Privacy
Privacy Policy for Heras Group Norway AS Website
Last updated: October 2025
Controller & Contact: This Privacy Policy applies to the website operated by Heras Group Norway AS, which is the responsible data controller for any personal data processed in connection with the site. If you have questions or wish to exercise your data protection rights, you may contact us via the contact details on our website, by email at post@gardasikring.no or by mail to Heras Group Norway AS, Apotekergata 10B, 0180 Oslo.
Heras Group Norway AS (“we”, “us” or “our”) is committed to protecting your privacy. This Privacy Policy explains what personal data we collect when you visit our website, how and why we use it, and your rights in relation to that data. It also describes the cookies and third-party services we use (e.g. hosting providers, analytics, and video platforms) and the measures we take to comply with the EU General Data Protection Regulation (GDPR) and other applicable laws.
We process personal data only for specified purposes and in accordance with applicable legal bases under GDPR. In general, we rely on your consent for any non-essential data processing (such as analytics or marketing cookies) and on our legitimate interests for essential or functional processing required to operate and secure our website (Art. 6(1)(a) and (f) GDPR, respectively). Below we provide detailed information about each type of data processing on our site.
1. Provision of Website and Hosting Services
Data processed: When you visit our website, our servers automatically process certain data to display the site and maintain security. This includes the IP address of your device (which is needed to transmit content to you), as well as standard technical information that may be logged, such as the date and time of access, the pages or files requested, browser type/version, operating system, and the referring page (if any). These entries are typically stored in server log files.
Purpose: We process this usage and log data to provide our online services to you and to ensure the site’s stability and security. For example, logging IP addresses helps prevent abuse of our servers (e.g. DDoS attacks) and troubleshoot technical issues. Collecting device and browser info allows us to optimize our site’s compatibility and performance.
Legal basis: This essential processing relies on our legitimate interest in operating a secure and functional website (GDPR Art. 6(1)(f)). It is necessary for delivering the content you explicitly request by visiting our pages.
Retention: Server log data is retained only for a short period for the above purposes and then automatically deleted or anonymized. Specifically, log entries are kept for up to 30 days and then deleted, unless further retention is required to investigate security incidents (in which case, relevant data may be kept until the issue is resolved).
Hosting and CDN providers: Our website is built and hosted on third-party platforms and uses Content Delivery Networks (CDNs) to efficiently deliver content. We have engaged the following service providers:
Webflow, Inc. – We use Webflow for creation, management, and hosting of our website (including any online forms). Webflow provides the server infrastructure on which our site runs. In this context, Webflow processes the data (including IP addresses and form submissions) needed to host the site on our behalf. Legal basis: Hosting is necessary for providing the site, based on our legitimate interests (Art. 6(1)(f) GDPR). Webflow is a US-based company with servers in the EU and US; appropriate safeguards for data transfers (such as EU Standard Contractual Clauses and participation in the EU-U.S. Data Privacy Framework) are in place.
Cloudflare, Inc. – We use Cloudflare as a Content Delivery Network (CDN) and security provider. Cloudflare caches our site’s content on globally distributed servers and filters malicious traffic. When you access our site, your requests may be routed through Cloudflare’s network, which means Cloudflare will process your IP address and other technical metadata to deliver content faster and protect against threats (e.g. blocking attackers). Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) – using a CDN is technically necessary to provide the website efficiently and securely. Cloudflare may process data in the USA; it adheres to the Data Privacy Framework and EU SCCs for such transfers.
Fastly, Inc. – We use Fastly CDN for faster delivery of large assets (like images or scripts). Like Cloudflare, Fastly temporarily stores copies of our content on servers closer to you geographically, which means your IP address and requests may be handled by Fastly’s servers for performance optimization. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Fastly is US-based; data transfers are safeguarded by Fastly’s Data Processing Terms (incorporating EU Standard Contractual Clauses).
Amazon CloudFront (AWS) – We also utilize Amazon Web Services’ CloudFront CDN as part of our infrastructure. AWS (Amazon Web Services EMEA SARL, based in Luxembourg) may process user requests and content delivery on its network. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Transfers to any non-EU AWS data centers (e.g. in the US) are protected by AWS’s binding corporate rules and Standard Contractual Clauses.
