Cadify Norway Privacy Policy – GDPR Compliance & Data Protection

Introduction

At Cadify Norway, we take your privacy seriously and are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and relevant Norwegian data protection laws. This Privacy Policy explains how we collect, use, store, and share your personal information when you engage with our CAD-based automated configuration services, visit our website, or communicate with us.

As a company specializing in automated backend CAD configurations, we process only the data necessary to provide our services efficiently. Our approach ensures that data handling remains minimally intrusive, strictly limited to professional business contexts, and aligned with legitimate business interests under Article 6(f) GDPR. We do not engage in automated profiling, behavioral tracking, or excessive data collection.

This Privacy Policy outlines:

What personal data we collect and why it is necessary for our services.

How we store, secure, and process your information.

Your rights under GDPR, including access, correction, deletion, and data portability.

How we share information with trusted partners and ensure compliance with data protection laws.

The use of cookies and third-party integrations, ensuring transparency in data collection practices.

We believe in full transparency regarding data processing. If you have any questions or concerns about how your data is handled, we encourage you to contact us. Additionally, if you feel your data rights are not being upheld, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

By using our services, you acknowledge that you have read and understood this Privacy Policy. We regularly review and update our policies to reflect legal changes and best practices in data protection. The latest version of this Privacy Policy is always available on our website.

 

  1. Contact information of Cadify product configurator

Cadify is the data controller for the handling of your personal data. If you have any questions about the processing or would like to get in touch with us to exercise your rights, please find our contact details below:

Cadify Norway

c/o Widemore as

Sagveien 15

1890 Rakkestad

 

 

 

  1. Key concepts

Personal data is information that, alone or in combination with other information, can be used to identify, locate or contact an individual. Examples of personal data are name, telephone number and IP address.

Processing of personal data involves all forms of handling of personal data such as: collection, analysis, registration and storage.

The data controller is the person who determines the purpose of the processing of personal data and what information is requested. It is the data controller who is responsible for ensuring that the processing of your personal data takes place in accordance with the applicable Personal Data Act.

  1. Cadify Norway v/Widemore AS is the data controller

Cadify Norway v/ Widemore aas is the data controller for the handling of your personal data.

  1. What kind of information do we collect?

When you register via a form, order a service or product, use our chat function or visit our website, you may be asked to provide information. Depending on the situation, we may request the following personal information:

 

Name

Email address

Telephone number

What company you work for

Position or area of responsibility

What industry you work in

Website URL of your business

Shipping address of the company you work for

Information about the type of computer assistance your company wants and what products and packages they have

Other information such as in-depth questions or answers to forms

Shopping cart and project content, orders, product configurations, quotation requests

Technical data: the URL you use to access our websites, your IP address and e-mail address if you are logged in.

 

  1. Article 6 f as an alternative to opted consent via online website. Consent can be withdrawn

Cadify Norway processes personal data under legitimate interest (Article 6(f) GDPR) to provide automated CAD configurations and related business services. This processing is necessary to:

  • Deliver CAD-based automated configurations tailored to user requests.
  • Ensure technical functionality and improvement of backend automation.
  • Provide professional follow-up on configuration requests.
  • Secure the integrity and security of the platform.

We have conducted a balancing test and determined that this processing does not override users' rights and freedoms, as the data is strictly limited to professional business purposes, is minimally intrusive, and is essential for delivering the requested service. Users can exercise their rights, including opting out of non-essential processing, by contacting us.

 

  1. Information from other sources

When you consent to us processing your personal data, you also agree that we can register other information about you that you have provided us with on a previous occasion. Based on publicly available information, we may also supplement your registered information with industry and additional contact information.  If you are a customer of ours, we can also add additional contact information to your information, which you have registered with us via e.g. telephone to customer service. Information that is necessary for the services you are going to use will also be stored.

 

  1. The purpose of the processing of the personal data

The information you provide is used for the following purposes:

  • Customer care and information about our products
  • To obtain statistics and information about user behavior in order to improve both the website and the user experience itself
  • To allow our partners to send you quotations on your requests
  • To ensure your safety and security while browsing our website

We ask for your personal data in order to:

  • Responding to requests
  • Send the requested material, or otherwise be able to fulfill our obligations towards you submitting your information
  • Create and maintain a sales dialogue
  • Send information that may be of interest to you
  • Add you to the mailing list for news and other content that you have chosen to receive

We never use your personal data for automated profiling, scoring, or AI-based decisions.

 

  1. Consent to email correspondence, direct marketing and further contact

When you consent to us processing your personal data in accordance with the above purposes, you agree to the following:

We process your personal data in accordance with this Privacy Policy

We can contact you by email or phone

Subscribing to newsletters via email you have chosen to receive. You can opt out of receiving further emails by following the link at the bottom of our emails or by contacting us directly.

 

 

  1. How long is the data stored?

We process the personal data only for as long as it takes to fulfill the purpose of their collection, after which we delete the information.

If you have an active dialogue with us, we will keep your information for 2 years from the last contact; We will then remove the information we hold about you. An active dialogue is defined as that you have interacted with Romerike Internet or representatives of us for the past 2 years by phone, by answering e-mails, downloading material on the website or registering via a form.

