Privacy Policy

Last updated: 1st January 2026

Introduction

prismshifting AS ("we", "our", or "us") is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, share, and protect information about you when you use our website and services.

We are the data controller for the personal data we process. Our company is registered in Norway with registration number 365214978, and our registered address is Bygdøy allé 121, 0100 Oslo, Norway.

Data Collection

The data we collect includes both information you provide directly and information we gather automatically when you use our services. We collect the following types of personal data:

  • Contact information (name, email address, phone number)
  • Business information (restaurant name, type, size, location)
  • Communication records (messages, enquiries, consultation notes)
  • Website usage data (IP address, browser type, pages visited, time spent)
  • Technical data (device information, cookies, analytics data)
  • Marketing preferences and consent records

How We Use Your Information

We use of your data is based on legitimate business interests, contractual necessity, and your consent. Specifically, we use your information to:

  • Provide consultation services and platform recommendations
  • Respond to your enquiries and support requests
  • Improve our services and develop new offerings
  • Analyse website usage and user behaviour
  • Send relevant marketing communications (with your consent)
  • Comply with legal obligations and protect our rights
  • Prevent fraud and ensure website security

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please see our Cookie Policy.

Data Sharing and Third Parties

We do not sell your personal data. We may share your information with:

  • Service providers who assist with our operations (analytics, email services, hosting)
  • Professional advisers (lawyers, accountants, consultants)
  • Regulatory authorities when required by law
  • Third parties in connection with business transfers or mergers

All third-party service providers are required to maintain appropriate security measures and use your data only for the specified purposes.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, comply with legal obligations, and resolve disputes. Specific retention periods include:

  • Contact and business information: 7 years after last interaction
  • Communication records: 7 years for business records
  • Website analytics data: 26 months (Google Analytics default)
  • Marketing consent records: Until consent is withdrawn plus 3 years
  • Financial records: 10 years as required by Norwegian law

Your Rights

Under the General Data Protection Regulation (GDPR) and Norwegian data protection laws, you have the following rights:

  • Right of access: Request copies of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data in certain circumstances
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent for marketing or cookies

To exercise any of these rights, please contact us using the details provided below.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and staff training
  • Secure hosting and backup systems
  • Incident response procedures

International Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • European Commission adequacy decisions
  • Standard contractual clauses
  • Binding corporate rules
  • Certification schemes and codes of conduct

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date.

Contact Information

If you have any questions about this privacy policy or wish to exercise your rights, please contact us:

Email: privacy@prismshifting.top

Phone: +47 21700878

Address: prismshifting AS, Bygdøy allé 121, 0100 Oslo, Norway

Business Hours: Monday - Friday: 9:00 - 18:00

Complaints

If you believe we have not handled your personal data in accordance with this policy or applicable data protection laws, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local data protection authority.