Privacy Policy

This privacy policy applies to all digital platforms managed by Nordic Semiconductor. This includes, but is not limited to: 

• https://www.nordicsemi.com/
• https://devzone.nordicsemi.com/   
• https://infocenter.nordicsemi.com
• https://blog.nordicsemi.com/getconnected
• https://webinars.nordicsemi.com/
• https://nrfcloud.com
• https://academy.nordicsemi.com/
• https://docs.nordicsemi.com/

The data we collect about you depends on which of our webpages you use, as well as the information provided to us upon your purchases, registrations and in other contexts.

We collect the data provided by you when you register for our services, subscribe to our news feeds and blogs, complete forms or contact us directly. Information is automatically collected when you use our digital channels, such as our web pages.

We may process personal information of the following categories:

• Basic information, such as name, employer, title and contact information that you have submitted to us.
• Information about your customer relationship with us and any contact with our support services.
• Information generated by the use of our webpages, such as page visits and downloaded files. You can read more about this in our marketing and cookie policy.
• Potentially other information processed based on your consent. In such cases, you will receive specific descriptions of what information is processed and what it is used for.

Our web pages and digital channels are not meant for nor targeting children under 13 years of age. We do not deliberately process information about minors.
If we, to your knowledge are processing information about children under 13 years of age, you may contact us, and we will delete the information from our systems.

We process personal data through our webpages, Customer Relations Management system (CRM), Enterprise Resource Planning system (ERP) and other digital systems.

This is done for the following purposes:

• Providing services: We process personal information to provide and deliver services to you. For example, we process your information in relation to identification of customers, invoicing and payments, customer service, technical support and customer complaint handling. Such processing is neccesarry to fulfil our agreements with you, and/or to provide services at your request.
• Development and analysis: We process personal data to improve our services and digital channels. Such processing is based on legitimate interest.
• Sales and marketing: We use both anonymized and personal data for marketing purposes. These activities include direct marketing, such as:
  • defining target groups; based on consent (if required)
  • adapting and targeting the marketing; based on consent (if required)
  • distribution of newsletters and other forms of direct marketing; based on consent or another applicable legal basis; and
  • marketing analysis and customer satisfaction surveys; based on consent and/or legitimate interest.
• Information security: We may process personal information to ensure the security of our systems, and to detect and prevent certain types of misuse of our services. Such processing is based on a legitimate interest.
• Legal compliance: We process personal information to meet legislative requirements, for example in relation to accounting and providing information to authorities when required by law. Such processing is based on compliance with our legal obligations.
• Collection and disputes: If our agreement terminates, or if other bases for processing of your personal data therefore lapses and/or if a dispute has arisen between us, the following applies: We do not need to delete your data if we may need it to process it for the purpose of collection of any outstanding amount and/or for the purpose of dispute handling (see GDPR art. 17 (3) e).
• Other purposes to which you have given consent: We may process your personal information for any other purpose to which you have given us your consent.

We use "cookies" and similar technologies on our digital webpages.
See how in our marketing and cookie policy.

We prioritize highly the protection of your personal data, and continuously work to safeguard it and other confidential information. Our security measures include physical, technical, and organizational measures, use of protective software, IT infrastructure, internal and external networks and technical facilities, as well as internal policies and access control.

Our security work is based on regular risk assessments and internal controls to ensure that sufficient security measures are imposed to prevent the unauthorized access of personal data. Nordic Semiconductor is certified to the standard ISO27001 Information Security Management System.

We may disclose personal information to:

• Data processors: Data processors are used to collect, store and in other ways process data on our behalf. In such cases, we have entered into Data Processing Agreements to ensure the security of your information in all phases of the data processing.

We may also transfer information in the following situations:

• In statutory cases, for instance by orders of courts of law or public authorities, according to predefined procedures.
• In case of transfer of business, for example as part of a merger, acquisition, sale of our assets or transfer of our services to another company. In this case, you will be notified by email or through our webpages about changes in ownership, use of your personal information, and the choices you may have regarding your personal information.

