Privacy Notice

Last updated: 2024-02-15T10:07:36.000Z

This privacy notice (the “Privacy Notice”) covers the service provided by Nomono (“Nomono” or “we below”) and outlines how and why Nomono collects, store, and process the personal data of users and other persons that interact with Nomono, visiting the Nomono-website, using Nomono’s service (the “Service”) inclusive affiliated services and other processing of personal data as part of Nomono’s business.

This Privacy Notice applies to any personal use of the Service, either you have established an account with Nomono for using the Service yourself, or if you have access to the Service through an account established by your employer or others.

The Privacy Notice also applies to other physical persons Nomono is in contact with or interact with as part of Nomono’s business, see below for the categories of persons which Nomono process personal data on.

Processing of personal data

Personal data is any information collected or maintained by Nomono and the Service in your account or otherwise, that identifies or could be used to identify a physical person. The physical person the personal data relates to is named a “Data subject” or “you” below.

Processing is any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

When delivering the Service, Nomono will collect and process personal data about you and your use of the Service. By using the Service, you agree that Nomono can use your personal data in accordance with our Privacy Notice and in accordance with any consents you may have given us. The access to the Service is subject to the Terms of Service accepted prior to accessing the Service (the “Terms”). If the basis for processing personal data is your consent, you may reject such processing by withdrawing your consent.

You acknowledge and agree that the Service is conducted and provided by Nomono electronically, through the internet, and that Nomono cannot guarantee the security or privacy of any electronic communications in which you participate in transfer on the internet.

If there is any conflict between the terms of the Privacy Notice and the Terms accepted prior to accessing the Service, the Terms shall prevail.

Data controller – data processor

Nomono is the data controller for the personal data you provide to us through the Service as a personal user and in for all other processing as described below where is not explicitly specified that Nomono is a data processor. As a data controller, Nomono determines the purposes and means of the processing of personal data and the means of such processing.

Contact information on Nomono, and information on how to contact Nomono, is provided at the end of this Privacy Notice.

Nomono is a data processor for the personal data which Nomono processes on behalf of a customer which is transferring personal data to Nomono for processing. The customer is then the data controller (i.e. the person/company which determines the purpose and means of the processing). When Nomono acts as a data processor, all processing of personal data by Nomono will be on behalf of the data controller and will be governed by a data processing agreement between Nomono and the data controller, giving the controller the right to instruct Nomono on the processing of personal data.

Personal data collected

Nomono may collect, and then process, a variety of personal data depending on how you interact with Nomono and use the Service.

From you

We may receive your personal data directly, for example by:

• Contacting us directly, e.g. using email, chat, or contact forms for either request, support, requesting to receive market or product information or other information, providing feedback etc.
• Creating an account and using the Service as a user
• Purchasing a product or service
• Online surveys, providing feedback or other interaction initiated by in which you participate
• Submitting application as a potential employee
• Personal data about you which may be part of soundfiles you submit as part of the Service
• Using our website

From third parties

In addition to the above, we may receive personal data relating to you from third parties, inclusive by automated means, such as:

• From your employer as part of granting you access to the Service throughout your employer establishing access to the Service for you
• Via analytics and statistics by using technology for collecting such information in the Service or on our webpage, such as Google Analytics, such as technical data about the hardware you are using when accessing the Service or website, inclusive your interaction within the Service and your browser. The data may be collected through the use of cookies and similar technology. For more about the use of cookies, see below.
• Personal data about you which may be part of soundfiles a user of the Service has uploaded to the Service for processing.
• From a partner selling Nomono products
• Social Media platforms such as Facebook, LinkedIn, Instagram, and YouTube for collaboration and advertising purposes

Categories of personal data processed

The categories of personal data we collect are:

The processing of personal data

Nomono will process personal data in accordance with this Privacy Notice and in accordance with EU and Norwegian privacy regulation, inclusive the General Data Protection Regulation (“GDPR”).

Nomono is only collecting and processing personal data which we have specified, explicit and legitimate purposes for collecting and processing. Nomono is the data controller for the personal data stipulated below, unless if you access the Service being an employee or having access to the Service under an agreement entered into by a company giving you access to the Service, of which  Nomono is a data processor. In such a case, the processing of your personal data may be subject to more information from the data controller, such as a privacy notice.

