GDPR

Privacy Policy

 

A description of how Human Factors AS collects and uses personal information.


 

This Privacy Policy is updated continuously and without further notice of changes. An overview of changes is available at: Changelog for privacy statement

 

DATA CONTROLLER

Human Factors AS, through Managing Director – commerce, is the data controller for the processing of the company’s personal data for:

 

  • employees
  • users of our website
  • users of our digital test tools / surveys
  • customers, suppliers and partners

(Contact Information at the bottom of the page.)

 

 

DATA PROCESSOR

Human Factors AS has several data processors: 

 

  • MailMojo AS for newsletters.
  • NettSoft AS for computer networks and pro contacts against Microsoft for Office365.
  • Visma AS for payroll and accounting data.
  • Quality Regnskap AS for accounting and KPMG for audit.
  • Dynamicweb and Joy & Co for websites used to order Diversity Icebreaker® material.
  • Typeform for Diversity Icebreaker® (DI) online version 2, user registrations (DI) and TeamReflect® newsletter sign up.
  • Group.one Norway AS for Diversity Icebreaker® (DI) online version 3 (from 2019).
  • Group One AS for SMS communication.
  • Easyfact AS for Team Performance Inventory (TPI-LF), TeamReflect, Cooperation Checklist and Diversity Icebreaker® (DI) Online Version 1.
  • Typeform for user registrations an user feedback surveys.
  • Google Analytics for web statistics.
  • MailMojo AS for newsletters.

 

Human Factors AS, through Managing Director – commerce, is the data processor for any personal information in connection with the calculation of group scores for the Diversity Icebreaker, TeamReflect and Cooperation Checklist.

 

 

GENERAL INFORMATION ABOUT OUR TEST TOOLS / SURVEYS

We will always inform about the purpose of the survey and whether it is anonymous or not. If the survey is anonymous, Human Factors or Data Processor will not collect any information that can be linked to the respondent. Anonymous data from the surveys may be subject to research and standardization and will therefore be stored indefinitely. Human Factors AS will not share the information with others or use the information for purposes other than those specified.

 

 

Cookie Policy

Read about our cooke policy here.

 

 

PERSONAL INFORMATION FROM OUR TEST TOOLS: 

  • Diversity Icebreaker® (DI) online version 3
  • TeamReflect

 

 

A description of how Human Factors AS collects and uses personal information when answering Diversity Icebreaker online (Version 3)

 

This policy is updated continuously. An overview of changes is available here:  Changelog for privacy statement

 

Human Factors AS (“we”) is the data controller for the processing of personal data in connection with the Diversity Icebreaker® (DI) online survey. This document explains what data we collect, how we use it, and what rights you have under the General Data Protection Regulation (GDPR).

 

1. Data Controller and Contact Information

Human Factors AS
Org. no: 965878467
Address: Lilleakerveien 8, 0283 Oslo, Norway
E-mail: office@human-factors.no
Phone: +47 22 42 30 30

If you have questions about this policy or wish to exercise your rights, please contact us.

 

2. Data Processors and Hosting

Group.one Norway AS: technical operations and e-mail delivery.
Easyfact AS: consulting services for development and maintenance.
Server location: Norway. No personal data is transferred outside the EEA.

 

3. Categories of Personal Data Processed

When answering the DI survey, you are not asked to provide your name or direct identifiers. The following may be processed:

 

  • Optional background data: age, gender, industry, country (used only for research and standardization).
  • Test answers: used to generate your individual and group profile.
  • E-mail address (only if you actively choose to receive your results by e-mail.
  • Technical data: e-mail logs (sender, recipient, server name) are temporarily stored for 14 days.
  • No IP addresses are logged.

 

4. Purpose and Legal Basis

We process personal data for the following purposes:

 

  • Providing the service (generating group profiles and individual scores).
  • Legal basis: GDPR art. 6(1)(b) – necessary for the performance of a contract.
  • Research and standardization (optional demographic questions).
  • Legal basis: GDPR art. 6(1)(f) – legitimate interest.
  • E-mail delivery of results (if chosen by user).
  • Legal basis: GDPR art. 6(1)(b) – necessary for delivering requested service.

 

5. Data Retention

 

  • Survey responses are stored as long as necessary for analysis, research, and product improvement, but without information that can identify individuals.
  • E-mail logs are deleted automatically after 14 days.