If you have consented to the processing of your personal data in connection with your subscription to regular emails, we will continue to process your personal data until you unsubscribe. We then store your personal data for 2 years before deleting the information.

For users who submit inquiries but do not engage in a business relationship, we retain data for 2 years  before deletion.

In the event that you are employed by a company that is a customer of ours, we process your data within the framework of customer care. For active customer relationships, we process your data until (1) you terminate your position in the company, or (2) the company no longer has an active customer relationship with us. When a customer relationship is terminated, the terms and conditions for storing and processing data will be changed to the same terms and conditions described in the previous sections. If you terminate your employment with the company, you are responsible for notifying us so that we can delete your information.

 

 

  1. Who can the information be shared with?

The information provided will be available to a limited number of people in the company, who work in the marketing department, customer support, sales or development.

  1. Information Sharing with Third Parties

We do not sell your personal data to third parties. If there is an ongoing sales or customer dialogue between you, us and any of our business partners, we share information such as:

Name

Email address

Telephone number

What company you work for

Your company’s shipping address

Content of your projects (lists of product configurations you requested quotation on)

 

If we have registered your data in connection with an event that is carried out together with an external party, we may transfer the same categories of personal data as set out above, as well as any answers to further form or in-depth questions.

Our partners only process personal data under strict Data Processing Agreements (DPAs). We share personal data only when necessary for requested configurations and services.

 

  1. Where is the data stored?

ServeTheWorld as (STW) Oslo is our primary web server host, where our web store is hosted along with the database. As per preliminary information ( 2025 02 04) all data on all web servers are stored locally,including current backup solutions. Consequently, STW is not a data processor in this context.

Dropbox is our primary cloud based API accsessed ( not mounted on any local servers) for all our CAD data, which contain no personal or privace concerned information. However, we store temporarily fragments of information (email addresses, product configurations). Since Cadify Norway uses Dropbox Basic, Dropbox is the Data Controller of stored data under GDPR. This means Cadify Norway does not act as a Data Controller over data stored in Dropbox but still retains full responsibility as a Data Controller for all other personal data collected outside Dropbox. Dropbox acts as a Data Controller for any data stored under this plan. Ref our documentation: 2025 02 04 Dropbox is the Data Controller of Cadify data at C:\Dropbox\Cadify\10 GDPR\Dropbox

All accounting data is managed by the accounting firm Fiken as, whith the following User Agreement: 2025 02 03 Brukeravtale for regnskapssystemet Fiken as Versjon 2025 02 03 Kopiert ned fra Fiken v Jørn 2025 02 03 som en del av Cadify Databehandleravtale som referanse for vår Databehandleravtale.

None of these third parties process data outside the EU/EEA. (As requirement by GDPR art. 44):

 

  1. Your rights in relation to access, deletion, possible relocation and lodge complaint

You have the right to receive information about what information we have about you. You can also demand that we correct incorrect information or delete your information.

If you wish to withdraw your consent or request an overview of information, correction or deletion, please contact us at the e-mail address we have provided under the section for contact information. To receive such information, you must send an electronic copy of the request on a signed document. If you want to move information, we can also help you with that.

Please note that the deletion of your data does not include invoicing data or invoices. Cadify invoices its partners based on service usage and the invoices group certain usage metrics based on customer email addresses. Email addresses stored for invoicing or invoices containing customer email addresses do not get deleted with other personal data collected.

You can request a copy of  your data in a structured, commonly used format (e.g., CSV, JSON).

User has the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet). If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Norwegian Data Protection Authority.

 

  1. Other purposes

If we are to use the personal data for a purpose other than the one for which it was collected, the duty to provide information arises again and we must then state what the new purpose is and provide parts of the above information again.

  1. Cookies

Cookies are small text files that are placed on your computer when you download a website.

The storage of information and the processing of this information is not permitted unless the user has both been informed of and has given his/her consent to the processing. The user must be informed about and approve what data is being processed, what the purpose of the processing is and who is processing the data.

We use the following cookies with the following purposes on our website:

  • .Nop.Antiforgery: Protects against forgery attacks.
  • .Nop.Authentication: Persists authentication hash for the remember me function.
  • .Nop.Culture: Stores the last selected language.
  • .Nop.Customer: Stores the currently logged in user’s GUID for convenience.
  • .Nop.Session: Stores the ID of the current user session.
  • ccm: Stores the last selected calculation mode for products.

We only use cookies to give you a better user experience on our pages so that you do not have to fill in fields again every time you are on our pages. All our cookies are required by our system to work correctly.

  1. Email and phone

We use e-mail and telephone as part of our daily work. Relevant information that emerges from telephone calls and e-mail exchanges that take place as part of customer service is registered in the customer system.

Our employees also use e-mail in general dialogue with internal and external contacts. The individual is responsible for deleting messages that are no longer relevant, and at least every year reviewing and deleting unnecessary content in the e-mail box. Upon resignation, the email accounts will be deleted, but some relevant emails will normally be transferred to colleagues.

Sensitive personal data should not be sent by e-mail.

Please note that regular email is unencrypted. We therefore do not encourage you to send confidential, sensitive or other confidential information via e-mail.