Privacy Policy

The data controller for personal data is:

Kredittdata AS Organisation number: 937 551 762 Lørenveien 64A, 0585 Oslo, Norway Email: hei@kredittdata.no

If you have questions about the processing of your personal data, please contact us at the email address above.

We collect the following categories of personal data:

• –Contact information: Name, email address, phone number and organisation number – registered when ordering services or via the contact form on the website.
• –Transaction information: Details about ordered services and products.
• –Usage data: Technical information about use of the website (IP address, browser configuration, visit time) collected through cookies and log data.
• –Communication: Correspondence sent to us via email or contact form.

We process personal data for the following purposes:

• –Delivery of services (legal basis: contract, GDPR art. 6(1)(b))
• –Invoicing and accounting (legal basis: legal obligation, GDPR art. 6(1)(c))
• –Customer service and technical support (legal basis: legitimate interests, GDPR art. 6(1)(f))
• –Marketing to existing customers (legal basis: legitimate interests, GDPR art. 6(1)(f), with right to opt out)
• –Analysis and improvement of the website (legal basis: consent or legitimate interests)

We do not share personal data with third parties for commercial purposes. Data may be shared with:

• –Data processors providing technical services on our behalf (e.g. cloud and hosting services, email systems), with a data processing agreement in accordance with GDPR art. 28.
• –Public authorities where required by law.

All data processors are bound by confidentiality and process data only in accordance with our instructions.

When you order a credit report about your own company, we retrieve company information from Norwegian registers and recognised credit data sources. This may include:

• –Basic company data (name, address, organisation number, industry)
• –Financial figures from the Register of Company Accounts
• –Information about board members and CEO from the Brønnøysund Register Centre
• –Any payment remarks and publicly available credit status

The legal basis for this processing is contract (GDPR art. 6(1)(b)) – you have ordered the report yourself. The data is used solely to produce and deliver the ordered report and is not used for marketing or shared with unrelated third parties.

If you have questions about which sources are used, please contact us at hei@kredittdata.no.

We strive to process personal data within the EEA. If transfer to countries outside the EEA occurs, we ensure the transfer takes place in accordance with GDPR through the use of the EU Commission's standard contractual clauses or other approved mechanisms.

We store personal data for as long as necessary to fulfil the purpose for which it was collected:

• –Customer data: Up to 5 years after the last active customer relationship, unless legal requirements demand a longer retention period.
• –Accounting data: 5 years pursuant to the Bookkeeping Act.
• –Contact form enquiries: Up to 2 years after last contact.
• –Cookies and log data: Up to 13 months.

You have the following rights under GDPR:

• –Access: You can request access to the data we hold about you.
• –Rectification: You can request correction of inaccurate data.
• –Erasure: Under certain circumstances you can request that data be deleted.
• –Restriction: You can request that processing be restricted in certain situations.
• –Data portability: You can request to receive your data in a structured format.
• –Objection: You can object to processing based on legitimate interests.
• –Withdraw consent: If processing is based on consent, you can withdraw this without affecting the lawfulness of processing before withdrawal.

To exercise your rights, contact us at hei@kredittdata.no. We will respond to your enquiry within 30 days.

The website uses cookies to ensure functionality and analyse traffic. The following are used:

• –Necessary cookies: Required for the website to function correctly. These cannot be turned off.
• –Analytical cookies: Used to understand how visitors use the website. These are only activated with consent.

You can manage your cookie settings in your browser settings.

We use technical and organisational security measures to protect personal data against unauthorised access, loss or alteration. This includes encryption of data in transit and at rest, as well as access control.

If you believe we are processing your personal data in violation of privacy regulations, you have the right to complain to the Norwegian Data Protection Authority:

Datatilsynet Postboks 458 Sentrum, 0105 Oslo post@datatilsynet.no www.datatilsynet.no

We reserve the right to update this statement. Significant changes will be announced on the website. The date at the top of the document indicates when the statement was last updated.