Privacy Policy

Lingu is committed to privacy and data security and provide our users with the new rights according to GDPR.

Lingu needs to process personal data in connection with its operations. We are committed to processing personal data in a secure, reassuring and trust-inspiring manner.

As a controller of personal data, the way we process data is based on the business we run and the purpose of our business. Information on personal data we process about you, the legal basis for this processing, the purpose of this processing, and how long we process this personal data for, etc., is also included below.

We may also process personal data in other ways than those mentioned below. In this case, we will inform the person to whom the personal data relates by other means than through this declaration.

We may also act as a data processor for our customers and in connection with our services. In this case, our customers are responsible for data processing. You can read more about this below.

If you have any questions or want to know more about how we process personal data, you can contact us (see contact details below).

 

1. Responsibility for processing personal data

Lingu is the data controller, meaning we decide why and how personal data is to be processed for the processing described below. However, this does not apply where Lingu acts as a data processor and processes personal data on behalf of our customers (see point 4).

Contact details for the data controller:

Company name: Lingu AS

Address: Madlaveien 10, 4010 Stavanger, Norway

Email: post@lingu.no 

Phone number: +47 403 00 040

Organisation number: 912 774 031

 

 

2. Processing of personal data

We collect and use personal data for various purposes, depending on who you are and how we come into contact with you.

All processing of personal data takes place in accordance with the personal data protection rules in force at all times, including the Personal Data Act and the Personal Data Protection Regulation (GDPR).

"Personal data" means all information that can be linked to a natural person (who is referred to as "the registered person").

"Processing" means everything that is done with personal data, such as collection, registration, organisation, structuring, storage, adaptation or change, retrieval, consultation, use, disclosure by transfer, dissemination, and all other forms of making available, compilation or combination, limitation, deletion and destruction.

Where we act as the data processor (i.e., processing personal data on behalf of others), you will receive information about data processing from the controller. You can still contact us about the processing of your personal data, and we will refer you to the correct data controller. More on our role as a data processor is provided below.

 

Processing of personal data through Lingu.no and Lingu.com

When you register and take a course with us, we collect and process personal data about your use of our services and the completion of your course. During this processing, we collect:

When you register an account with us (including if you do not buy a course):

  • Name
  • Address
  • Email address
  • Mobile number

When you order and take a course or are a user of our learning portal:

  • Identity: name, social security number, date of birth, gender, social security number (we collect the latter only if we issue documentation, such as a course certificate, in accordance with the Act on the Introduction Scheme and Norwegian Education for Newly Arrived Immigrants).
  • Contact information: address, mobile number and email address.
  • User Activity: user activity on our learning portal, e.g., submitted assignments, comments, progression in skills and experience points, time spent, results from various quizzes and tests, reading and action history on apps, websites or electronic communications that we send out, as well as technical information on the devices used to access our services.
  • Personal learning profile of users: education level, language skills and other skills.
  • Login data: IP address and login history.
  • Purchase history and information relating to complaints, claims, including demands, or other matters relating to our services.

The above is processed in order to fulfil our agreement with you so that you can use our services (GDPR Article 6 (1) b).

The information will be processed for as long as is necessary to fulfil the agreement, if a complaint is made, and for accounting purposes. The information will therefore be processed for approximately five years.

Information we receive in connection to purchases is stored in our customer database for five years in case any questions or complaints relating to purchases arise. Information on course participation is stored for five years, as our experience shows that this is the period within which our users usually request documentation.

Information relating to your account with us will be stored and processed for as long as your account is active, or until you decide to delete it. We will delete your account if it remains inactive for more than three years.

We also store behavioural patterns on our website, i.e., information about how individual customers navigate our pages (see more below on how we process personal data on our website). This data processing helps us to manage our relationship with our customers, secure and develop our services, and protect our rights, etc., according to GDPR article 6 (1) f. We believe that we have a legitimate interest in processing this type of information, and that this interest outweighs individual privacy.

