Midio

PRIVACY POLICY FOR MIDIO

Last updated: 20 August 2024

This privacy policy applies for processing of personal data when Midio AS ("Midio", "we" or "us") processes personal data in the capacity of data controller, for instance related to personal data about our private customers, visitors of our websites, and contact information of our business customers and suppliers.

Please note that this privacy policy does not apply to the cases where Midio processes personal data in the capacity of data processor on behalf of our business customers when using the Midio Services. For this processing of personal data, there will be a separate data processing agreement between Midio and the relevant business customers in question.

Each individual private Midio user is responsible for any personal data they choose to upload to the Midio programming tool and platform. This responsibility includes ensuring the legality of uploading and processing such data within the services provided by Midio.

Below you will find information about the personal data we collect, why we do this, and your rights in relation to the processing of your personal data.

1. WHO WE ARE

Midio is a programming tool and platform that is visual by nature. It’s a completely new programming language and helps you visually make sense of data complexity, work much faster, and lets you code amazing stuff together with developers and non-developers alike.

The Midio programming tool and platform is offered both to our private individual customers and to our business customers. Midio acts as the data controller for the processing of personal data described in this privacy policy.

Our contact information is:

Midio AS
Karl Johans gate 5
0154 OSLO
Norway
Business registration number: 925 475 874

If you have any questions about how we process your personal data, or if you wish to exercise your rights under the GDPR, please contact us at hi@midio.com. Detailed information on these rights can be found in Section 7 below.

2. WHO WE PROCESS PERSONAL DATA ABOUT

The privacy policy governs the processing of personal data for the following persons:

3. PURPOSE, CATEGORIES OF PERSONAL DATA, LEGAL BASIS, AND RETENTION PERIOD

All processing of personal data is carried out in accordance with the applicable data protection rules, including the General Data Protection Regulation (GDPR).

Below you will find an overview of the purposes for which Midio processes personal data, what personal data is processed, the legal basis for the processing, and retention periods.

3.1 Processing of personal data relating to the Midio User Account

In order to use the Midio programming tool and platform, you need to create and register a Midio User Account on our website. The purpose of the Midio User Account is to provide you with your personal access to the Midio programming tool and platform.

The personal data we process about you within the Midio User Account includes:

For our private individual customers, the legal basis for the processing of personal data in connection with the Midio User Account is GDPR Article 6 no. 1 (b), the processing is necessary for the performance of the service agreement entered into with you as a data subject (provide access to the Midio programming tool and platform).

For our business customers, the legal basis for the processing of personal data in connection with the Midio User Account is GDPR Article 6 no. 1 (f), Midio's legitimate interest in establishing and administering a user account for each user within the business customer, or a common enterprise-user, in order to provide the business customer with individual access to the Midio programming tool and platform.

The personal data collected in this context will be retained until the individual user deletes their Midio User Account.

3.2 Entering into and administration of service agreements with business customers and suppliers

Midio processes personal data of contact persons at our business customers and our suppliers solely to the extent necessary to enter into and administer the agreement with the relevant customer or supplier. This processing of personal data is conducted based on Article 6 no. 1 (f) GDPR, which pertains to our legitimate interest to enter into and manage the relevant service agreement or supplier agreement with our business customers and suppliers. As such, the processing of your personal data as a contact person for a business customer or supplier is justified by our need to effectively establish and maintain the contractual relationship.

The personal data we receive in connection with this processing will be deleted upon the termination of the agreement with the specific business customer or supplier. However, certain information may be retained for a longer period if necessary, in the context of bookkeeping and accounting purposes or for Midio to defend against potential legal claims. All personal data will be permanently deleted once the legal deadlines for filing complaints have expired.

3.3 Requests and inquiries

When you contact Midio via the contact information form on our website, e-mail, or phone, with inquiries related to our services, platform, or otherwise, we process the personal data you provide, such as your name and contact information, along with any other personal data included in your request. The processing of this personal data is necessary to effectively respond to your inquiries and provide the information or support you are seeking.

The legal basis for this processing is established under GDPR Article 6 no. 1 (f), which is our legitimate interest in responding to your requests. We process your personal data solely to provide the necessary responses and assistance you require. Your personal data will be deleted or anonymized after your request has been fully responded to and the matter has been resolved.

3.4 Providing feedback as a Midio Beta User

If you have been granted early access to the Midio programming tool and platform as a beta-user for the purposes of evaluating and providing feedback on the service, we process the personal data you provide which typically includes your name, contact information, and any personal data you include in free text fields within the feedback or review form.

The legal basis for processing your personal data related to feedback is Article 6(1)(b) GDPR, which concerns processing necessary for the performance of the Midio Beta Terms (agreement) entered into with you as a data subject (to provide beta access to the Midio programming tool and platform). Alternatively, it is based on Article 6(1)(f) GDPR, which relates to our legitimate interest in improving our services based on the feedback received. The personal data collected for this purpose will be deleted or anonymized after the feedback has been provided.

3.5 Marketing activities / Newsletters

Midio may carry out electronic marketing activities to users of the Midio programming tool and platform and subscribers of our newsletters.

In order to carry out such marketing activities, we process the following personal data:

The legal basis for the processing is your consent, cf. GDPR Article 6 no. 1 (a). If relevant, marketing material may also be distributed on the basis of GDPR Article 6 no. 1 (f) and the existing relationship with you as a customer.

