Privacy Policy

Privacy Policy

Last Updated: June 17, 2025

This Privacy Policy explains how Liiftr AS ("we", "us", or "our") collects, uses, and protects your personal information when you use our services and website.

1. Information We Collect

Personal Information

  • Name: Full name for communication and service delivery
  • Contact Information: Email address and phone number for communication
  • Company Information: Organization name, position, and business details
  • Messages and Communications: Content of forms, emails, and other communications

Technical Information

  • IP Address: For security monitoring, geolocation, and fraud prevention
  • Device Information: Browser type, device type, and technical specifications
  • Location Data: Approximate location based on IP address for security
  • Usage Analytics: Form interactions, page views, and website usage patterns

Business Information from Public Sources

  • Brønnøysund Register Data: Public company information from Norwegian business registers
  • Public Business Records: Industry codes, company size, founding date, and legal structure

2. How We Use Your Information

Primary Purposes

  • Responding to inquiries and providing customer support
  • Delivering our consulting and technology services
  • Technical support and service improvement
  • Security monitoring and fraud prevention

Business Development

  • Market analysis and business intelligence
  • Service development and improvement
  • Industry research and trend analysis

Marketing Communications (with consent)

  • Service updates and company news
  • You can withdraw consent at any time

3. Legal Basis for Processing

  • Consent: For marketing communications and optional analytics
  • Contract Performance: For service delivery and customer communication
  • Legitimate Interest: For security, fraud prevention, and business development

4. Data Storage and Security

Storage Location

Your data is stored securely on Supabase servers with encryption in transit and at rest.

Security Measures

  • End-to-end encryption for data transmission
  • Strict access controls and authentication requirements
  • Security monitoring and intrusion detection
  • Regular encrypted backups and disaster recovery

Data Retention

We retain your data for 3 years after our last interaction, or until you request deletion. Active business relationships may require longer retention for contractual obligations.

5. Your Rights Under GDPR

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing and optional features

6. Data Sharing

We do not sell your personal data. We may share it only in limited circumstances:

  • Service Providers: Trusted partners who help operate our services under strict data protection agreements
  • Legal Requirements: When required by law or to protect our rights and safety
  • Business Transfers: In case of merger, acquisition, or business transfer with appropriate safeguards

7. Cookies and Tracking

We use minimal tracking technologies strictly necessary for website operation:

  • Essential Cookies: Required for website functionality, security, and fraud prevention
  • Privacy-Compliant Analytics: Self-hosted analytics with consent-based tracking and data minimization
  • Security Cookies: Rate limiting and protection against malicious activity

No Cookie Banner Required: All cookies we use are essential for functionality and security, so no consent banner is required under GDPR.

8. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area. We ensure adequate protection through:

  • Adequacy decisions for countries with appropriate data protection laws
  • Standard Contractual Clauses approved by the European Commission
  • Certification schemes and codes of conduct

9. Exercise Your Rights

Contact Information

Data Protection Officer:

Email: dpo@liiftr.com

General Inquiries:

Email: kontakt@liiftr.com

Response Time: We will respond to your request within 30 days

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  • We will update the "Last Updated" date at the top of this policy
  • For significant changes, we will notify you via email or website notice
  • Continued use of our services constitutes acceptance of the updated policy

11. Contact Information

Liiftr AS

Org.nr: 935 382 114

General Inquiries: kontakt@liiftr.com

Data Protection Officer: dpo@liiftr.com