 

6. Data Sharing

 

  • Facilitators receive only group profiles, which contain aggregated and anonymous results without any personal identifiers.
  • Individual results are only sent directly to participants (e.g., by e-mail if requested).

 

7. Your Rights

You have the following rights under GDPR:

 

  • Right of access (art. 15)
  • Right to rectification (art. 16)
  • Right to erasure (“right to be forgotten”, art. 17)
  • Right to restriction of processing (art. 18)
  • Right to data portability (art. 20)
  • Right to object (art. 21)
  • Right to withdraw consent at any time (when processing is based on consent).
  • Right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

We will handle your request as quickly as possible and no later than 30 days.

 

8. Security

We apply appropriate technical and organizational measures to protect your personal data, including access restrictions for administrators.

 

 

A description of how Human Factors AS collects and uses personal information when answering TeamReflect online

 

The freemium version

No name or other personal information is requested here. No IP address is stored. GDPR therefore does not apply.
 
 

The paid version

Human Factors AS (“we”) is the data controller for the processing of personal data in connection with the TeamReflect® platform. This document explains what data we collect, how we use it, and what rights you have under the General Data Protection Regulation (GDPR).

 

1. Data Controller and Contact Information

 

Human Factors AS
Org. no: 965878467
Address: Lilleakerveien 8, 0283 Oslo, Norway
E-mail: office@human-factors.no
Phone: +47 22 42 30 30

 

2. Data Processors and Hosting

 

  • Group.one Norway AS: technical operations and e-mail delivery.
  • Easyfact AS: consulting services for development and maintenance.
  • Server location: Norway. No personal data is transferred outside the EEA.

 

3. Categories of Personal Data Processed

We process the following categories of data in TeamReflect:

 

  • Facilitator/Customer name and e-mail address (to provide login access to the admin interface).
  • E-mail addresses for team-members (for distribution of invitations, survey access, and delivery of results).
  • Survey responses (individual assessments of the team).
  • Derived results: each participant sees their own answers and the aggregated team profile.

 

4. Purpose and Legal Basis

We process personal data for the following purposes:

 

  • Facilitator/Customer administration (login and access to admin interface). Legal basis: GDPR art. 6(1)(b) – contract.
  • Inviting participants to surveys and distributing results. Legal basis: GDPR art. 6(1)(b) – contract.
  • Generating aggregated team results for use in team development and follow-up measurements (“pulse measurements”). Legal basis: GDPR art. 6(1)(f) – legitimate interest in improving team collaboration.
  • Research and product improvement (anonymous and aggregated data). Legal basis: GDPR art. 6(1)(f).

 

5. Data Access and Protection of Individual Results

 

  • Participants: Each participant has access to their own answers and the aggregated team profile.
  • Facilitator/Customer: Has access only to aggregated team results, not to individual responses.
  • Human Factors AS: May access facilitator information, participant e-mails, and aggregated team results for support and system maintenance.

 

6. Data Retention

Participant e-mail addresses and team results are stored for as long as the customer uses the service, as they may be relevant for follow-up (“pulse”) measurements over time.

There is currently no automatic deletion routine. Customers may contact us to request deletion of data.

E-mail logs (sender, recipient, server name) are stored for 14 days before being deleted.

 

7. Data Sharing

No personal data is shared with third parties beyond our data processors listed above.

 

8. Your Rights

You have the following rights under GDPR:

 

  • Right of access (art. 15)
  • Right to rectification (art. 16)
  • Right to erasure (art. 17) – unless retention is necessary for follow-up measurements or legal obligations
  • Right to restriction of processing (art. 18)
  • Right to data portability (art. 20)
  • Right to object (art. 21)
  • Right to withdraw consent (if processing is based on consent)
  • Right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet)

We will handle your request as quickly as possible and no later than 30 days.

 

9. Security

We apply appropriate technical and organizational measures to protect your data, including restricted access, and administrative safeguards.

 

 

WORKSHOP/WEBINAR EVALUATIONS

We use the platform Typeform.com to conduct evaluations of our workshops/webinars. The purpose is to collect general feedback in order to improve our services. Invitations to the survey are sent by email to participants, based on our legitimate interest in improving our offerings (GDPR Art. 6 (1) (f)).

The survey itself does not include any questions about name, contact details, or other personal data. Email addresses are used solely for sending the invitation and are not stored together with the responses.

Typeform S.L. acts as our data processor, and data is stored on their secure servers within the EEA/EU in compliance with GDPR. The evaluation data is retained only as long as necessary for analysis and improvement purposes, without any possibility of identifying individual participants.

