The website you are visiting is developed by Secure Practice AS (org.nr. NO 919 420 197) to market and sell our own products and services. The following privacy policy applies to your use of our online services, including both this website, our exercise web app, and other interactions with us which you do as an individual, not already covered by a data processing agreement with the organization you are employed at.
Our basic attitude is that we want to process as little information about identifiable individuals as possible. At the same time, we want to offer relevant information and contact to those who request this, and to use anonymous data for analytics and further development of our own services.
The following applies when using our online services:
Responsibility
Secure Practice, under supervision by our Chief Executive Officer, is the data controller for our own websites, including public exercises, which we manage ourselves. Infrastructure is hosted by a third party, under a data processing agreement between Secure Practice and our data processor, which specifies how our data shall be processed and protected at this level. The agreement ensures that – along with technical measures – the data shall only be processed upon our instructions, that they shall only be processed in the EU/EEA, and that they shall only be accessed by Secure Practice employees, yet always only on a need-to-know basis.
Statistics
Secure Practice collects deidentified information about visitors on our websites. This is done to allow us to analyze how our websites are used, so that we can develop and improve their contents and structure.
When you visit one of our websites, we store information about which pages are visited and at which time this happens, and which web browser is used. In addition, we process the IP address as required, but we only store a limited part of it for statistical purposes after making an approximate geographical lookup through using a local database.
In order to collect statistics, we use an internally operated statistics tool, which does not process or share data with external parties.
Cookies
The statistics tools we use store something called cookies on the device you are using. Cookies are used to identify your device aross page views, so that we can collect deidentified statistics as described above.
The video player will store cookies when you play an embedded video. Our service provider Vimeo will also store deidentified information about your nationality, duration of video play, and similar (privacy policy), but only upon your specific consent to enable embedded content when using our website.
We also store our own cookie ("spid") on your device, and this is today used in relation to any download of exclusive content or when you sign up for our services (see below).
You have full access to deny websites from storing cookies on your device, see allaboutcookies.org for more information (external site). Unless you do this, you have given your consent to our use of cookies. You can also activate the Do-Not-Track-setting in your web browser to partially avoid being tracked.
Exercises
If you sign up for an exercise session, and this is not facilitated under the governance of your employer, for instance in public settings with participations from many organizations, our data processing is based on the consent you give us at the time of sign-up.
As described during sign-up in these cases, data from such exercises, including your name, email address, phone number and data you provide as exercise input, are processed anonymously, and only for the purpose of completing the given exercise session, and are automatically deleted within 30 days.
In case a diploma is offered through this exercise, the diploma is made available on a unique link, which makes it possible to share on social media. Since this link becomes unavailable due to the deletion of your data after 30 days, you can download the diploma on your personal device within this time frame.
You can exercise your rights as a data subject according to GDPR, including access and erasure, by sending a request to: privacy@securepractice.no
Newsletter
If you sign up for our newsletter, we will store your email address. This address will not be shared with other parties, and is only used to send you relevant communications in a limited fashion.
You can be removed from our mailing list at any time by emailing us: privacy@securepractice.no
Contact form
If you contact us via our contact form, we store any relevant information you input to allow us to follow up on your request.
Unless you actively specify approval of additional use of your contact information, we will not use this information for any other purpose.
Other communications
Whenever you get in touch with us, either via email, phone or by other means, we exercise our legitimate interest to process these communication data with a purpose is to follow up on potential customers.
In relation to this, your contact details may be stored in our customer relations management (CRM) system for further follow-up, with our service provider HubSpot.
MailRisk
MailRisk allows you as an employee to contribute in stopping criminals who try to steal or destroy, by analyzing and reporting suspicious emails. Whenever you use the MailRisk button in Outlook or Gmail, any such use is governed by your employer and based on legitimate interest, combined with your voluntary use of the button.
The email you have open will be collected and analyzed by a Secure Practice robot. If threats are found, you will receive notice about this within a few seconds. If you specifically request feedback on a suspicious email, a security analyst will check it and send you the results via email within short time.
The robot tries to remove any personal data before sharing your email with a security analyst, to keep your identity hidden unless strictly required. A suspicious email may after all contain personal data about you. If you report an email by accident, you can simply revoke it at any time, deleting any data collected on it. If you are the only one to analyze or report a particular email, and no threat was found, the contents of this email will automatically be deleted after a limited period of time.
Your personal data will never be sold to third parties. Reported emails can however be useful for fighting crime, and for this purpose will share anonymous data with various entities. To ensure MailRisk service quality, we collect anonymous statistics about use, general findings from analyzed emails, and data on errors which may occur.
All MailRisk communication is encrypted with HTTPS. Software is built and tested with security and privacy by design in mind, by Secure Practice. Personal data are stored within EU/EEA and are processed in accordance with written agreements, which for instance ensures a right to control vendors. We do all we can to protect your data. If however something bad should happen, we are obliged to notify your employer as soon as possible.
If you have any feedback or questions, please contact your organization's IT staff.
Questions?
Feel free to send us an email via privacy@securepractice.no or call us at (+47) 92 12 1337.