Privacy Policy

1. Introduction

Lovelywrrinsingu ("we", "us", "our") is committed to protecting the privacy of everyone who visits our website or uses our services. This Privacy Policy explains in clear and transparent language what personal data we collect, how we process it, for what purposes, on what legal grounds, and what rights you have as a data subject.

This policy applies to all personal data processing activities carried out by Lovelywrrinsingu through this website at lovelywrrinsingu.world, through our contact channels, and in connection with the delivery of our educational services.

We process personal data in compliance with the General Data Protection Regulation (EU/EEA) 2016/679 ("GDPR"), the Norwegian Personal Data Act (Personopplysningsloven), and any other applicable data protection legislation. We encourage you to read this policy carefully. If you have questions, please contact us using the details provided in Section 14.

2. Data Controller

The data controller responsible for personal data processed through this website is:

Lovelywrrinsingu
Schønings gate 14
0362 Oslo
Norway
Telephone: +47 48 94 19 00
Email: assist@lovelywrrinsingu.world

As data controller, we determine the purposes and means of processing your personal data. For any questions regarding how we handle your data, please use the contact details above.

3. Data We Collect

3.1 Data You Provide Directly

When you interact with us through the contact form or other communication channels, you may provide the following categories of personal data:

• Identity data: your full name as entered in the contact form.
• Contact data: your email address, and any telephone number you choose to include in your message.
• Message content: the content of any message or enquiry you submit to us.
• Consent records: a record of the consent checkbox selection you made when submitting the contact form, including the timestamp of submission.

3.2 Data Collected Automatically

When you visit our website, certain technical data is collected automatically through your browser and our web infrastructure:

• Log data: IP address, browser type and version, operating system, referring URL, pages visited, and time and date of each request.
• Device data: device type, screen resolution, and connection type.
• Cookie data: as described in our Cookie Policy and Section 10 of this policy.

3.3 Data From Third Parties

We do not purchase or receive personal data about you from third-party data brokers or marketing lists. Any data we hold about you comes directly from your interactions with us or from the technical operation of our website.

4. Legal Basis for Processing

Under the GDPR, we must identify a valid legal basis for each processing activity. The bases we rely on are:

• Consent (Article 6(1)(a)): When you tick the GDPR consent checkbox on our contact form, you provide explicit consent for us to process your contact data for the purpose of responding to your enquiry. You may withdraw this consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Legitimate interests (Article 6(1)(f)): We process server log data and certain technical information to ensure the security, performance, and integrity of our website. We have carried out a legitimate interests assessment and determined that our interests in maintaining a secure and functioning website do not override your fundamental rights and freedoms.
• Legal obligation (Article 6(1)(c)): In certain circumstances, we may be required by Norwegian law or applicable EU regulation to process and retain specific categories of data.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for individuals.

5. How We Use Your Data

We use the personal data we collect for the following specific purposes:

• Responding to enquiries: Contact data submitted through our contact form is used solely for the purpose of reviewing and responding to your enquiry. We do not use this data for any other purpose without your separate consent.
• Service delivery: Where you engage with our educational services, we use your contact and identity data to communicate with you about the relevant service, deliver digital products, and maintain records of our professional interactions.
• Website security and administration: Technical log data is used to monitor for security threats, diagnose technical issues, and ensure the stable operation of our website infrastructure.
• Analytics (with consent): Where you have consented to analytics cookies, aggregated and anonymised usage data is used to understand which content is most useful to our visitors and to improve the structure and quality of our website.
• Legal compliance: We may process and retain certain data as required by Norwegian tax law, accounting regulations, or other legal obligations applicable to our business operations.

We will not use your personal data for direct marketing, advertising to third-party audiences, or any purpose not listed above without obtaining your prior explicit consent.

6. Data Sharing and Third Parties

We do not sell, rent, or trade personal data. We may share data with carefully selected third parties only where necessary and only under appropriate data protection agreements:

6.1 Service Providers

We engage certain third-party service providers who process data on our behalf as data processors. These include:

• Website hosting: Our website is hosted on servers operated by a reputable hosting provider. The hosting provider processes server log data and website files on our behalf and is bound by a data processing agreement.
• Email infrastructure: Enquiry responses may be transmitted through a third-party email service provider. This provider processes email content solely for the purpose of transmission and delivery.
• Analytics providers: Where you consent to analytics cookies, anonymised usage data may be processed by an analytics service. No personally identifiable information is shared with analytics providers.

