PortalOne is the controller of personal data that is processed when visiting the PortalOne website www.portalone.com (the “Website”), using the mobile application called “PortalOne Arcade” (the “App”) and other services, features, content or applications offered by PortalOne (all together referred to as the “Services”).
At PortalOne we take your privacy seriously. We have routines, security measures and risk assessments in place to ensure that your personal data is processed in a secure and proper manner and according to applicable privacy regulation, including the EU General Data Protection Regulation (hereafter “GDPR”).
In this statement we explain how we process personal data, why we process it, on which legal basis and what your rights are as the data subject under GDPR.
If you have questions about our processing or would like to exercise your rights as a data subject, please contact us via e-mail at firstname.lastname@example.org.
Who we are
Which personal data will be collected from you and why
Processing by/disclosure to third parties
How long we store your data
Your rights as the data subject
Security measures when processing your personal data
2. About PortalOne – Based in the US and Norway
PortalOne is the world’s first hybrid games platform.
PortalOne consists of two companies:
- PortalOne AS, a company registered in Norway with business registration number (org.nr.) 921 472 471 and registered address at Tordenskiolds gate 2, 0160 Oslo, Norway.
- PortalOne, Inc., a US based company with registered business address at 470 Ramona St. Palo Alto, CA, 94301- 1707, United States
PortalOne AS is 100 % owned by PortalOne, Inc. (collectively referred to as “PortalOne”, “we”, “us” or “our”).
PortalOne AS is the controller for the following processing activities:
- When you visit the website www.portalone.com
- When you use the mobile application PortalOne Arcade
- When you contact us via the “Contact” page form
- When you use the"Guest Portal" page to apply to be a Guest, or nominate a Guest
- When you sign up to be on the waiting list to join PortalOne Arcade
PortalOne, Inc. is the controller for the following processing activities:
- If you participate/are cast to be a Guest at one of our shows in the US
- Any other activities outside the countries in EU/EEA except to the extent that there are specific processing activities of personal data that PortalOne AS with subcontractors are stated as responsible for
You will find more information about the processing of personal data in these different circumstances below.
Other processing of personal data not covered in the lists above (such as regarding PortalOne employees) is described in separate privacy policies made available through other means.
3. Which personal data we collect, and why we collect it
3.1 In General
We collect and process different types of personal data in different ways and for different purposes. As an example, we must process certain information about you in order to provide the Services.
The personal data we process is collected directly from you or based on your use of the Services. The types of personal data we process depends on which Services you use and how you use them.
We process personal data in accordance with the obligations that are relevant for our processing, such as the Norwegian Personal Data Act and the GDPR. We primarily process personal data to be able to provide the relevant Services to you (i.e. to fulfil obligations we have under agreements we have entered with you – such as the User Agreement for the App), to adhere to legal obligations that we are subject to, and/or based on a consent from you (such as if you have consented to receiving e-mail updates/newsletters or use of non-essential cookies).
Situations may occur in which PortalOne will process personal data because PortalOne has a legitimate interest to do so, such as in certain show productions, or in connection with ongoing litigation where evidence must be provided despite containing personal data.
Below you may find more details on i) which instances we collect personal data, ii) the personal data we collect, iii) why we collect this, and iv) how we collect it.
3.2 Users of the App
Users of the PortalOne Arcade App may find information on our processing connected to the App in the User Agreement.
3.3 Website visitors
3.3.1 Personal data that may be processed
There are three ways in which we process personal data when you visit the Website:
If you consent to the use of non-strictly necessary cookies
If you submit a request via the Contact page form or Guest Portal forms
- If you sign up to be on the waiting list
If you submit a request via the Contact page form or sign up to be on a waiting list, we will process personal data such as your name and e-mail address.
3.3.2 Legal basis
The legal basis for the processing connected to your use of the Website is your consent and our legitimate interest to process this information based upon your actions.
If you submit a request via the Contact form page or sign up to be on a waiting list, PortalOne must process these data in order to support you with the request.
3.3.3 Data processors
3.3.4 Guests participating in a show
3.4.1 Personal data that may be processed
In short, PortalOne will process additional personal data about you through video and photo/sound recording and throughout the production process.
The purpose of processing the personal data about you as a Guest is for PortalOne to be able to produce, advertise and distribute the App/Services.
