Privacy policy
1. Privacy policy and data controller
The privacy policy provides information about how Storywell AS collects and uses personal data.
This privacy policy was published: 11.02.2024
The registered address of Storywell AS is Saudalskleivane 50, 5136 Mjølkeråen.
Storywell AS is the data controller for the personal data collected about you.
2. What is personal data
Personal data includes all information that describes you or that can be linked to you as an individual. This includes a number of categories, such as contact details (e.g. name, phone number), identification numbers (e.g. IP address, customer number, cookie ID), as well as information about actions or behavior (e.g. pages you have visited, emails you have received). It is our priority to process such data with the utmost respect for your privacy and ensure that it is handled in accordance with applicable laws and regulations.
3. Why we collect personal data and its purpose
3.1 Statistics for improving websites and marketing communication
We collect and analyze data about how you and other users use our website. The purpose of this practice is to gain insight into usage patterns and navigation so that we can continuously improve our content and optimize our products/services based on this insight.
What data we collect:
Data about behavior: Such as which pages you visit and what you click on.
Data about your device: This includes information about your computer/mobile phone, operating system, browser, etc.
Data about your network and location: Derived from your IP address.
All data is linked to an anonymous ID number that is stored in a cookie in your browser. Read more about cookies here.
Basis for processing: We base our processing of this data on legitimate interest. We consider the collection and analysis valuable to improve the user experience, while at the same time we consider that it does not pose a significant burden on privacy. The information will not be linked to other sources or contact details unless you have given consent for other purposes.
How we process personal data: We use Google Analytics and SquareSpace to collect this data from your browser. The data is stored on Google and SqaureSpace's servers, but is owned by us. It will not be linked to other tools or sources unless you provide consent for other purposes. To minimize privacy implications, the IP address is only stored in anonymized form (read about IP anonymization).
3.2 Tracking conversions for advertising
We measure the results of our marketing by reporting how many contact inquiries and sales come from a marketing campaign. The purpose is to be able to optimize and streamline our marketing.
What data: That you have performed a specific action on our website, and from which source you came to our website. Also linked to all other data collected for statistics (see above).
Basis for processing: Legitimate interest. The data processing enables us to use our resources as efficiently as possible and save both effort and money on measures that do not create results. In cases where data collection is not possible without linking data to other information from third parties, we rely on your active consent.
How we process personal data: The data processing follows the same principles as for general statistical purposes. Based on legitimate interest, we collect and process data in Google Analytics, and we send data to Google Ads using so-called Consent Mode (data is sent without cookie information). If you have consented to "marketing", we send data to Google Ads in the usual way, as well as to Facebook, Bing and any other advertising providers (more about advertising below).
3.3 Targeting of ads
We collect data about your behavior on our websites and share this with various ad providers (data processors), for the purpose of achieving more precise targeting of ads.
What data: Data about behavior (which pages you visit, what you click on, etc.), data about your device (type of computer/mobile phone, operating system, browser, etc.), data about your network and location (derived from IP address). All data is linked to an anonymous ID number that is stored in a cookie in your browser. This ID number is a common identifier for you across all websites you visit, which exchange data with the same ad providers.
Processing basis: Consent, which you give by accepting "marketing" as a purpose (or "all") when you visit our website. You can change your consent on our cookie page.
How we process personal data:
Data is collected from your browser when you visit our pages and sent for storage and processing by the ad provider. We use several different providers, including Google Ads, Meta and LinkedIn. You are then placed in different "target groups" with these providers, which allows us to buy advertising from them that you will see when you visit other websites in their network. Therefore, you will often see advertisements for Storywell in many different places after you have visited our pages. Data about you is also included in your general profile with the provider and is used to describe your interests and estimate other characteristics about you (profiling). If you have provided contact details or other personal information to the provider (e.g. Facebook), the data is also linked to this. This allows advertisers other than Storywell AS that use the same advertising network to purchase ads with more precise targeting. The consequence for you is that the ads you see will be more tailored to you and your situation. To avoid data about your behavior on our pages being used in this way, you can avoid consenting to the use of cookies for "marketing". To avoid in general that ad providers collect such data and use it to create a profile of you, you can either delete/reject all cookies in your browser, or edit your settings with the provider. Here are links to how you can do this at Google, Facebook and LinkedIn.