Each of these providers acts as our data processor under GDPR, meaning they only process personal data on our instructions and for the purposes mentioned. We have executed Data Processing Agreements (DPAs) with them as required. For more details, you can refer to their privacy policies and data processing terms (see summary table below).
2. Use of Cookies and Consent Management
Our website uses cookies and similar technologies to enhance user experience and to integrate certain services. Cookies are small text files that can be stored on a user’s device when visiting a website, and later read back by the website or third parties. They serve various functions described below.
Types of cookies:
Essential cookies – These are necessary for the basic functioning and security of the site. For example, they may remember your cookie consent preferences or enable core features. Essential cookies are typically first-party (set by our domain) and may be stored only for the session or a short duration.
Analytics and functional cookies – These cookies help us analyze how our site is used or remember user settings to improve convenience. For instance, analytics cookies allow us to recognize repeat visitors (in an anonymous way) and understand which content is popular. Functional cookies might save preferences like language selection. We treat these as non-essential, meaning we will only use them if you give consent.
Advertising/marketing cookies – Our site currently does not serve third-party ads, but if we ever did, such cookies would track your browsing behavior to show relevant ads. We do not use such cookies at this time.
Cookie storage duration: Cookies can be session cookies (temporary cookies that are deleted when you close your browser) or persistent cookies (remain on your device for a defined period or until you delete them). Unless stated otherwise, assume our cookies (or those of our service providers) may persist for up to 24 months maximum, though many analytics cookies have shorter lifetimes (e.g. 13 months or less, per best practices). We provide specific details in context below where relevant. [Privacy Policy]
Legal basis for cookies: Under ePrivacy laws and GDPR, we require your prior consent for any cookies or similar technologies that are not strictly necessary. When you first visit our site, we display a cookie consent banner (managed by Cookiebot) that allows you to choose which categories of cookies to accept. If you give consent, the respective cookies will be set and the associated data processing will be based on that consent (Art. 6(1)(a) GDPR). If you decline or ignore the banner, we will not set non-essential cookies, and will rely only on cookies that are strictly necessary for site operation, which fall under our legitimate interests (Art. 6(1)(f) GDPR).
Consent withdrawal and cookie control: You can change or withdraw your consent at any time by using the Cookiebot preferences (accessible via the floating cookie icon or link on our site). Additionally, you can manage cookies through your browser settings – for example, you may delete existing cookies and block new ones from all or specific websites. Please note that if you disable all cookies (including essential ones) via your browser, some features of our site may not function properly.
Note: If you are browsing from the EU/EEA, our site’s cookie banner will have already blocked non-essential cookies by default until you consent. Users from other regions may not see the banner if not required, but can still opt out of analytics via browser settings or relevant opt-out links provided below.
Our Cookie Consent Tool (Cookiebot)
To manage user consents efficiently, we use the Cookiebot consent management platform provided by Usercentrics A/S (Denmark). Cookiebot displays our cookie banner and records your preferences. When you interact with the banner, Cookiebot will save a cookie on your device to remember your consent decision and avoid asking again on every visit (unless you clear cookies or the consent expires).
Data processed by Cookiebot: When you submit your cookie consent, the following information is automatically logged by Cookiebot on its servers: an anonymized IP address (last three digits removed) of your device, the date and time of your consent, your browser and device information, the URL from which the consent was submitted, a random encrypted key that identifies your consent state, and the consent preferences you selected. This data is stored to provide proof of consent and to re-apply your preferences on subsequent page loads. Cookiebot’s consent cookie is a persistent cookie that lasts up to 12 months.
Cookiebot acts as our data processor for consent data. All user consent information is stored in European data centers.
Legal basis: When you consent to certain categories of cookies, the processing of those cookie data is based on your consent (Art. 6(1)(a) GDPR). The operation of the Cookiebot system itself (to remember your choices and comply with legal obligations) is based on our legitimate interest in complying with the law and providing a user-friendly consent mechanism.
For more details, see Cookiebot’s own Privacy Policy and data processing terms. (Cookiebot’s privacy policy is available here: https://www.cookiebot.com/en/privacy-policy/). Cookiebot is owned by Usercentrics, which offers standard data processing agreements for its clients.
