Home

Privacy Policy

Account Data

When you register an account with us, we collect and process certain personal data from you such as your registration data. For example, we need your name, address information, and your email address to identify you and communicate with you. You can delete your user account by contact us with a request to terminate you account.

The legal basis for this data processing is GDPR Art. 6 (1) (b). You cannot use some of our services if you do not provide your data to us, but it is voluntary to use our services.

We might use anonymzied account data as statistics to help us improve our services and understand who our users are.

Application Data

When you use our web application you determine the purposes and means of processing for whatever personal data you (or your users) enter into our web-application or request others to enter into our web-application, and we act as a data processor. Our role as a data processor is governed by our standard data processing agreement.

Log Files

When you access and use our website / web-application, when you log in and out and when errors occur, we automatically store certain data. This includes your IP address, your location, type and version of the web-browser you use, time and date, the webpage or function you were using and, when relevant, information about the error and your username.

This data is used for the following purposes:

  • Information security purposes. We have a legitimate interest in ensure appropriate security for our network, information and services including fulfillment of GDPR Art. 32. The legal basis for this data processing is GDPR Art. 6 (1) (f). This type of processing is envisioned in GDPR recital 49.
  • Bug fixing purposes. We have a legitimate interest in ensuring that our website / web-application works as expected by our users and ourselves, and thus to correct unwanted or unintended properties of our website / web-application. The legal basis for this data processing is GDPR Art. 6 (1) (f).

We might use anonymzied log data as statistics to help us improve our services and understand how our website / web application is used.

Legally Required Data Processing

We may use your data as necessary for compliance with legal obligations to which we are subject, e.g. for accounting purposes. The legal basis for this data processing is GDPR Art. 6 (1) (c).

Fraud Prevention, Criminal Acts and Threats to Public Security

We have a legitimate interest in preventing fraud in connection to our services. The legal basis for this data processing is GDPR Art. 6 (1) (f). This type of processing is envisioned in GDPR recital 47.

Further, we have a legitimate interest in transmitting the relevant personal data indicating possible criminal acts or threats to public security, in individual cases or in several cases, to a competent authority. The legal basis for this data processing is GDPR Art. 6 (1) (f). This type of processing is envisioned in GDPR recital 50.

Communications

When you contact us, we collect and process certain personal data, such as you contact data (which is necessary for replying to the communication) and the message itself, which may or may not contain personal data. We may contact you using your account data, data from your communication with us or contact data you have provided to us directly (such as by signing up to a newsletter).

Depending on the content of the communication, storing the communication for archive purposes, may be relevant for our performance of a contract, marketing our services, and growing our business, compliance with a legal obligation, documenting a legal claim, replying to an inquiry and keeping track of the history.

If you have signed up for a newsletter, or otherwise opted-in to marketing, our legal basis for data processing is GDPR Art. 6 (1) (a).

Otherwise the legal basis for this data processing is GDPR Art. 6 (1) (f). We have a legitimate interest in communicating with our customers, potential customers, and other parties in the situations described above.

If the communication is for direct marketing purposes, reference is made to the GDPR recital 47. You will find how to opt-out, or withdraw you consent, in in the direct marketing, or you may contact us directly.

Recipients of Data

In some cases, your personal data may be shared with independent data controller, such as:

  • Payment service providers: when paying via credit card, an external service provider processes the payment.
  • Debt collection agencies: If you fail to pay your invoices on time, necessary data is passed on to an external debt collection agency.
  • Government authorities or other third parties as required by law: e.g. mandated by statute or court order, or as necessary to report criminal acts or threats to public security.
  • Lawyers: If we need legal advice, or in relation to legal claims, necessary data may be passed on to lawyers.
  • Auditors: If our books are to be audited, or we otherwise need auditor services, necessary data may be passed on to auditors.

We also use data processors to process data, e.g. we may use accountants and cloud service providers to deploy and operate our website / web-application.

International Data Transfer

You data remain within the European Union, Norway, the United Kingdom, and Canada. Norway is a member of the European Economic Community and the GDPR applies there. The United Kingdom, and commercial organizations in Canada have been found by the European Commission to offer an adequate level of data protection.

Cookies and local data storage

You can read about how we use cookies and local data storage here.

Your Rights

  • Right of access. You have the right to ask us for copies of your personal data. There are some exemptions to the data we must provide, which means you may not always receive all the information we process.
  • Right to rectification. You have the right to ask us to rectify information you think is inaccurate and to complete information you think is incomplete. There are some exemptions, which means the data may not be corrected. E.g. the fact that a mistake was made might be an accurate thing to record or data may express a subjective opinion.
  • Right to erasure. You have the right to ask us to erase your personal information in certain circumstances, e.g. when the data is no longer needed.
  • Right to restriction of processing. You have the right to ask us to restrict the processing of your information in certain circumstances, i.e. if you are concerned about the accuracy of the data or how it is being used.
  • Right to object to processing. You have the right to object to processing which is based on our legitimate interests under GDPR Art. 6 (1) (f) in certain circumstances and always for direct marketing purposes.
  • Right to data portability. This only applies to information you have given us if we are processing the data based on your consent or pursuant to contract.

Please contact us if you wish to make a request. We will respond to you within one month. If you're unhappy with the way that we handle your concern, you may complain to the Norwegian Data Protection Authority.

Contact Us

If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact us.