Last updated: 28th November 2020
Welcome to the web site (“Site”) of Wrepit AS (“Company”, “Wrepit”, “we”, “us” and/or “our), a Norwegian company with registration number 821 430 232. Wrepit provides a cloud platform for on-demand publishing of written documents, with related hosting, sharing services and analytics tools (“Services”). In order to provide our Site and Services, we collect personal data from our customers (“Customers”). We also may collect and host the personal data of our Customers’ end users (“End Users”) when our Customers use the Services. This Policy outlines the information that Wrepit gathers, how the information is used, and your options to access, correct, or delete such information.
You own your data - we help you get the most of it. We want to be transparent when it comes to privacy, and we believe in keeping personal information private and secure. We will never sell, rent, or otherwise share your personal information to anyone except as required to provide our service or as otherwise outlined in this Policy without notifying you and providing an opportunity to consent.
1.2Data Controller and Data Processor
Wrepit’s Data Protection Officer can be contacted on firstname.lastname@example.org.
In addition – when Customers transmit personal data while using the Services, Wrepit processes that data. Legally, Wrepit is the Data Processor of such personal data, and the Customers are the Data Controllers. The processing of personal data on behalf of the Customer is based on a data processor agreement between Wrepit and the Customer.
2.Who does this Policy apply to
- Any person that registers individually or on behalf of an organization or legal entity in order to use Wrepit Services.
- Website Visitors:
- Visitors to our websites, and others that may opt in to receive communications from Wrepit.
- End users:
- Wrepit may process End User data on behalf of customers on the publishing platform. Subsequently, this Policy also applies to any End User that visits a Customer publication and whose information we process in order to provide Services to our Customers.
- Wrepit does not knowingly collect information from children under the age of 16. If you have reason to believe anyone under the age of 16 has provided personal data to the Services, please contact email@example.com.
3.What information do we collect
If you have any questions concerning the legal basis on which we collect and use your personal information, please contact us at firstname.lastname@example.org.
- Customer Account Information:
- We work with our preferred identity partner, Auth0 (https://auth0.com), to handle all authentication. When you register for a Wrepit account we request and store your email address, and optionally – according to your preferred sign-up selection – password and other account information provided by your identity provider (IDP). Account Information is required to permit you access to your account(s). By providing us your Account Information, you represent that you are the owner of such personal data, or otherwise have the consent to provide it to us.
- Customer Payment Information:
- You are not required to enter any payment information unless and until you decide to continue with a paid subscription for our Services. When signing up for a paid service, you must provide billing information.
- Website visitors:
- We may ask for and collect personal information from you when you submit opt-in forms on our Websites.
- Website Cookies and Tracking:
- We utilize operational and analytical “cookies” in our services. Our cookies help provide additional functionality to the Services and help us more accurately analyze the Services. In addition to internal, functional cookies, Wrepit utilizes:
- End Users:
- Our Customers and their users are responsible for the content they publish using our Services (e.g. media, images, written content, graphics, etc.). We collect End Users’ information when they use our Customers’ publications and APIs.
3.1European Economic Area (EEA)
Our legal basis for collecting and using personal information for individuals from the EEA depends on the personal information, and why we collect it. Normally, we will collect personal information from you only where: (a) we have your consent to do so, (b) we need your personal information to perform a contract with you, or (c) where the processing is in our legitimate interests. In most cases this means that if you do not provide the requested information, we will not be able to provide the requested Services to you.
4.How do we use the information we collect
Wrepit only processes personal information in a way that is compatible and relevant for the purpose for which it was collected and authorized. In general, all data we collect may be used to:
- Provide, operate, improve and promote the Services.
- Enable your access to the Services.
- Process, complete and send you transaction information and invoices.
- Provide customer service and support, and send you technical notices, updates, security alerts, and administrative messages.
- Send commercial communications in line with your communication preferences.
- Monitor and analyze activity in connection to the Services.
- Comply with legal obligations
5.When we share information
In addition to sharing with Service Providers as described above, we may also share your personal information with others in the following circumstances:
- With our resellers and other sales partners who help us distribute the Services to Customers.
- In the event of a merger, sale, change
Wrepit uses the following Service Providers:
- FaunaDB – Database provider
- Microsoft Azure – Storage and hosting provider
- Auth0 – Identification provider
- Vercel – serverless hosting provider
- Postmark – Transactional email provider
- Hubspot – CRM system and chat
- Fiken – ERP
- Sentry – Bug tracking
- Google Analytics – Analytics
Wrepit is a Norwegian corporation. All personal data is stored in accordance with the General Data Protection Regulation. We primarily store all personal data in the European Economic Area (“EEA”) and the United States.
The Standard Contractual Clauses apply to all data transferred outside the EEA or the United Kingdom, either directly or via onward transfer, to any country not recognized by the European Commission as providing an adequate level of protection for personal data. Wrepit has Data Processor Agreements in place with all service providers where transfer outside the EEA is applicable.
7.Data subject rights
Data subjects have the right to request access to data, rectification of data, and erasure of data.
Wrepit has implemented appropriate technical and organizational measures to safeguard the personal data which we process against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and other unlawful forms of processing. In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customers personal data, Wrepit will inform the Customer of the breach without undue delay, including a summary description of the potential impact and a recommendation on measures to mitigate the possible adverse effects of the breach.