The Visma Privacy Statement helps you understand what personal data we collect and why we collect it, and how we handle, protect, store, export, and delete your personal data.
Personal data is information that can identify you as a person, such as an email address, street address, phone number, etc.
WHAT PERSONAL DATA DO WE PROCESS?
The type of personal data that Visma processes about you may be:
- Basic personal information such as name, address, telephone number, email and demographic information
- User and web traffic information such as login ID, username, and IP address
- Financial information such as invoice-related information
- Content you have uploaded or provided such as photos, comments, articles and videos
- Statistics that show how the users use our software and consume content we offer
- Information provided through job applications
HOW IS PERSONAL DATA COLLECTED?
In general, Visma collects personal data directly from you or other persons linked to our Customer. If the Customer you work for purchases Visma products or services via a Visma partner company, we may collect information about you from the partner company.
In some cases, we may also collect information about you from other sources. These sources may be third-party data aggregators, Visma’s marketing partners, public sources or third-party social networks.
WHY DO WE PROCESS PERSONAL DATA?
This Visma Privacy Statement applies when Visma and its subsidiaries (Visma) process your personal data for various purposes when you interact with us, such as:
Buy and deliver
- Facilitate customer orders, agreements, payments
- Offer services directly to you, such as e-learning, webinars, reports, etc.
- Provide requested offers on products and services to Customers
- Create and facilitate accounts for users of our services
Support and improve
- Improve and develop the quality, functionality and user experience of our products, services and Visma Sites
- Offer customer support of our products and services
- Operate user communities to educate and enable interaction between users and Visma
- Detect, mitigate and prevent security threats and abuse, and perform maintenance and debugging
- Manage and send marketing preferences and content
- Create interest profiles in order to promote relevant products and services (profiling)
- Manage recruitment processes and process job applications
- Evaluate submitted documentation, conduct interviews and call references
Information regarding how personal data is processed in one of our many services is outlined in the respective data processing agreement for that service. Visma does in such cases act as a data processor and processes the data on behalf of and according to instructions given by the Customer. For more information regarding this, please contact customer support for that specific service.
WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
We process data based on several legal grounds.
AGREEMENT WITH YOU
We process your personal data on the basis of a legal binding contract with you. This will typically be when you apply for a job in Visma. Processing your personal data such as CV, application and references is necessary for Visma to handle jobseekers requests before a contract is entered into.
Visma might process your personal data based on consent. You will always be able to withdraw your consent, after you have given the consent.
Visma has a legitimate interest when we process your data for security, support and improvement purposes, or when you act as customer contact/lead for our existing and potential customers, hereunder in customer support. Your personal data is processed from a business perspective in a manner that we believe does not conflict with your privacy rights or freedoms.
Further Visma processes data based on legitimate interest if you are signing up for a webinar, downloading reports or other content from our web pages, and using our Visma communities. The legitimate interest is to provide you with correct content, hold webinars, do marketing and administrate your requests.
Read more about how Visma processes your personal data for marketing purposes based on legitimate interest and your rights when we process your personal data for such purposes under the section called “marketing” in this privacy statement.
HOW IS YOUR PERSONAL DATA SHARED?
WITHIN THE VISMA GROUP
As Visma consists of many different subsidiaries, it is important for us that we provide the best possible overall experience for you. In order to maintain an overview and insight, Visma may share your personal data across companies in the Visma Group.
OUTSIDE OF THE VISMA GROUP
Visma may also share your personal data with external third parties in the following contexts:
VISMA USER COMMUNITIES
If you make a post, comment or similar on Visma user communities or other forums on Visma Sites, such information can be read and used by anyone with access to such forums. Visma is not responsible for any information you submit on such forums or Visma Sites.
Visma may share your personal information with our partners in the event this is legitimate from a business perspective and according to applicable privacy legislation.
The police and other authorities may request access to personal information from Visma. In these cases, Visma will only provide the data if there is a court order etc. to do so.
WHEN DO WE USE PROCESSORS?
Visma uses processors to process personal data. These processors are typically vendors of cloud services or other IT hosting services.
When using processors, Visma will enter into a data processing agreement in order to safeguard your privacy rights. If processors are located outside the EU/EEA, Visma ensures legal grounds for such international transfers on your behalf, hereunder by using the EU Model Clauses.
For information on sub-processors used to provide you a Visma service, please visit our Visma Trust Centre.
