Privacy policy

For Nordic Semiconductor customers and other external parties

Version 2, last updated 22 November 2019

We at Nordic Semiconductor ASA (including our subsidiaries) are committed to the protection of your personal data. Below you will find information regarding the types of personal data we collect, the reasons and purposes of processing your personal data, as well as your rights.

Nordic Semiconductor has the role of ‘controller’ for the processing of personal data under the covered services (see sec. 1).
Nordic Semiconductor will be ‘joint controller’ with advertisers like Facebook and Google if you consent to us sharing your personal data with an advertising platform for targeted marketing (see sec. 5).

Contact information for Nordic Semiconductor is:

Mail address: privacy@nordicsemi.com
Postal address: Otto Nielsens veg 12, 7052 Trondheim, Norway
Telephone: +47 72 89 89 00
Organization number: 966 011 726

For queries regarding the processing of your personal data, please contact privacy@nordicsemi.no.

1. Which sites and services are covered?

This privacy policy applies to the following web pages:

  • https://www.nordicsemi.com/
  • https://nrfcloud.com
  • https://devzone.nordicsemi.com/   

2. How we collect personal data

The data we collect about you depends on which of our webpages you use, as well as the information provided to us upon your purchases, registrations and in other contexts.

We collect the data provided by you when you register for our services, subscribe to our newsfeeds and blogs, complete forms or contact us directly. Information is automatically collected when you use our digital channels, such as our web page and Developer Zone.

3. Categories of data processed by us

We may process personal information of the following categories:

  • Basic information, such as name, employer, title and contact information that you have submitted to us.
  • Information about your customer relationship with us and any contact with our support services.
  • Information generated by the use of our webpages, such as page visits and downloaded files. You can read more about this in sec. 5 below.
  • Potentially other information processed based on your consent. In such cases, you will receive specific descriptions of what information is processed and what it is used for.

Our web pages and digital channels are not meant for nor targeting children under 13 years of age. We do not deliberately process information about minors.

If we, to your knowledge are processing information about children under 13 years of age, you may contact us, and we will delete the information from our systems.

4. The purpose and basis of processing your personal data

We process personal data through our webpages, Customer Relations Management system (CRM), Enterprise Resource Planning system (ERP) and other digital systems.

This is done for the following purposes:

  • Providing services: We process personal information to provide and deliver services to you. For example, we process your information in relation to identification of customers, invoicing and payments, customer service, technical support and customer complaint handling. Such processing is neccesarry to fulfil our agreements with you, and/or to provide services at your request.
  • Development and analysis: We process personal data to improve our services and digital channels. Such processing is based on legitimate interest.
  • Sales and marketing: We use both anonymized and personal data for marketing purposes. These activities include direct marketing, such as:
    • defining target groups; based on consent (if required)
    • adapting and targeting the marketing; based on consent (if required)
    • distribution of newsletters and other forms of direct marketing; based on consent or another applicable legal basis; and
    • marketing analysis and customer satisfaction surveys; based on consent and/or legitimate interest.
  • Information security: We may process personal information to ensure the security of our systems, and to detect and prevent certain types of misuse of our services. Such processing is based on a legitimate interest.
  • Legal compliance: We process personal information to meet legislative requirements, for example in relation to accounting and providing information to authorities when required by law. Such processing is based on compliance with our legal obligations.
  • Collection and disputes: If our agreement terminates, or if other bases for processing of your personal data therefore lapses and/or if a dispute has arisen between us, the following applies: We do not need to delete your data if we may need it to process it for the purpose of collection of any outstanding amount and/or for the purpose of dispute handling (see GDPR art. 17 (3) e).
  • Other purposes to which you have given consent: We may process your personal information for any other purpose to which you have given us your consent.

5. Marketing and use of cookies

We use "cookies" and similar technologies on our digital webpages. Cookies help us determine which parts of our digital webpages are most popular, including which webpages our users visit and how much time they spend on them. This information is used for the development and analysis of our services, as well as for targeted advertisements.

Purposes of these technologies include:

  • Performance - anonymous analytics that show us the overall usage patterns of the site. Such technologies can also help us understand difficulties you may have using the site.
  • Functionality - allows us to remember your choices on our website, like what material you like and which newsletters you have subscribed to.
  • Targeting advertising - remember what you have looked at on our webpages, and sometimes share this info with third-party advertisers like Facebook and Google.