Cookies and Third-Party Services Used on Our Site
We leverage a number of third-party services that involve cookies or similar tracking technologies. Each of these is described in the next sections (Analytics and Embedded Content), and we summarize them in the table at the end of this policy. In general, no non-essential third-party cookies are loaded unless you have given consent via the cookie banner. If you consent, the cookies will be set as described; if you do not, those services will remain inactive (or will operate in a restricted, privacy-friendly mode if possible).
3. Web Analytics and Monitoring (User Behavior)
We want to understand how visitors use our website in order to improve it. For this, we use certain analytics and monitoring tools. These tools may collect information about your interactions with our site, such as which pages you visit, how long you stay, what links you click, and how you navigate through the site. We have configured these tools to respect privacy (e.g. by anonymizing IP addresses whenever possible). No analytics cookies or tracking will run without your consent.
The data gathered via analytics cookies or scripts are pseudonymous – we do not use them to directly identify you. We do not collect your name, email, or similar personal identifiers for analytics purposes. The information is used in aggregate, to identify usage trends (e.g. which pages are most popular, what time of day sees most traffic). This helps us optimize site content and performance.
Legal basis: We only deploy analytics tools with your consent (Art. 6(1)(a) GDPR). You can choose “Statistics” or similar category in the cookie consent banner to enable/disable these tools. If consent is not given, these tools either do not run at all or run in a no-cookie mode under our legitimate interest (as described below for Google Analytics).
The specific analytics/monitoring services we use are:
Google Tag Manager
We use Google Tag Manager (GTM), a platform by Google Ireland Ltd., to manage the various scripts/tags on our website from a single interface. GTM itself does not collect personal data or set cookies. It is essentially a container that helps load other tools (like Google Analytics or Hotjar) based on your consent choices.
However, when GTM loads a tag, it may send your IP address and certain technical information to Google purely for the act of retrieving the tag script. GTM also might record which tags are fired. We have configured GTM to fire tags only if you have given the appropriate consent. For example, our Google Analytics tag is set to fire only if you consented to analytics cookies.
Legal basis: Consent (Art. 6(1)(a) GDPR) – we only use GTM to fire tags that you have agreed to. Google Tag Manager is covered by Google’s Data Processing Agreement and privacy commitments (see Google’s privacy policy here: https://policies.google.com/privacy). Any transfer of data to Google’s servers in the U.S. is safeguarded by the EU-U.S. Data Privacy Framework and Standard Contractual Clauses in Google’s terms.
For more information, see Google’s Tag Manager terms and Google’s data processing terms for advertising/analytics services.
Google Analytics
We use Google Analytics 4 (GA4) to collect information about how visitors use our site, provided by Google Ireland Limited. Google Analytics uses cookies and similar technologies to analyze user behavior on our behalf. The data Google Analytics collects includes: pages visited and the order in which they are visited, time spent on each page, interactions with page elements, your general location (country/city, inferred from IP, though IP itself is not stored), technical details about your device (browser, OS, device type), and referral information (how you reached our site).
IP Anonymization: We have enabled Google’s IP anonymization feature. This means that your IP address is shortened (masked) as soon as possible, and the full IP is not recorded or stored by Google Analytics. For users in the EU, IP anonymization occurs before the data is sent to Google’s analytics servers. Google Analytics reports to us only aggregated information and statistics; we do not see your full IP or any personally identifying info.
How data is used: Google Analytics compiles the data into reports and dashboards that we can view. This helps us, for example, see the number of visitors in a given time period, which pages are most viewed, how users move through the site, and other usage patterns. We use these insights to improve content and site navigation. No profiling for advertising occurs via GA on our site (we do not use Google Analytics Advertising Features). We have also disabled any data sharing with other Google products.
Consent mode (cookieless tracking): We have implemented Google’s advanced Consent Mode. If you decline analytics cookies, Google Analytics will operate in a restricted, cookieless mode. In this mode, instead of using persistent cookies to recognize you, GA uses a single-session identifier (a random value that is not stored across sessions) to still count your visit anonymously. This allows us to get basic analytics (like total page views) without storing cookies on your device. No user profiles are built when in cookieless mode, and each visit is seen as separate. Legal basis for this minimal data processing is our legitimate interest (Art. 6(1)(f) GDPR) in measuring our website traffic in a privacy-friendly way. Google does not use the data for any other purpose when operating in this mode. If you later consent to analytics, the full cookie-based GA will be activated for subsequent visits.
