Privacy Policy

For Nordic Semiconductor customers and other external parties

Version 5, last updated 3 July 2020

We at Nordic Semiconductor ASA (including our subsidiaries) are committed to the protection of your personal data. Below you will find information regarding the types of personal data we collect, the reasons and purposes of processing your personal data, as well as your rights.

Nordic Semiconductor has the role of ‘controller’ for the processing of personal data under the covered services (see sec. 1).
Nordic Semiconductor will be ‘joint controller’ with advertisers like Facebook, LinkedIn and Google if you consent to us sharing your personal data with an advertising platform for targeted marketing (see sec. 5).

Contact information for Nordic Semiconductor is:

Mail address: privacy@nordicsemi.com
Postal address: Otto Nielsens veg 12, 7052 Trondheim, Norway
Telephone: +47 72 89 89 00
Organization number: 966 011 726

For queries regarding the processing of your personal data, please contact privacy@nordicsemi.no.

1. Which sites and services are covered?

This privacy policy applies to the following web pages:

  • https://www.nordicsemi.com/
  • https://devzone.nordicsemi.com/   
  • https://infocenter.nordicsemi.com
  • https://nrfcloud.com

2. How we collect personal data

The data we collect about you depends on which of our webpages you use, as well as the information provided to us upon your purchases, registrations and in other contexts.

We collect the data provided by you when you register for our services, subscribe to our news feeds and blogs, complete forms or contact us directly. Information is automatically collected when you use our digital channels, such as our web pages.

3. Categories of data processed by us

We may process personal information of the following categories:

  • Basic information, such as name, employer, title and contact information that you have submitted to us.
  • Information about your customer relationship with us and any contact with our support services.
  • Information generated by the use of our webpages, such as page visits and downloaded files. You can read more about this in our marketing and cookie policy.
  • Potentially other information processed based on your consent. In such cases, you will receive specific descriptions of what information is processed and what it is used for.

Our web pages and digital channels are not meant for nor targeting children under 13 years of age. We do not deliberately process information about minors.
If we, to your knowledge are processing information about children under 13 years of age, you may contact us, and we will delete the information from our systems.

4. The purpose and basis of processing your personal data

We process personal data through our webpages, Customer Relations Management system (CRM), Enterprise Resource Planning system (ERP) and other digital systems.

This is done for the following purposes:

  • Providing services: We process personal information to provide and deliver services to you. For example, we process your information in relation to identification of customers, invoicing and payments, customer service, technical support and customer complaint handling. Such processing is neccesarry to fulfil our agreements with you, and/or to provide services at your request.
  • Development and analysis: We process personal data to improve our services and digital channels. Such processing is based on legitimate interest.
  • Sales and marketing: We use both anonymized and personal data for marketing purposes. These activities include direct marketing, such as:
    • defining target groups; based on consent (if required)
    • adapting and targeting the marketing; based on consent (if required)
    • distribution of newsletters and other forms of direct marketing; based on consent or another applicable legal basis; and
    • marketing analysis and customer satisfaction surveys; based on consent and/or legitimate interest.
  • Information security: We may process personal information to ensure the security of our systems, and to detect and prevent certain types of misuse of our services. Such processing is based on a legitimate interest.
  • Legal compliance: We process personal information to meet legislative requirements, for example in relation to accounting and providing information to authorities when required by law. Such processing is based on compliance with our legal obligations.
  • Collection and disputes: If our agreement terminates, or if other bases for processing of your personal data therefore lapses and/or if a dispute has arisen between us, the following applies: We do not need to delete your data if we may need it to process it for the purpose of collection of any outstanding amount and/or for the purpose of dispute handling (see GDPR art. 17 (3) e).
  • Other purposes to which you have given consent: We may process your personal information for any other purpose to which you have given us your consent.

5. Marketing and use of cookies

We use "cookies" and similar technologies on our digital webpages.
See how in our marketing and cookie policy.

6. Protecting your information

We prioritize highly the protection of your personal data, and continuously work to safeguard it and other confidential information. Our security measures include physical, technical, and organizational measures, use of protective software, IT infrastructure, internal and external networks and technical facilities, as well as internal policies and access control.

Our security work is based on regular risk assessments and internal controls to ensure that sufficient security measures are imposed to prevent the unauthorized access of personal data. Nordic Semiconductor is certified to the standard ISO27001 Information Security Management System.

7. Disclosure of personal data to others

We may disclose personal information to:

  • Data processors: Data processors are used to collect, store and in other ways process data on our behalf. In such cases, we have entered into Data Processing Agreements to ensure the security of your information in all phases of the data processing, especially for the data processing that takes place outside the EU/EEA area.

Recipent data
Country
Legal basis
Amazon Web Services, Inc. (USA) ("AWS")
USA
EU US Privacy Shield
Microsoft Inc. (Azure)
EU/EEA
GDPR art. 44 (inside EEA)
iBasis Global inc.
USA
Consent

  • Other parties: Based on your consent.
We may also transfer information in the following situations:
  • In statutory cases, for instance by orders of courts of law or public authorities, according to predefined procedures.
  • In case of transfer of business, for example as part of a merger, acquisition, sale of our assets or transfer of our services to another company. In this case, you will be notified by email or through our webpages about changes in ownership, use of your personal information, and the choices you may have regarding your personal information.

