Published Feb 19th, 2021
Please note that to the extent Loopify AS processes personal data for its customers as a data processor, such processing is governed by a separate data processing agreement.
Maries vei 16 B, 1363 Høvik
Loopify AS' current data protection officer is Gunnar Sande, who can be reached using the contact details above.
Data you may provide to Loopify AS as a customer and/or by your registration on the website, which may include:
The name of the organization, organization number, and other company details
Transaction information, e.g., card number, transaction amount, and transaction date
Data obtained when you visit or use Loopify AS' website, such as:
The browser types and versions used
The operating system used by the accessing system
The website from which an accessing system reaches Loopify AS' website (so-called referrers)
The date and time of access to the Internet site
Internet protocol address (IP address)
Internet service provider of the accessing system
How often you use the website
Choices you make when using the website
Navigation and browsing history
Data processed in regards to inquiries of different kinds, either from you to Loopify AS or from Loopify AS to you.
Data obtained from your bank or financial institution, which are necessary for conducting payments.
Data obtained when you submit a job application to Loopify AS are a part of a hiring process or when you become an employee. This may, for example, include a job application, resume, diplomas, certificates, references from previous employers, etc.
Loopify AS does not process data regarding children under the age of 15. The company does not direct marketing inquiries to children under the age of 15.
|Type of Processing||Legal Basis|
|Establishing a customer relationship and maintenance of the customer relationship.||Processing is necessary for the performance of a contract to which the data subject is party, cf. GDPR Art. 6 (1) (b).|
|Providing Loopify AS' services to its customers and delivering the content of the website correctly.||Processing is necessary for the performance of a contract to which the data subject is party, cf. GDPR Art. (1) (b).|
|Conducting payments and sharing personal data with our payment service providers.||Processing is necessary for the performance of a contract to which the data subject is a party, cf. GDPR Art. 1 (b).
Processing is further necessary for compliance with a legal obligation to which the controller is subject, cf. GDPR Art. (1) (c), cf. the Bookkeeping Act Section 13.
|Targeted marketing on the website. You may, at any time, disable cookies in your browser.||The legal basis is consent (cookie based), cf. GDPR Art. 6 (1) (a).|
|Using Facebook Custom Audience to deliver targeted marketing. You may, at any time, disable cookies in your browser and/or use Facebook's settings to opt out from such targeting marketing. More information about Facebook's data processing terms can be found here: https://www.facebook.com/legal/terms/dataprocessing/update.||This processing is based on consent (cookie based), cf. GDPR Art. 6 (1) (a).|
|Sending marketing material by email, SMS, or otherwise from Loopify AS to you. This may, for example, include newsletters.||Processing is necessary for the purposes of the legitimate interests pursued by Loopify AS, as long as Loopify AS already has an existing customer relationship, cf. GDPR Art. 6 (1) (f) and the Marketing Control Act Section 15 (3). Loopify AS can contact you in regards to similar products or services, as long as you have not opted-out from such queries.
In other situations, the legal basis is consent, cf. GDPR Art. 6 (1) (a) and the Marketing Control Act Section 15 (3).
|Tracking user behavior, e.g., by using tracking pixels in regards to newsletters, which allows Loopify to see if and when an email was opened, and which links were used.||This processing is based on consent, cf. GDPR Art. 6 (1) (a).|
|Development of the service, optimizing the content, and improvement of the user experience.||Processing is necessary for the purposes of the legitimate interests pursued by Loopify AS, cf. GDPR Art. 6 (1) (f). Loopify AS has a legitimate interest in improving the services they offer.|
|Prepare anonymized/aggregated statistics on the user's finances, payment habits, consumption patterns, etc. Loopify AS cannot link the information to individual users when it is analyzed.||Processing is necessary for the purposes of the legitimate interests pursued by Loopify AS, cf. GDPR Art. 6 (1) (f).
Loopify AS has a legitimate interest in improving its current services.
|Correspondence with existing customers.||If you have contacted Loopify AS with a query in relation to the contractual relationship, the legal basis is GDPR Art. 6 (1) (b) for Loopify AS' handling of the query.
If Loopify AS contacts you to provide customer service in general, the legal basis is that processing is necessary for the purposes of the legitimate interests pursued by Loopify AS, cf. GDPR Art. 6 (1) (f). Loopify AS has a legitimate interest in providing the best user experience possible and answering questions or queries which its customers might have.
|Correspondence with potential new customers and others.||If you have contacted Loopify AS with a query, the legal basis is GDPR Art. 6 (1) (a) for Loopify AS' handling of the query.