The retention and deletion of personal data are specified with the specification of the personal data processed below. Generally, Nomono will only retain your personal data for as long as necessary to fulfil the purposes it is collected for, as specified below, including for the purposes of satisfying any legal, accounting or contractual obligations, or any reporting or legal requirements.

When your personal data is no longer needed to be retained for any of the purposes stipulated below, we may delete or anonymise the personal data. Anonymised data is data that can no longer be associated with an individual person, and may be further used for research and statistical purposes in which case we may use this information indefinitely without further notice to you.

The personal data collected and processed by Nomono with the following purposes and legal basis for processing are listed below.

Establishing and using an account

To use the Service, you must register an account with Nomono or have an account activated by your employee or another service administrator. Upon such registration of an account, some personal data is required:

• Contact details, login information, relation to employer or service administrator granting you access to the Service, payment details (if relevant) and other mandatory or voluntary information concerning the Service.
• Payment details when purchasing access to the Service, if necessary, for our handling of the payment. This applies when you have a recurring subscription to the Service. If you pay by using a payment provider, we will not have access to your payment information. In such a case you may have to accept the terms for the payment provider. Nomono is not liable or responsible for the use of a payment provider.

Such processing is based on the Terms accepted when subscribing to the Service.

The processing of personal data above is based on GDPR Article 6 (1) item b, i.e. The processing is necessary for the performance of a contract to which you (the access to the Service under the Terms) are a party or in order to take steps at the request of you prior to entering into a contract.

Personal data related to your account will be stored for the latest of the last payment of the Service or two years after last activity on the account. Prior to deleting the account or deleting any sound files stored with the account, we will notify you on the contact information you have provided in the account.

Delivery of Service

To operate and deliver the Service and provide you with products and access to certain functions on our websites, Nomono may process personal data, inclusive:

• Credentials such as passwords preferred and saved user preferences, security settings, etc. processed in relation to providing the Service and managing your account.
• Demographic information such as your geographic location, time zone, preferred language, etc. when providing the Service or when you interact with our webpage.
• The device used, usage data and security: how you use the Service, when you accessed the Service, the devices you use for the Service, your IP address, the internet address you accessed our Service from, your internet service provider, etc.
• Your sound files if such files contain personal data, inclusive any personal data in the metadata for the files, inclusive in the title.

Nomono might process the above personal data with regard to customer or user support to diagnose and fix functionality or other problems and issues, and to help us understand and improve our products and the Service and other deliverances to you, inclusive other services and/or products, as well as providing more effective customer care and personalized service.

Nomono may process personal data to send notifications or information pertaining to the Service or your account that are necessary to the continued use of our products or the Service, which will normally be information about changes in Service, the Terms, the Privacy Notice etc.

Please note that you may not be able to use some of the functions in the Service if you decline our collection of your personal data.

The legal basis for such processing is GDPR Article 4 (1) item b, i.e. that the processing is necessary for the performance of a contract which you (the access to the Service under the Terms) are party to or in order to take steps at the request of you prior to entering into a contract.

Any personal data stored by using the Service will be stored as long as the account is active, see above.

Nomono will in addition analyse, transcribe, review, assess etc. the sound files uploaded, inclusive any data, information, hereunder how you interact with and use the Service, inclusive for the use of machine learning/artificial intelligence training. Such use also comprises any information on the sources of the sound, such as direction, geographical location, number of people providing the sound, tone level, gender etc. The processing of personal data in this regard is to improve the Service. In this process, only the sound on the files will be used, and no personal data will be processed. We will not in any other context use the sound files uploaded unless for support services, where we will access the sound files as part of providing support to you. The legal basis for processing is GDPR Article 6 (1) item f, as Nomono have necessary legitimate interest in improving our services and learn from the use of the Service, and we have considered that the users' privacy do not override this interest.

To respond to inquiries

Nomono may process personal data in order to respond to and follow-up inquiries from persons contacting Nomono, users of our website, potential users of the Service etc. The information processed may be contact information on the person contacting Nomono and information related to the contact.

The legal basis for such processing is Nomono’s legitimate interest in having contact with person contacting Nomono, and Nomono considers that Nomono’s legitimate interest to process the personal data does not override the privacy of the data subject (GDPR Article 6 (1) item f).