6.2 Legal Disclosure

We may disclose personal data where required to do so by applicable law, court order, or request from a competent supervisory authority in Norway or the European Economic Area.

6.3 No Commercial Data Sales

We do not engage in the commercial sale of personal data and have never done so. We do not participate in data broker networks or audience targeting partnerships.

7. International Data Transfers

Lovelywrrinsingu is based in Norway, which is part of the European Economic Area. Data you provide to us is primarily stored and processed within the EEA.

In cases where a third-party service provider operates outside the EEA (for example, a hosting provider with infrastructure in the United States), we ensure that such transfers are governed by appropriate safeguards as required by GDPR Chapter V. These safeguards include:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions applicable to the destination country, where they exist.
• Binding Corporate Rules, where applicable to the provider.

You may request information about the specific safeguards applied to any international transfer by contacting us at the details in Section 14.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, subject to our legal obligations. Our standard retention periods are:

• Contact form enquiries: Data submitted through our contact form is retained for a maximum of 24 months from the date of submission. After this period, data is securely deleted unless it is the subject of an ongoing contractual relationship or legal obligation.
• Service-related correspondence: Records relating to the delivery of educational services are retained for the duration of the service relationship and for up to 3 years thereafter, in line with Norwegian business record-keeping norms.
• Server log data: Technical log data is retained for a maximum of 12 months for security monitoring purposes and then deleted automatically.
• Financial records: Where applicable under Norwegian accounting law, financial transaction records are retained for 5 years as required by the Accounting Act (Regnskapsloven).
• Consent records: Records of consent are retained for the duration of the relevant processing activity and for 12 months after the processing has ended, to demonstrate compliance.

When data is no longer required and its retention period has expired, it is securely deleted or anonymised using methods appropriate to the medium on which it is stored.

9 Your Rights Under GDPR

As a data subject residing in the EEA, you have the following rights in relation to your personal data:

To exercise any of these rights, please contact us in writing using the contact details in Section 14. We will respond within one calendar month. This period may be extended by up to two additional months where requests are complex or numerous, in which case we will notify you of the extension and the reasons for it.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Please refer to our separate Cookie Policy for a full description of the cookies we use, their purposes, and how you can manage your preferences.

In summary, we use the following categories of cookies:

• Strictly necessary cookies: Required for the website to function. Cannot be disabled.
• Analytics cookies: Used with your consent to understand website usage patterns through anonymised data.
• Marketing cookies: Used with your consent to deliver relevant educational content and measure the reach of informational communications.

You can manage or withdraw your cookie consent at any time by clicking the "Cookie Settings" button in our consent banner.

11. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, or alteration.

Our security measures include:

• HTTPS encryption for all data transmitted between your browser and our website. We do not permit unencrypted HTTP connections.
• Access controls that limit access to personal data to only those staff members who require it to perform their duties.
• Regular review of our data handling procedures and access permissions.
• Use of reputable, security-certified hosting and infrastructure providers.
• Secure deletion procedures for data that has reached the end of its retention period.

Despite these measures, no method of internet transmission or electronic storage is completely secure. We cannot guarantee the absolute security of data transmitted to us over the internet. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Article 34.

12. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has submitted personal data to us without your consent, please contact us immediately using the details in Section 14 and we will take prompt steps to delete the information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing activities, applicable law, or best practice. When we make material changes, we will update the "Last updated" date displayed at the top of this page.

We encourage you to review this policy periodically. Where required by applicable law, we will provide more prominent notice of material changes and, where appropriate, request your renewed consent.

14. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or our data processing activities, please contact us:

Lovelywrrinsingu
Schønings gate 14, 0362 Oslo, Norway
Telephone: +47 48 94 19 00
Email: assist@lovelywrrinsingu.world

You also have the right to contact the Norwegian Data Protection Authority (Datatilsynet) directly if you have concerns about our processing of your personal data. Their details are available at www.datatilsynet.no.