3.4.2 Legal basis
For Guests, PortalOne’s legal basis for processing will be the agreement between you and us. For processing activities outside of what follows from contract and legal obligations and where there is no other legal basis, consent may be collected.
3.4.3 Data processors
If you are applying to one of our available positions, PortalOne will process your personal data for recruitment purposes. All recruitment goes through an external website, not via portalone.com.
3.6 Regarding special categories of personal data / sensitive personal data
The provision of the Services generally does not require the processing of special categories of personal data (also known as sensitive personal data). Therefore, we ask that you do not share such data about yourself or others through the Services. Such data would for instance be religious beliefs, political opinions, physical or mental health, labor union membership, criminal convictions or offences, ethnic background, sexual history or sexual orientation. If you make such personal data available in the App/Services, we reserve the right to delete such data without further notice.
4. Processing by others & Disclosure of Data to Third Parties
We only share personal data with our partners and others based on an agreement, when there is a legal obligation, based on legitimate interests, or with your consent. Subcontractors will only process personal data on behalf of PortalOne based on a data processing agreement.
5. Storage and Personal Data Deletion
PortalOne will only store personal data as long as there is legal basis to do so. We have internal routines to ensure secure deletion of personal data. These routines ensure that your personal data is only stored as long as PortalOne can justify such storage in accordance with relevant legislation. Unless there is a different requirement under the legal basis or legal obligations that PortalOne must fulfil, your personal data is deleted once it is no longer necessary to store for the purpose it was collected for.
We will also delete your personal data if you ask us to do so, unless we have legal obligation or other legal basis to store the personal data for longer.
6. Your Rights
You have several rights as the data subject to your personal data according to GDPR, which we comply with as a data controller:
Access: You can at any time request access to the personal data we process about you. You may also request information about how we collect personal data at any time.
Rectification: You have a right to request that we rectify any incorrect personal data relating to you that we have collected.
Deletion: You have the right to request that we erase the personal data we have collected about you, provided that the personal data are no longer necessary for our processing, our processing is unlawful, you withdraw your consent or you rightfully object to our processing. Under these conditions, we will delete your personal data without undue delay, unless we are required by applicable laws to keep storing your personal data.
Objection: If certain conditions are met, you may request a restriction of the processing of your personal data or object to the processing of your personal data. This may affect functionalities in and availability of the Services.
Withdrawal of consent: To the extent our processing of your personal data relies on your consent, you may withdraw said consent at any time, by contacting us using the email stated in section 1. Introduction. The withdrawal of consent does not affect the legality of our processing of your personal data based on the consent before it was withdrawn.
Data portability: You can request that we transfer your personal data to you, if certain conditions for data portability is met.
To exercise your rights, we ask you to send us an email to email@example.com.
If you believe that our processing is not in accordance with the GDPR, you have the right to file a complaint with the Norwegian Data Protection Authority or other relevant Data Protection Authority (if you are a resident in another country in the EU or EEA). You can find more information about how you can get in touch with the Norwegian Data Protection Authority on its website www.datatilsynet.no.
We hope that you reach out to us first if you have a complaint, so we may answer your questions.
We have implemented appropriate technical and organizational security measures to ensure that our processing of data is secure, whether it is your personal data or other data.
Our organizational measures consist of established internal control systems and routines that all personnel that are authorized to process data on our behalf must abide by. We have also entered into data processor agreements in accordance with the GDPR with all our subcontractors, which process personal data on our behalf. We furthermore require that these subcontractors implement appropriate technical and organizational security measures.
Our technical security measures help ensure that data are kept secure. We have also implemented measures to ensure the ongoing confidentiality, integrity, availability and resistance of our processing systems. These systems and services are regularly tested and assessed to evaluate the effectiveness of our implemented measures.
We use the tool CookiePro for cookies on the Website. You may provide your consent to different purposes of cookies at any time by using CookiePro on the WebSite. Strictly necessary cookies are deemed accepted each time you visit the WebSite.
It is possible to switch off cookies by adjusting your browser settings. Turning cookies off may result in a loss of functionality when using our website.
You may also withdraw your consent at any time, by disabling the unwanted cookies in the CookiePro tool.
9. Contact Us