Privacy Policy – Marie Bergo

Data Controller

This privacy policy explains how we collect and use (process) personal data for our business purposes. Marie Bergo, proprietor and manager, is the data controller.

NB! It is prohibited to copy any content from this Privacy Policy, cf. the Norwegian copyright laws.

Our contact information:

Marie Bergo

Business address:  Ringeriksveien 426 3370 Vikersund

Org.no.:  915500706

E-mail address: coach@mariebergo.com

We take your privacy seriously and have taken several steps to ensure providing you with clear information about your rights and how we process your data. If you find that anything is unclear, or that there is any information missing, please do not hesitate to contact us.

Your rights

Please contact us if you have any questions or would like to exercise any of your rights. You are entitled to a reply within 30 days at the latest. Read more on the Norwegian Data Protection Authority’s website.

Access to and correction of your personal information: You can request a copy of all information where we process your personal data and ask us to correct information that is incorrect.

Deletion or restriction: In some situations, you may ask us to delete and/or limit the processing of your personal information. However, we cannot delete data we are required to process.

Protesting data processing: In cases where we process your personal data on grounds of legitimate interest, you have the right to protest.

Data portability: If we process information about you based on consent or a contract, you can ask us to provide information about you to you, or to another data controller.

You also have the right to withdraw your consent at any time.

If you are not satisfied with the processing of your data, you can issue a complaint to the Norwegian Data Protection Authority. Before taking this step, however, we hope that you will inform us so that we can try to resolve the matter for you in the best way possible.

About whom we process personal data

We process personal data about:

Customers
Clients
Students
Potential customers (leads)
Members
Visitors to the website
Contact persons at suppliers and partners

How we collect personal data

It is voluntary to provide personal data to us, but to provide a service/trade/cooperation, we will need specific information from you. We do not rent, buy, or sell personal information to/from any third parties. We do not use automated decision-making or profiling in the processing of your personal data, and we do not process specific categories of personal data (sensitive personal data) unless you become a customer and enter into a cooperation with us.

We process personal data when you:

buy our products/services
sign up for a membership with us
contact us by phone, SMS, via our website, e-mail, or social media
sign up for our newsletters
request access to our free content
sign up to our events, both free and bought events
respond to a survey
use our website

Purpose, legal basis, and storage

According to Article 6 para. 1 of the GDPR (personvernforordningen) we process personal data on the basis of:

your consent
a concluded agreement
an applicable legal obligation
legitimate interest
Regarding special categories of personal data

As a general rule, personal data shall not be processed or stored for longer than necessary to fulfil the purpose of the data processing. We process data for as long as we are required to comply with applicable legal obligations, for example related to accounting, tax or employment legislation, and/or other relevant rules or regulations.

Your personal data will only be stored for as long as we have a purpose and a legal basis for doing so, that is:

until you withdraw your consent (related to marketing via email or SMS)
as long as we have a contractual obligation, and where applicable in accordance with accounting and bookkeeping rules (related to sales)
as long as we have a legal obligation in compliance with applicable laws and regulations (employment related)
as long as we have a legitimate interest, or until you ask us not to process your personal data in such a way (related to marketing directed towards existing customers)

We also process your personal data in accordance with Article 9 para. 2 (a) on the basis of express consent to the processing of such personal data in order to provide adequate, competent, and prudent guidance and coaching.

You can contact us at any time if you want us to stop processing and delete your personal data. We will fulfil the obligations to comply with relevant legislation. Please note that we cannot delete personal data we are legally obliged to process.

How we process personal data

In this section, we will describe in detail how we process your personal data, for what purpose, on what legal basis, and for how long.

We process personal data when:

you are communicating with us 
when you contact us via the website (contact form, comment field, chat or similar), by e-mail, telephone (call or text message), or via social media

Depending on where and how you send us a message, this data may be your name, contact information, IP address, or any other information you choose to send to us. (Please note that we are not the data controller for any dialogue we have with you on social media; in that case, the platform itself is responsible. We encourage you not to send us sensitive information on such platforms, including special categories of personal data (e.g. information about your health), as such platforms are not considered secure.)

The purpose is to be able to respond to inquiries from you, record keeping, and to have documentation in case we receive complaints or legal claims. The legal basis is (f), where the legitimate interests are to be able to respond to inquiries from you, record keeping, and to have documentation in case we receive complaints or legal claims. We go through, archive and delete requests as needed, but not less often than each other year. Accounting records are kept up to five years, according to the rules of the Bookkeeping Act (bokføringsloven).

You buy products or services, including digital products/services

When you purchase services from us, we process personal data such as name, date of birth, contact information, order and payment information, and purchase history, training history, diet history, etc..

The purpose is to be able to provide personal services according to your order/purchase, to keep a history of purchased services, and otherwise to manage and follow up customer relationships, facilitate personal guidance, and form the basis for a thorough follow-up. The legal basis is (b), agreement, and (c) legal obligation according to i.a. the Bookkeeping Act (bokføringsloven) and the Tax Act (skatteloven). Accounting records are kept for up to five years, in accordance with the rules of the Bookkeeping Act, and special categories of personal data are stored for up to 12 months after the cooperation is ended, as former customers often return. This is also stated when entering into cooperation.

If you have purchased a service which is in full or in parts provided digitally, e.g. via video, either one on one or with a group, we also process personal data such as name, profile picture, video (picture and audio), messages (chat) and IP address. Depending on the type of service, the content of video meetings with multiple participants may be shared with other people, e.g. where the service is structured as a group program. The content is not shared with outsiders. The legal basis is (f), where the legitimate interest is to be able to offer such services digitally. Any recordings from group calls are stored as long as the product/service in question is offered, andoffered and deleted within one year at the latest.

Marketing in existing customer relationships

When you become our customer, we process personal data as mentioned above. If you have an existing customer relationship with us, we will be able to send you marketing material by e-mail and SMS, in accordance with the Marketing Act (markedsføringsloven) § 15.

The purpose is to be able to provide adequate customer service. The legal basis is (f), where the legitimate interests are to be able to offer you relevant products and services. The legal basis may also be (a) where you have given us your consent. You can, at any time, unsubscribe to avoid receiving marketing materials by email and SMS. Information about how to unsubscribe is provided in all our emails and SMS messages linked to marketing. The data is stored for as long as the customer relationship exists, until you unsubscribe, or until you object to the processing.

You become a student/member and/or user of the web portal (incl. online courses)

When you become a student/member and get access our web portal, we process personal data such as name, contact information, and in the case of payments, order and payment information, and receipt history. The purpose is to fulfil our obligation to deliver your ordered products and services, e.g. course and membership, and otherwise to manage and maintain the customer relationship. The legal basis is (b), agreement, and in the case of purchase (c) legal obligation, according to i.e. the Bookkeeping Act (bokføringsloven) and the Tax Act (skatteloven). Accounting records are kept for up to five years, according to the rules of the Bookkeeping Act.

The platform we use to provide digital products and services (e.g. membership and online courses), has integrated analytics that show the number of logins, the latest activity dates, and progress. This functionality is integrated in the system and cannot be disabled. If you do not want your activity to be registered in this way, do not access, or use the web portal. Please note that this would mean losing your access. This includes cases where you have already paid for a course.  The legal basis is (f), legitimate interest is to be able to offer products and services digitally. We process your personal data so long as you are a member/student. The data is then deleted following our next GDPR audit.

You sign up for newsletters

We issue our newsletters by e-mail with information about new articles, blog posts, discounts, offers, free templates, checklists, and so on. The newsletters sometimes contain information about our products and services. When you subscribe to a newsletter, we process personal data such as your name and e-mail address.

The purpose is to be able to provide information about relevant news and offers, as well as to provide adequate customer service to potential and existing customers. The legal basis is (a), consent. It is voluntary to subscribe to the newsletters. You can withdraw your consent at any time (unsubscribe) by clicking on «unsubscribe» at the bottom of one of the e-mails.

Our newsletter provider has integrated analysis showing when subscribers open and/or click on the newsletter links. This functionality is integrated in the system and cannot be disabled. If you do not want your activity to be registered in this way, do not become a subscriber. We use the data to analyze the degree of interest our newsletters are generating, so that we can continuously improve them with content that is relevant for our subscribers. The legal basis is (f), where the legitimate interests are to be able to offer digital newsletters, analyze how effective they are, and to continuously improve our business. Your personal data is stored for as long as you remain a subscriber.

You request access to our free content (“freebies”)

Sometimes we offer free content (“freebies”), such as templates, check-lists, guides, mini courses, etc.. Depending on the type of free content, this may be a document (e.g. a PDF file), access to online courses, videos, audio files or other, including or not including one or several e-mails. For each such freebie we will clearly inform you of its content. When you request access to such content, we process personal data such as your name and e-mail address. The purpose is to provide free content to potential and existing customers. The legal basis is (a), consent.

The supplier we use to issue our e-mails, has integrated analysis, when relevant, that gathers information about our subscribers’ actions, such as opening of the e-mails and clicks on its content. This functionality is integrated in the system and cannot be disabled. If you do not want your activity to be registered in this way, please do not request access to our free content. We use your personal data to analyze your interaction with our content, so that we can continuously improve our offers. The legal basis is (f), where the legitimate interests are to be able to provide free digital content, analyze its effectiveness, and to continuously improve our business. If you have signed up for something that includes receiving one or more e-mails, you can withdraw your consent (unsubscribe) at any time. If you have access to the web portal and/or a webinar, we will process personal data as described in this privacy policy.

You sign up for an event

When you attend our free events, we process personal data such as your name and contact information. For paid events, we also collect order and payment information. The purpose is to be able to offer relevant courses, lectures, and workshops, or to fulfil an agreement for a booked event. The legal basis is (a), consent, or (b), agreement, and (c), legal obligation according to i.a. The Bookkeeping Act (bokføringsloven) and the Tax Act (skatteloven). 

We may also use your personal data to send you a request to evaluate events you attended, and if applicable, invite you to other similar events. If we make recordings of the event, you will be notified. The legal basis is (f), where the legitimate interests are to continuously improve our products and services, and to offer you adequate follow-ups. Your personal data will be stored until you request that it be deleted, or until no later than two years after the event, or by agreement, up to five years under the rules of the Bookkeeping Act (bokføringsloven).

You consent to us using your personal data for marketing purposes

With your consent, we will use your personal data for marketing and advertising on digital platforms. We will ask for your consent for each purpose, e.g. to upload your e-mail address in Facebook’s advertising system (Ads Manager). We use such lists for personalized marketing purposes, adapted to you or to individuals similar to you, or to exclude you and/or individuals similar to you from such marketing. The legal basis is (a), consent. The data is retained for as long as you allow it. In order to meet the privacy requirements, we will ask for renewed consent each other year. If you withdraw your consent, we will immediately stop using your data for these purposes.

You answer a survey

We always inform you of the purpose of the surveys we conduct, and whether or not they are anonymous. We do not share your information with others or use it for other purposes than those stated. In the case of anonymous surveys, we do not collect personal data. The legal basis for non-anonymous claims is (a), consent. The data will be stored until you request that it be deleted, or no later than two years after your response to the request.

You are a supplier, or you are working with us

When you enter into an agreement with us, either as a supplier, partner, or data processor, we process personal data such as name, contact information, and correspondence. The purpose is to enter into an agreement with you, and the legal basis is (b), agreement. The information is stored for up to five years in accordance with the rules in the Bookkeeping Act (bokføringsloven). We process personal data related to general correspondence and communications as described above.

You use our website

When you use our website, we process personal data in accordance with our cookie declaration (https://mariebergo.com/cookie-policy/). The purpose is to manage the website, promote our business, and to respond to requests from website visitors. The legal basis for cookies that store or process data that fall under Electronic Communications Act (ekomloven) § 2–7b, is consent through a default setting in your browser. This is in line with the recommendations of this law.

In order to maintain any records of the comments section, and thereby a natural communicative logic, comments are not systematically deleted.

Who we share personal data with

In order to operate our business efficiently and securely, we are sometimes required to share your personal information with a third party, such as:

Data controllers: providers of various services that process your personal data on our behalf (for example, for IT and administration services, accounting, cloud storage, web hosting, e-mail services, etc.).
Professional advisors offering services in fields like law, finance, accounting, auditing, or insurance.
IT support and support for administration systems
Public authorities to which we are obliged to report

We require our partners to process and secure personal data in accordance with the requirements of the GDPR (personvernforordningen). We enter into a data processing agreement with anyone who processes data on our behalf.

Transfer of personal data outside the EU/EEA 

In some cases, your personal data will be transferred outside the EU/EEA, for example in cases where we use suppliers outside the EU/EEA to handle the issuing of newsletters, to process customer data, to make products and services available on our website, to enable payment, for security on our website, and otherwise to run our business in a safe and efficient manner.

The transfer of personal data outside the EU/EEA is only permitted for countries approved by the European Commission, or countries meeting the requirements of the GDPR (personvernforordningen). This may be the Privacy Shield for our suppliers based in the USA, the use of EU standard contracts, or in accordance with binding corporate rules. Please contact us if you would like to know which suppliers we use outside the EU/EEA and get access to the documentation of the necessary guarantees.

Safety

We take information security seriously, and we will always do our utmost to safeguard your personal data in the best possible way. Among other measures, we use strong passwords, encryption, and backup. These measures are put in place to prevent unauthorized access to stop outsiders from viewing, changing, deleting, or in any way influence the stored data, including your personal data.

We only use reputable IT and management providers, offering services and products like web hosting, website and computer security, antivirus software, e-mail, backup, and more. We only allow others to access and/or process your personal data in accordance with our instructions, and only where strictly necessary (e.g. for IT support).

This privacy statement is based on a template by Bedre Bedrift AS. They are in no way legally responsible for the content in this document,analy but can be contacted if you need help preparing a privacy statement on your own website.

NB! Copying any content from this privacy policy is prohibited, cf. copyright law (åndsverkloven).