Technical logs on our website are also processed for troubleshooting and security purposes, and in connection with our services for security purposes, to improve our service, and to gather statistics. We process this information so we can fulfil our duty to comply with privacy regulations and secure personal data (see GDPR article 6 (1) c, cf. article 32), as well as our duty to secure your personal data according to our agreement with you (see above).

 

Communication and contact

We process personal data on anyone who contacts us so that we can respond, keep a record of this communication and refer it on to others. This applies to all forms of communication: physical and digital, written and spoken.

In such cases, we process names, telephone numbers, email addresses and any personal data that may result from the enquiry, including history/logs of the enquiry.

We process this information on the basis that we have a legitimate interest in processing personal data relating to the above (see GDPR article 6 (1) f). We consider our ability to maintain contact with the public, document the business we run, respond to those who contact us and register such contact to be an important part of our business. We therefore consider this processing to be necessary in order for us to handle the inquiries we receive, and that our legitimate interest in this comes before individual privacy.

Providing us with personal information is voluntary. However, you may need to do this in order for us to be able to respond to any inquiries.

We process this information until we expect that no further follow-up of the contact will be required, which is normally after three years.

 

Email

We use email as a communication tool, and this contains personal data. We process this data on the basis that we have a legitimate interest to do so (see GDPR article 6 (1) f) in order to operate and communicate, and we have assessed that individual privacy does not come before this interest. The type of personal data processed in our emails depends on the purpose and content of the email. Emails are deleted when they are no longer needed, and we have measures in place to ensure regular deletion of emails. Our security solutions also have access to email, but only for machine processing purposes.

 

Information and marketing

If you request information or sign up for a newsletter, or are an existing customer of ours, we will send out information about our products and services, our partners’ products, newsletters, and other information and marketing. We will process your name and email address as a result. We process this information on the basis that you have consented, or that we have entered into an agreement with you. The processing of this data will take place until you have received the requested information, have withdrawn your consent, or are no longer a customer with us. Your personal data will then be deleted.

We process this personal data so we can inform you about services and products that may be of interest to you, and this processing is performed on the basis that you have consented to it (GDPR Article 6 (1) a). You can withdraw your consent at any time by using any of the cancellation options provided in any correspondence you receive, or by contacting us to opt out of direct marketing and/or profiling, according to GDPR Article 21 (2).

If information we send on our services you use does not contain marketing, we will send this to you regardless of whether you have consented, and your personal data will be processed in accordance with GDPR article 6 (1) b. We process this data so we can keep you updated about the services you receive and fulfil our agreement with you.

We only process the personal data necessary in order to be able to correspond with you, which in this case is your email address. Your email address will not be used for anything other than sending out newsletters, and this personal data will be processed only for as long as you continue to receive these.

 

Information and newsletters

We can send out information on our services to existing and former users in order to inform them about our service and other matters relating to Lingu. We therefore process personal data on the basis that we need to fulfil or follow up an agreement with the recipient and make sure our services/products are received (GDPR article 6 (1) b).

We process your personal data on the basis that you have consented (GDPR Article 6 (1) a), or that you are an existing customer with us (in order to fulfil an agreement with you (GDPR Article 6 (1) b), or according to our legitimate interest in keeping our former customers informed (GDPR article 6 (1) f). If you wish to stop receiving this information, you can withdraw your consent at any time using the link in our newsletter or by contacting us. However, we would encourage you to continue receiving this information since it may have an impact on your use of our services.

We only process personal data we need to be able to contact you, which in this case is your email address. We will not use your email address for anything other than sending out this information. Your personal data will be processed for as long as you receive this information from us.

 

Existing and potential customers, suppliers and collaboration partners, etc.