Any personal data related to responding to inquiries will be stored until the reason for the inquiry is fulfilled or until the matter is closed, and there is no reason to believe that there will be follow up matters regarding the inquiry.

Security and safety

Nomono must use personal data to protect the security of our products, users, and the Service.

The legal basis for such processing is Nomono’s legitimate interest in securing the above said, and Nomono considers that Nomono’s legitimate interest to process the personal data does not override the privacy of the data subject in addition to fulfilling our contractual and legal obligations according to the Terms to provide a secure Service (GDPR Article 6 (1) item f).

Any personal data related to security and safety issues will be stored until the reason for the matter for security and safety is closed, and there is no reason to believe that there will be follow up matters regarding the matter.

Relevant sales and marketing communications

You will receive promotional communications if you have requested information from us, purchased products or the Service from us or if you provided us with your details when you subscribed to our newsletter and have given your consent or any other forms on our website.

Any personal data related to sales and marketing communications the customer relationship has ended by deletion of the account, see above, or until you have withdrawn your consent or opted out on receiving sales and marketing communication.

Contact with business customers, suppliers, affiliates, partners etc.

We may also process contact information on contact persons when having contact with potential or actual business customers, suppliers and partners.

The legal basis for such processing is Nomono’s legitimate interest in having a contract with potential or actual business customers, suppliers and partners, and Nomono considers that Nomono’s legitimate interest to process the personal data does not override the privacy of the data subject in addition to fulfilling our contractual and legal obligations according to the Terms to provide a secure Service (GDPR Article 6 (1) item f).

Any personal data related to contact with the above, will be stored until there is no need for further contact with the customer, supplier, partner etc. because that the contract, potential relationship, or other means of the necessity for contact has ceased.

Recruitment

If you apply to a position with Nomono, we have to process your personal data in order to assess your application.

The legal basis for such processing is Nomono’s legitimate interest in recruiting, and Nomono considers that Nomono’s legitimate interest to process the personal data does not override the privacy of the data subject in addition to fulfilling our contractual and legal obligations according to the Terms to provide a secure Service (GDPR Article 6 (1) item f).

Applications will normally be stored for maximum one year after the completion of the application process unless you consent to further storage.

Ensure compliance and legitimate interests

Nomono may also process personal data in order to comply with statutory obligations to which Nomono is subject, and to safeguard own or third parties legitimate interests, e.g. in relation to establishing a legal claim or preventing unauthorised access to or disclosure of personal data.

The legal basis for such processing is necessary for compliance with a legal obligation to which Nomono is subject (GDPR Article 6 (1) item c).

Disclosure and transfer of personal data

As part of our product and delivery of the Service delivery, Nomono may include the services or function from affiliated partners who are authorised to sell branded products or services on behalf of Nomono. We also use some tools managed by third-party service providers to fulfil the delivery of certain aspects of the Service.

We will never transfer or sell personal data to any third party or otherwise connected to proving the Service, providing our business as described above or by other means for the benefit of our customers. We may disclose information to affiliated partners where appropriate, to fulfil your request for service delivery, improve our products and the Service. Personal data will not be shared with third parties for marketing purposes.

Nomono may share personal data with companies who provide essential services for delivering our products and the Service to customers. These might include services for:

• Information processing, payment processing, credit checks, fulfilling customer orders, delivering products, managing, and enhancing customer data, providing customer service, assessing your interest in our products and the Service, and conducting customer research or satisfaction surveys.
• In rare circumstances, we may be compelled, by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence to disclose your personal data.
• We may disclose the information if we determine that disclosure is reasonably necessary to enforce the Terms or protect our operations or users.

All processing by such third parties is subject to a data processing agreement, which, among other things, limits such third parties’ use of the personal data to the performance of the agreed services. The companies we use to provide the above services are controlled to ensure they comply with privacy regulation, including GDPR, and applicable local data privacy and security regulations.

We do not process, transfer, or share personal data outside the EEA.

Protection and security of personal data

When processing your personal data, inclusive when providing products and operating the Service, Nomono will make all reasonable precautions, including administrative, technical, and physical measures, to safeguard your personal data against unauthorised access, disclosure, alteration, and destruction.

