Lørn values your privacy and processes your personal data in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act.
2. WHEN, WHY, AND WHAT TYPE OF DATA DO WE COLLECT?
This Privacy Notice covers information we collect from you through our website and online events. We process your personal data to be able to carry out our services and in order to administer and manage your relationship with us. In this connection, we may process the following personal data:
Contact information (such as name, username, and e-mail address);
Background, including education, job position, and employer; and
Any other information you provide through communication with us or concerning providing the Services.
2.2 Types of Service
The services related to personal data handling include:
– Account registration. If you register an account with us, you may be required to provide us with certain personal data such as your name, last name, and email address. You may also voluntarily provide us with further personal data and contact information.
– Surveys: When you provide us with information in response to a survey operated by us, we may receive your personal data (name and email address) according to the nature of the given survey (identified or anonymous)
– Payment: Lørn provides the possibility to have premium accounts using a credit card or other methods through a third-party payment processing service provider. Please note that our service provider – not Lørn – collects and processes your financial information.
– Online events and webinars: Lørn AS may offer public online events/webinars (live or recorded) on Social Media and/or on our website, where you can share comments and thoughts. For some of the events, you may be required to register with us and/or provide us with personal data such as your name, email address, and social media profile. Please keep in mind that information you post or make available on our profiles on Social Media or participating in our online events will be publicly available. Based on that, you should not include personal or sensitive data about yourself or another person and/or company.
– Participation in online activities related to courses: Lørn may collect certain user-generated course data such as answers to quizzes and written reflections. Based on that, you should not include personal or sensitive data about yourself or another person and/or company.
– Newsletter: If you sign up to receive our Newsletters, you may be required to provide us with certain personal data such as your name, last name, and email address. By submitting your request to receive the newsletter, you may consent to allow us to store and process your personal information and also agree to receive other communications from us.
We collect and process this personal data to be able to perform our services (ref. GDPR art. 6(1) letter b), to uphold our legitimate interest in administering and managing our relationship with you, and to uphold our legitimate interest in processing any legal claims (GDPR art. 6(1) letter f), as well as for compliance with our legal obligations (ref. GDPR art. 6(1) letter c).
We do only process your personal data to the extent that it is necessary for the performance of our specific purposes under the legal basis, as described more in detail below.
2.3 Legal Obligations
For fulfillment of the GDPR regulations and other legal obligations, Lørn is subject to accounting and bookkeeping legislation which requires us to store and possibly report information about our customer relationships. The legal basis for the use of the information is GDPR art. 6.1 letter c (legal obligation).
To prevent and detect abuse, misuse, and unauthorized access to our systems or data, we protect them and record the use and attempted use of our services in our IT systems. The legal basis for the use of the information is GDPR art. 6.1 letter c (legal obligation).
3. DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
We will not share your personal data with others unless you either give us your consent to do so (ref. GDRP art. 6(1) letter a) or if we have another legal basis to share your data (ref. GDPR art. 6(1) letter b), or if we are required by law to disclose your personal data (ref. GDPR art. 6(1) letter c), or it can be justified on the basis of our legitimate interest in doing so (ref. GDPR art. 6(1) letter f).
As regards accounting information, we share required personal data with our accounting provider, as well as Stripe (www.stripe.com) as our payment gateway.
When we use third-party subcontractors or service providers to provide our services, we will take appropriate legal precautions and corresponding technical and organizational measures to ensure that your personal data are protected in accordance with applicable data protection law. Our service providers (alt 1) are based within the EU/EEA only. Alt 2 may be based in locations all over the world. This means that your personal data may be transferred outside the EU/EEA, and in this case, we will implement appropriate security measures to protect your data, such as agreements with EU standard contractual clauses.
4. HOW DO WE PROTECT YOUR PERSONAL DATA?
Both our data processors and we have implemented appropriate technical and organizational measures to ensure a sufficient level of security when processing your personal data and to prevent loss or unlawful processing. Such measures include internal routines, data processing agreements, and IT-security procedures to verify access rights. We will also carry out data protection impact assessments when it is likely that the processing of your data may result in high risk with respect to your rights and freedoms in relation to your personal data.
5. WHAT ARE YOUR RIGHTS?
You have several rights under the applicable data protection regulations. We have provided a list of the rights you can exercise in your relationship with us as a data controller below. If you wish to exercise your rights, please contact us, and we will respond to your inquiry as soon as possible, but no later than a month after the receipt of your inquiry.
– Access: You have a general right of access to the personal data we have registered about you.
– Rectification and erasure: You have a general right to request that we should rectify any incorrect personal data about you and erase personal data about you.
– Restriction: You have a general right to ask us to stop (“freeze”) the processing of your personal data, e.g., if you are of the opinion that we process personal data about you illegally and you do not wish us to erase these data pursuant to our routines for such erasure until the matter has been clarified.
– Data portability: You have a general right to request the transfer of your personal data in a common, machine-readable format.
– Objection: You have a general right to object to our processing of personal data about you if this is justified by special circumstances on your part.
– Right to appeal: If you do not agree with the way in which we process your personal data, you may submit an appeal to the Norwegian Data Protection Authority (Datatilsynet). We ask that you contact us beforehand so that we may clarify any misunderstandings.
6. HOW LONG DO WE STORE YOUR DATA?
7. DO WE KEEP THIS POLICY UP TO DATE?
8. HOW CAN YOU CONTACT US?
Please contact us if you have any questions or comments or if you wish to exercise your rights. Our contact details are:
LØRN AS, Tordenskiolds gate 2, 0160 Oslo