Data transfer and safeguards: The information collected by Google Analytics may be processed on servers in the United States or other countries. Google Ireland acts as the data processor under EU law. We have accepted Google’s Data Processing Addendum which includes the EU Standard Contractual Clauses to protect any EU-originating personal data that is transferred to the US. Google also certifies under the EU-U.S. Data Privacy Framework, indicating it will handle European data in compliance with EU privacy principles. In practice, for EU visitors, Google Analytics data (with IP anonymization) is first processed on EU-based servers (to anonymize IP), and then forwarded to Google’s global servers.
Your choices: Google Analytics will not run at all unless you have consented via our cookie banner. If you have consented and later change your mind, you can withdraw consent via Cookiebot or use the following options:
Use Google’s official opt-out browser add-on which prevents Google Analytics from collecting data on any websites: https://tools.google.com/dlpage/gaoptout.
Adjust your Google account ads settings at https://myadcenter.google.com/personalizationoff (though note this is more for ad personalization, not basic analytics).
For more details on Google’s data practices in Analytics, see https://support.google.com/analytics/answer/9976101?hl=en (information on Google’s GDPR compliance) and Google’s Privacy Policy at https://policies.google.com/privacy.
Hotjar
We use Hotjar (Hotjar Ltd., Malta) to gain qualitative insights into user behavior on our site. Hotjar is an analytics and feedback tool that can record anonymized information such as where users click, how they scroll, and how they interact with page elements. It provides features like heatmaps (aggregated visual representation of clicks/taps and scroll depth) and could record sessions (replay of how a user navigated a page). This helps us identify usability issues and understand what content is most engaging.
We have configured Hotjar to not collect any text you enter in form fields and to filter out any personal details. Hotjar assigns a random user ID for each site visitor, which allows it to stitch together session recordings for a continuous experience, but this ID does not reveal your identity and is only used by Hotjar.
Cookies: Hotjar uses cookies to track whether you are a new or returning visitor and to store a unique Hotjar User ID in your browser. The cookies have varying lifetimes (some only for the session, others up to 365 days). These cookies are set only if you consent to the “Analytics/Experience” category on our site.
Legal basis: We run Hotjar only with your consent (Art. 6(1)(a) GDPR), as it is not strictly necessary. If you opt in, the data collected (website usage data, device info like screen size, etc.) is sent to Hotjar’s servers in the EU. Hotjar, as our processor, is bound by a DPA and Standard Contractual Clauses for any transfers out of the EEA.
Opt-out: You can opt out of Hotjar tracking at any time even after consenting by either withdrawing consent on our site or using Hotjar’s own Do-Not-Track mechanism. To opt out via Hotjar, you can go to https://www.hotjar.com/legal/compliance/opt-out and click “Disable Hotjar”. This will place an opt-out cookie in your browser. Note that this is effective as long as the opt-out cookie is present.
See Hotjar’s Privacy Policy for more information: https://www.hotjar.com/legal/policies/privacy, and specifically their information on cookie usage: https://www.hotjar.com/legal/policies/cookie-information/.
Leadinfo
Leadinfo analyses general website usage data to identify trends and patterns in visitor behaviour. It provides aggregated information about companies, assists in classifying potential prospects, enables notification systems, and allows integration with CRM systems.
How it works: Leadinfo identifies visits from companies on our website using IP addresses and provides us with publicly available information such as company names or addresses. Additionally, Leadinfo deploys two first-party cookies to evaluate user behaviour on our website and processes domains from form submissions (e.g., "leadinfo.com") to correlate IP addresses with companies and enhance the services; Service provider: Leadinfo B.V., Rivium Quadrant 141, 2909 LC Capelle aan den IJssel, Netherlands.
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Website: https://www.leadinfo.com; Privacy Policy: https://www.leadinfo.com/en/legal/privacy/; Data Processing Agreement: https://portal.leadinfo.com/settings/legal.
Opt-Out: https://www.leadinfo.com/en/legal/opt-out/.
4. Embedded Video Content (YouTube, Vimeo)
Our website may include embedded videos to provide you with informative or engaging content (for example, product demos or company introduction videos). We host these videos on third-party platforms (specifically YouTube and Vimeo) and embed them on our pages. As a result, when you visit a page with an embedded video, some data may be shared with the video platform provider.
