Privacy Policy Guidelines
1. Privacy Policy and Data Controller
The privacy policy explains how Synlighet AS collects and uses personal data.
It was published on March 23, 2021, and applies to Synlighet's Norwegian operations.
The headquarters is located at Møllendalsveien 1, 5009 Bergen. The Data Protection Officer can be reached at privacy@synlighet.no.
Synlighet AS is the data controller for the personal data collected about you.
2. What Are Personal Data
Personal data includes anything that identifies or can be linked to you as an individual. This may include contact information (name, phone number), identification numbers (IP address, customer ID, cookie ID), and details about actions or behaviors (purchased products, visited pages, received emails).
3. Why We Collect Personal Data and Its Purpose
3.1 Statistics for Website and Marketing Communication Improvement
We collect and analyze data about how you and other users use the website. The purpose is to understand how the site is used, so we can improve our content and products/services based on these insights.
Data collected: Behavioral data (pages you visit, what you click on, etc.), device data (computer/mobile type, OS, browser, etc.), network and location data (derived from IP address). All data is linked to an anonymous ID stored in a cookie in your browser. (read more about cookies)
Legal basis: Legitimate interest. We find great value in collecting and analyzing this data, and believe it does not pose significant privacy risks as long as the information is not linked to other sources or contact details.
How we process personal data: We use Google Analytics to collect this data from your browser. The data is stored on Google's servers but owned by us. It is not linked to other tools or sources unless you have consented (see other purposes). To minimize privacy impact, the IP address is stored in anonymized form (read about IP anonymization), and the cookie's expiration is set to a maximum of 7 days. Once the cookie expires, the data is no longer linked to you. Additionally, all individual data is automatically deleted by Google Analytics after 14 months.
3.2 Conversion Tracking for Advertising
We measure the results of our marketing by reporting how many inquiries and sales come from a marketing campaign. The purpose is to optimize and streamline our marketing efforts.
Data collected: Whether you performed a specific action on our site and from which source you accessed the site. This is also linked to all other data collected for statistics (see above).
Legal basis: Legitimate interest. This data processing helps us use resources most effectively, saving time and money on efforts that don’t generate results. If data collection is not possible without linking to third-party information, we rely on your active consent.
How we process personal data: The data processing follows the same principles as for general statistical purposes. Based on legitimate interest, we collect and process data in Google Analytics, and send data to Google Ads using Consent Mode (data is sent without cookie information). If you have consented to “marketing,” we send data to Google Ads in the usual way, as well as to Facebook, Bing, and other ad providers (more on advertising below).
3.3 Targeting Ads
We collect data about your behavior on our website and share it with various advertising providers (data processors) in order to achieve more precise ad targeting.
Which data: Data on behavior (which pages you visit, what you click on, etc.), device data (type of computer/phone, operating system, browser, etc.), and network and location data (derived from IP address). All data is linked to an anonymous ID number stored in a cookie in your browser. This ID number serves as a common identifier for you across all websites you visit that exchange data with the same advertising providers.
Legal basis: Consent, which you give by accepting "marketing" as a purpose (or "all") when you visit our website. You can change your consent on our cookie page.
Data is collected from your browser when you visit our website and sent for storage and processing by the advertising provider. We use various providers, including Google Ads, Google Marketing Platform, Facebook, Microsoft Bing, and LinkedIn. You are then placed in different "target groups" with these providers, which allows us to buy ads that you will see when visiting other websites in their networks. As a result, you may frequently see Synlighet ads across various sites after visiting our pages. The data about you is also part of your general profile with the provider, used to describe your interests and estimate other characteristics about you (profiling). If you have provided contact details or other personal information to the provider (e.g., Facebook), the data is also linked to this. This enables other advertisers using the same ad network to buy ads with more precise targeting. The consequence for you is that the ads you see become more tailored to your situation. To prevent your behavior data from being used in this way, you can opt out of consenting to the use of cookies for "marketing." To generally avoid ad providers from collecting such data and creating a profile of you, you can either delete/reject all cookies in your browser or adjust your settings with the provider. Here are links to how you can do this with Google, Facebook, and LinkedIn.
3.4 Direct Marketing and Networking
Synlighet is a knowledge and service provider that markets its offerings through knowledge sharing to those who wish to be part of our network. We provide knowledge through webinars, eBooks, and articles, which are made available via email communication. Access to this material is granted to anyone who consents to receiving our newsletters.
