We care about your privacy. This policy presents a clear overview (we hope) of the type of personal data that we collect, how we use it, what we share with whom and why.
Munio supplies complex systems, so this policy is necessarily quite long. We apologise for this.
First of all: this policy applies to all services provided by Munio AS. At the moment, it primarily applies to www.muniolms.com, but more services will be added.
2. How to contact us
For all questions concerning your personal data, please contact email@example.com
3. Data you give us
Data we store because the law requires us to
When you set up an account for one of our services, you must provide your full name, email address, and date of birth. We require these details to be accurate. This is because we provide services that document training and skills that the Authorities and other entities require from employers and employees. We need to know your date of birth, as we do not wish to store personal data about children under 15 years old.
Data we store in order to fulfill a contract
For some of our services (such as Munio Access), you are required to provide us with your employer. These services are known as “business-to-business (B2B)” services and it therefore makes little sense to use them if you are not part of a business. These services can also not be purchased by private citizens, so we need to know who you work for so that they can pay for the services and we can supply what they have ordered.
Some courses/certifications require more secure identification of which person possesses a skill. In this case, we use BankID (and other similar solutions), and consequently do not store sensitive data.
Some courses/certifications and some employers/clients require us to register your mobile number for verification and documentation purposes. If this is the case, you cannot remove your phone number yourself. You can then contact us at firstname.lastname@example.org, and we will assist you.
Data we store because you give us permission to do so
We also ask for your mobile number, but this is not a requirement. We ask for this data so that you are able to receive notifications, temporary passwords etc. via text. This is practical for you, but not necessary. You can always go back and remove it later. It will then be deleted.
4. Data we store about you when you use our services
As a rule, when you log in to our services, we store pretty much everything you do if you have given us permission to do so.
Data we store because the law requires it
We store who you are, what items you are working on, how long you are working for, times and results and what you are uploading and downloading. This is essential for us to be able to issue course certificates and document skills. This applies to all items subject to requirements for documented training and skills set by the Authorities and other public entities.
Data we store in order to fulfil a contract
We store who you are, what items you are working on, how long you are working for, times and results and what you are uploading and downloading. Basically the same as in the above point, but now it applies to all items you are working on because:
- Your employer has placed demands on you (typically that you must upload a certificate, take “code of ethics in our business” as an e-learning course etc.). This is part of our contract with your employer. We cannot fulfil this without storing your data.
- You have purchased a course from someone and start it. There will then be a clause in our contracts requiring us to provide an analysis of the use of the course, so that it can be improved. Owners can then use the data you have generated to do this.
Data we store because you give us permission to do so
If you are using a service that contains searches (and you search), we will store this. If you select favourites, we save these. If you review and/or rate content, this will also be saved. We save this information in order to give you better recommendations. We also use what you have done (but anonymised) to give other people better recommendations. If you want us to remove information you have already entered, please contact email@example.com and this will be done. If you do not give us permission to store these things, search fields and similar will be removed for you, and we then cannot store anything.
If you use one of our private services, we store what you ask us to store, but that’s it. You can always see what information is stored about you and remove what you don’t like. What we have stored about you as an employee cannot be removed or changed. This is because your employer is obliged to be able to document this to authorities and/or other bodies.
5. Data we collect about you from other sources
Data we store because you give us permission to do so
Widgets from social media
The services may include functionality from social media. Some of these will be able to collect IP addresses, what sites you visit and store or update cookies. This type of functionality is run either by a third party or by us. If you use any of these, the privacy terms of the individual host apply.
Examples are the “like” button from Facebook, “share” buttons or other interactive widgets.
We can obtain personal data about you from other services. These will only be linked to data we already have about you from our own services.
If you give us permission to connect to other services, you also give us the right to store the data we receive from that service.
An example of this is logging on to our website via social media or authorisation services. We will then be able to retrieve your email, your name, where you live and link to your profile picture on the service. Of course, we only have access to what you have agreed that this external service can share.
PS! It is a good idea to check the privacy settings on these services before you give us permission. You then avoid more personal data than necessary spreading around the internet.
6. How we use the data we collect
Creating and maintaining an account
We use data about you (such as your email address) to create and manage your account (for example to give you password reminders).
Giving you access to content you have purchased or received
We use your personal data to give you access to content you have purchased from us, or content distributed to you via our systems. Sometimes, you will have searched for content directly (e.g. when you have purchased a course), other times you'll receive content from someone else (such as your employer or from a requirement placed on a portal you are registered with). In order to give you access, we need to know who you are. We must therefore use your personal data.