3.4 Direct marketing and networking
Storywell is a knowledge and service provider that markets deliveries through knowledge dissemination to those who want to be part of our network. We offer knowledge through webinars, ebooks and professional articles that are made available via email communication. Access to this material is granted to anyone who agrees to receive newsletters from us.
What data: We collect information such as your name, email address, company name, and a history of your interactions with Storywell through email communications (including opening and clicking) and visits to the website.
Processing basis: Active consent
How we process personal data: When you fill out a form on storywell.no, your information is stored in MailChimp, which is the tool we use to send out email communication and register interactions with our own network. When you open the emails and click on links in them, information about this is also stored. MailChimp also stores cookies in your browser that identify you in order to link information about your activities on our website to your profile.
You can withdraw your consent to receive emails at any time. You can do this by clicking on "change settings" at the bottom of an email you have received from Storywell. Consent to tracking using cookies on our website is given through the cookie information displayed on your first visit and can be changed on our cookie page.
3.5 Job applications
In connection with recruitment processes, we collect and store information about applicants.
What data: Contact information for applicants such as name, email address and phone number, as well as documents the applicant shares with Storywell AS, such as CV, references, application letter.
Basis for processing: Legitimate interest
How we process personal data: Data about job applicants is collected via finn.no's job seeker portal or via email directly to Storywell AS. Storywell advertises positions through finn.no's job seeker portal where personal data is made available from the applicant as long as the application process is ongoing. For open applications, we encourage you to send your application directly to post@storywell.no. Documents received from job applicants are stored for a maximum of 5 years, on the grounds that Storywell AS regularly recruits new employees, so that new opportunities may arise that make previous applicants relevant for reassessment.
3.6 Follow-up of inquiries and sales processes
When you contact us, via the contact form and chat on the website or via email and telephone, we store your personal data for follow-up and the sales process.
What data: name, phone number, email address, company, as well as interactions you have had with us including visits to our website.
Basis for processing: Legitimate interest, as well as consent (to the use of cookies for marketing purposes, to record your visits to our website)
How we process personal data: Personal data and interactions are stored in MailChimp and Google Drive. This happens automatically if you fill in a form on our website, and we register you manually if you contact us via other channels. All Storywell employees who have customer contact have access to this information.
3.7 Follow-up of customers, partners
We collect and store personal data about our customers and partners in order to provide good follow-up and fulfill contractual terms.
What data: contact details such as email address, phone, name, as well as interactions you have had with us including visits to our website.
Basis for processing: Legitimate interest, as well as consent (to the use of cookies for marketing purposes, to record your visits to our website)
How we process personal data:
Personal data and data about interactions on storywell.no are stored in Mailchimp and Google. All Storywell employees who have customer contact have access to this information.
3.8 Evaluation and follow-up after courses and webinars
In order to improve deliveries and to be able to follow up on participants in courses and webinars, we collect personal data that participants themselves provide through a post-course survey and chat log during courses and webinars.
What data: Storywell uses Zoom, Google Meet and Microsoft Teams for conducting video-based courses and webinars. Here, participants have the opportunity to chat with the speaker. Chat logs will be stored in order to take care of and follow up inquiries via chat.
In connection with the evaluation of courses, Storywell may send out a survey to course participants through the Surveymonkey tool. The answers are anonymous.
Basis for processing: Legitimate interest
How we process personal data: Personal data made available in chat logs in connection with webinars and courses is stored for up to one year.
3.10 Transfer of personal data to recipients in countries outside the EEA
We aim for all processing of personal data to be carried out within the EEA, but we may use suppliers or process personal data outside the EEA. In such cases, transfer and processing outside the EEA shall take place in countries approved by the European Commission or in accordance with a valid legal basis for the transfer of personal data under Chapter V of the GDPR. If a transfer to a country approved by the European Commission does not take place, the transfer will only take place in accordance with the guarantees set out in Article 46 (2) of the GDPR. You can obtain information about the basis for the transfer if you contact us. Both the suppliers we use for advertising and analysis (such as Google, Facebook, etc.) and our customer system MailChimp are based in the USA, and data will in many cases be transferred there.
