Privacy Policy
1. Privacy Policy and Data Controller
The privacy statement informs about how Storywell AS collects and uses personal data.
This privacy policy was published: 11.02.2024
The registered address for Storywell AS is Saudalskleivane 50, 5136 Mjølkeråen.
Storywell AS is the data controller for the personal data collected about you.
2. What is personal data
Personal data includes all information that describes you or can be linked to you as an individual. This encompasses a range of categories, such as contact details (e.g., name, phone number), identification numbers (e.g., IP address, customer number, cookie ID), and information about actions or behavior (e.g., pages you have visited, emails you have received). It is our priority to process such information with the utmost respect for your privacy and to ensure it is handled in accordance with applicable laws and regulations.
3. Why we collect personal data, and its purpose
3.1 Statistics for website improvement and marketing communication
We collect and analyze data on how you and other users interact with our website. The purpose of this practice is to gain insight into usage patterns and navigation, enabling us to continuously improve our content and optimize our products/services based on these insights.
What data we collect:
Behavioral data: Such as which pages you visit and what you click on.
Data about your device: This includes information about your computer/mobile phone, operating system, browser, etc.
Data about your network and location: Derived from your IP address.
All data is linked to an anonymous ID number stored in a cookie in your browser. Read more about cookies here.
Legal basis for processing: We base our processing of this data on legitimate interest. We consider the collection and analysis valuable for improving the user experience, while also assessing that it does not constitute a significant burden on privacy. The information is not linked to other sources or contact details unless you have given consent for other purposes.
How we process personal data: We use Google Analytics and Squarespace to collect this data from your browser. The data is stored on Google and Squarespace's servers, but owned by us. It is not linked to other tools or sources unless you give consent for other purposes. To minimize privacy implications, the IP address is stored only in anonymized form (read about IP anonymization).
3.2 Conversion tracking for advertising
We measure the results of our marketing by reporting how many contact inquiries and sales originate from a marketing campaign. The purpose is to optimize and streamline our marketing efforts.
What data: That you have performed a specific action on our website, and from which source you arrived at our website. Also linked to all other data collected for statistics (see above).
Legal basis for processing: Legitimate interest. Data processing enables us to use our resources as efficiently as possible, saving both effort and money on measures that do not yield results. In cases where data collection is not possible without linking data to other third-party information, we rely on your active consent.
How we process personal data: Data processing follows the same principles as for general statistical purposes. Based on legitimate interest, we collect and process data in Google Analytics, and we also send data to Google Ads using so-called Consent Mode (data is sent without cookie information). If you have given consent for “marketing”, we send data to Google Ads in the usual way, as well as to Facebook, Bing, and any other ad providers (more about advertising below).
3.3 Ad targeting
We collect data about your behavior on our websites and share it with various ad providers (data processors) for the purpose of achieving more precise ad targeting.
What data: Behavioral data (which pages you visit, what you click on, etc.), data about your device (type of computer/mobile phone, operating system, browser, etc.), data about your network and location (derived from IP address). All data is linked to an anonymous ID number stored in a cookie in your browser. This ID number is a common identifier for you across all websites you visit that exchange data with the same ad providers.
Legal basis for processing: Consent, which you give by accepting “marketing” as a purpose (or “all”) when you visit our websites. You can change your consent on our cookie page.
How we process personal data:
Data is collected from your browser when you visit our pages and sent for storage and processing by the ad provider. We use several different providers, including Google Ads, Meta, and LinkedIn. Subsequently, you are placed into various “target groups” by these providers, which allows us to purchase advertising from them that you will see when you visit other websites in their network. Therefore, you will often see ads for Storywell in many different places after visiting our pages. Data about you is also included in your general profile with the provider and is used to describe your interests and estimate other characteristics about you (profiling). If you have provided contact information or other personal information to the provider (e.g., Facebook), the data is also linked to this. This provides a basis for other advertisers than Storywell AS who use the same ad network to purchase ads with more precise targeting. The consequence for you is that the ads you see will be more tailored to you and your situation. To prevent data about your behavior on our pages from being used in this way, you can avoid consenting to the use of cookies for “marketing”. To generally prevent ad providers from collecting such data and using it to create a profile of you, you can either delete/reject all cookies in your browser or edit your settings with the provider. Here are links on how to do this with Google, Facebook, and LinkedIn.