Processing data about you on behalf of employers and clients
You and your employer are responsible for ensuring that you have the right skills to carry out the job you are assigned to. This means that we provide data about what skills are registered for you in the system to: a) you, b) your employer, c) any clients.
This only applies to skills that either a) the employer or client has required or invited you to, or b) you have explicitly given us permission to share.
Dealing with questions and inquiries
If you have a question and contact us about it, we use your personal data in order to assist you.
Giving you information about Munio services and content
If you have given us explicit permission, we use personal data to give you information about Munio’s services or content we think you may find interesting. You can always remove permission either by clicking on the unsubscribe link in the information request or by sending us an email at firstname.lastname@example.org.
Respecting legal requirements
In some cases, we are obliged to share information about you to authorities or other certification bodies. This only applies if the skill in question is subject to mandatory documentation or is part of a certification scheme where documentation is required.
Examples of this are certificates in fire protection for carrying out hot work. The Norwegian Fire Protection Association will receive personal information about you in order to issue a certificate and keep track of who holds one of these.
7. How we share data
Data we share because the law requires it
In some cases, we share data with authorities if the registered skill is subject to mandatory documentation. We do this only upon direct request from a responsible entity (for example the Norwegian Labour Inspection Authority).
Data we share in order to fulfil a contract
If you have registered for our services as part of your employer’s requirements for you, the employer and/or certification bodies will have access to your personal data for all items that:
- Your employer and/or client has required you to carry out and/or document
- Your employer has offered you through its skill portal
- You have carried out a course that is part of a certification scheme.
An example is where your employer has required you to review and accept a code of ethics. You do this and your employer can obtain information about this. You will also be offered an e-learning course in Word that the employer has purchased. This information will also be accessible. Finally, you take a course in “Fire protection when performing hot work”. This information will be shared with the certification body.
Data we share because you give us permission to do so
Some of the data we share with others we do so because it is practical for you or so the service becomes better and more interesting. We will then always ask for permission and you will always be able to withdraw this permission. This applies to:
- Information on skills you want to share with your employer
- Information on skills you want to share with non-commercial skills databases
- Information on skills you want to share with commercial skills databases (e.g. LinkedIn)
- Information on skills you want to share with other users
If we share information about you with entities under b) and c), we will have a list of which entities this applies to at all times. In that case, you can find this list here.
8. How long data is stored for
We store personal data about you until you ask for it to be removed.
Data we do not delete because the law requires it
If the items are subject to documentation, they will be stored for as long as required by law, and you may not ask for them to be removed.
Data we do not delete because we must fulfil a contract
We keep some data because we need to fulfil a contract with others or because we are obliged to store it. This applies to:
- Information given in connection with buying content (orders, invoices and licences)
- Information stored because you have completed items in connection with an employee relationship and/or you have been a contractor at a company. The information will then be stored until the employer and/or client asks for the information to be deleted
9. Your rights
You have the right to know what data we have stored on you. You also have the right to ask us to stop storing things you have previously given us permission to store. You have the right to ask us to correct data or ask us to remove data we have on you. If you no longer want to hear from us, you have the right to request this.
Your right to obtain the data we have on you
If you want to know what data we have stored about you, contact us at email@example.com.
You will then receive a file with all the data, as long as this does not pose a significant risk to the lives, health or safety of others. We will not give you data that affects the privacy of others. You will receive this within 30 days as an electronic file.
Your right to have your data corrected or removed
If you have an account with us, you can log in to your account and update your personal information. You can also ask us to correct data by sending an email to firstname.lastname@example.org.
You have the right to object to us processing your personal data
You can ask us to stop processing your personal data even if we have a legitimate interest in continuing to do so (for example to earn money). This also applies to profiling you to give you targeted content and service offers.
You have the right to ask us to stop sending you advertising/newsletters. This applies even if you have previously given us permission to do so. You can unsubscribe from newsletters directly from the email, on your profile on the service or by sending an email to email@example.com.
PS! Remember that you might have given us permission to send you offers from other partners! In that case they are responsible for managing your rights. In other words, you must contact them so that they can stop processing your information and/or sending you offers.
You have the right to take data with you to another organisation
A lot of data we have stored about you could be very useful for you in the future, even if you no longer wish to use our services. That's why we give you all the data in a structured, machine-readable format. We use the best, most up-to-date formats for skill data, so if your new supplier is at a reasonable level, entering the data should be fairly simple.