English
English
Norsk Deutsch Svenska

Privacy statement

This privacy statement explains how Vendanor AS (hereinafter referred to as Vendanor) collects, uses, stores, and shares personal data in connection with our services, including our website, automated solutions, and administrative systems. Vendanor processes personal data in compliance with applicable privacy regulations, including GDPR, and only collects and processes personal data that is necessary for the purposes outlined in this statement. Unnecessary data is not collected or store.

User groups and personal data processed

Visitors to vendanor.com - the public website

  • Personal data processed: None

Vending machine end users

I.e. vending machine owners' customers/Vendanor's customers' customers.

  • Personal data processed: Email address, masked card number, transaction data, and user interactions.
  • Purpose: Generating e-receipts, troubleshooting, and security in Vendanor's systems.
  • Legal basis: Legitimate interests, consent.
  • Retention period:
    • Stored email addresses are automatically deleted after 500 days of inactivity.
    • Technical log data is deleted after 30 days.

Vending machine owners

System users - employees or partners of vending machine owners.

  • Personal data processed: Name, phone number, email address, user identifier, and logging of system activities.
  • Purpose: Secure authentication, user access management, operational support, and similar purposes.
  • Legal basis: Fulfillment of contract, consent, and legitimate interests.
  • Retention period: Personal data is deleted 1000 days after the user account is deactivated.

Business contacts

  • Personal data processed: Name, position, contact information, and correspondence history.
  • Purpose: Administration of business relationships, invoicing, and follow-up with customers and suppliers.
  • Legal basis: Fulfillment of contract, legitimate interests, and statutory requirements.
  • Retention period: Personal data is stored per the accounting act (min. 5 years).

Web Statistics

Vendanor websites and web applications collect, process, and store aggregated, non-identifiable statistical data. All processing and storage occur entirely within the Vendanor environment. No cookies, equivalent local storage methods, or personal data are used, and no information is shared with external entities. This approach ensures compliance with privacy regulations without requiring consent banners. The legal basis for this processing is legitimate interest.

Your rights

  • Right of access: You can request access to the data we have stored about you.
  • Right to rectification: You can request correction of inaccurate or incomplete data.
  • Right to erasure: You can request the deletion of data unless we are legally required to retain it.
  • Right to data portability: You can request to receive your data in a structured, machine-readable format.
  • Right to withdraw consent: You can withdraw your consent for data processing at any time, where this is the legal basis.
  • Right to complain: You can complain to the Data Protection Authority if your rights are not upheld.

Reach out to info@vendanor.com to exercise your rights.

Subcontractors

Vendanor uses subcontractors for certain services, such as data storage and message distribution. All subcontractors are bound by data processing agreements that ensure personal data is processed in compliance with GDPR and this statement. All data is processed inside the EEA.

Information Sharing

Vendanor shares data with third parties only as described in this statement, including:

  • Data from vending machine end users may be shared with respective vending machine owners. Processing is carried out under data processing agreements in compliance with GDPR and this statement.
  • When required by law, such as requests from authorities or courts.

Security

Vendanor implements necessary technical and organizational measures to protect personal data against unauthorized access, loss, or destruction. This includes encrypted communication and access controls.

Data breach notification

In the event of a data breach that affects personal data, Vendanor will notify affected individuals, relevant partners and authorities.

Data protection officer

For questions about processing personal data, reach out to the Chief executive officer of Vendanor.

Changes to the privacy statement

Vendanor reserves the right to update this statement as needed, for example, due to changes in regulations or our services. The updated version will be published on vendanor.com.

Revision date: 2024-12-18

Vending machine
Vending machines sold
Map
Countries