 

 

NEWSLETTER

Human Factors AS sends newsletters approximately 2-4 times a year via email. Data Processor: MailMojo AS. The basis for sending this is an explicit consent from each recipient. We only register name, email, role and country. The email address is used to send out newsletters, and to see if the recipient has opened the email and clicked on links. The email address is not shared with others. The purpose of the registration is to provide those who are interested in information about relevant upcoming workshops and product developments related to the Diversity Icebreaker and TeamReflect®. Personal information is stored indefinitely unless email is no longer in function or recipient chooses to unsubscribe. We use cookies in sign-up forms to prevent pop-ups from being repeated too often in the same browser. See more specific information about cookies policy here.

 

 

ORDERING MATERIALS AND SERVICES

Our customers can order test materials from the Diversity Icebreaker® website. Alongside the order they register, for example, company name, contact person, professional responsible for using test material, e-mail, telephone, delivery and invoice address.

 

Customers can also order materials and services using mail and telephone.

 

Delivery information is shared with the shipping company (UPS courier) which is responsible for shipping of the material on behalf of Human Factors AS. 

Invoice information is shared with our accountant BDO AS.

Personal information we receive when ordering material is otherwise used for:

- to effect the order, including invoicing in the Visma accounting system and possibly in Paypal, as well as to prepare internal sales statistics.

- Follow up with important customer relationship information such as product updates, support / service and price adjustments, but not regular market communication.

- Customer information will be stored as long as required to fulfill our obligations, e.g. in accordance with the accounting regulations.

 

 

DIVERSITY ICEBREAKER® USER REGISTRATION

We use Typeform.com to facilitate the registration of new users of the Diversity Icebreaker® (DI) tool. Registration is required before materials can be provided, and ensures that the consultant or facilitator declares responsible use of the tool. Relevant information is collected to assess whether the user has the necessary competence to apply DI in group processes. In addition, basic contact details (name and email) are recorded to allow us to request further information if needed, and to provide guidance that enables the user to get started with the ordered materials in a secure manner.

Since most registered users continue to order materials repeatedly over many years, the registration information is stored indefinitely. This ensures that the user’s competence does not need to be re-documented for each order. Personal data may also be used to follow up with important information related to the user registration, such as product updates, support and service notices, and price adjustments. The data will not be used for general marketing purposes.

Typeform S.L. acts as our data processor, and all registration data is stored on their secure servers within the EEA/EU in compliance with GDPR.

 

 

PARTICIPANTS OF TRAIN-THE-TRAINER WORKSHOPS

Human Factors AS uses Outlook (Microsoft for Office365) for enrolment and sending follow-up information; and Visma accounting system or Stripe to invoice workshop participants. Personal information about who has participated in the training in use of our test tools is relevant for assessing the competence for those purchasing our test tools (see, for example, "User Registration” in the section above). This information will therefore be stored indefinitely. Personal information is also used to plan the workshops (e.g. individual interests and focus areas of the participants) and for statistics. After the workshop, it will also be sent an email with the opportunity to evaluate the workshop.

 

 

 

INFORMATION ON EMPLOYEES

Personal information and payroll information is stored in Outlook (Microsoft Office365) as well as in Visma accounting system and DNB online banking. The treatment is based on employment agreement and the Norwegian tax card. Human Factors AS is required to report salary and personal information to the Norwegian public tax agencies.

 

 

WEB STATISTICS

Human Factors AS uses the analytics tool Google Analytics to analyse traffic on websites it manages. The system logs IP addresses. 

 

 

RIGHTS

Everyone who is registered in one of Human Factors AS's systems is entitled to access their personal information. The registrant also has the right to request that incorrect and incomplete information is corrected, deleted or supplemented. The registered person is also entitled to protest against the registration, as well as the right to data portability. The registrant is also entitled to appeal to the Norwegian Data Protection Authority (DPA). If the processing of personal data is based on consent, consent may be withdrawn at any time by contacting the data controller. Legal claims from the registrant will be answered as quickly as possible, but no later than 30 days.

 

 

CONTACT INFORMATION

Data controller:

Human Factors AS

Harald K. Ekelund, Man. Dir. - Commerce

E-mail: he@human-factors.no

Telefon: +47 22 42 30 30

Post address: P.O. Box 86 Lilleaker, 0216 Oslo, Norway

Org. nr. 965878467