Privacy Policy for Nordlys Workhub AS

This privacy policy explains how Nordlys Workhub AS collects, uses, stores, shares, and protects personal data when you use our services, visit our premises, contact us, or otherwise interact with us. Nordlys Workhub AS is the data controller for the processing of personal data described in this policy.

1. Introduction and company information

Nordlys Workhub AS

Address: Rådhusgata 5, 0151 Oslo, Norway

Email: [email protected]

Phone: +47 23 96 84 71

Business type: Workhub

As a workhub provider, Nordlys Workhub AS may process personal data relating to members, tenants, visitors, event participants, suppliers, business contacts, and website users. We are committed to protecting your privacy and processing personal data in accordance with applicable privacy laws.

2. Data collection and processing

We may collect and process the following categories of personal data:

• Identification data: name, company name, job title, and contact details.
• Contact data: email address, phone number, postal address, and billing information.
• Membership and service data: booking details, access permissions, workspace usage, meeting room reservations, and service preferences.
• Payment and accounting data: invoices, payment status, transaction records, and related financial information.
• Communication data: correspondence with us by email, phone, forms, or other channels.
• Technical data: IP address, device information, browser type, log data, and website usage information.
• Security and access data: access card logs, visitor registrations, CCTV footage where applicable, and incident reports.
• Marketing preferences: consent choices and communication preferences.

We generally collect personal data directly from you, but we may also receive data from employers, business partners, payment providers, booking systems, public sources, or other third parties where lawful and appropriate.

3. Purpose of data processing

We process personal data for the following purposes:

• to provide and administer our workhub services, memberships, and bookings;
• to manage access to our premises and ensure safety and security;
• to communicate with you and respond to inquiries;
• to issue invoices, process payments, and maintain accounting records;
• to organize events, meetings, and community activities;
• to maintain and improve our website, systems, and services;
• to comply with legal obligations, including accounting, tax, and regulatory requirements;
• to prevent misuse, fraud, unauthorized access, and other security incidents;
• to send marketing communications where permitted and, where required, with your consent.

4. Legal basis for processing

We process personal data only where we have a lawful basis to do so. Depending on the context, the legal basis may include:

• Performance of a contract: where processing is necessary to provide services, manage memberships, or fulfill requests before entering into a contract.
• Legal obligation: where processing is required to comply with applicable laws, including accounting and record-keeping obligations.
• Legitimate interests: where processing is necessary for our legitimate interests, such as operating and securing our workhub, managing business relationships, preventing misuse, and improving services, provided these interests are not overridden by your rights and freedoms.
• Consent: where you have given clear consent, for example for certain marketing activities or optional services.

Where we rely on legitimate interests, we assess the impact of the processing and take appropriate safeguards to protect your privacy.

5. Data sharing and third parties

We may share personal data with third parties only when necessary and appropriate for the purposes described in this policy. Such recipients may include:

• IT and cloud service providers;
• booking, access control, and facility management providers;
• payment processors and accounting service providers;
• professional advisers, such as lawyers, auditors, and consultants;
• security providers and emergency services where needed;
• public authorities, courts, or regulators where required by law.

We require service providers and other processors to protect personal data and to process it only on our instructions and in accordance with applicable law.

6. Data transfer to third countries

In some cases, personal data may be transferred to or accessed from countries outside the European Economic Area (EEA). If such transfers occur, Nordlys Workhub AS will ensure that appropriate safeguards are in place, such as:

• an adequacy decision by the relevant authority;
• standard contractual clauses or other approved transfer mechanisms;
• additional technical and organizational measures where necessary.

We take steps to ensure that any international transfer is handled in a manner that provides an adequate level of protection for your personal data.

7. Storage duration

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Retention periods may vary depending on the type of data and the purpose of processing.

• Contract and membership data: retained for the duration of the relationship and for a reasonable period thereafter.
• Accounting and tax records: retained for the period required by applicable law.
• Security logs and access records: retained for a limited period unless longer retention is necessary for security incidents or legal claims.
• Marketing data: retained until you withdraw consent or object, or until it is no longer needed.

When personal data is no longer needed, we delete, anonymize, or securely archive it in accordance with our retention procedures.

8. User rights (access, rectification, erasure, restriction, data portability, objection)

Subject to applicable law, you may have the following rights regarding your personal data:

• Right of access: to obtain confirmation and a copy of the personal data we process about you.
• Right to rectification: to request correction of inaccurate or incomplete data.
• Right to erasure: to request deletion of your personal data in certain circumstances.
• Right to restriction: to request that we limit processing in certain situations.
• Right to data portability: to receive certain data in a structured, commonly used, machine-readable format and, where technically feasible, have it transmitted to another controller.
• Right to object: to object to processing based on legitimate interests and to object at any time to direct marketing.

To exercise your rights, please contact us using the details below. We may need to verify your identity before responding. We will respond within the time limits required by applicable law.

9. Withdrawal of consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

If you withdraw consent, we will stop the relevant processing unless we have another lawful basis for continuing it. You may withdraw consent by contacting Nordlys Workhub AS at [email protected].

10. Right to complain

If you believe that our processing of your personal data does not comply with applicable privacy laws, you have the right to lodge a complaint with the relevant supervisory authority. In Norway, this is the Norwegian Data Protection Authority (Datatilsynet).

We encourage you to contact Nordlys Workhub AS first so that we can try to resolve your concerns directly.

11. Data security

Nordlys Workhub AS implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include:

• access controls and authentication;
• role-based permissions;
• encryption where appropriate;
• secure storage and transmission methods;
• regular backups and system monitoring;
• staff confidentiality obligations and training;
• incident response and breach management procedures.

While we work to protect your personal data, no system can be guaranteed to be completely secure. We encourage you to use caution when sharing information online or in shared environments.

12. Contact information

If you have questions about this privacy policy or our processing of personal data, or if you wish to exercise your rights, please contact:

Nordlys Workhub AS
Rådhusgata 5, 0151 Oslo, Norway
Email: [email protected]
Phone: +47 23 96 84 71

13. Changes to privacy policy

Nordlys Workhub AS may update this privacy policy from time to time to reflect changes in our services, legal requirements, or processing practices. The updated version will be published on our website or otherwise made available to you.

We encourage you to review this privacy policy periodically to stay informed about how we process personal data.