8. Storage period

8.1 General

We only store your personal data for as long as necessary and for the purpose the data was collected, unless a legal requirement demands a longer storage period, or if you have given us your consent to extended storage. See in particular our marketing and cookie policy and below in this section.

Your personal information will be processed for as long as you have an active relationship with us or our digital channels, or until you request us to delete the information in our systems. We consider a relationship with us as:

  1. being a customer or customer contact of Nordic Semiconductor;
  2. being registered as a user in Developer Zone, nRFCloud or any other of our web services;
  3. having given consent to receive marketing material or other notifications from us;
  4. having actively asked to be contacted by us via social media, electronic messages, electronic forms or on exhibitions, seminars, etc.;
  5. having requested to follow us on Facebook or another advertising platform, or
  6. been active in our digital channels after giving your consent.

The relationship to us is defined as ‘active’ as long as:
  • activity has been recorded in our digital channels within the last 24 months,
  • your contact information or user profile is needed to maintain the relationship to you or your company, or
  • you have not explicitly withdrawn your consent.
Storage of anonymized information is not subject to such limitations or demands, as anonymized information is not considered personal data. We work to ensure that personal information and other customer information is at all times updated and correct, and that we do not store information that is unrelated to the stated purposes for processing of personal information.

8.2 nRFCloud.com

Name
Purpose
Optional?
Storage time
Recipient of data
Logging account
(Email address)
Access and security
No
Nordic Semiconductor deletes as soon as account is deleted.
AWS keeps backup for two weeks before deletion.
Nordic Semiconductor
AWS
Customer data
(Use of cloud service)
To provide the customer's service, as set by customer
Yes
As decided by customer.
Nordic Semiconductor
AWS
Others as decided by customer


8.3 devzone.nordicsemi.com

Name
Purpose
Optional?
Storage time
Recipient of data
Logging account
(Email address)
Access and security
No
Nordic Semiconductor deletes as soon as account is deleted.
Microsoft Azure cloud service maintains 7 days backup retention policy.
Nordic Semiconductor
Microsoft Inc.
Customer data
(Use of repository etc.)
Store software code
Yes
As decided by customer.
Microsoft Azure cloud service maintains 7 days backup retention policy.
Nordic Semiconductor
Microsoft Inc.
Others as decided by customer

9. Your rights when we process your data

You have the right to access, correction, and in some cases deletion of your personal data processed by us. You may also have the right to restrict or object to the processing, as well as the right to data portability. You can read more about the extent of your rights on the web pages of the Norwegian Data Protection Authority: www.datatilsynet.no, or on the webpages of other EEA/EU data protection authorities.

If our processing is based on your consent, you can always withdraw your consent to our processing of your personal data.
To assert your rights, please send us a request to privacy@nordicsemi.no. We will answer your request as soon as possible, and in all cases no later than in 30 days.

10. For California residents

California Consumer Privacy Act (CCPA)

If you are a resident of California USA, the California Consumer Privacy Act will protect you. 
This is how:

a)    Information.
Please see section 2, 3, 4 and 5 above for information on categories of information collected and its sources, purposes of the processing, categories of third parties with whom we share personal information and what information we collect.

b)    Sale.
If you sign up for an account with nRF Cloud you may be offered a subscription to a global eSIM mobile data provider with a time limited roaming service, free of charge. The subscription enables the radio chips that you buy from us to connect to cellular networks in most countries. As you intentionally disclose your information in order to receive the roaming service and the roaming provider does not sell your information, the transfer is not deemed a sale of personal information under the CCPA.

c)    Non-discrimination.
We do not offer different prices  depending on the amount of data that you provide us with.

d)    Contact options.
You as a California resident may contact us by:
   1. email to privacy@nordicsemi.com and
   2. toll free phone number: +1 (971) 220-1171

11. Complaints

If you are of the opinion that our processing of your personal data  breaches the terms of this policy, or in other ways  breaches the General Data Protection Regulation (GDPR), you can file a complaint to us by emailing us at privacy@nordicsemi.no, or directly to the Norwegian Data Protection Authority (Datatilsynet). However, please contact us first so that we can address your objections and resolve any misunderstandings.

You can find information about how to contact the Norwegian Data Protection Authority on their web site: https://www.datatilsynet.no.


12. Changes

As our business and tools evolve, we may need to update this policy.

In case of major changes, we may try to contact you directly through available channels, such as e-mail or other digital notifications.


Privacy pages

for www.Nordicsemi.com

Privacy information

Nordic Semiconductor cares about your privacy

Read more

Privacy policy

Information regarding the types of personal data we collect, the reasons and purposes of processing your personal data, as well as your rights.

Read more

Marketing and cookie use policy

Information about our use of cookies, tracking and related marketing

Read more