Information about your browsing device, software and your visit may automatically be collected by us. This information can include your IP address, browser type, domain name, internet provider, operating system, timestamp and the referring web page.

5.2    Tracking pixels
Some of our websites use tracking pixels (also called clear gifs, web beacons, web bugs), to help improve our digital communication by letting us know the content the user is viewing. Please see the table below to learn whether the service you use employ tracking pixels.

Tracking pixels are not stored on your computer but are invisibly incorporated into our webpages. They enable us to measure the effect of our marketing efforts.

We may only use third parties for targeted internet marketing if you give your consent. These third parties use cookies and tracking pixels to gather information about your activities on our and others’ websites, such as to offer you targeted advertising based on your interests. Please note that targeted advertising is considered profiling, granting you the right to object. If you no longer wish to receive such targeted advertisement, you can opt-out through this web site: http://www.youronlinechoices.eu/. Keep in mind that this will not block all types of advertising - you will still be exposed to generic advertising.

If you visit our social media pages or profiles process your personal information through the use of cookies. More information about this processing and how the pages and profiles are using cookies can be found in the respective social media’s pages about privacy and use of cookies. In some cases we may use the information gathered via social media for targeted advertising.

For information about how to disable cookies on commonly used browsers, please refer to http://www.allaboutcookies.org/manage-cookies/index.html. To opt out of 3rd-party advertising or targeting, please visit: http://www.aboutads.info/choices.

5.3    Trackers and cookies

5.3.1    www.nordicsemi.com

Name
Purpose
Optional?
Storage time
Recipient of data
Google AdWords
Advertisement
Yes
Server logs are anonymized after 9 months and cookie information after 18 months
Please see Google's cookie policy.
Amazon Web Services
Cloud service
Necessary
Please AWS' overview of third-party cookies.
Please AWS' overview of third-party cookies.
Facebook
Social
Yes
If you have previously received a cookie from Facebook because you either have an account or have visited facebook.com, your browser sends us information about this cookie when you visit a site with the “Like” button or another social plugin. Facebook delete or anonymize this information within 90 days.
 Facebook share information globally, both internally within the Facebook Companies, externally with Facebook’s partners and with those you connect and share with around the world in accordance with Facebook’s privacy policy.
Google Analytics *
Analytics
Yes
Up to 2 years.
Please Google Analytics cookie overview.
Please Google Analytics cookie overview.
 Google Tag Manager
Tracker management
Yes
Please Google cookie policy.
Please Google cookie policy.
Hubspot
Marketing
Yes
Please Hubspot's cookie policy.
Please see Hubspot's overview of cookies.
 YouTube Content
Yes
Please see Google's cookie policy.
Please see Google's cookie policy.

* Our Google Analytics data is anonymized. No personal email address or username need be collected. IP addresses are generalized to prevent indirect identification of persons. No personal data is therefore stored.

5.3.2    devzone.nordicsemi.com

Name
Purpose
Optional?
Storage time
Recipient of data
Google AdWords  
Advertisement
Yes
Server logs are anonymized after 9 months and cookie information after 18 months
Please see Google's cookie policy.
Google Analytics *
Analytics
Yes
Up to 2 years.
Please see Google Analytics cookie overview.
Please see Google Analytics cookie overview.
Google Tag Manager
Tracker management
Yes
Please see Google's cookie policy.
Please see Google's cookie policy.
Hubspot
Marketing
Yes
Please see Hubspot's cookie policy.
Please see Hubspot's overview of cookies.

* Our Google Analytics data is anonymized. No personal email address or username need be collected. IP addresses are generalized to prevent indirect identification of persons. No personal data is therefore stored.

5.3.3    nRFCloud.com

Name
Purpose
Optional?
Storage time
Recipient of data
Google Analytics *
Analytics
Yes
Up to 2 years.
Please see Google Analytics cookie overview.
Please see Google Analytics cookie overview.
Amazon Web Services
Cloud service
Necessary
Please see AWS' overview of third party cookies.
Please see AWS' overview of third party cookies.

* Our Google Analytics data is anonymized. No personal email address or username need be collected. IP addresses are generalized to prevent indirect identification of persons. No personal data is therefore stored.

 

6. Protecting your information

We prioritize very highly the protection of your personal data, and continuously work to safeguard it and other confidential information. Our security measures include physical, technical, and organizational measures, use of protective software, IT infrastructure, internal and external networks and technical facilities, as well as internal policies and access control.