4. Your rights
Below are your rights as a data subject. To exercise your rights, you must [fill in how the data subject must proceed, e.g. contact us, see contact information above].
We will respond to your inquiry as soon as possible, and within 30 days at the latest. If it takes longer than 30 days, you will be notified.
If necessary, we will ask you to verify your identity or provide additional information before we allow you to exercise your rights with us. We do this to ensure that we only provide access to your personal data to you - and not someone pretending to be you. When it comes to information collected on the basis that you have been identified through the use of cookies, such verification will be very difficult. We are therefore unable to provide you with access to this information other than on a general basis, or to make changes or deletions. If you delete cookies in your browser, the information we have stored will no longer have any connection to you.
4.2 Information
You have the right to receive information about the personal data we process about you. Through this statement, we inform you about our processing of personal data. You can also contact us if you would like more information.
4.3 Transparency
You have the right to demand access to the personal data processed about you.
4.4 Modification and deletion
You can also ask us to correct inaccurate information we hold about you or ask us to delete personal data. We will as far as possible comply with a request to delete personal data, but we cannot do this if we still need the data.
4.5 Processing based on consent
If we process personal data on the basis of your consent, you may withdraw your consent at any time. The easiest way to do this is to use the method stated when you gave your consent or contact us.
4.6 Right to restrict or object to processing
You have the right to have the processing restricted in certain cases, such as if:
a) You contest the accuracy of the personal data, for a period that allows us to verify the accuracy of the personal data.
b) The processing is unlawful and you object to the erasure of the personal data and instead request that the use of the personal data is restricted.
c) We no longer need the personal data for the purpose of the processing, but you need it to establish, exercise or defend legal claims.
d) You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification of whether our legitimate interests override your privacy.
4.7 The right to data portability
For data that you have provided to us and is necessary for the performance of a contract with us, and which is processed automatically (i.e. not manually by us), you may request to have your personal data disclosed or transferred to another provider in a structured, commonly used and machine-readable format (data portability).
4.8 Automated decisions, including profiling
No automated decisions as mentioned in GDPR article 22 no. 1 and 4 will be made based on your personal data other than what is done during ad targeting, see above.
5. General information about retention and storage (deletion) of personal data
We retain personal data for as long as necessary for the purpose for which the personal data was collected and delete the data in accordance with regulatory requirements. How long we process the individual types of data we process is included above where the individual processing is described.
Instead of deleting personal data, it may in some cases be appropriate to anonymize the personal data. Anonymization means that all identifying or potentially identifying characteristics are removed from data sets that are retained.
This means, for example, that personal data that we process on the basis of your consent will be deleted if you withdraw your consent. Personal data we process to fulfill an agreement with you will be deleted when the agreement has been fulfilled and all obligations arising from the contractual relationship have been fulfilled, such as legal obligations related to accounting, follow-up of the customer relationship related to complaints, etc.
6. Security of processing
We give high priority to the security of personal data in our business and will implement all required technical and organizational measures to secure your personal data.
We manage information so that it is accurate, accessible and handled according to the level of sensitivity of the data. We also employ a range of security technologies and information security procedures to protect your personal data from unauthorized access, use or disclosure. Where necessary, risk assessments are carried out.
We restrict access to your personal data to the staff or third parties who will process the data on our behalf. These parties are subject to strict confidentiality requirements and we may impose sanctions or terminate the agreement if these requirements are not met.
7. Complaints
We use the Norwegian Data Protection Authority as the lead supervisory authority for cross-border processing under Article 56 of the GDPR.
If you believe that our processing of personal data is not in accordance with what we have described here or that we are otherwise in breach of data protection legislation, you can complain to the Norwegian Data Protection Authority. However, we ask you to contact us first so that we can rectify any incorrect processing as soon as possible.
You can find information about your rights and how to contact the Data Inspectorate on the Data Inspectorate's website: www.datatilsynet.no.
8. Changes
If there are changes to our services or changes to the regulations on the processing of personal data, this may result in changes to the information you have provided here. If we have your contact details, we will make you aware of these changes. Otherwise, updated information will always be readily available on our website.