8.1 General

We only store your personal data for as long as necessary and for the purpose the data was collected, unless a legal requirement demands a longer storage period, or if you have given us your consent to extended storage. See in particular our marketing and cookie policy and below in this section.

Your personal information will be processed for as long as you have an active relationship with us or our digital channels, or until you request us to delete the information in our systems. We consider a relationship with us as:

1. being a customer or customer contact of Nordic Semiconductor;
2. being registered as a user in Developer Zone, nRFCloud or any other of our web services;
3. having given consent to receive marketing material or other notifications from us;
4. having actively asked to be contacted by us via social media, electronic messages, electronic forms or on exhibitions, seminars, etc.;
5. having requested to follow us on Facebook or another advertising platform, or
6. been active in our digital channels after giving your consent.

The relationship to us is defined as ‘active’ as long as:

• activity has been recorded in our digital channels within the last 24 months,
• your contact information or user profile is needed to maintain the relationship to you or your company, or
• you have not explicitly withdrawn your consent.

Storage of anonymized information is not subject to such limitations or demands, as anonymized information is not considered personal data. We work to ensure that personal information and other customer information is at all times updated and correct, and that we do not store information that is unrelated to the stated purposes for processing of personal information.

8.2 nRFCloud.com

Name	Purpose	Optional?	Storage time	Recipient of data
Logging account (Email address)	Access and security	No	Nordic Semiconductor deletes as soon as account is deleted. AWS keeps backup for two weeks before deletion.	Nordic Semiconductor AWS
Customer data (Use of cloud service)	To provide the customer's service, as set by customer	Yes	As decided by customer.	Nordic Semiconductor AWS Others as decided by customer

8.3 devzone.nordicsemi.com

Name	Purpose	Optional?	Storage time	Recipient of data
Logging account (Email address)	Access and security	No	Nordic Semiconductor deletes as soon as account is deleted. Microsoft Azure cloud service maintains 7 days backup retention policy.	Nordic Semiconductor Microsoft Inc.
Customer data (Use of repository etc.)	Store software code	Yes	As decided by customer. Microsoft Azure cloud service maintains 7 days backup retention policy.	Nordic Semiconductor Microsoft Inc. Others as decided by customer

You have the right to access, correction, and in some cases deletion of your personal data processed by us. You may also have the right to restrict or object to the processing, as well as the right to data portability. You can read more about the extent of your rights on the web pages of the Norwegian Data Protection Authority: www.datatilsynet.no, or on the webpages of other EEA/EU data protection authorities.

If our processing is based on your consent, you can always withdraw your consent to our processing of your personal data.
To assert your rights, please send us a request to [email protected]. We will answer your request as soon as possible, and in all cases no later than in 30 days.

If you are a resident of California USA, the California Consumer Privacy Act will protect you. 
This is how:

a)    Information.
Please see section 2, 3, 4 and 5 above for information on categories of information collected and its sources, purposes of the processing, categories of third parties with whom we share personal information and what information we collect.

b)    Sale.
If you sign up for an account with nRF Cloud you may be offered a subscription to a global eSIM mobile data provider with a time limited roaming service, free of charge. The subscription enables the radio chips that you buy from us to connect to cellular networks in most countries. As you intentionally disclose your information in order to receive the roaming service and the roaming provider does not sell your information, the transfer is not deemed a sale of personal information under the CCPA.

c)    Non-discrimination.
We do not offer different prices  depending on the amount of data that you provide us with.

d)    Contact options.
You as a California resident may contact us by:
1. OPT-out form
2. toll free phone number: 866-I-OPT-OUT (1-866-467-8688) with a service code 1210#

If you are of the opinion that our processing of your personal data  breaches the terms of this policy, or in other ways  breaches the General Data Protection Regulation (GDPR), you can file a complaint to us by emailing us at [email protected], or directly to the Norwegian Data Protection Authority (Datatilsynet). However, please contact us first so that we can address your objections and resolve any misunderstandings.

You can find information about how to contact the Norwegian Data Protection Authority on their web site: https://www.datatilsynet.no.

As our business and tools evolve, we may need to update this policy.

In case of major changes, we may try to contact you directly through available channels, such as e-mail or other digital notifications.