la suppression des cookies dans votre navigateur.

Si vous souhaitez autoriser les cookies, tout en surveillant ce que nous stockons, il existe des extensions pour votre navigateur qui vous permettent de le faire assez facilement. Une extension souvent utilisée est proposée sur  www.ghostery.com 

Protection des données à caractère personnel sur www.abax.com

Utilisation d’outils d’analyse

Sur www.abax.com, nous enregistrons les informations suivantes à votre sujet :

  • votre position à l’aide de l’adresse IP, de données sur votre position ou autre ;
  • vos traces électroniques, par exemple les pages que vous consultez et les produits que vous commandez ;
  • des informations techniques sur votre navigateur et votre système d’exploitation.

Nous utilisons les informations sur votre comportement sur notre site Internet aux fins suivantes :

  • analyse ;
  • adaptation personnelle du site Internet ;
  • service à la clientèle ;
  • marketing.

Nous utilisons Google Analytics pour analyser le trafic sur www.abax.com et les sites Internet associés. Vous pouvez refuser que Google Analytics collecte des informations à votre sujet sur le site Google Analytics

Vous pouvez être contacté

Si vous utilisez un guide pour un produit sur notre site Internet, il se peut que nous vous contactions à des fins commerciales sur la base de votre utilisation du guide.

Profils personnels

Chez ABAX, nous utilisons parfois des profils personnels pour adapter les offres que nous vous proposons. Les profils personnels sont un ensemble d’informations que nous avons obtenues auprès de vous, par exemple votre nom, votre adresse, d’autres données que vous avez fournies, les services que vous utilisez et des informations sur le trafic. Lorsque nous avons recours aux profils pour notre marketing, nous vous en informons.

Délégué à la protection des données

La déléguée à la protection des données d’ABAX, Christine Blomquist, est là pour vous aider en tant que client. Pour toute question sur la manière dont nous traitons vos données à caractère personnel, vous pouvez la contacter à dpo@abax.no

Sur le site Internet de l’Autorité norvégienne de protection des données, vous pouvez en savoir plus sur les exigences imposées au traitement des données à caractère personnel.