We process personal data on contact persons for existing and potential customers (in business relationships), suppliers and other collaboration partners in order to carry out sales and marketing activities, manage our relationships with suppliers and other parties, and to prepare, implement and document our services, as well as evaluate the use of these services. In these cases, we will process the name, contact details, company name and information relating to our contact with the company in which they work.

We process this personal data on the basis that we have a legitimate interest (GDPR Article 6 (1) f) in managing our relationships with our customers, partners and suppliers, and that this interest outweighs individual privacy.

We also store and disclose information whenever we have a legal obligation to do so; for example, as required by accounting and tax legislation.

We can store information for as long as necessary; for example, when we need to document circumstances relating to our services.

In many cases, it is necessary for us to obtain personal information in order to enter into agreements with customers and suppliers, such as when we need to document that an agreement has been entered into. If we do not receive the information we need, we will not be able to enter into agreements.

Contact persons can provide us with personal information on a voluntary basis. If we collect personal information from others, this mainly involves contact information (including name, address, telephone number and email address), position, function and employer, as well as skills and references, where relevant. The source of this information will be the contact person's employer (taken from the company website, for example). In some cases, we collect references from others to assess the suitability of suppliers and partners.

We store this information until the relationship with the customer, supplier or partner ends, or until the contact person ceases to be a contact person, unless one of the exceptions mentioned above applies.

 

Recruitment

When recruiting for new positions, we process CVs, applications, certificates, notes from interviews and results from investigations into references, etc., all of which contain personal data.

We use job search services to manage submitted applications, and these therefore act as the data processor. If you register with a job search service and create your own profile, this service will act as the data controller, and you should refer to its privacy policy for information on how they process your personal data. We will process your personal data on the basis that you have consented to this with the job search service (GDPR article 6 (1) a), if this is the case, or on the grounds provided below.

Personal data is processed during recruitment on the basis that this is necessary in order to carry out certain measures before we have entered into an employment contract with the job seeker (GDPR article 6 (1) b).

If we carry out any investigations other than contacting people who have been provided as a reference, such as investigations into employment history, etc., then personal data is processed on the basis of our legitimate interest in ensuring that the candidate is the right person for the position (GDPR article 6 (1) f ). We believe that this interest outweighs individual privacy. We encourage you not to provide any special personal data in your application, such as information on health, religion, political opinions or trade union membership, etc.

In the event that we process special personal data, we will do so on the basis that you have consented to this (GDPR article 9 no. 2 a). You can withdraw your consent at any time; however, this will not affect the legality of any processing of personal data that occurred before your consent was withdrawn.

Personal data is deleted as soon as the recruitment process is complete, unless you have consented to this being stored for longer.

 

Events etc.

With regards to participation in events, participant contact details will be registered and processed, as well as information on the corresponding event. We do this so that the person concerned can be recorded as registered, and to enable any necessary communication or invoicing of participation fees. Personal data is processed on the basis that we need to fulfil an agreement with the participant (GDPR article 6 (1) b), or in the case that the participants represent a business, on the basis that we consider ourselves to have a necessary legitimate interest (GDPR article 6 (1) f) in holding events as part of our business activities. In the case of the latter, we consider our legitimate interest to outweigh individual privacy.

In the event that food and/or drink will be served, we can obtain information about dietary preferences, and these may reveal preferences based on health and/or religion. This information will be processed only by us, and we will delete it immediately after the event. In such cases, this information will be processed on the basis that the participant has consented to this.

 

Social Media

We maintain contact with stakeholders and other parties through social media. We have a profile on Facebook (as well as other social media sites), where we are responsible together with Facebook for the processing of related personal data. Personal data will be processed through our Facebook page if you submit or comment on any posts, or like/follow the page. We process personal data through our Facebook page so we can maintain contact in other ways with those who wish to communicate with us or interact via Facebook (see more on communication under point 2.2 above).

In order to do this, we process your name and a link to any other information posted on Facebook that is associated with your name/account. In addition, we process everything you share through posts and comments on our Facebook page, as well as the fact that you have liked/followed our website. The information you share on our Facebook page is completely voluntary.

