Privacy Policy

Effective date: 12 September 2025
Controller: Prosit AS (“we”, “us”, “our”)
Registered address: Christopher Bruuns veg 8, 2615 Lillhammer, Norway
Organisation number: 917856842
Website: https://prosit.no
Privacy contact: [email protected]

Your privacy matters to us. This Privacy Policy explains how Prosit AS collects, uses, shares, and safeguards personal data when you visit our website or interact with us online. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Norwegian Personal Data Act.

1. Who We Are

Prosit AS is established in Norway and operates within the European Economic Area (EEA). For the purposes of the GDPR, we are the data controller for personal data collected via our website and related online touchpoints.

2. What Personal Data We Collect

We may collect and process the following categories of personal data when you use our site or contact us:

  • Contact data (e.g., name, email address, phone number).

  • Technical & usage data (e.g., IP address, device type, operating system, browser type, pages viewed, time spent, referral source).

  • Communication data (messages submitted via forms, support inquiries, emails).

  • We do not use cookies

We collect data directly from you (e.g., forms).

3. How We Use Your Data

We process personal data for the following purposes:

Purpose

Legal basis (GDPR)

Data categories

Typical retention

Operating and securing the website
Legitimate interests (Art. 6(1)(f)) – ensuring availability, security, and performance
Contact, Technical/Usage, Communication
As long as necessary for the stated purpose; see Section 6
Responding to inquiries and providing support
Performance of a contract or pre-contractual steps (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f))
Contact, Technical/Usage, Communication
As long as necessary for the stated purpose; see Section 6
Improving our website and services (analytics, troubleshooting)
Legitimate interests (Art. 6(1)(f))
Contact, Technical/Usage, Communication
As long as necessary for the stated purpose; see Section 6
Marketing communications (e.g., newsletters)
Consent (Art. 6(1)(a)); or legitimate interests where permitted (Art. 6(1)(f))
Contact, Technical/Usage, Communication
As long as necessary for the stated purpose; see Section 6
Complying with legal obligations
Legal obligation (Art. 6(1)(c))
Contact, Technical/Usage, Communication
As long as necessary for the stated purpose; see Section 6

4. Our Legal Bases for Processing

Depending on the context, we rely on one or more of the following legal bases under Article 6 GDPR:

  • Consent (Art. 6(1)(a)) – marketing where required.

  • Contract (Art. 6(1)(b)) – to take steps at your request or perform a contract with you.

  • Legal obligation (Art. 6(1)(c)) – to comply with applicable laws and regulations.

  • Legitimate interests (Art. 6(1)(f)) – to operate, secure, and improve our services, balanced against your rights and freedoms.

5. Data Sharing and International Transfers

We do not sell or rent personal data. We may share personal data with:

  • Service providers/processors (e.g., hosting, analytics, customer support) under GDPR-compliant data processing agreements.

  • Professional advisors (legal, accounting) under confidentiality obligations.

  • Public authorities where required by law or to protect rights.

If data is transferred outside the EU/EEA, we implement appropriate safeguards such as Standard Contractual Clauses (Art. 46 GDPR) and, where necessary, supplementary measures.

6. Data Retention

We keep personal data only as long as necessary for the purposes described or as required by law. Typical retention periods include:

  • Contact form inquiries and support emails – up to 24 months after resolution

  • Web server and security logs – up to 12 months, unless needed to investigate incidents

  • Analytics data – per your consent settings and provider defaults

  • Marketing subscriptions and consent records – not collected

  • Contractual and invoicing records – as required by accounting/tax laws (typically 5–10 years)

When data is no longer needed, we delete or irreversibly anonymise it.

7. Your Rights

Subject to conditions and exceptions under the GDPR, you have the right to request:

  • Access to your personal data (Art. 15)

  • Rectification of inaccurate data (Art. 16)

  • Erasure (‘right to be forgotten’) (Art. 17)

  • Restriction of processing (Art. 18)

  • Data portability (Art. 20)

  • Objection to processing based on legitimate interests (Art. 21)

  • Withdrawal of consent at any time where processing is based on consent (Art. 7(3))

To exercise your rights, contact us at [email protected]. We may need to verify your identity. We aim to respond within one month (extendable by two months for complex requests).

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

8. Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit and at rest (where applicable)

  • Access controls, role-based permissions, and multi‑factor authentication for administrative accounts

  • Principle of least privilege and regular access reviews

  • Network and application monitoring, logging, and backup procedures

  • Vulnerability management and regular patching

  • GDPR‑compliant processor contracts and confidentiality obligations

  • Staff awareness and training on data protection and security

9. Children’s Data

Our website is not intended for children, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted here with a new effective date. We encourage you to review this page periodically.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Prosit AS – Privacy Team
Email: [email protected]
Postal address: Christopher Bruuns veg 8, 2615 Lillhammer, Norway

Prosit AS

Christopher Bruuns v 8

2615 Lillehammer, Norway

Org nr 917 856 842

Prosit Poland

ul. Pojdy 14d

44-213 Rybnik, Poland

NIP PL6423189108

©2026 Prosit AS. All rights reserved.

Prosit AS

Christopher Bruuns v 8

2615 Lillehammer, Norway

Org nr 917 856 842

Prosit Poland

ul. Pojdy 14d

44-213 Rybnik, Poland

NIP PL6423189108

©2026 Prosit AS. All rights reserved.

Prosit AS

Christopher Bruuns v 8

2615 Lillehammer, Norway

Org nr 917 856 842

Prosit Poland

ul. Pojdy 14d

44-213 Rybnik, Poland

NIP PL6423189108

©2026 Prosit AS. All rights reserved.