Privacy statement
This privacy statement explains how Vendanor AS (hereinafter referred to as "Vendanor") collects, uses, stores, and shares personal data in connection with our services, including our website, automated solutions, and administrative systems. Vendanor processes personal data in accordance with applicable privacy regulations, including the General Data Protection Regulation (GDPR), and only collects and processes personal data that is necessary for the purposes outlined in this statement. Unnecessary data is neither collected nor stored.
User Groups and Personal Data Processed
Visitors to vendanor.com – Public Website
- Personal data processed: None.
Vending Machine End Users
I.e. customers of vending machine owners / customers of Vendanor's customers.
- Personal data processed: Email address, masked card number, transaction data, and user interactions.
- Purpose: To generate e-receipts, facilitate troubleshooting, and maintain system security.
- Legal basis: Legitimate interests and consent.
- Retention period:
- Stored email addresses are automatically deleted after 500 days of inactivity.
- Technical log data is deleted after 30 days.
Vending Machine Owners
System users – employees or partners of vending machine owners.
- Personal data processed: Name, phone number, email address, user identifier, and system activity logs.
- Purpose: Secure authentication, user access management, operational support, and related purposes.
- Legal basis: Fulfillment of contract, consent, and legitimate interests.
- Retention period: Personal data is deleted 1000 days after the user account is deactivated.
Business Contacts
- Personal data processed: Name, position, contact information (email and phone), and correspondence history.
- Purpose: Management of business relationships, invoicing, and follow-up with customers and suppliers.
- Legal basis: Fulfillment of contract, legitimate interests, and statutory requirements.
- Retention period: Data is stored in accordance with the Accounting Act (minimum 5 years).
Your Rights
You have the following rights regarding your personal data:
- Right of access: You may request access to the personal data we have stored about you.
- Right to rectification: You may request corrections to inaccurate or incomplete data.
- Right to erasure: You may request deletion of your data unless we are legally required to retain it.
- Right to data portability: You may request your data in a structured, machine-readable format.
- Right to withdraw consent: You may withdraw your consent at any time, where consent is the legal basis for processing.
- Right to complain: You may file a complaint with the Data Protection Authority if you believe your rights have been violated.
To exercise your rights, contact us at info@vendanor.com.
Subcontractors
Vendanor uses subcontractors for certain services, such as data storage and message distribution. All subcontractors are bound by data processing agreements that ensure personal data is processed in accordance with GDPR and this privacy statement. All data is processed within the European Economic Area (EEA).
Information Sharing
Vendanor shares data with third parties only as outlined in this statement, including:
- With vending machine owners: Data from vending machine end users may be shared with the respective vending machine owners. Such processing is carried out under data processing agreements in compliance with GDPR.
- When required by law: For example, in response to requests from public authorities or courts.
Security
Vendanor implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction. This includes, but is not limited to, encrypted communication and access control systems.
Data Breach Notification
In the event of a personal data breach, Vendanor will notify affected individuals, relevant partners, and authorities in accordance with legal requirements.
Changes to This Privacy Statement
Vendanor reserves the right to update this statement as necessary, for example, due to changes in regulations or our services. The updated version will be published on vendanor.com.
Data Protection Contact
For questions regarding the processing of personal data, please contact the Chief Executive Officer of Vendanor.