Which data: Synlighet collects information such as name, email address, company name, and a history of interactions via email communication (including opens and clicks) and visits to the website.
Legal basis: Active consent.
How we process personal data: When you fill out a form on synlighet.no, your information is stored in HubSpot, the tool we use for sending email communication and recording interactions with our network. When you open emails and click on links, information about these actions is also stored. Additionally, HubSpot stores cookies in your browser to identify you and link information about your activities on our website to your profile.
You can withdraw your consent to receive emails at any time by clicking on 'change settings' at the bottom of an email you received from Synlighet. Consent for tracking via cookies on our website is given through the cookie information displayed upon your first visit, and it can be changed on our cookie page.
3.5 Job Applications
In connection with recruitment processes, we collect and store information about applicants.
Which data: Contact information of applicants such as name, email address, and phone number, as well as documents that the applicant shares with Synlighet, such as CV, references, and cover letter.
Legal basis: Legitimate interest
How we process personal data: Data about job applicants is collected via Finn.no’s job portal or directly via email to Synlighet. Synlighet posts job openings on Finn.no’s portal, where personal data is made available by the applicant as long as the application process is ongoing. For open applications, we encourage applicants to send their applications to the CEO or agency manager via email. Documents received from job applicants are stored for a maximum of 2 years, based on the reasoning that Synlighet regularly recruits new employees, and previous applicants may be considered for new opportunities.
3.6 Follow-up of inquiries and sales processes
When you contact us via the contact form, chat on the website, email, or phone, we store your personal information for follow-up and sales processes.
Which data: Name, phone number, email address, company, and interactions you have had with us, including visits to our website.
Legal basis: Legitimate interest, as well as consent (for the use of cookies for marketing, to record your visits to our website)
How we process personal data: Personal data and interactions are stored in HubSpot. This happens automatically if you fill out a form on our website, and we manually register you if you contact us through other channels. All Synlighet employees who have customer contact have access to this information. If you do not become a regular customer or partner, and are not subscribed to the newsletter, we will delete your information within two years after our last contact with you.
3.7 Follow-up with customers and partners
To provide good follow-up and fulfill contractual terms, we collect and store personal data about our customers and partners.
Which data: Contact information such as email address, phone number, name, and interactions you have had with us, including visits to our website.
Legal basis: Legitimate interest, as well as consent (for the use of cookies for marketing, to record your visits to our website).
Personal data and interaction data on synlighet.no are stored in HubSpot. All Synlighet employees who have customer contact have access to this information
3.8 Course Registration
In connection with course registration, we collect personal data, which is also used for follow-up after the course, including sending course certificates.
Which data: Contact information, billing details, course details for the registered course.
Legal basis: Necessary to fulfill the agreement.
How we process personal data: Personal data is processed in Synlighet’s course system, Screenbooking, and is stored to send course certificates to participants. A record of past participants is maintained for statistics and to resend documentation and course certificates to those who have lost them.
3.9 Evaluation and follow-up after courses and webinars
To improve our services and follow up with participants after courses and webinars, we collect personal data provided by participants through post-event surveys and chat logs during the course or webinar.
Which data: Synlighet uses Zoom for conducting video-based courses and webinars, where participants can chat with the presenter. The chat logs are stored for follow-up on inquiries made via chat.
For course evaluations, Synlighet may send a survey to participants through SurveyMonkey. Responses are anonymous.
Legal basis: Legitimate interest.
How we process personal data: Personal data from chat logs during webinars and courses is stored for up to one year.
3.10 Transfer of Personal Data to Recipients Outside the EEA
It is our goal that all processing of personal data takes place within the EEA, but it may be that we use suppliers or process personal data outside the EEA. In such cases, transfers and processing outside the EEA will occur in countries approved by the EU Commission or in accordance with valid legal grounds for the transfer of personal data under GDPR Chapter V. If the transfer is not to a country approved by the EU Commission, the transfer will only occur under the safeguards set out in GDPR Article 46(2). You can inquire about the basis used for the transfer by contacting us. Both the suppliers we use for advertising and analysis (such as Google, Facebook, etc.) as well as our customer system HubSpot are based in the USA, and data will often be transferred there. We are aware of the challenges and requirements arising from the “Schrems II” ruling and are working to find good solutions to this.
4. Your rights
Below are your rights as a data subject. To exercise your rights, you must [fill in how the data subject should proceed, e.g., contact us, see contact information above].