We ask you not to share any personal data in posts or comments on the website, especially any personal data about others, e.g., by tagging or mentioning people.

We process personal data held on social media, such as Facebook, on the basis that we believe we have a legitimate interest in communicating with the public via social media and need to process personal data in order to do so (GDPR article 6 (1) letter f). We have assessed that we must be able to communicate with the public and handle any inquiries we receive, and that individual privacy does not come before this interest.

This information will be processed for as long as the related posts/comments are published on our social media pages, and you are free to delete these at any time.

 

Use of websites

Cookies are used on our websites and as part of our services, e.g., to collect information that will improve customer experience of our websites and services, as well as to guarantee the functionality of our services. We also use this information to provide visitors with relevant recommendations and service adaptations. These are both provided based on visitor behaviour, e.g., services that have been used, links that have been clicked on or information that has been read, and based on the behaviour of other users with similar usage patterns. In addition, cookies are used to provide customised marketing on our websites, in advertising networks and on social media. As far as is practically possible, we try to work using anonymous information (in which information is not linked specifically to individual visitors).

A cookie is a text file that is placed in your browser's internal memory when visiting or interacting with a website, or a number/number series that can identify your browser or the device you use to access a website (hereon referred to as cookies).

You can opt to block us from placing cookies in your browser. Many browsers or devices are set to accept cookies automatically, but you can change the settings yourself so that they won’t be accepted. The disadvantage of disabling cookies in your browser is that the websites you visit will not function optimally. This is because the purpose of most cookies is to ensure service functionality.

We also use tools other than cookies to obtain information on your IP address, the type of browser you use, your broadband provider, operating system, date and time of visit to our website and services. We use this information to analyse trends so we can make our website and services more user-friendly.

 

We use the following cookies on our website:

On lingu.no

Cookie name

Domain

Purpose

intercom-id-kczbs1i2

intercom-session-kczbs1i2

intercom-device-id-kczbs1i2

.lingu.no

Chatting with customer support and sales team

__stripe_sid

__stripe_mid

.lingu.no

Securing credit card transactions for course bookings

_pk_id.*

_pk_ses.*

lingu.no
kpa.lingu.no
ua.lingu.no

Tracking web traffic with Matomo

_adeptlms_session

.lingu.no

Identifying users (login)

CookieNotificationCookie

lingu.no

kpa.lingu.

ua.lingu.no

Tracking user cookie preferences

 

 

On lingu.com

Cookie name

Domain

Purpose

_session_id

.lingu.com

Identifying users (login)

tz

lingu.com

Localising date and time to your browsers local time zone.

_is_cookie_consent

lingu.com

Tracking user cookie preferences

_ga
_for_*

.lingu.com

Tracking web traffic with Google Analytics

oauth2_authentication_csrf

oauth2_consent_csrf

oauth2_authentication_session

auth.lingu.com

Cross-site attack protection

Identifying users logged in with OAuth providers (Google, Microsoft, etc.)

__Host-next-auth.csrf-token

__Secure-next-auth.callback-url

saml.lingu.com

Identifying users logged in with Single Sign-On

 

We process the personal data above on the basis that we have a legitimate interest (GDPR Article 6 (1) f) in adapting our website to our users, and that this interest outweighs individual privacy. However, we safeguard the privacy of visitors to our website by only using this information for statistical purposes. It is not possible to identify individuals from these statistics. This information will be kept for as long as we need it for the purposes outlined above.

 

2. Storage and deletion of personal data

We keep personal data for as long as is necessary for the purpose for which it was collected, and we delete this data in line with the requirements laid out in the regulations. The period of time we keep personal information varies depending on how the information was obtained and the purpose for which it was obtained. How long we keep this information before we delete it is provided above for each individual case. The storage period is also based on the following criteria:

  • If we have a legal or contractual need to keep the information, as claims may be brought against us
  • If the information is necessary for our business
  • If consent is withdrawn, where the basis for us processing it is consent.

