Qondor AS is the company that offers the Qondor services.
Qondor AS is a data processor for personal data processed through our Qondor services. We process these data on behalf of our customers (the Data Controllers).
Qondor AS is a Norwegian limited company with organization number 982 685 478. Our postal address is Postboks 1717, 7416 Trondheim, Norway and our e-mail address is firstname.lastname@example.org.
Categories of data processed
We process the following categories of personal data on behalf of the data controllers:
Personal data as collected by the Customer or on the order of the Customer, which may inter alia include, name, address, date of birth, contact information such as e-mail addresses and postal addresses, hotel reservations, flight information and information on allergies, as well as other types of Personal Data relevant for Customer’s administration of meetings and event including invoicing.
Source of Personal Data
The Personal Data processed through Qondor services originate in information you have given to your travel agency, event organizer or similar and may include additional information added by your travel agency, event organizer or similar.
According to applicable Personal Data regulations, it is voluntarily for you to provide your Personal Data to your travel agency, event organizer or similar.
The purpose of processing of personal data
The purpose of our processing of personal data is to fulfill our contracts with our customers, which is to provide web-based administrative system for handling Meetings, Incentives, Conferences and Events, tailored to professionals.
The legal basis for our processing of personal data
We process data solely with basis in data processing agreements with our customers. We do not process personal data through our Qondor services for our own purposes.
Use of sub-processor
Qondor is a cloud-based system, which runs on Microsoft Azure infrastructure. Qondor AS is an enterprise agreement partner of Microsoft with a Data Processing Agreement in place. See more on http://azure.microsoft.com/en-us/support/trust-center/
Microsoft, as a sub-processor, stores the personal Data in Northern Ireland.
Qondor process and store personal data inside the EU/EEA-area.
In addition Qondor uses e-mail services provided by Mandrill (part of Mailchimp) in the US, and with transfer legally based on Mailchimp’s Privacy Shield certification. Qondor also uses SMS-services provided by the Irish company Twilio, and where Twilio’s processing in the US is based on Privacy Shield and Twilio Binding Corporate rules.
With whom we share your information
We do not share personal data with third parties. We solely process data on behalf of our customers, the Data Controllers.
Exercising your rights – contact details Data Controllers
Requests from you (the Data Subject) concerning their rights according to the GDPR, such as access according to GDPR art 15, rectification according to GDPR art 16 and deletion according to GDPR 17, shall be directed to our Customers. Our Customers are responsible for handling such requests.
You can therefore contact your travel agency, event organizer or similar, concerning such requests.
Furthermore, if your Personal Data is processed based on your consent, you can at any time withdraw the consent by contacting the company you gave the consent to, which will be your travel agency, event organizer or similar.
Data Retention and Security
We retain and archive Personal Data to the extent that Data Controller through the data processing agreement instructs us to do.
We take Data Security seriously, and comply with security requirements according to Norwegian and EU Personal Data regulations.
Security audits are to be performed at least once a year.
Choice of law