1. The purpose of processing personal data
   Processing of personal data in order to provide the service
   In order to provide our services, Ludenso Explore and Ludenso Create, it is necessary to process personal data.
   
   Ludenso Studio
   User of Ludenso Studio (including signing up for a demo) will need a unique user, and organisation, to use the service.
   To create a user, the following user data will be stored:
   
   - Name
   - Email
   - Organization
   
   Ludenso Create
   Ludenso processes personal data concerning teachers, children, and other persons (“Users”) who download the Ludenso Create (the “Service”) app from the iOS App Store and Google Play Store or use our browser-based version. The personal data processed by Ludenso are names.
   
   Names are processed in order to connect a User to their account, enabling Users to log into and out of the Service without losing their work.
   
   Ludenso’s legal basis for the processing of personal data for this purpose is Article 6 (1) (b) of the GDPR where the User accesses the Service by downloading the app from the iOS App Store and Google Play Store.
   
   Mattekista AR
   There is no data gathered by the application.
2. Security
   ‍
   Ludenso has implemented appropriate technical and organizational measures ensuring that the personal data are processed with a level of security that is proportionate to the risk of processing, i.e. ensuring the confidentiality, availability, and integrity of the personal data.
3. Recipients of the personal data and the use of subcontractors
   ‍Ludenso does not share or disclose personal data with any third party except where Ludenso is legally obligated to do so.
   
   For certain administrative purposes, Ludenso makes use of subcontractors (processors). Ludenso has entered into data processing agreements with any processor personal data may be shared with. These contracts ensure that any processing of personal data by these processors is in accordance with the requirements of the GDPR. Furthermore, these data processing agreements ensure that personal data is not used for any other purpose.
   
   
4. The data subject’s rights
   ‍
   By contacting Ludenso, a data subject has the right to require access to, rectification of, and/or erasure of any personal data processed, related to the data subject.
   
   The data subject further has the right to request restriction of processing and data portability, as well as the right to object to processing.
   
   If consent is the legal basis for processing the personal data, the data subject may at any time withdraw such consent by contacting Ludenso.
   
   The data subject is entitled to lodge a complaint with the Norwegian Data Protection Authority concerning Ludenso’s processing of personal data.
   
5. Storage time
   ‍
   Ludenso will store personal data for as long as it is necessary for the purpose of the processing.  This means that Ludenso will store personal data until the incident which occurs first out of the following: a) when a User deletes their account, b) when a User has been inactive for two years, or c) when the license agreement a User’s account is connected to expires.
   
   Ludenso will not store personal data beyond this period of time unless another legal basis for continued processing exists.
   
6. Contact information of the data controller
   ‍
   If you have any questions concerning how Ludenso processes personal data or wish to have your personal data deleted, please contact our CTO Harald Manheim, at harald(at)ludenso(dot)com.
   
   

This policy is effective as of September 9, 2020.