Privacy Statement

1. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our Service, and information from third-party sources. Note: We do not collect or store passwords as authentication is handled by third-party identity providers.

Information You Provide:

• Account information (name, email address, phone number) obtained from your identity provider
• Organization information (company name, address, contact details)
• Package and delivery information (recipient details, package descriptions)
• Payment information (processed securely by our payment providers)
• Communications you send to us (support requests, feedback)

Information We Collect Automatically:

• Device information (IP address, browser type, operating system)
• Usage information (features accessed, actions taken, timestamps)
• Location data (GPS coordinates of locker locations, delivery addresses)
• Log data (access times, pages viewed, errors encountered)
• Cookies and similar tracking technologies

2. How We Use Your Information

We use the information we collect for various purposes:

• To provide, maintain, and improve our Service
• To process and manage package deliveries and pickups
• To send you notifications about package status and deliveries
• To respond to your comments, questions, and customer service requests
• To send you technical notices, updates, security alerts, and administrative messages
• To monitor and analyze usage trends and preferences
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations and enforce our Terms of Service

3. Information Sharing and Disclosure

We may share your information in the following circumstances:

• With service providers who perform services on our behalf (cloud hosting, email delivery, payment processing)
• With other users within your organization as determined by your Tenant administrator
• With package recipients and senders as necessary to facilitate deliveries
• In response to legal process or government requests
• To protect the rights, property, and safety of VividTech AS, our users, and the public
• In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

4. Multi-Tenant Data Isolation

VividTech AS operates SmartSpace as a multi-tenant platform where each organization's data is logically isolated. Your data is only accessible to users within your organization who have been granted appropriate permissions. We implement technical and organizational measures to maintain data separation between tenants.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and security
• Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our Service, comply with legal obligations, resolve disputes, and enforce our agreements. When we no longer need your information, we will securely delete or anonymize it. Specific retention periods may vary based on:

• The type of information and purpose for which it was collected
• Legal and regulatory requirements
• Your Tenant administrator's data retention policies
• Operational needs and legitimate business interests

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your information to another service
• Objection: Object to our processing of your information
• Restriction: Request restriction of processing in certain circumstances
• Withdraw Consent: Withdraw consent where we rely on it for processing

To exercise these rights, please contact us using the information provided below. We may need to verify your identity before processing your request.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. Cookies are small data files stored on your device. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted).

Types of cookies we use:

• Essential cookies: Required for the Service to function properly
• Preference cookies: Remember your settings and preferences
• Analytics cookies: Help us understand how users interact with our Service
• Security cookies: Authenticate users and prevent fraud

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your information internationally, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Statement.

10. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

11. Third-Party Services

Our Service may contain links to third-party websites, services, or integrations. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access through our platform.

Key third-party integrations:

• Microsoft Entra ID (formerly Azure Active Directory) for authentication
• Cloud infrastructure providers for hosting
• Email and SMS service providers for notifications
• Payment processors for billing

12. Changes to This Privacy Statement

We may update this Privacy Statement from time to time. We will notify you of significant changes by posting the new Privacy Statement on this page and updating the "Last Updated" date. We may also send you a notification through the Service or via email. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Statement.

13. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

We process your information based on the following legal grounds:

• Contract: Processing is necessary to perform our contract with you
• Legitimate Interests: Processing is in our legitimate business interests
• Consent: You have given consent for specific purposes
• Legal Obligation: Processing is necessary to comply with the law

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your information properly.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Statement or our data practices, please contact us at: