This data protection policy relates to dib.no, dib.se and dib.eu (home pages), app.dib.no (dib), kontohjelp.no, kostrahjelp.no , dflow and bompengekalkulator.no (the “Services”), which are developed by DIBkunnskap AS “DIB” (974 379 511). This data protection policy provides additional information on how and why we process personal data.

DIB is the data controller in connection with the processing of personal data of customers, users, customer contact persons and other persons as described in this data protection policy. In some cases, DIB also acts as a data processor on behalf of customers. For further information on this topic, see the general terms and conditions.

Please contact us at support(at)dib.no with any questions about the data protection policy.

We carry out authentication processes, diagnose problems with the Services and associated systems, and otherwise ensure the implementation of adequate security measures in the Services. For this purpose, we process information such as user names, login information, accesses and rights to the Services, logs of attempted and successful logins and usage patterns, and metadata relating to use of the Services. This processing is based on our legitimate interest in ensuring safe and secure login and use of the Services (Article 6(1)(f) GDPR).

We also process personal data such as user names, contact details, information about Services used, usage patterns and metadata relating to the Services to improve and refine the Services. This is based on our legitimate commercial interest in making such improvements and refinements (Article 6(1)(f) GDPR).

We keep you updated with important information about the customer relationship and the Services, and we also provide support. We therefore process personal data such as user names, contact details, information about Services used and other information exchanged between us, for example when you use our chat function. We ask that you do not provide us with more information than needed to process your enquiry. In the case of private customers, we do this so that we can perform the service agreement with you (Article 6(1)(b) GDPR). In the case of business customers, our processing is based on our legitimate interest in providing important and relevant information about the customer relationship and the Services (Article 6(1)(f) GDPR).

We also process personal data relating to private customers and contact persons of business customers as part of administering the customer relationship. This typically applies to information such as user names, contact details, Services used and the content of communications between us. In the case of private customers, this processing is based on performance of the service agreement (Article 6(1)(b) GDPR), while in the case of business customers it is based on our legitimate interest in administering the customer relationship (Article 6(1)(f) GDPR).

We also have to process some personal data when processing customer payments and keeping accounts. This typically includes user names, contact details, information about Services and payment information. In the case of private customers, this processing is based on performance of the service agreement (Article 6(1)(b) GDPR), while in the case of business customers it is based on our legitimate interest in providing correct and verifiable settlement (Article 6(1)(f) GDPR). A further ground in both cases is our legal obligations under the Norwegian Bookkeeping Act (Article 6(1)(c) GDPR).

We process personal data to promote the Services to potential and existing customers and their contact persons. We use names, contact details and information about Services in which interest has been shown for this purpose. In addition, statistics and usage data relating to the Services are used in marketing to existing customers. The sending out of such marketing enquiries is based on the consent of the recipient (Article 6(1)(a) GDPR). Where the Norwegian Marketing Act permits direct marketing to existing customers without consent, marketing is based on our legitimate commercial interest in upselling (Article 6(1)(f) GDPR).

We also conduct customer surveys. In such cases, we process personal data such as user names, contact details, information about Services used, satisfaction information and other feedback and statistics and usage data related to the Services. Participation in customer surveys is voluntary. If you choose to participate, we will process personal data based on our legitimate interest in improving and refining the Services (Article 6(1)(f) GDPR).

We use social media to find potential customers. In such cases, we process personal data relating to decision-makers representing potential and existing business customers. This typically applies to information such as user names, contact details, position and other information provided on social media, as well as information about past interactions with us or the Services. Our processing is based on our legitimate commercial interest in marketing and selling the Services (Article 6(1)(f) GDPR).

We process personal data as part of our recruitment process for potential new employees. In such cases, we process information such as names, contact details, CV information and other information contained in application documentation. The processing of such data is based on the need to implement measures at the job applicant’s request before any agreement is signed (Article 6(1)(b) GDPR).

When visiting our open websites, you can choose whether you want to accept cookies. You can change your browser settings to block cookies. We use the following cookies:

The following information is automatically recorded using cookies:

If you have registered as a user of the Services, cookies are used to log you back in automatically later on, as long as you have indicated that you want us to remember you. This setting remains in place for 30 days from your last login.

Personal data will be disclosed to third parties when necessary for provision of the Services. Personal data will not be disclosed to third parties for commercial purposes unless otherwise stated in the general terms and conditions. Where personal data is transferred outside the EU/EEA, we have signed EU standard agreements with the relevant service providers.

We use the following subcontractors:

Personal data will be disclosed to third parties when necessary in connection with legal proceedings or commercial transactions such as mergers or acquisitions, in line with our legitimate interest in pursuing such legal proceedings or implementing such commercial transactions (Article 6(1)(f) GDPR). We will also disclose personal data to public authorities or others when we are required to do so by law.

We have implemented technical and organisational measures to protect personal and other data you have registered with us. This applies to loss, manipulation and unauthorised access.

All employees involved in the processing of personal data have signed personal confidentiality undertakings and agreements in accordance with Norwegian law.

All communication within the Services is protected by SSL encryption. SSL encryption ensures that all information exchanged between your browser and our solutions is encrypted and not transmitted in clear text which a third party could read. We use certificates issued by trusted certification bodies to verify that the solution you connect to actually belongs to DIB. To confirm this, you can click on the key symbol/privacy icon in your browser.

Please contact our security officer at support(at)dib.no for further information on our technical and organisational security measures.

You have various rights in connection with our processing of your personal data. Depending on the circumstances, these may include the following:

Please contact us at support(at)dib.no if you have any questions or would like to exercise your rights.

When your subscription to one of our Services is terminated or expires, your account will be deactivated and become unavailable.

DIB will store information collected in connection with use of the Services for as long as needed to fulfil the purposes described in this data protection policy. This may entail a storage period of up to five years.

Please contact us at post(at)dib.no or via our chat function if you want data to be permanently erased from our systems. Please note that we cannot erase data which we are required by law to continue storing, or if further processing of the data is necessary for the purposes described in this data protection policy.

DIB may occasionally make changes to this data protection policy, and you will be notified of such changes through the change log below. We encourage our customers to check regularly whether the data protection policy has been updated. Major changes will be notified by email or in the Services.