When we no longer have an ongoing legitimate need to process your personal data, it will be deleted or anonymised as soon as possible in accordance with the applicable law.

In some cases, it may be relevant for personal data to be anonymised instead of deleted. Anonymisation means removing all identifying or potentially identifying characteristics from data sets that are held.

To provide some examples, this means that: the personal data we process based on your consent will be deleted if you withdraw your consent; personal data we process to fulfil an agreement with you is deleted when the agreement has been fulfilled and all obligations arising from the contractual relationship have been fulfilled, such as statutory obligations related to accounting and follow-up of the customer relationship in relation to complaints, etc.; personal data we process due to a legal obligation will be deleted as soon as we are no longer obliged to keep the data.

 

3. Processing of personal data as part of our services

Customers of ours that use our services act as the controller of any personal data related to the use of our services. We then process this personal data on behalf of the customer, and therefore act as the data processor. We enter into data processing agreements with our customers to regulate how we process personal data on their behalf.

The information in this privacy policy also applies to how we process the personal data of our customers' customers in the case of disclosure or transfer of personal data and security/technical matters. This personal data is deleted when our customers choose to delete it. We never use information or data from our services without first requesting or obtaining approval from our customers to do so.

We send emails to contact persons for our service users and customers providing information on our services, such as technical conditions, upgrades and new functionalities, etc., as well as emails that are automatically generated by our services. Recipients of these emails may unsubscribe/inform us that they no longer want to receive them. More information on this is provided below.

Below is a general description of the data processing that takes place as part of our services. Individual data controllers may process or have personal data processed differently as part of their service. The data controller is the party responsible for informing its customers about how it processes data, despite the fact that we are the data processor. However, we have made this information available so that our users can more easily gain an insight into how their data is processed.

The purpose of data processing

Personal data is processed as part of our services in order to provide the functions and perform the tasks associated with delivering courses.

The data processing that is carried out

Personal data processing will take place as part of our services for the following purposes:

  • For the registration of personal data that can be linked to users of our services, and personal data on others who are registered to our services (see more below)
  • For account registration, whether sent from our customer or provided by the users themselves
  • To ensure that users can make use of the functions included in our services (see more on user activity below).
  • To calculate statistics and perform analyses, which are provided in reports. These reports do not contain any personal information.
  • To back up data (including personal data)
  • So that operating personnel can use their administrator's access to perform user support and operational maintenance tasks on the controller's data and operational resources (such as servers, databases, user accounts, etc.)

The personal data that is collected and processed

The following categories of personal data are processed for the persons mentioned above:

  • Identification of the users of our services: Name, email, phone number, social security number (the latter only in the case where documents such as course certificates are issued, in accordance with the Act on the Introduction Scheme and Norwegian Education for Newly Arrived Immigrants).
  • User Activity: Users' activity on our websites and in our learning portal, e.g., submitted assignments, comments, progression in skills and experience points, time spent, results from various quizzes and tests, reading and action history from apps, websites or any electronic communications that are sent out, and technical information on the devices used to access our services.
  • Personal learning profile for users: level of education, language skills and other skills.
  • Login data: IP address, login history, identifier with third-party login services (login with Google etc.).

The legal basis for processing this personal data depends on the customer’s purpose for processing (as they are the data controller). However, normally the processing will be done either to fulfil an agreement with the user (such as employee training), or when we have a legitimate business interest to do so, such as to provide employees or others with language training.

We are also responsible for processing specific personal data in connection with our services, which includes:

System monitoring, error correction, etc.

We monitor our systems for errors and problems. A part of these processes involves the storage and processing of personal data. The legal basis for processing personal data for this purpose is our legitimate interest in ensuring that our systems and solutions do not contain any errors or problems.

