Information security

At Brevio.com, your privacy and data security is one of our focus areas. We will always process your personal information:

  • With confidentiality.
  • Correctly, according to separate statements.
  • Legally, in accordance with applicable laws and regulations on privacy and information security.

Documents that you have received or uploaded in Brevio.com are your private information and property, and Brevio AS will only process this information within the framework of the law when it is you who has initiated the processing.

1. Who is responsible for data processing?

Brevio AS will process personal data as a result of the user using Brevio.com and will in all processing of personal data follow the provisions of the Personal Data Act of 15 June 2018. The data controller is Brevio AS, Forskningsparken - Gaustadalléen 21, 0349 Oslo.

2. The purpose of the processing?

The purpose of the processing of personal data in Brevio.com is to fulfill the rights and obligations arising from the terms of use  terms of use of Brevio.com. The purpose is further to manage and further develop the services, diagnose problems in Brevio and associated systems, develop new services, and to communicate with the user. Personal information may also be used to direct marketing inquiries to the user in accordance with the terms of use and the provisions of the Personal Data Act and the Marketing Act.

It is voluntary for those who visit the website to provide personal information. In order to be able to use the Brevio.com platform, it will be necessary for identification reasons to provide name, telephone number, office affiliation and e-mail address - as well as verify identity using Norwegian BankID, Swedish BankID or Danish NemID.

We will use the information about you for any of the following purposes:

  • Use of e-mail addresses and telephone numbers for sending and receiving documents to and from the selected customer, as well as when sending out newsletters.
  • Provide you with information about updates and new services.
  • For statistics collection, aggregation and administration of the websites and services. Information is obtained for Brevio AS to receive further information about the users, to manage and improve the websites.

3. What is the legal basis?

Consent from the data subject that the data controller takes care of a legitimate interest, and consideration for the data subject's privacy.

4. What personal data is processed?

We process both personally identifiable information and non-personally identifiable information.

We collect and process the following information:

  • You can register on Brevio.com to use our services. To ensure identification and authentication, you must register your first name, last name, office affiliation, e-mail address and telephone number. The information is authenticated using Norwegian BankID, Swedish BankID or Danish NemID.
  • You can subscribe to newsletters so that you receive e-mails from Brevio AS about current news. In order for us to send e-mail to the correct user, you must register your e-mail address.
  • If you direct an inquiry to Brevio.com via the website, for example by sending us an e-mail or using chat, relevant information may be stored, such as name and e-mail address.
  • When you visit Brevio.com, your IP address is registered. Brevio AS does not link this information directly to you as a user. We use the information to manage and maintain our pages. This enables us to prepare ever better and more user-friendly offers. See more about web analytics and cookies below.
  • Brevio AS collects and also processes deidentified information about visitors to Brevio.com. We use common Internet technologies, including "Cookies". These are small cookies (text files) that the website asks your browser to store on your computer or mobile device. Brevio AS uses the following cookies:

1. Statistics and information on how visitors use our websites. We aggregate information and create reports that help us improve the experience. The tools use first-party cookies only to collect data. These cookies, and the data collected, are anonymous and cannot be used to identify you as an individual.

2. We use cookies to keep forms in our services filled in when you navigate back and forth between the different steps in them. Most browsers automatically accept cookies. You can always choose not to accept a cookie by changing your computer settings to reject a "cookie" or to accept a "cookie", but this may limit the range of features available. The setting is to be understood as a consent if it is such that the user expresses acceptance of the use of cookies. This also applies if the browser is preset for acceptance.

3.  If you do not want Brevio to collect anonymous data from you, then you can change the security settings on your computer.

5. Where does the information come from?

See information above for description on where the personal information is obtained.

6. Voluntary registration

It is voluntary for our users to provide personal information - but the registration process derived in clause 4 is a prerequisite for being able to use our services.

7. Is the information disclosed to third parties?

If it is a prerequisite for sending, receiving or archiving documents, or offering or performing other services in Brevio.com, personal information necessary to perform such service will be disclosed to third parties.

Except as provided in the Terms of Use, personal information will not be disclosed to third parties for commercial use. Brevio AS shares information that is not identifiable on a personal level with third parties, in order to better understand the usage patterns for offers, advertising and other services / functionality related to Brevio.com.

8. What right does the data subject have to access, rectify and delete?

According to the Personal Data Act, the individual has the right to access their own personal data. If information in Brevio.com is incorrect, it will be possible to have it corrected or deleted. All information collected from the user will be available to the user, and can be corrected via the Brevio account or by contacting us at post@brevio.com. We reserve the right to make certain changes that require approval before they are activated in Brevio.

If you want to delete your user profile, please contact us at post@brevio.com and we will deactivate and delete your history and user profile.

9. What rights does the data subject have and which country's legislation applies?

Brevio AS has entered into an agreement with the following data processors:

  • Amazon Web Services (infrastructure)
  • Heroku (hosting)
  • Signicat (eID services)
  • Intercom (Chat/Support)

As a general rule, information is not transferred outside the EU / EEA area. Brevio AS will ensure that the EU directive on personal data in connection with data processing and country-specific laws on data protection is complied with.

10. How is the information protected?

Brevio AS has established rules and routines for the protection of personal data and privacy.

If we treat "non-personally identifiable information" combined with "personally identifiable information" (for example, your name combined with geographical location), the entire information will be treated as personally identifiable information. If we collect or disseminate sensitive personal information, we use reputable methods to protect the information.

If we disclose your personal information to a third party, we will ensure that there are arrangements and agreements that secure the information and prevent the third party from using the personal information for purposes other than those agreed.

We will use all reasonable precautions to ensure that our employees have adequate information to ensure that they only process this information in accordance with this statement and our obligations under privacy laws.

11. Information security in general

Brevio AS aims for Brevio.com to be among the safest web services in the Nordics, and uses recognized standards and best practices in its work with security. Brevio.com regularly conducts risk assessments and security tests of the solution, and will consult with the Norwegian Data Protection Authority in connection with any changes to the solution that may affect privacy.

Brevio AS has implemented the following security measures in Brevio.com (not exhaustive):

  • Authentication and signing solution at security level 4.
  • All information exchange takes place with strong encryption (SSL).
  • All actions performed by operating personnel are logged in separate event registers.
  • All documents are stored encrypted, with strong encryption keys
  • All users are identified according to strict guidelines.
  • Brevio.com's servers are located in one of Europe's most secure data centers, with a provider with extensive experience in handling business-critical and sensitive information.
  • All your documents are backed up, and all documents are stored in two different locations at all times so that you are protected from fire, destruction of servers, etc.
  • Brevio AS employees or employees of subcontractors do not have access to your documents. Only a few operators have access to Brevio.com's systems, but since all documents are stored encrypted, they also do not have access to your data.

12. Contact information

For access, correction or deletion of personal information - contact us by e-mail: post@brevio.com.

13. Consent and choice of law

This Privacy Statement applies to all users of our website. We require that users agree to abide by the statement (and agreement terms) as part of the user's relationship with Brevio.com and Brevio AS.

By using our website, you accept that your personal information can be processed in accordance with this Privacy Statement.

Brevio AS is subject to Norwegian law. You agree that any disputes shall be dealt with by a court in Oslo in accordance with the laws of Norway, unless otherwise provided by preceptory local law.