You are always welcome to request an overview and more detailed information on Visma’s processors. For how to contact Visma, please see the last section of this statement.
HOW LONG IS YOUR DATA STORED?
Visma will only store your personal information as long as required to perform our contractual obligations. When processing your personal data on other legal basis, such as legitimate interest, data is stored as long as necessary to fulfil the purpose of processing.
Hence, your personal data may be subject to different retention policies based on the type of data and the purpose of collecting it. Here are some examples:
When recruiting, Visma will delete your personal information such as CV, application and other documents when the recruitment process is closed, typically maximum 6 months after application deadline, unless otherwise agreed upon with you.
Another example is contact information stored for marketing purposes, including leads or prospects. Such personal data will be deleted no later than 24 months after the last registered activity.
For further information regarding deletion, feel free to contact Visma (see contact information in the last section of this statement).
WHAT ARE YOUR RIGHTS?
You have the right to access your personal data by requesting an overview of the personal data we process about you and you may have a right to data portability. You also have the right to request that Visma corrects inaccuracies in your personal data. If you have an account with Visma for a Visma Site, this can usually be done through the appropriate "your account" or "your profile" sections on the applicable Visma Site or service.
Further, you have a right to request deletion of personal data, and to restrict or object to our processing of your personal data according to this Privacy Statement or other service-specific terms.
Please use firstname.lastname@example.org to file requests as mentioned in this section.
Finally, you also have a right to file a complaint to the data protection authorities with regards to our processing of your personal data.
MARKETING AND PROFILING
When you interact with Visma e.g. by visiting Visma web pages, downloading content, attending webinars, and as part of using Visma’s services, Visma will be processing your personal data based on legitimate interest. One of Visma's legitimate interests is the processing of personal data for direct marketing purposes.
Visma uses your personal data to provide relevant content to you through direct marketing on social media platforms and emails, webpages or in a Visma service, based on your preferences. The personal data processed are aggregated details about you such as IP address, interests (where you have clicked, etc.), username and device. This is done through technologies like cookies and is called profiling. Visma will also be able to combine this information with information about the customer relationship we may have with your company.
The purpose of the profiling is to deliver customized marketing to you, improve your user experience with our services / websites and deliver products that our customers are satisfied with. Visma's services are generally used as tools for work-related purposes, and your behaviour in these tools says little about your personal life. No sensitive data is processed. Your personal data is therefore processed from a business perspective in a way that we believe does not conflict with your freedoms and rights as an individual.
Visma uses email as a tool to communicate marketing, however only if you have consented in accordance with national marketing legislation (if needed). If you have consented, you will always have the possibility to opt out as described below, or when you receive an email containing marketing.
RIGHT TO OPT-OUT OF MARKETING COMMUNICATIONS
You have the right to opt out of receiving marketing communications from Visma and being subject to profiling. You can do this by either:
a. Following the instructions for opt-out in the relevant marketing communication
b. Changing preferences under the relevant edit account section if you have an account with Visma
c. Contacting us via e-mail at email@example.com
You will also always have the option to opt into/out of cookies on a particular web page, through our cookie banner.
Please note that even if you opt out from receiving marketing communications, you may still receive administrative communications from Visma, such as order confirmations and notifications necessary to manage your account or the services provided to Customers.
We encourage you to review the Statement regularly. If we make significant changes to our Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect.
The Privacy Statement is revised at least yearly and changes are approved by the Visma Privacy Council. Last updated: 2021-09-13.
HOW TO CONTACT US
Visma is a European corporation, with legal entities, business processes, management structures and technical systems that cross borders. Visma delivers software and services to private and public businesses in Europe. Visma’s head office is located in Oslo.
All major decisions regarding privacy in Visma are made at a corporate level by the Visma Data Protection Council supervised and chaired by the Data Protection Officer (DPO). The controller responsible for the processing of your personal data is:
Visma Group and its subsidiaries
Head Office: Karenslyst allé 56, 0277 Oslo, Norway
Telephone number: +47 46 40 40 00
We value your opinion. If you have any comments or questions about our Privacy Statement, or any privacy concerns, including regarding a possible breach of your privacy, please send them to firstname.lastname@example.org or directly to your local Visma company.
We will handle your requests or complaints confidentially. Our representative will contact you to address your concerns and outline the options regarding how these may be resolved. We aim to ensure that complaints are resolved in a timely and appropriate manner.