Privacy policy

LANARS AS ("LANARS", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This policy explains what personal data we collect when you visit lanars.com or lanars.no, how we use it, who we share it with, how long we keep it, and the rights you have under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Norway's Personopplysningsloven (which implements the GDPR in Norwegian law).

If you do not agree with this policy, please do not use our websites.

The data controller responsible for your personal data is:

LANARS AS
Organisation number: 923 532 110
Registered office: Oslo, Norway
Email: [email protected]

For any questions about this policy or about how we handle your personal data, please contact us at the email above.

We only collect personal data that you actively provide to us or that is generated automatically when you use our websites. The categories of personal data we process are:

• Contact and enquiry data: name, email address, company, phone number, and any message content you submit through forms on our website.
• Newsletter and marketing data: email address and any preferences you provide when subscribing to our communications.
• Career application data: name, contact details, CV, cover letter, and any other information you provide in connection with a job application.
• Technical and usage data: IP address, approximate geographical location, browser type and version, operating system, device type, referral source, pages visited, length of visit, and navigation paths.
• Cookies and similar technologies: see our Cookie Policy for a full list.

We do not knowingly collect personal data from children under the age of 16.

We process your personal data only when we have a valid legal basis under Article 6(1) of the GDPR:

• Consent (Art. 6(1)(a)): for sending our newsletter, marketing communications, and setting non-essential cookies. You can withdraw consent at any time.
• Performance of a contract (Art. 6(1)(b)): when you engage us for services, or when we need to take steps at your request before entering into a contract.
• Legitimate interests (Art. 6(1)(f)): for understanding how visitors use our websites, ensuring the security of our infrastructure, responding to enquiries, and conducting B2B outreach to relevant business contacts. We always balance our interests against your rights and freedoms before relying on this basis.
• Legal obligation (Art. 6(1)(c)): where we are required to retain records for accounting, tax, or other legal purposes.

We use the personal data we collect for the following purposes:

• To respond to enquiries and proposals you submit through our contact forms.
• To deliver the services you have engaged us for and to manage the contractual relationship.
• To send you our newsletter or other marketing communications, only where you have given consent.
• To process and evaluate job applications.
• To monitor and improve our websites, products, and services through aggregated analytics.
• To protect our websites, infrastructure, and users from fraud, abuse, and security threats.
• To comply with legal, regulatory, and accounting obligations.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

We share personal data only with categories of recipients that are necessary for the purposes described above. All processors are bound by a written data processing agreement (DPA) and process personal data only on our documented instructions.

• Hosting and infrastructure providers (e.g., our cloud hosting and CDN providers).
• Analytics providers for understanding website traffic in aggregate.
• Email and marketing platforms for delivering newsletters and transactional emails.
• CRM and helpdesk tools for managing enquiries and customer relationships.
• Professional advisers (legal, accounting, audit) under duties of confidentiality.
• Authorities where required by law, court order, or a valid legal request.

We do not sell your personal data, and we do not share it for unrelated third-party marketing.

Some of our service providers are located outside the European Economic Area (EEA), most commonly in the United States and the United Kingdom. Where personal data is transferred outside the EEA, we ensure an adequate level of protection in line with Chapter V of the GDPR:

• Transfers to the United Kingdom rely on the European Commission's adequacy decision for the UK.
• Transfers to the United States rely on the EU-US Data Privacy Framework where the recipient is certified, or on the European Commission's Standard Contractual Clauses combined with appropriate supplementary measures.
• Transfers to other third countries rely on Standard Contractual Clauses (Art. 46(2)(c) GDPR) and a documented transfer risk assessment.

We do not transfer personal data to countries without an appropriate transfer mechanism. You can request a copy of the safeguards we apply by contacting us at [email protected].

We keep personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Typical retention periods are:

• Contact form enquiries: up to 24 months from the last interaction.
• Newsletter subscriber data: until you unsubscribe or withdraw consent.
• Job application data: up to 12 months after the recruitment decision, unless you agree to a longer period for future opportunities.
• Analytics data: aggregated and retained according to the analytics provider's settings, typically up to 14 months.
• Accounting and contract records: as required by Norwegian accounting law (typically 5 years).

After the retention period ends, we delete or anonymise the data.

As a data subject, you have the following rights in relation to your personal data:

• Right of access (Art. 15): obtain confirmation of whether we process your personal data, and request a copy.
• Right to rectification (Art. 16): have inaccurate or incomplete data corrected.
• Right to erasure (Art. 17): have your data deleted in the circumstances set out in the GDPR ("right to be forgotten").
• Right to restriction (Art. 18): request that we limit how we process your data.
• Right to data portability (Art. 20): receive the data you provided to us in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to object (Art. 21): object to processing based on legitimate interests, or to direct marketing at any time.
• Right to withdraw consent: withdraw any consent you previously gave, at any time, without affecting the lawfulness of processing before the withdrawal.
• Right to lodge a complaint: see the section below.

To exercise any of these rights, email us at [email protected]. We will respond within one month, as required by the GDPR.

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption of data in transit (TLS), access controls based on the principle of least privilege, regular security reviews, vendor due diligence, and staff training. LANARS operates an Information Security Management System aligned with ISO/IEC 27001 principles.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the supervisory authority within 72 hours and, where required, the affected individuals without undue delay.

Our websites use cookies and similar technologies for essential functionality, analytics, and marketing. We obtain consent for non-essential cookies through a cookie banner. For a full list of cookies, their purposes, and how to manage them, see our Cookie Policy.

We may update this policy from time to time to reflect changes in our practices, our services, or the legal framework. The "Last updated" date at the top of this page shows when the latest version took effect. We encourage you to review this page periodically. Material changes will be communicated through a notice on our website.

If you have any questions about this policy or wish to exercise any of your rights, please contact us at [email protected] or by post at:

LANARS AS
Org. no. 923 532 110
Oslo, Norway

If you believe that our processing of your personal data infringes the GDPR or Personopplysningsloven, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):

https://www.datatilsynet.no

If you reside in another EU/EEA country, you may also lodge a complaint with the supervisory authority of your country of residence.