Privacy Policy
This privacy policy contains information on how Artikolor AS, website https://www.kristinetghardeberg.no (hereinafter referred to as the Company) process your personal information.
You are strongly encouraged to read this privacy policy and the terms and conditions, as by visiting and using the content on the Company`s website, as well as by purchasing packages, courses, and programs, you agree to the terms and conditions described in these.
Please be aware: The English privacy policy is a translation from Norwegian for your convenience only. As Artikolor is a Norwegian company, the Norwegian Privacy Policy is the legally binding one. To read the privacy policy in Norwegian, click HERE.
Last updated and valid from February 28, 2024.
1. Data controller
Kristine Hardeberg is responsible for the data processing being done at the Company.
2. Personal data being stored
Depending on the service or product you order, the Company stores, with your consent: Name and email address.
The Company also stores purchase history, behavior patterns on websites, registration pages and newsletters that are sent out and in online courses i.e. information about how the individual customer navigates the pages and emails.
The Company also stores information given on or through social media.
Payment information for the purchase of one or more of the Company`s services is stored in Stripe or, in Norway, Vipps.
On July 10th, 2023, a new framework called the EU-US Data Privacy Framework (DPF for short) was launched and implemented so that all businesses on the DPF list are considered safe to transfer data to from the EU/EEA area.
Based on the adequacy decision from the EU, it is now also legally sound to send data from the EU/EEA based on the new EU Standard Contractual Clauses (SCC for short)
Artikolor AS does all data transfers according to applicable laws.
3. Data of minors
The Company does not knowingly process data about persons below the age of 18 years.
If persons below the age of 18 years wish to register for the Company`s newsletter and/or purchase/participate in the Company`s programs/packages/courses, the explicit written consent from parents or legal guardians is required.
If the Company is made aware that minor`s data is being processed, the Company will immediately do its outmost to delete all data about the person found in the systems and programs used.
4. Purpose of processing
The Company processes the information to be able to carry out the obligations it has according to the agreement with you.
The Company also uses the information to be able to provide you with information, offers and service in connection with your order via e-mail, possibly also by phone, SMS, direct messages on social media, and any mailings with your consent, as well as for your registration/participation in activities such as challenges, courses and coaching on the initiative of the Company.
Personal information that Kartra, the Company`s newsletter provider gives access to, as well as direct feedback from those registered for the newsletters is used to document consent of email marketing, as well as measure quality, engagement and interest so that more content can be made accordingly.
If you use Apple Mail, you can choose to activate Apple Mail Privacy Protection. Information on how this is done can be found here:
https://support.apple.com/no-no/guide/iphone/iphf084865c7/ios
The Company`s pages on social media like Facebook, Instagram and YouTube also have built-in analytics tools to create anonymous reports on how the various posts/videos are doing, so that the Company can create more content in line with what followers show the most interest in.
The Company tracks the percentage of opened emails but does not use Google analytics to see what links have been clicked on in newsletters.
The other functions, i.e. day, date, and time of registration as well as the number of emails received, cannot be de-activated by the Company, so if you do not wish to be included in such analysis, you must not subscribe to the Company newsletter or interact with the Company on social media.
Google Analytics is not used on this website. Hyros, Google Ad tags and Meta pixels are used to analyze website traffic and ad activity.
Information shared in individual or group meetings on Zoom is processed to follow up as agreed with the customers.
The Company also have measures in place to secure content, prevent spam and hacking and create website backup copies.
5. Legal basis for processing
Information about name, email address, physical address, telephone number and, if applicable, Tax ID is used to fulfill orders and purchase agreements between you and the Company. The legal basis for this processing is Art 6.1.b Contract in the GDPR.
Where you have given consent, the information will also be used to provide you with information, offers and service in connection with your order or purchase via email, telephone, and SMS, as well as direct messages on social media. The legal basis for this processing is Art 6.1.a Consent in the GDPR.
You can at any point refuse to receive such information from the Company.
Purchase history and insight into behavior in social media posts are used to provide recommendations and promote products and services especially adapted to you as a user. The basis for this processing is Article 6.1.a Consent in the GDPR as this is given from each registered when they signed up for the individual social media.
The Company also use information about behavioral patterns on landing pages, openings of and direct feedback in newsletters to gain insight into
and then seek to improve the Company content based on this. The Legal Basis for the insight of opened emails is Article 6.1.a Consent.
The legal basis for the other insights is Art 6.1.b Contract since it is not possible for the Company to deactivate these analytics in the systems used by the Company.
Again, if you use Apple Mail, you can stop the collection of information such as IP addresses and opened email tracking by activating Apple Mail Privacy Protection. Please search Apple Mail Privacy Protection online as there are different instructions for iPhone and Mac.
If you do not use Apple Mail, the Company unfortunately have no option to turn of the aforementioned information in Aweber and Funnel Gorgeous. This means that if you do not want to be part of such analysis, you must not sign up for the Company`s freebee and newsletter.
The Company store the date and time for each newsletter signup to document consent. The legal basis for this processing is Art 6.1.c Legal obligation in the GDPR.
The Company does not process any special categories of data at any optin page, website or in any course.