Our security work is based on regular risk assessments and internal controls to ensure that sufficient security measures are imposed to prevent the unauthorized access of personal data. Nordic Semiconductor is certified to the standard ISO27001 Information Security Management System from 2018.

7. Disclosure of personal data to others

We may disclose personal information to:

  • Data processors: Data processors are used to collect, store and in other ways process data on our behalf. In such cases, we have entered into Data Processing Agreements to ensure the security of your information in all phases of the data processing, especially for the data processing that takes place outside the EU/EEA area.

Recipent data
Country
Legal basis
Amazon Web Services, Inc. (USA)
USA
EU US Privacy Shield
Amazon Web Services EMEA SARL (Europe)
EU/EEA
GDPR art. 44 (inside EEA)
iBasis Inc.
USA
EU standard contractual clauses for the transfer of personal data

  • Other parties: Based on your consent.
We may also transfer information in the following situations:
  • In statutory cases, for instance by orders of courts of law or public authorities, according to predefined procedures.
  • In case of transfer of business, for example as part of a merger, acquisition, sale of our assets or transfer of our services to another company. In this case, you will be notified by email or through our webpages about changes in ownership, use of your personal information, and the choices you may have regarding your personal information.

8. Storage period

8.1 General

We only store your personal data for as long as necessary and for the purpose the data was collected, unless a legal requirement demands a longer storage period, or if you have given us your consent to extended storage. See in particular sec. 5.

Your personal information will be processed for as long as you have an active relationship with us or our digital channels, or until you request us to delete the information in our systems. We consider a relationship with us as:

  1. being a customer or customer contact of Nordic Semiconductor;
  2. being registered as a user in Developer Zone, nRFCloud or any other of our web services;
  3. having given consent to receive marketing material or other notifications from us;
  4. having actively asked to be contacted by us via social media, electronic messages, electronic forms or on exhibitions, seminars, etc.;
  5. having requested to follow us on Facebook or another advertising platform, or
  6. been active in our digital channels after giving your consent.

The relationship to us is defined as ‘active’ as long as:
  • activity has been recorded in our digital channels within the last 24 months,
  • your contact information or user profile is needed to maintain the relationship to you or your company, or
  • you have not explicitly withdrawn your consent.
Storage of anonymized information is not subject to such limitations or demands, as anonymized information is not considered personal data. We work to ensure that personal information and other customer information is at all times updated and correct, and that we do not store information that is unrelated to the stated purposes for processing of personal information.

8.2 nRFCloud.com

Name
Purpose
Optional?
Storage time
Recipient of data
Logging account
(Email address)
Access and security
No
Nordic Semiconductor deletes as soon as account is deleted.
AWS keeps backup for two weeks before deletion.
Nordic Semiconductor
AWS
Customer data
(Use of cloud service)
To provide the customer's service, as set by customer
Yes
As decided by customer.
Nordic Semiconductor
AWS
Others as decided by customer


8.3 devzone.nordicsemi.com

Name
Purpose
Optional?
Storage time
Recipient of data
Logging account
(Email address)
Access and security
No
Nordic Semiconductor deletes as soon as account is deleted.
AWS keeps backup for two weeks before deletion.
Nordic Semiconductor
AWS
Customer data
(Use of repository etc.)
Store software code
Yes
As decided by customer.
Nordic Semiconductor
AWS
Others as decided by customer

9. Your rights when we process your data

You have the right to access, correction, and in some cases deletion of your personal data processed by us. You may also have the right to restrict or object to the processing, as well as the right to data portability. You can read more about the extent of your rights on the web pages of the Norwegian Data Protection Authority: www.datatilsynet.no, or on the webpages of other EEA/EU data protection authorities.

If our processing is based on your consent, you can always withdraw your consent to our processing of your personal data.
To assert your rights, please send us a request to privacy@nordicsemi.no. We will answer your request as soon as possible, and in all cases no later than in 30 days.

10. Complaints

If you are of the opinion that our processing of your personal data  breaches the terms of this policy, or in other ways  breaches the General Data Protection Regulation (GDPR), you can file a complaint to us by emailing us at privacy@nordicsemi.no, or directly to the Norwegian Data Protection Authority (Datatilsynet). However, please contact us first so that we can address your objections and resolve any misunderstandings.

You can find information about how to contact the Norwegian Data Protection Authority on their web site: https://www.datatilsynet.no.


11. Changes

As our business and tools evolve, we may need to update this policy.

In case of major changes, we may try to contact you directly through available channels, such as e-mail or other digital notifications.