We will respond to your request as soon as possible, and at the latest within 30 days. If it takes longer than 30 days, you will be notified.
If necessary, we may ask you to confirm your identity or provide additional information before we allow you to exercise your rights with us. We do this to ensure that we only give access to your personal data to you and not someone impersonating you. Regarding information collected through cookies, confirming your identity will be very difficult. Therefore, we cannot provide you access to this information except on a general basis, nor make changes or deletions. If you delete cookies in your browser, the data we have stored will no longer be linked to you.
4.2 Information
You have the right to obtain information about the personal data we process about you. Through this statement, we inform you about our processing of personal data. You can also contact us if you would like more information.
4.3 Access
You have the right to request access to the personal data we process about you.
4.4 Modification and Deletion
You can also ask us to correct any incorrect information we have about you or request the deletion of personal data. We will accommodate a request for deletion as far as possible, but we cannot do so if we still need the information.
4.5 Processing Based on Consent
If we process personal data based on your consent, you can withdraw your consent at any time. The easiest way to do this is by using the method you were informed about when you gave your consent or by contacting us.
4.6 Right to Restrict or Object to Processing
You have the right to have the processing restricted in certain cases, such as when:
a) You dispute the accuracy of the personal data, for a period that allows us to verify the accuracy of the personal data.
b) The processing is unlawful, and you oppose the deletion of the personal data and instead request that the use of the personal data be restricted.
c) We no longer need the personal data for the purposes of processing, but you need it to establish, exercise, or defend legal claims.
d) You have objected to processing under Article 21(1) of the GDPR, pending verification of whether our legitimate interests override your privacy.
4.7 The Right to Data Portability
For information that you have provided to us and is necessary for the execution of an agreement with us, and that is processed automatically (i.e., not manually by us), you can request that the personal data about you be delivered or transferred to another provider in a structured, commonly used, and machine-readable format (data portability)
4.8 Automated decisions, including profiling
Automated decisions as referred to in GDPR Article 22(1) and (4) will not be made based on your personal data, except for what is done in the context of ad targeting, as described above.
5. General information on the retention and storage (deletion) of personal data
We store personal data as long as necessary for the purpose for which the data was collected, and delete the data in accordance with legal requirements. The duration of the processing of each type of data is covered above, where each processing activity is discussed.
Instead of deleting personal data, in some cases, anonymization may be applicable. Anonymization means removing all identifying or potentially identifying features from datasets being stored.
For example, personal data processed based on your consent will be deleted if you withdraw your consent. Personal data processed to fulfill a contract with you will be deleted once the contract is fulfilled and all obligations, such as legal accounting duties or follow-ups related to complaints, are met.
6. Security of the processing
We prioritize the security of personal data in our operations and will implement all required technical and organizational measures to safeguard your personal data. All processing will be encrypted where possible and only accessible to those who need it for their tasks.
We manage information to ensure it is accurate, accessible, and handled according to the sensitivity of the data. We use various security technologies and information security procedures to protect your data from unauthorized access, use, or disclosure. Where necessary, risk assessments are conducted.
We have data processing agreements with all our suppliers who handle personal data, where they commit to the same level of security we have in our processing of personal data.
We limit access to your personal data to personnel or third parties who need it for processing on our behalf. These parties are subject to strict confidentiality requirements, and we can enforce sanctions or terminate agreements if these requirements are not met.
We have established procedures for handling security breaches and privacy breaches, and if there is a breach that poses a risk to the privacy of the affected individuals, we will notify the Data Protection Authority as soon as possible and no later than 72 hours after the breach is discovered. If the breach is likely to impact the privacy of the affected individuals, we will also notify them.
7. Complaints
We use the Data Protection Authority in Norway as the lead supervisory authority for cross-border processing under GDPR Article 56.
If you believe that our processing of personal data does not comply with what we have described here or that we are violating privacy laws in any other way, you can file a complaint with the Data Protection Authority. However, we ask you to contact us first, so we can correct any errors in processing as quickly as possible.
You can find information about your rights and how to contact the Data Protection Authority on their website: www.datatilsynet.no.
8. Changes
If there are any changes to our services or changes in the regulations regarding the processing of personal data, this may result in changes to the information you have been given here. If we have your contact details, we will notify you of these changes. Otherwise, updated information will always be easily accessible on our website.