Group meetings on Zoom are recorded as agreed when purchasing a course. The legal basis for this processing is Art 6.1.b Contract.
Information collected and stored for bookkeeping and accounting purposes is done so according to Art 6.1.c Legal Obligation in the GDPR.
6. How information is collected – including cookies.
All the information you chose to give on the Company`s websites will be stored.
The Company uses cookies on landing pages (where you sign up for offers – free or paid), in courses and in newsletters to gain insight into how many signs up for newsletters and courses, which newsletters bounces and not and how progress is made within courses so that the Company can attempt to improve these numbers.
The Company also use cookies to measure interest and quality of the newsletters being sent out, also this to improve the content based on these insights.
The legitimate basis for this processing is Art 6.1.a Consent.
The Company`s pages on social media such as Instagram, Facebook and YouTube have built-in anonymized analytics tools that are used to see which content performs the best so the Company can create more content in line with its followers` interests.
Regarding automatic decisions, the Company uses Google Ads and Meta Pixels for advertising. The legal basis for this is Art 6.1.a Consent as this must be given from each user of Meta and Google when they sign up for their services.
Please note that this privacy policy only applies to the Company`s own websites.
Browsers, search engines, other websites and social media you use have their own privacy policies. For you to have the greatest possible control over what information you share with them, you are advised to read their privacy policies separately and familiarize yourself with how you can choose which data you share.
7. Transfer of data to third parties
On July 10th, 2023, a new framework between the US and EU was launched, called the EU-US Data Privacy Framework (DPF for short) and made valid with immediate effect.
The Company makes all transfers of data in accordance with the applicable laws, requirements, and regulations.
The Company will not share, sell, transfer, or otherwise disclose your personal data to others without your consent, unless the Company is legally obliged to or have a documented legitimate interest in doing so.
To be able to fulfill its obligations under the agreement with you, the necessary information is disclosed to the Company`s suppliers.
Please be reminded that this privacy policy ONLY applies the personal data collected by this individual Company.
The Company suppliers and systems may collect data that the Company does not and do not have insight into, therefore you are advised to read each privacy policy separately.
In the following list, each provider`s company name is linked to its respective privacy policy, and in parentheses is the necessary guarantee as required in the GDPR:
Google (certified in Data Privacy Framework, in short DPF)
Domeneshop (Norwegian web hotel and host for cookie-banner. All data stored in EU/EEA)
Kartra (Data Processing Agreement with the EU Standard Contractual Clauses)
Meta Facebook, Instagram, Messenger (Certified in DPF)
Hyros analysis (Data Processing Agreement with the EU Standard Contractual Clauses)
Stripe payment (Certified in DPF)
Vipps (Norwegian payment option)
Tripletex (Norwegian accounting system)
DNB Bank (Norwegian bank)
Zoom (Certified in DPF)
The Company also have separate agreements with providers of services like virtual assistance, accounting, ads, website management and podcas management.
8. Data retention
Information collected in connection with your order/purchase is stored in the Company`s active customer register for 3 years from the date of last contact, or at your request unless it violates legal obligations or documented legitimate interests from the Company`s side.
Information for bookkeeping and accounting will be stored for at least 5 years according to applicable laws.
Information collected in connection with email marketing will be deleted at your request.
Information collected and processed for security reasons has no deletion data set. The security systems will store the information for as long as it is necessary to keep the Company websites and systems secure.
Information collected by analytics systems does not have a deletion data and is updated automatically.
Group meetings will be recorded with consent or at contract only. Any recordings will be made available as described in each respective group course or program.
9. Rights for the registered
The Company process data according to the GDPR and applicable laws.
Please note that if you are an EU/EEA resident you may have the right to
You also have specific rights regarding automatic decisions.
The Company uses Meta Pixels and Google for ads. These are based on automatic decisions made by Meta and Google when you have given them consent to use your behavior on their platforms to receive behavior-based ads in your feed.
You can manage such tracking by choosing your preferences on this website: https://www.youronlinechoices.com/
If you think the Company has mishandled your information, or want to make use of your rights, please write an email to info@kristinetghardeberg.no and mark the email “about data privacy*. Your request will be answered as soon as possible, at the latest within 2 business days.
You may also direct a complaint about the Company`s processing of your data to your local data protection authority, but please do contact the Company directly first so we can try and resolve the matter in a simple and uncomplicated way.
Please be advised that the rights listed above is for EU/EEA residents. If you are located outside the EU/EEA area, other laws and rights may apply.
This will not affect the data collection and data processing of the Company.
10. Data Protection Officer
Kristine Hardeberg is responsible for ensuring that the Company process data according to applicable laws.
11. Security
The Company secures your personal data by physical and digital access control, consistent use of legally valid transfer grounds to the USA, as well as by encryption.
The Company also has data processing agreements with all suppliers as well as a set procedure for handling deviations in line with the GDPR.
The Company adheres to strict confidentiality in all contact with customers, and all attendees in group courses etc. must give their written commitment to strict confidentiality as well.
12. Contact information
Inquiries with questions about how the Company process your data or wishes to exercise your rights can be sent by email to info@kristinetghardeberg.no Please mark the subject line with *privacy*.
Your request will be answered within 2 business days.