We have implemented these embeds in a privacy-conscious manner:
No video will load or play without user interaction or consent. We use either YouTube’s “privacy-enhanced mode” or our cookie consent tool to ensure that no tracking cookies from the video providers are set unless you press play.
The video frames might be initially blocked by our Cookiebot until you consent to the “Media” or “Marketing” cookies category (for Vimeo/YouTube), or in YouTube’s case, we use the youtube-nocookie.com domain which limits tracking.
Data that may be transmitted: If you do choose to play an embedded video:
The video provider (YouTube or Vimeo) will receive your device’s IP address and the fact that you are visiting our site (the specific page with the video). This is technically necessary for them to stream the video to you.
They may set cookies or use similar tracking (unless using a no-cookie mode) to remember your preferences (like volume) and to gather viewing statistics. YouTube, in particular, might track your watch history and associate it with your Google profile if you are logged in, and also connect to its advertising network (Google DoubleClick) when videos play.
Vimeo might similarly collect usage data (e.g. which parts of the video you watched) and device info.
YouTube (Google) – When you play a YouTube video embedded on our site, YouTube (operated by Google Ireland Limited) will process your actions. We embed YouTube videos using YouTube’s Privacy-Enhanced Mode, which uses the domain youtube-nocookie.com. In this mode, YouTube does not place tracking cookies until you actively click the play button. Once you click play, it constitutes giving consent for YouTube content, and YouTube may then set cookies or similar trackers on your device to collect usage data for its own purposes (such as analytics and personalization). These cookies might track how you interact with the video and may link to your Google account if you’re signed in on the browser. We do not have control over these cookies; they are governed by Google’s privacy policy.
Legal basis: We treat the loading of YouTube content as consent-based. By clicking play, you consent to the data processing by YouTube as described (GDPR Art. 6(1)(a)). If you do not want any data transfer to YouTube, simply do not press play on the video.
Data controller: Once you play a video, YouTube/Google becomes an independent controller of the data collected via the embed. We and Google have not established a joint controllership in this context; Google processes the data under its own terms.
Data transfers: Playing a YouTube video may connect you to Google’s servers in the USA. Google is certified under the EU Data Privacy Framework and uses Standard Contractual Clauses for EU data transfers.
Further info: See Google’s Privacy Policy at https://policies.google.com/privacy and specifically YouTube’s privacy information (including how to turn on YouTube’s privacy-enhanced mode). You can also adjust your Google account privacy settings to limit data linking.
Vimeo – We also embed videos from Vimeo (Vimeo Inc., USA). When you play a Vimeo video on our site, Vimeo will receive your IP address and may set cookies or similar technologies. Vimeo’s player might store preferences and collect analytics about video views. If you are logged into a Vimeo account, it could associate your viewing with that account.
We ensure via our consent banner that Vimeo videos are only loaded if you have allowed “Media” cookies (or equivalent category). If you have not consented, the Vimeo iframe may be blocked or inactive.
Legal basis: We rely on legitimate interests (Art. 6(1)(f) GDPR) for simply embedding the Vimeo player, but any non-essential tracking by Vimeo is subject to your consent. In practice, by consenting to and playing a Vimeo video, you agree to Vimeo’s processing.
Data transfers: Vimeo, Inc. is based in the United States. Any personal data (like your IP and cookie identifiers) sent to the US is protected under Vimeo’s adherence to Standard Contractual Clauses. Vimeo offers a Data Processing Agreement for its enterprise services.
Further info: Vimeo’s Privacy Policy is here: https://vimeo.com/privacy. Vimeo’s DPA and SCC can be found at https://vimeo.com/enterpriseterms/dpa.
Note: If you do not interact with embedded videos, no data is transmitted to YouTube or Vimeo. Simply visiting a page with an embed placeholder will not automatically send any personal data to those providers thanks to our privacy settings.
5. Profiles in Social Networks (Social Media)
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users' rights.
In addition, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the associated interests of users. The user profiles can then be used, for example, to place advertisements within and outside the networks which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective networks or will become members later on).
For a detailed description of the respective processing operations and the opt-out options, please refer to the respective data protection declarations and information provided by the providers of the respective networks.
Also in the case of requests for information and the exercise of rights of data subjects, we point out that these can be most effectively pursued with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.