Your rights as a data subject

As an individual, you are granted the following rights regarding the processing of your personal data:

The right to access and delete your personal data

You have the right to access the information we have about you at any time, as well as request the personal data we store about you is deleted, modified, or exported for portability reasons.

If the processing is based on your consent, you may also withdraw your consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal). If you have previously consented to receive promotional email communications from us, you can use the unsubscribe function at the bottom of our emails to unsubscribe from our emails at any time (“withdraw your consent”). If you have an active account, it will not be possible to opt-out/unsubscribe of basic emails since we need to communicate basic information, where relevant, to users to continue providing the Service.

If you have an account, you can access and modify your personal data which you have provided within the account or delete your account and then delete your personal data. If you delete your account, your information and content will be unrecoverable after that time.

If you do not have an account, you can be provided with the personal data we are processing or instruct us to delete the data by contacting us, see contact information below.

If the personal data is necessary for us, such as complying to law, we may withhold personal information until the data is no more necessary or to the extent permitted by law.

You may also instruct us at any time not to process your personal information for marketing purposes.

The right to rectification of your personal data

You have the right to rectify your data, either by amending the data in your account or by contacting us, see contact information below.

The right to object to and restrict the processing of your personal data

If you have provided your consent to your processing of personal data, you may also withdraw your consent at any time in your account or by contacting us on the contact information below.

You may also have the right to object to or restrict the processing of your personal data in accordance with GDPR Article 18.

The right to data portability

You may have the right to data portability if your personal data is subject to the requirement under GDPR Article 20.

Use of cookies and similar technology

It is possible to visit our websites without providing personal data about yourself by rejecting the use of cookies and similar technologies by enabling restrictions in your browser.

However, for you to best utilise the use of our website, inclusive providing some of the functionality on the website, the collection and processing of personal data is required.

We also use cookies on providing the Service, and to use the Service and all functionality herein, it may be necessary to use cookies and similar technologies.

We use the following cookies etc. on our website:

• Cookies related to Google Analytics, tracking behavioural data for analytics purposes. Complete list of cookies and their expiration time can be found at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
• Cookies related to Hotjar. We use Hotjar in some of our Services in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our Sites). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. We also use Hotjar for user feedback/surveys. For further details, please see Hotjar’s privacy policy by clicking on this link https://www.hotjar.com/legal/policies/privacy/
• Cookies related to the Facebook Pixel for advertising purposes see Facebook’s cookie policy at https://www.facebook.com/policies/cookies for more information.
• Cookies related to HubSpot, exhaustive list found at https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser

We use the following cookies etc. in the Service:

• Cookies related to user authentication, authorization and security.
  • A set of auth0 cookies, list can be found at https://auth0.com/docs/users/cookies/authentication-api-cookies
  • A sessionid cookie used to authenticate the user for a session, living for 2 weeks.
  • A csrftoken cookie used to protect the user from cross site request forgery attacks, living for 4 weeks.
• Cookies related to Google Analytics, tracking behavioural data for analytics purposes. Complete list of cookies and their expiration time can be found at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

Supervisory authority

If you experience anything you think is a violation of the regulations or to exercise your rights, or if you otherwise have any questions regarding our processing of your personal data, we encourage you to contact us as described below.

However, we also notify you that you may raise a complaint to a data protection authority. As a Norwegian company, Nomono is subject to the Norwegian Data Protection Authority (Datatilsynet) as a supervising authority. You may contact your national/state supervisory authority, but Nomono will retain the Norwegian Data Protection Authority as our lead supervisory authority.

You find more information on the Norwegian Data Protection Authority here: www.datatilsynet.no.

Changes to the Privacy Notice

As our business grows and our Service and products evolve, this privacy notice may change, or other privacy notices may be written and posted specifically to address new offerings or to keep pace with data privacy laws.

When changes are substantial, we will first ensure to make you aware of any forthcoming changes by attempting to contact you directly via email, or via our user interfaces.

For when this Privacy Notice was last updates, see in the end of the Privacy Notice.

Data controller – Nomono

The data controller responsible for the processing of personal data as described above is Nomono AS (“Nomono”), a company registered in Norway with the registered address and contact information:

Nomono AS

Strandveien 43

7067 Trondheim

Norway

Business reg.no: 922 172 676

E-mail: hello@nomono.co

Webpage:

For any questions about this Privacy Notice, please contact privacy@nomono.co.