Safety

We process personal data as part of our tasks to protect our solutions and services, users and ourselves against security gaps, fraudulent activity and abuse, etc. The legal basis for processing personal data for this purpose is our legitimate interest, together with the fact that we are obliged by privacy regulations to secure personal data (e.g., see GDPR articles 24 and 32), as well as our obligations as stated in the data processing agreement we hold with our customers.

Compliance with legal obligations

We may be required to process personal data due to other legal obligations, such as to secure data in connection with legal disputes, extradition requirements, etc. The legal basis for processing personal data for this purpose is that this is necessary in order to fulfil a legal obligation incumbent upon us.

Communication with users

We can send information to our users in order to keep them informed on the services we offer and the availability and functionality of these, as well as any other situations that users should be kept aware of. These mailings are made on the basis of our legitimate interest in keeping users updated about our services. You can opt out of mailings, but we recommend that you do not do so as you may miss out on important information.

Your rights

If we are the data processor in the processing of your personal data as stated above, you must contact the data controller in order to exercise your rights. However, the rights you have will be largely the same as those listed below. If you contact us, we can help by referring you to the relevant data controller, if we have this information.

If we are the data controller, you can find out more about your rights below, and you can also contact us to enforce your rights.

 

4. Transfer or disclosure of personal data to others

We do not pass on personal data to others in cases other than those mentioned in this declaration, and unless there is a legal basis for this. Examples of such a basis typically include an agreement with or consent from the data subject, or a legal obligation that requires us to release the information. The latter applies to public activities such as tax collection (if necessary), accountants/auditors, as well as other parties we require as part of our business in connection with banking services.

We use data processors to collect, store or otherwise process personal data on our behalf. In such cases, we have entered into agreements to safeguard your rights and to secure your personal data at every stage of the process.

If required by law, or if there is suspicion that an offence has been committed in connection with the use of our services, personal data we have stored about you may be handed over to the public authorities.

If personal data may be subject to transfer to another organisation in connection with a merger, financing, reorganisation or dissolution transaction of all or part of our company, we will only do this if the parties involved have entered into an agreement in which the collection, use and sharing of personal data is limited to the purposes relating to the transaction, including a provision on whether the transaction should proceed or not, and in which personal data shall only be used by the parties involved to carry out and complete the transaction. If another company acquires us, our business or our assets, this company will gain access to the personal data collected by us, and will assume the rights and obligations regarding your personal data as described in this privacy policy.

 

Transfer of personal data to recipients in countries outside the EEA

It is our goal that all processing of personal data will be carried out within the EEA. However, at some point we may have to use suppliers or process personal data outside the EEA. In such cases, transfer and processing outside the EEA (in a third country) will take place in a country approved by the European Commission, or in accordance with a valid legal basis for the transfer of personal data according to GDPR chapter V. If transfer does not take place to a country approved by the European Commission, transfer will only take place according to the guarantees set out in GDPR article 46 (2). You can contact us to find out which basis is used for the transfer of personal data.

 

5. Links to third parties/other websites

There may be links on our websites to other websites or third parties that offer products or services, or other places that are not under our control. These links are provided only as an opportunity for users to obtain more information. Websites that are not part of our own website, i.e., that are not located under the addresses lingu.no or lingu.com, process personal data as the data controller themselves, and will have separate and independent privacy guidelines. We are not responsible for any content or activities on these websites.

 

6. Security of data processing

We place high priority on the security of personal data in our business, and will implement all necessary technical and organisational measures in order to secure your personal data.

We handle information so that it is correct, accessible, and handled according to the degree of sensitivity of the information. We also use a number of security technologies and information security procedures to protect personal data from unauthorised access, use or dissemination. Risk assessments are carried out for the processing of personal data.

We have entered into data processing agreements with all our suppliers who process personal data, in which they undertake the same level of security as we uphold for our processing of personal data.

We limit access to personal data to staff or third parties who will process the data on our behalf. These parties are subject to confidentiality obligations.