Processed data types: Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.). Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Communication; Feedback (e.g. collecting feedback via online form). Public relations.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitor data, which is used to create "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as the actions they take. It also includes details about the devices used, such as IP addresses, operating systems, browser types, language settings, and cookie data, as well as profile details of users, such as job function, country, industry, seniority, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum," https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must comply with and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, direct requests for information or deletion directly to LinkedIn). The rights of users (particularly the right to information, deletion, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by our agreements with LinkedIn. The joint responsibility is limited to the collection of data and its transmission to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, particularly concerning the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Vimeo: Social network and video platform; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://vimeo.com. Privacy Policy: https://vimeo.com/privacy.
6. Your Rights Under GDPR
As an individual whose personal data is processed on our website, you have certain data protection rights under the GDPR. You can exercise these rights at any time by contacting us (see the beginning of this Policy for contact details). These rights include:
Right of Access (Art. 15 GDPR): You have the right to obtain confirmation of whether we are processing your personal data, and if so, to request a copy of the data and additional information about how it’s processed.
Right to Rectification (Art. 16 GDPR): If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected or updated without undue delay.
Right to Erasure (Art. 17 GDPR): You can request that we delete your personal data. We will do so unless an exemption applies (for example, we may need to retain certain data to comply with a legal obligation or if the data is necessary to establish or defend legal claims).
Right to Restrict Processing (Art. 18 GDPR): You have the right to ask us to suspend the processing of your personal data in certain circumstances – for instance, if you contest the data’s accuracy or have objected to our processing and we are evaluating your request.
Right to Data Portability (Art. 20 GDPR): Where processing is based on your consent or a contract and done by automated means, you can request to receive the personal data you provided us in a structured, commonly used, machine-readable format, and have the right to transmit that data to another controller (or have us transfer it for you, where technically feasible).
Right to Object (Art. 21 GDPR): When we process data based on legitimate interests, you have the right to object to that processing on grounds relating to your particular situation. If you object, we will stop such processing unless we have compelling legitimate grounds that override your interests or rights (or the processing is for legal claims). You also have an unconditional right to object at any time if your data is processed for direct marketing purposes (though we do not engage in direct marketing via this website).
Right to Withdraw Consent (Art. 7(3) GDPR): If we are processing your data based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of any processing done before you withdrew consent, and it won’t affect processing under other legal bases. For example, you can withdraw your consent for analytics cookies by adjusting your cookie settings on our site.
Right to Lodge a Complaint: If you believe our processing of your personal data violates data protection laws, you have the right to file a complaint with a supervisory authority – in particular, an authority in the EU country where you live or work, or where the alleged breach took place. In Norway, the relevant authority is the Norwegian Data Protection Authority (Datatilsynet). Contact info: Tollbugata 3, 0152 Oslo, Norway, email: postkasse@datatilsynet.no.
We kindly ask that you contact us first with any concerns so we can address them. We will respond to your requests within one month of receipt (or inform you if an extension is needed for complex requests). Exercising your rights is free of charge.
7. Data Security
We take appropriate technical and organizational measures to secure your personal data against unauthorized access, alteration, disclosure, or destruction. This includes using encryption (for example, our website is served over HTTPS, which encrypts data in transit), access controls to our data systems, regular security evaluations, and ensuring our processors also implement strict data security (as per Art. 32 GDPR). Despite all measures, no system can be 100% secure; however, we continually update our security practices to align with industry standards and address new threats.
If you have reason to believe that your interaction with our site is no longer secure (for example, if you suspect a vulnerability), please immediately notify us.
8. Changes and Updates to this Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update it, we will revise the "Last updated" date at the top. Material changes (especially any that would expand the ways we use your data beyond what we have told you here) will either be communicated to you via a notice on our site or via other channels so you have the opportunity to review the changes. If required by law, we will obtain your consent for significant new uses of personal data.
We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of our website after any changes signifies your acceptance of the updated terms.
If we provide contact information or links in this Policy (for example, for third-party services), note that those may change over time, and you should verify any external addresses or links for accuracy.
9. Summary
Each of these services will process personal data as described in this Policy. We have endeavored to choose providers with strong privacy and security practices. If you want more information about any specific service (such as the exact cookies used or the data they collect), please contact us.
By using our website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of it, please adjust your cookie preferences or refrain from using the site. We value your privacy and welcome any questions or feedback regarding our data practices.