Privacy Policy

Last updated 13.02.24

Effective date 23.05.2024

This privacy policy describes how, why and on what basis Sloyd AS, organization number 927 129 043 ("Sloyd" or "we") processes your personal data when you use our website and services ("the Services"). In addition, the privacy policy describes what rights you have under the EU's General Data Protection Regulation 2016/679 (GDPR) and the Norwegian data protection legislation (together "Data Protection Legislation").

Sloyd is the data controller for the processing of personal data described in this privacy policy. This means that Sloyd is responsible for complying with and safeguarding your rights under the Data Protection Legislation. Our contact information can be found below in section 10.

From time to time, we may revise this privacy policy, for example as a result of changes in our processing of personal data or as a result of changes in the Data Protection Legislation. When the privacy policy is changed, an updated version will be published on the Services. We therefore recommend that you review this page regularly. If we make material changes, for example if we seek to use personal Information in a materially different way than we had previously, we will provide prior notice to you by email or a webapp pop-up.

  1. WHAT IS PERSONAL DATA? 

Personal data is any information or assessment that can be linked to one physical person or a smaller group of people ("data subjects"). Examples of what is considered personal data are name, social security number, address, phone number, and email address. Personal data can also include special categories (formerly called "sensitive") of personal data such as information about health condition, religious belief, ethnic origin, or information about a person's sexual relationships or orientation. 

By "processing personal data", we mean the collection, storage, compilation, deletion, and any other use of personal data.

  1. PERSONAL DATA WE PROCESS
  1. The services

When you create a user on the Services, we may collect and process the following personal data about you:

  1. Business customers, investors and suppliers

If you are our contact person, or another employee we have direct contact with at one of our business customers, investors, suppliers or other partners, we may process personal data such as:

  1. Visits to our Services

When you visit the Services, we may collect information about how you use our service. Some of this information is collected via cookies and similar technologies. This can be information about which pages you visit and what you have clicked on. We use cookies and similar technologies for various purposes. For instance, they help us making the Services work properly, making it more secure, providing you with a better user experience, understanding how the Services performs and to analyse what works and where improvements are needed. If you give your consent, we may also pass on information to third parties we cooperate with for marketing purposes.

2.3.1 Cookies

Authentication API Cookies: Auth0

Analytics cookies: Mixpanel 

Analytics cookies: Google Analytics

  1. Email marketing and invitations to events and seminars

If you receive newsletters, other marketing emails, or invitations to our seminars or other events from us, we may process the following personal data about you: 

  1. Job applicants and recruitment

In connection with recruitment, we will process the personal data you provide to us in the recruitment process, including your name, your contact information, education and work experience, current job title, etc. We may also process names and contact information regarding any references you provide.

  1. WHO DO WE PROCESS PERSONAL DATA ABOUT?
  1. WHAT IS THE PURPOSE OF PROCESSING PERSONAL DATA?

We process the personal data specified in section 2.3 to give you access to our services via the Services. 

We process the personal data specified in sections 2.1, 2.2 and 2.3 above, because it is necessary to establish and manage our customer or supplier relationship, for billing purposes and to be able to deliver our services to you or your employer. Payment and other purchase documentation are also processed for purposes related to, e.g., internal reporting and compliance with our accounting obligations.

We process the personal data specified in sections 2.3 and 2.4 to be able to market and customize our products, services and events to you or your employer.

We process the personal data specified in section 2.5 to be able to consider you as a potential employee with us, and to form a proper decision basis in our recruitment processes.

  1. WHAT IS OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA?

If you are a private customer, we process your contact information and other information about you (as described above) based on a contract, because it is necessary to deliver our service to you. If you are a contact person or other representative for one of our business customers, suppliers or other partners, we will process your information because it is necessary for purposes related to Sloyd's legitimate interests. This legitimate interest is the establishment and administration of our relationship with the business that you are a contact person for. 

Personal data about you that is included in purchase or other accounting documentation will be processed based on our obligations under accounting legislation.

When it is necessary to deliver the service to you, we process the personal data described in section 2.3 above on the basis of a contract. When it is necessary to achieve sufficient security on the Services, we process the personal data described in section 2.3 based on Sloyd's legitimate interest in maintaining security. In other cases, the processing is based on your consent. Where the processing of personal data is based on consent, you can withdraw consent at any time.

We process the personal data described in section 2.4 for existing customers based on Sloyd's legitimate interests. These legitimate interests are marketing of Sloyd's products, services and performances similar to those that the customer relationship is based on. In other cases, we process the personal data described in section 2.4 based on your consent.

We process the personal data described in section 2.5 for purposes related to Sloyd's legitimate interests, which are to recruit and hire relevant candidates to our business. 

  1. HOW LONG DO WE KEEP YOUR PERSONAL DATA

We will delete or anonymize all personal data when they are no longer necessary for the purpose they were collected for, see section 4.

Personal data related to a user profile, including your name and contact information, will, for example, be processed as long as we have an active contractual relationship with you or your employer. After the contractual relationship ends, the information will, as a rule, be deleted.

Personal data that is necessary to store for a longer period of time to fulfil Sloyd's legal obligations, for example accounting obligations, will be deleted when the obligation ceases.

We may need to retain certain information for longer periods, for example due to record keeping/reporting in accordance with applicable law or for other legitimate reasons such as enforcement of legal rights, fraud prevention, etc. Remaining anonymous personal data and aggregated information, none of which identifies you (directly or indirectly), can be stored indefinitely.

  1. WHO DO WE SHARE YOUR PERSONAL DATA WITH

We use various service providers (data processors) who provide IT services and other administrative services to us. We have entered into data processing agreements with these service providers that require the relevant companies to ensure that personal data is stored securely, that they do not fall into the wrong hands, and that they are not used for purposes other than those we designate. 

With your consent, we may disclose certain personal data to third parties in order to market our services on other platforms, see section 2.3.

We may also disclose personal data to: (1) comply with applicable law, regulation, court order or other legal process; or (2) pursue our own legal claims. If the Services or all or parts of our company or our business are transferred to, or merged with another company, your personal data will be one of the assets that are transferred to or otherwise can be shared with the new owner. 

If our sharing of personal data involves transfers to a country outside the EU/EEA that is not covered by an adequacy decision (a decision from the EU Commission stating that the country has an adequate level of protection), Sloyd will ensure that the transfer is protected by using standard contractual clauses (SCCs), adopted by the EU Commission.

  1. WHAT ARE YOUR RIGHTS?

If we process your personal data, you have a number of rights under the Data Protection Legislation:

Please note that there are exceptions and further conditions for the rights described above, and not all rights will be relevant for all our relationships.

If you wish to exercise one of your rights, please contact us through the contact information indicated in section 10. We may need to ask you to identify yourself, as we may have to ensure that you are who you claim to be.

  1. RIGHT TO LODGE A COMPLAINT

You can find the contact information for the relevant supervisory authorities in EU/EEA countries on the website of the European Data Protection Board here.

The Norwegian Data Protection Authority is responsible for monitoring the data protection regulations and supervising Norwegian companies' processing of personal data. You can contact us at any time if you have complaints related to our processing of your personal data. You can also lodge a complaint to a supervisory authority in the EU/EEA country where you live or work, or where the alleged infringement has taken place.

  1. CONTACT INFORMATION

If you have questions or want more information about our processing of personal data, you can contact us via the contact information below:

Email: 

Sloyd 3D treasure chests in multiple styles

3D doesn't have to be a time sink

Get started