Privacy and cookie policy

1. Introduction
We at Kör AS and affiliated companies in the same group ("Kör") process your personal information in different contexts, for example when you use our software (including mobile application and website), order or book a driving lesson or use services we provide and in some other contexts. In our privacy statement you will find more information about our processing of personal data. Below you will also find contact information if you have any questions or require access. We process your personal data in accordance with the Norwegian Personal Data Protection Act, including GDPR.

2. Your agreement with Kör
This privacy policy is part of the Agreement between you as a Kör user and Kör. This policy describes the processing of personal data in all our services. It is therefore important that you read the content before you start using any of the services.

3. The purpose of processing your personal data
Kör processes your personal information in accordance with the Personal Data Act, Accounting Act, Traffic Training Regulations and other relevant regulations.

The purpose of our processing of personal data in your use of Kör is primarily to fulfill the obligations Kör has undertaken for the implementation of the Agreement, including conducting the traffic training.

In Kör, personal data is also processed for the following purposes:
  • Customer communication and marketing
  • Further development and improvement of Kör
  • Kör will also process personal data to the extent required by law or gives access to it or when you have consented to such processing.
4. Permissions and access in Kör
When you choose to use certain features in Kör, we can request different permissions to your mobile phone for these features to work.

These features and permissions are:

  • Location - so you can track your own practice driving and book driving lessons. We ask for your consent to access on-site services when registering your own practice driving and booking a driving lesson or driving lesson. The app will then collect location data when you use the practice driving feature, also when the app is closed during your drive. You will see your route in the map after you have finished driving. You can turn off access to Kör's location services in your phone's settings, but please note that private practice driving or driving lesson booking will not work.
  • Photos and camera - so you can capture and upload your profile picture. We do not save your photos, except for the photos you may choose to upload, such as the profile picture you upload in Kör.
  • Background update - conducted when you receive push notifications from Kör.
  • Mobile data - to allow you to use Kör when you are not connected to a wireless network.
  • Notifications - allowing Kör to send messages to your mobile phone. You choose whether you want to give us access to send notifications to you and you can even turn the function on and off in the app at any time.
  • Phone status and ID - so mobile identifier can be stored.
  • Change / delete content in SD card (Android) - to allow you to upload profile picture.
5. What information do we store
Kör stores information that you enter into Kör yourself when you register and creates a Kör profile, which is generated when you use the service or that is obtained from public records. Kör stores the following data and processes personal information for the following purposes and based on the following legal bases:

  • When you register as a Kör user, you enter a variety of personal information such as name, phone number, address and email address (visible in the Kör app, but not stored on your mobile phone). The purpose is to identify you and manage the customer relationship. Your address, email address and any other contact information is also used for marketing purposes (see paragraph 9).
  • In order to act in accordance with the law and to be able to identify you safely we may need your birth number (not stored on your mobile phone).
  • In order to complete the payment transaction and fulfill our obligations under the Agreement, we process your account information and card data related to your money source (not stored on your mobile phone, but account number and masked card number are visible in the Kör app). This information will also be stored with our third party payment and redemption provider.
  • For security purposes, we can detect which mobile device you are using and the device's operating system. In addition, we can register your mobile identifier that is created when you create a Kör profile to identify your mobile phone as a security measure (not stored on your mobile phone).
  • We also process the content of messages you and the recipient, both private and corporate, send to each other in connection with the transaction. We are required to do this in the Money Laundering Act.
  • Transaction history and generated screens. We are required to do this in the Money Laundering and Accounting Act.
6. Collection of personal data from public records
Kör may collect information about you from public registers for quality assurance or if this is necessary to fulfill our obligations to you under the Agreement or obligations provided for by law.

7. Disclosure of personal data
Information that may be attached to you as a person will not be disclosed to others unless it is provided for in the Agreement, is authorized by law or you have specifically agreed to it. For example, under the Agreement, Kör sends some information about you to third-party providers of your driving lessons and mandatory traffic training.

In our efforts to further develop and improve Kör, we will occasionally collaborate with others. This may require that we provide information about you. If possible, we will do this without the affiliate knowing your identity, and we will ensure that the information is not used by the affiliate beyond our collaboration with us.