3.4 Direct marketing and networking
Storywell is a knowledge and service provider that promotes its offerings through knowledge sharing to those who wish to be part of our network. We provide knowledge through webinars, e-books, and professional articles made available via email communication. Access to this material is granted to everyone who consents to receive newsletters from us.
What data: We collect information such as name, email address, company name, as well as a history of your interactions with Storywell through email communication (including opens and clicks) and website visits.
Legal basis for processing: Active consent
How we process personal data: When you fill out forms on storywell.no, your information is stored in MailChimp, which is the tool we use to send out email communications and record interactions with our network. When you open emails and click on links within them, this information is also stored. MailChimp also stores cookies in your browser that identify you to link information about your activities on our website to your profile.
You can withdraw your consent to receive emails at any time. You do this by clicking on “change settings” at the bottom of an email you have received from Storywell. Consent for tracking using cookies on our website is given through the cookie information displayed on your first visit, and it can be changed on our cookie page.
3.5 Job Applications
In connection with recruitment processes, we collect and store information about applicants.
What data: Contact information for applicants such as name, email address, and phone number, as well as documents the applicant shares with Storywell AS, such as CV, references, and application letter.
Legal basis for processing: Legitimate interest
How we process personal data: Data about job applicants is collected via finn.no's job applicant portal or via email directly to Storywell AS. Storywell advertises positions through finn.no's job applicant portal where personal data is made available from the applicant as long as the application process is ongoing. For open applications, we encourage sending applications directly to post@storywell.no. Documents received from job applicants are stored for a maximum of 5 years, based on the reasoning that Storywell AS regularly recruits new employees, so that new opportunities may arise that make previous applicants relevant for re-evaluation.
3.6 Follow-up of Inquiries and Sales Processes
When you contact us, whether through the contact form and chat on our website or via email and phone, we store your personal data for follow-up and sales processes.
What data: name, phone number, email address, company, as well as interactions you have had with us including visits to our website.
Basis for processing: Legitimate interest, as well as consent (for the use of cookies for marketing, to register your visits to our website)
How we process personal data: Personal data and interactions are stored in MailChimp and Google Drive. This happens automatically if you fill out forms on our websites, and we register you manually if you contact us through other channels. All Storywell employees who have customer contact have access to this information.
3.7 Follow-up of Customers, Partners
To provide good follow-up and fulfill contractual terms, we collect and store personal data about our customers and partners.
What data: contact information such as email address, phone, name, as well as interactions you have had with us including visits to our website.
Basis for processing: Legitimate interest, as well as consent (for the use of cookies for marketing, to register your visits to our website)
How we process personal data:
Personal data and data about interactions on storywell.no are stored in Mailchimp and Google. All Storywell employees who have customer contact have access to this information.
3.8 Evaluation and Follow-up after Courses and Webinars
To improve deliveries and follow up with participants in courses and webinars, we collect personal data that participants provide through post-course surveys and chat logs during courses and webinars.
What data: Storywell uses Zoom, Google Meet, and Microsoft Teams for conducting video-based courses and webinars. Here, participants have the opportunity to chat with the presenter. Chat logs will be stored to preserve and follow up on inquiries via chat.
In connection with course evaluations, Storywell may send out surveys to course participants through the Surveymonkey tool. The responses are anonymous.
Legal basis for processing: Legitimate interest
How we process personal data: Personal data made available in chat logs in connection with webinars and courses will be stored for up to one year.
3.10 Transfer of Personal Data to Recipients in Countries Outside the EEA
It is our objective that all processing of personal data takes place within the EEA, but we may use suppliers or process personal data outside the EEA. In such cases, transfer and processing outside the EEA shall occur in countries approved by the EU Commission or in accordance with a valid legal basis for the transfer of personal data under GDPR Chapter V. If the transfer is not to a country approved by the EU Commission, the transfer will only occur according to the safeguards set out in GDPR Article 46 (2). You can be informed of the basis used for the transfer if you contact us. Both the suppliers we use for advertising and analysis (such as Google, Facebook, etc.) and our customer system MailChimp are based in the USA, and data will in many cases be transferred there.