Routines have been established for handling breaches of information security and routines (breach of privacy), and if there is a breach that entails a risk to the privacy of the personal data concerned, we will send a notice of deviation to the Norwegian Data Protection Authority as quickly as possible, and at the latest within 72 hours of the breach being discovered. If the breach entails a high probability of risk to the privacy of those to whom the breach applies, we will also notify them.

 

7. Your rights when we process personal data about you

Below are your rights for the processing of personal data. Where we are the data controller, you must contact us to exercise your rights (see contact details above). If we are not the controller, follow the guidance below.

We will respond to your enquiry as soon as possible, and within one month at the latest. If this will take longer than one month, you will be notified.

We will ask you to confirm your identity or provide additional information before we allow you to exercise your rights with us. We do this to be sure that we only give access to your personal data to you and not to someone pretending to be you.

Your rights below apply in cases where we are the data controller (see above). We are a data processor for our customers, and if you use services from one of our customers, they are the party responsible for the processing of your personal data (data controller). In this case, you must contact the company you receive the service from in order to exercise your rights in relation to the processing of your personal data. Your rights will essentially be the same as those described below.

 

Information

You have the right to receive information about the personal data we process about you. We inform you about our processing of personal data through this declaration. You can also contact us if you wish to receive further information.

 

Insight

You have the right to demand access to the personal data processed about you. Please contact us if you would like access to this. If you have registered an account and this has not already been deleted, most of the information you have provided can be accessed via our service (see above).

You can also request a copy of the personal data we process about you. We can ask you to specify which information you would like a copy of in order to make this task easier. When handing over  copies of your personal data, we can demand that you identify yourself so we can ensure that we do not hand over personal data to unauthorised parties. The information we hold about you will be sent in digital form unless you request to have it transferred in another format.

 

Change and deletion

You can ask us to correct any incorrect information we have about you, or ask us to delete your personal data. You can also correct or delete your information via our service if you are a registered user and have an account. We will accommodate any requests to delete personal data as far as possible, but we are unable to do this if we still need the data for other purposes.

 

Processing on the basis of consent

If we process personal data on the basis of your consent, you can withdraw your consent at any time. The easiest way to do this is to use the method indicated when you gave your consent, or to contact us directly.

 

Right to restrict or object to processing

You can demand that our processing of your personal data be limited in certain cases, if the conditions for this are met. If the processing is restricted, the personal data will only be stored (see more in GDPR article 21).

Where our processing is based on a legitimate interest, you have the right to object to the processing of your personal data. If you object, we shall stop the processing in question, unless there are compelling legitimate reasons to continue.

You can also object to the processing of personal data about you for marketing purposes, including profiling to the extent that this is linked to direct marketing (see GDPR article 22 no. 2).

 

The right to data portability

For information you have provided to us that is necessary in order to carry out an agreement with us, and which is processed automatically (i.e., not manually by us), you can request to have the personal data about you handed over or transferred to another supplier in a structured, commonly used and machine-readable format (data portability).

 

Automated processing, including profiling

There will be no automated processing, including profiling, based on your personal data that has any legal effect or that significantly affects those to whom the personal data applies (see GDPR article 22 no. 1 and 4).

 

8. Complaints

If you feel that our processing of personal data is not in accordance with what we have described here, or that we are in breach of privacy legislation in other ways, you can complain to the Norwegian Data Protection Authority. However, we ask you to contact us first so that we can rectify any incorrect processing as quickly as possible.

You can find information about your rights and how to contact the Norwegian Data Protection Authority on their website: www.datatilsynet.no.

 

9. Changes

If there are any changes to the way we process personal data or changes to the regulations on processing personal data, this may result in changes to the information provided here. We can inform you of any changes that concern you directly and that have an impact on your privacy if we have your contact details. Otherwise, you will always be able to find an updated version of this privacy policy on our website.