You have the right to withdraw your consent for marketing activities at any time, either by contacting us directly or by utilizing the unsubscribe option provided in the emails you receive from us. Upon withdrawal of your consent, your personal data will be deleted unless it is required for other purposes, such as maintaining your Midio User Account.

3.6 Use of Cookies

Midio utilizes cookies to ensure the proper functioning of our website's various services. Cookies are small text files stored on your device's browser when you visit our site. Some cookies, known as "necessary cookies," are essential for the operation of our website. These cookies enable fundamental functionalities such as accessing your secure areas.

Where these necessary cookies involve the collection or storage of personal data—such as your IP address, operating system details, browser ID, and your interactions with our site—we process this information based on our legitimate interest in maintaining our website's functionality and security, as stipulated under Article 6 no. 1 (f) of the GDPR.

In addition to necessary cookies, Midio may utilize cookies for other purposes, such as for statistical analysis/measurement, marketing, and integration of social media. The legal basis for the processing using such cookies is your separate consent that you have given through the cookie banner on our websites, pursuant to Article 6. no. 1 (a) of the GDPR.

You can always delete cookies by going into your browser settings and deleting content. If you need any assistance in this regard, you are welcome to contact us.

4. RECIPIENTS OF YOUR PERSONAL DATA

In some circumstances, Midio may disclose personal data to others to the extent necessary for the administration of our operations and to carry out our business activities.

Midio may, among other things, share your personal data with our supplier of IT systems and technical assistance. These parties process personal data about our customers and suppliers by virtue of their role as data processors, and their processing is subject to a data processing agreement. The suppliers are required to act according to documented instructions from Midio and may not use personal data for their own purposes.

In addition, we may in some cases disclose your personal data to other companies who will themselves be responsible for how they process your personal data. For example, we may disclose your personal data to partners who handle payment services and public authorities if this is required by law or by a legally enforceable judgment or order.

If Midio sells or buys any business or assets, Midio may transfer your personal data to a prospective seller or buyer of such business or assets.

If Midio or a significant part of Midio's assets are sold to another company, the personal data of our customers and prospective students may also be shared in connection with the sale.

We always implement appropriate technical and organizational security measures in accordance with applicable data protection legislation to ensure that your personal data is handled in a secure manner when transferring or sharing personal data with a third party.

5. TRANSFERS OF YOUR DATA TO COUNTRIES OUTSIDE THE EU/EEA

Generally, we process your personal data within the EU/EEA. If the personal data is processed outside the EU/EEA, there is either an adequacy decision from the European Commission in place, which ensures that the third country in question guarantees an adequate level of protection, or we ensure that appropriate safeguards are in place to ensure that your rights under the GDPR are safeguarded. Examples of such appropriate safeguards are that the data transfer is subject to the European Commission's Standard Contractual Clauses (SCC's) or that the relevant third party follows approved standards of conduct.

If you would like more information about the security measures we have implemented, please contact us using the contact details set out at the beginning of this privacy policy.

6. SECURITY OF THE PROCESSING

All our processing of personal data is secured by necessary technical and organizational measures.

We handle personal data so that it is accurate, accessible and processed in accordance with the degree of sensitivity of the data. We also use a range of security technologies and information security procedures to protect personal data from unauthorized access, use or disclosure.

We have entered into data processing agreements with all our suppliers that process personal data.

We restrict access to personal data strictly to the staff or third parties who have a necessary need to process the data on our behalf. These parties are subject to a duty of confidentiality.

7. YOUR RIGHTS WHEN WE PROCESS PERSONAL DATA ABOUT YOU

Below is an overview of your rights under the GDPR:

Right to information and access:

We strive to be open and transparent about how we process your personal data. If you wish to know more about how we process your personal data or wish to receive the personal data we process about you, you can request access to the information we have stored about you. If we receive an access request, we may ask you to provide more information about who you are to ensure that we provide the data to the right person.

The right to rectification:

If you become aware that we hold outdated or inaccurate information about you, you can ask us to correct the error at any time by contacting us.

The right to erasure and restriction:

You have the right to request that your personal data is erased or that its use is restricted, for example, if you believe that your personal data is being processed in violation of applicable law. We will as far as possible comply with a request to erase personal data, but we cannot do this if we are required by law to store certain data e.g. for accounting purposes or to comply with a legal claim.

The right to data portability:

In some cases, you may have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format. If technically possible, you may also request that the data be transferred to a third party.

The right to object:

You have the right to object to our processing of your personal data if, for example, it is processed on the basis of our legitimate interests.

The right to withdraw consent:

If you have given consent to our processing of your personal data, you always have the right to withdraw this consent at any time by contacting us. However, this does not affect the lawfulness of the processing based on your consent until you have withdrawn it.

To exercise your rights, as described above, you can contact us at hi@midio.com.

Your inquiry will be answered as quickly as possible, and within one month at the latest. If it takes longer than one month, you will always be notified, together with the reason for such delay.

8. COMPLAINTS

If you feel that our processing of personal data does not comply with what we have described here or that we are otherwise in breach of the data protection regulations, you can complain to the Norwegian Data Protection Authority:

Datatilsynet
Postboks 458 Sentrum
0105 Oslo
E-mail: postkasse@datatilsynet.no

You can find more information about complaints to the Norwegian Data Protection Authority on their websites.

9. CHANGES

If there are changes made in how we process your personal data, we will update or change our privacy policy. In the event of major changes, we will inform you of this.