Loopify AS further has a legitimate interest in handling the query, cf. GDPR Art. 6 (1) (f). Loopify AS has a legitimate interest in attracting new customers and handling queries.
|Handling job applications, conducting job interviews, and contacting references during the hiring process.||Processing is necessary for the purposes of the legitimate interests pursued by Loopify AS, cf. GDPR Art. 6 (1) (f).|
Your personal data will not be shared with third parties unless there is a legal basis for such sharing.
Loopify AS will share your personal data with the data processors which Loopify AS has entered into processing agreements with, namely the following data processors:
Mailgun Technologies, Inc.
This data processor manages the delivery of emails.
Amazon Web Services
Amazon Web Services (AWS) is used for secure cloud computing services and database storage.
This data processor is used to store, retrieve, and support huge volumes of both data and traffic.
Sinch manages the sending of SMS and verification via text messages.
Google's services are used for web analytics, marketing, and advertising purposes.
Cloudflare is used to provides secure, fast, reliable network services.
This data processor is used for secure business file transfer via a cloud SFTP Service.
Facebook (in relation to Custom Audiences)
Facebook Custom Audiences is used for ad targeting to find existing audiences among people who are on Facebook.
The data is stored within the European Economic Area (“ EEA ”) but may also be transferred to and processed in a country outside of the EEA. For transfers outside the EEA, Loopify AS will use Standard Contractual Clauses as safeguards.
Loopify AS will store your personal data for as long as it is necessary in order to fulfill the relevant purpose. The relevant purpose varies between the different data and the legal basis for processing it.
Personal data, which is obtained based on your consent, will be erased if you withdraw your consent.
If you are an existing customer, your personal data will be stored for as long as the customer relationship remains. If a customer relationship is ended, the corresponding data will be erased unless there is a legal basis for further storage, e.g., consent. However, Loopify AS may store your personal data for a longer period (normally 3 years), should it be necessary to pursue or defend legal claims or comply with legal requirements.
Loopify AS will, in all cases, comply with the requirements of the Bookkeeping Act. This means that, e.g., payment-related data can be stored up until 5 years after the customer relationship ended.
General queries are stored for 1 year unless a query is relevant to pursue or defend legal claims.
Data processed with the purpose of sending marketing material by email, SMS, or otherwise from Loopify AS to you (e.g. newsletters) will be stored until you withdraw your consent, if the legal basis for the processing was consent. If the legal basis was a legitimate interest based on an existing customer relationship, the data will be stored for as long as the customer relationship remains.
When you submit a job application, we may retain it for a future open position, e.g., when you submit an open application.
If the job application was submitted in relation to a concrete job announcement for a concrete position, and no employment contract was concluded, the application documents will normally be erased 3 months after notification of the refusal. However, Loopify AS may store your personal data for a longer period (normally 3 years), should it be necessary to pursue or defend legal claims or comply with legal requirements.
If Loopify AS concludes an employment contract with a job applicant, the submitted data will be stored for as long as it is necessary to fulfill the relevant purpose of the processing. Some types of data will be retained for as long as the employment relation lasts, e.g., the employment agreement. Loopify AS will comply with the Bookkeeping Act's requirements of storage, according to which, e.g., payment/salary data must be stored a minimum of 5 years from the end of the accounting year, cf. the Bookkeeping Act Section 13.
You have the right to request information about the personal data which Loopify AS holds about you at any time and demand data erased. You further have the right to request rectification of your personal data if the information is incorrect, and you have the right to demand incomplete personal data completed. Moreover, you have the right to object to the processing and demand portability.
Please contact Loopify AS by using the contact details in Clause 1 above, should you wish to access your rights.
Loopify AS will attend to your query as soon as possible and within 30 days at the latest.
If you withdraw your consent, that will not have any legal impact on any processing which took place prior to you withdrawing the consent.
If Loopify AS transfers your personal data in a country outside of the EEA, you may contact Loopify AS and receive information about where the data is available and the safeguards used.
Should you wish to submit any complaints in regards to Loopify AS' processing of personal data and compliance with GDPR, please contact the Data Protection Authority (Nw. Datatilsynet). You will find information on how to contact the Data Protection Authority on their website, www.datatilsynet.no.
View prior version of our PrivacyPrivacy updated February 3rd, 2018