Privacy Policy
Effective date: 12 September 2025
Controller: Prosit AS (“we”, “us”, “our”)
Registered address: Christopher Bruuns veg 8, 2615 Lillhammer, Norway
Organisation number: 917856842
Website: https://prosit.no
Privacy contact: [email protected]
Your privacy matters to us. This Privacy Policy explains how Prosit AS collects, uses, shares, and safeguards personal data when you visit our website or interact with us online. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Norwegian Personal Data Act.
1. Who We Are
Prosit AS is established in Norway and operates within the European Economic Area (EEA). For the purposes of the GDPR, we are the data controller for personal data collected via our website and related online touchpoints.
2. What Personal Data We Collect
We may collect and process the following categories of personal data when you use our site or contact us:
Contact data (e.g., name, email address, phone number).
Technical & usage data (e.g., IP address, device type, operating system, browser type, pages viewed, time spent, referral source).
Communication data (messages submitted via forms, support inquiries, emails).
We do not use cookies
We collect data directly from you (e.g., forms).
3. How We Use Your Data
We process personal data for the following purposes:
Purpose
Legal basis (GDPR)
Data categories
Typical retention
Operating and securing the website
Legitimate interests (Art. 6(1)(f)) – ensuring availability, security, and performance
Contact, Technical/Usage, Communication
As long as necessary for the stated purpose; see Section 6
Responding to inquiries and providing support
Performance of a contract or pre-contractual steps (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f))
Contact, Technical/Usage, Communication
As long as necessary for the stated purpose; see Section 6
Improving our website and services (analytics, troubleshooting)
Legitimate interests (Art. 6(1)(f))
Contact, Technical/Usage, Communication
As long as necessary for the stated purpose; see Section 6
Marketing communications (e.g., newsletters)
Consent (Art. 6(1)(a)); or legitimate interests where permitted (Art. 6(1)(f))
Contact, Technical/Usage, Communication
As long as necessary for the stated purpose; see Section 6
Complying with legal obligations
Legal obligation (Art. 6(1)(c))
Contact, Technical/Usage, Communication
As long as necessary for the stated purpose; see Section 6
4. Our Legal Bases for Processing
Depending on the context, we rely on one or more of the following legal bases under Article 6 GDPR:
Consent (Art. 6(1)(a)) – marketing where required.
Contract (Art. 6(1)(b)) – to take steps at your request or perform a contract with you.
Legal obligation (Art. 6(1)(c)) – to comply with applicable laws and regulations.
Legitimate interests (Art. 6(1)(f)) – to operate, secure, and improve our services, balanced against your rights and freedoms.
5. Data Sharing and International Transfers
We do not sell or rent personal data. We may share personal data with:
Service providers/processors (e.g., hosting, analytics, customer support) under GDPR-compliant data processing agreements.
Professional advisors (legal, accounting) under confidentiality obligations.
Public authorities where required by law or to protect rights.
If data is transferred outside the EU/EEA, we implement appropriate safeguards such as Standard Contractual Clauses (Art. 46 GDPR) and, where necessary, supplementary measures.
6. Data Retention
We keep personal data only as long as necessary for the purposes described or as required by law. Typical retention periods include:
Contact form inquiries and support emails – up to 24 months after resolution
Web server and security logs – up to 12 months, unless needed to investigate incidents
Analytics data – per your consent settings and provider defaults
Marketing subscriptions and consent records – not collected
Contractual and invoicing records – as required by accounting/tax laws (typically 5–10 years)
When data is no longer needed, we delete or irreversibly anonymise it.
7. Your Rights
Subject to conditions and exceptions under the GDPR, you have the right to request:
Access to your personal data (Art. 15)
Rectification of inaccurate data (Art. 16)
Erasure (‘right to be forgotten’) (Art. 17)
Restriction of processing (Art. 18)
Data portability (Art. 20)
Objection to processing based on legitimate interests (Art. 21)
Withdrawal of consent at any time where processing is based on consent (Art. 7(3))
To exercise your rights, contact us at [email protected]. We may need to verify your identity. We aim to respond within one month (extendable by two months for complex requests).
You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).
8. Security Measures
We implement appropriate technical and organisational measures to protect personal data, including:
Encryption in transit and at rest (where applicable)
Access controls, role-based permissions, and multi‑factor authentication for administrative accounts
Principle of least privilege and regular access reviews
Network and application monitoring, logging, and backup procedures
Vulnerability management and regular patching
GDPR‑compliant processor contracts and confidentiality obligations
Staff awareness and training on data protection and security
9. Children’s Data
Our website is not intended for children, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted here with a new effective date. We encourage you to review this page periodically.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact:
Prosit AS – Privacy Team
Email: [email protected]
Postal address: Christopher Bruuns veg 8, 2615 Lillhammer, Norway