4. Your Rights
Below are your rights as a data subject. To exercise your rights, you must [fill in how the data subject should proceed, e.g., contact us, see contact information above].
We will respond to your inquiry as soon as possible, and no later than 30 days. If it takes longer than 30 days, you will be notified.
If necessary, we will ask you to confirm your identity or provide additional information before allowing you to exercise your rights with us. We do this to ensure that we only grant access to your personal data to you – and not to someone impersonating you. Regarding information collected based on your identification through the use of cookies, such confirmation would be very difficult. Therefore, we cannot provide you with access to this information except on a general basis, or carry out changes or deletions. If you delete cookies in your browser, the information we have stored will no longer have any connection to you.
4.2 Information
You have the right to receive information about the personal data we process about you. Through this declaration, we inform you about our processing of personal data. You can also contact us if you wish for more information.
4.3 Access
You have the right to request access to the personal data processed about you.
4.4 Amendment and Deletion
You can also ask us to correct inaccurate information we hold about you or request us to delete personal data. We will, as far as possible, comply with a request to delete personal data, but we cannot do so if we still have a need for the information.
4.5 Processing based on consent
If we process personal data based on your consent, you can withdraw your consent at any time. The easiest way to do this is to use the method specified when you gave consent or to contact us.
4.6 Right to restrict or object to processing
You have the right to have processing restricted in certain cases, such as if:
a) You dispute the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
b) The processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of its use.
c) We no longer need the personal data for the purpose of the processing, but you require them for the establishment, exercise, or defense of legal claims.
d) You have objected to processing pursuant to GDPR Article 21(1) pending the verification of whether our legitimate interests override your privacy interests.
4.7 Right to data portability
For data that you have provided to us and that is necessary to fulfill an agreement with us, and which is processed automatically (i.e., not manually by us), you can request to receive your personal data or have it transferred to another provider in a structured, commonly used, and machine-readable format (data portability).
4.8 Automated decision-making, including profiling
No automated decisions as mentioned in GDPR Article 22(1) and (4) will be made based on your personal data, apart from what is done during ad targeting, as described above.
5. General information on retention and storage (deletion) of personal data
We retain personal data for as long as necessary for the purpose for which it was collected, and we delete the data in accordance with regulatory requirements. The duration for which we process each type of data is outlined above where the individual processing activities are described.
Instead of deleting personal data, it may in some cases be appropriate to anonymize the personal data. Anonymization means that all identifying or potentially identifying characteristics are removed from datasets that are retained.
This means, for example, that personal data we process based on your consent will be deleted if you withdraw your consent. Personal data we process to fulfill an agreement with you will be deleted when the agreement is fulfilled and all obligations arising from the contractual relationship are met, such as legal obligations related to accounting, customer relationship follow-up regarding complaints, etc.
6. Security of processing
We prioritize the security of personal data highly in our operations and will implement all required technical and organizational measures to secure your personal data.
We handle information so that it is accurate, available, and managed according to the degree of sensitivity of the data. We also use a variety of security technologies and information security procedures to protect your personal data from unauthorized access, use, or disclosure. Where necessary, risk assessments are carried out.
We restrict access to your personal data to personnel or third parties who are to process the data on our behalf. These parties are subject to strict confidentiality requirements, and we may impose sanctions or terminate the agreement if these requirements are not met.
7. Complaints
We use the Norwegian Data Protection Authority (Datatilsynet) as the lead supervisory authority for cross-border processing under GDPR Article 56.
If you believe that our processing of personal data is not in accordance with what we have described here or that we otherwise violate privacy legislation, you can file a complaint with the Data Protection Authority. However, we ask you to contact us first so that we can rectify any incorrect processing as quickly as possible.
You can find information about your rights and how to contact the Data Protection Authority on the Data Protection Authority's website: www.datatilsynet.no.
8. Changes
Should there be changes to our services or to the regulations regarding the processing of personal data, this may result in changes to the information provided to you here. If we have your contact information, we will notify you of these changes. Otherwise, updated information will always be readily available on our websites.