GDPR Compliance

1. Introduction

VBESLAG ("we," "us," or "our") is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This GDPR Compliance page explains how we collect, use, process, and protect your personal data when you use our services.

As a data controller, we ensure that all personal data processing activities comply with GDPR principles, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

2. Data Controller

3. Personal Data We Collect

We collect and process the following categories of personal data:

• Identity Data: Name, username, and authentication credentials
• Contact Data: Email address and business contact information
• Technical Data: IP address, browser type, device information, and usage data
• Business Data: Company information, project data, and calculation results
• Communication Data: Messages, support requests, and feedback

4. Lawful Basis for Processing

We process your personal data based on the following lawful bases under GDPR Article 6:

• Consent: Where you have given clear consent for specific processing activities
• Contract: Processing necessary for the performance of our service agreement
• Legitimate Interest: Processing necessary for our legitimate business interests
• Legal Obligation: Processing required to comply with legal obligations

5. Your Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Account Data: Retained while your account is active and for 3 years after account closure
• Communication Records: Retained for 5 years for legal compliance
• Technical Logs: Retained for 12 months for security and troubleshooting
• Business Data: Retained according to your account settings and legal requirements

7. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Regular backups and disaster recovery procedures
• Employee training on data protection

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Binding Corporate Rules
• Certification schemes and codes of conduct

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie practices, please refer to our Cookie Policy, which forms part of this GDPR compliance statement.

10. Contact Our Data Protection Officer

If you have any questions about this GDPR compliance statement or wish to exercise your data subject rights, please contact our Data Protection Officer:

11. Right to Lodge a Complaint

If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or the place where you believe the infringement occurred.

In Norway, you can contact the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no.

12. Updates to This Statement

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this page periodically to stay informed about our data protection practices.