8. Use of data processors
There are several subcontractors who process personal data on our behalf (data processors). The transfer of personal data to such data processors takes place in accordance with data processing agreements which ensure that the processing is carried out in accordance with the regulations, including preventing the data processor from using the data for other purposes. The transfer of personal data to Kör's data processors is not considered disclosure.

In some cases, Kör transfers personal information to organizations in countries outside the EEA, for example to IT service providers or other data processors. Such transfers can only be made if the controller or data processor has provided the necessary guarantees and provided the individuals are guaranteed enforceable and effective rights.

Thus, a valid basis for such transfer under the GDPR is required, and some of the following conditions must be met:

  • The European Commission has decided that there is an adequate level of protection in the country concerned.
  • Other appropriate security measures have been taken, and / or a data processor has provided the necessary guarantees that the personal data will be processed securely, for example, using standard contracts (EU standard clauses) approved by the European Commission, or the data processor has a valid binding Group Rules (BCR).
  • These are exceptions in special cases, for example to fulfill an agreement with you or cases where you consent to the particular transfer.
9. Customer communication and marketing
Kör will inform you about its own products and services in the categories of traffic training and car maintenance. We will also provide you with information on other products beyond the categories of traffic training and car maintenance using electronic marketing, if you consent to this. This means that we can send you useful information and offers for products and services by means of electronic communication in the Kör app, your mobile number or your specified e-mail address. Consent under this provision includes the electronic marketing of all types of products and services, and not only products that you have previously consented to. You may withdraw your consent at any time by contacting us.

10. Your rights
You have the right to demand access, correction of incorrect personal data or deletion of personal data we process about you. You also have the right to demand limitation in the processing and may, under certain conditions, object to further processing of personal data or require your personal data to be transferred to yourself or another data controller (data portability).

You can withdraw your consent at any time. You do this under "Settings" in the app. Withdrawal of consent does not affect the lawfulness of a consent-based treatment prior to withdrawal of consent.

If you want to exercise your rights, you can either make changes yourself in the app (for example, changing your data stored in Kör, deleting your profile) or by filling out our contact form at https://en.koer.no/contact-us or at hei@koer.no. We will respond to your inquiry as soon as possible and within 30 days.

11. Storage of personal data
Personal data will not be stored any longer than is necessary to fulfill the purpose of the processing. Thereafter, the information will be deleted or anonymized, unless the information must or can be stored beyond this as a result of law. This also applies if you delete your Kör profile. Information about your transactions will be stored by Kör as long as required by law.

Personal data that we process on the basis of your consent will be deleted if you withdraw the consent, unless there is another legal basis for further processing.

12. Securing personal data
Personal information that Kör collects, stores and processes in a safe and secure manner. We have established and documented procedures and measures to ensure the integrity, accessibility and confidentiality of the information in accordance with Article 32 of the GDPR.

13. Complaints
If you believe that our processing of personal data is in violation of the Privacy Act, you can contact our personal representative at hei@koer.no or complain to the Data Inspectorate.

You can find contact information for the Data Inspectorate at datatilsynet.no.

14. Changes and amendments
We may change this privacy policy to comply with legal requirements, as well as our own practices for the collection and processing of personal data. In case of major changes, you will have to re-approve the terms.

15. Data controller
Kör AS is responsible for processing the personal data contained in this Privacy Policy. If you have any questions about Kör's privacy policy, please contact us at koer.no or email: hei@koer.no.


Cookies
We use cookies to improve the user experience of our website. A cookie is a small text-based data file placed on your equipment (your smartphone, computer or tablet, for example). The cookie helps to recognize the type of content and pages visited on our site. Information stored using a cookie can be how you use the website, what type of browser you use and what web pages you have visited. A permanent cookie is left on your equipment for a specified period of time. A session cookie is stored randomly in the memory of your equipment while you are on our website. The session cookie disappears when you close your browser. We use both permanent cookies and session cookies. Kör may also use a third-party cookie.

If you do not want our website to place cookies on your equipment, you can disable cookies in your browser. If you disable cookies, the functionality of our website will be reduced.