Privacy Policy

This Privacy Policy explains how Danora AS (“Danora”, “we”, “us”) collects, uses, shares, and protects personal data when you visit our website or interact with us online. It also explains your rights under applicable data protection laws, including the EU/EEA GDPR and (where relevant) the UK GDPR.

1) Data Controller

Danora AS (Organisation number 986 901 140) is the data controller for the processing described in this policy.

Registered address: Karenslyst allé 5, 0278 Oslo, Norway
Email: danora@danora.no

2) Personal data we collect

A. Data you provide

When you contact us or sign up for updates, we may collect:

  • Name

  • Company / organisation

  • Role/title (if provided)

  • Email address

  • Phone number (if provided)

  • Message content and any information you choose to share

  • Newsletter preferences (if applicable)

B. Data collected automatically

When you use our website, we may collect:

  • IP address

  • Device and browser information

  • Pages viewed and interactions

  • Approximate location (derived from IP)

  • Referring/exit pages and timestamps

This information is collected via cookies and similar technologies (see Section 6).

We do not intend to collect special category (sensitive) personal data. Please do not submit sensitive personal data through website forms.

3) How we use personal data and our legal basis

A. Respond to enquiries and manage dialogue

  • Purpose: Respond to messages submitted via our contact form and email, and manage business communications.

  • Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) and/or steps prior to entering into a contract (GDPR Art. 6(1)(b)) where relevant.

B. Newsletter and marketing communications

  • Purpose: Send updates, news, and marketing communications to subscribers.

  • Legal basis: Consent (GDPR Art. 6(1)(a)) cf. Marketing Act § 15(1). You can unsubscribe at any time using the link in our emails or by contacting us.

C. Website analytics and improvement

  • Purpose: Understand website usage and improve performance, content, and user experience.

  • Tools: Google Analytics.

  • Legal basis: Consent (GDPR Art. 6(1)(a)) for non-essential cookies/analytics where required.

D. Advertising and measurement

  • Purpose: Measure and improve marketing campaigns, including conversion measurement and advertising effectiveness.

  • Tools: Google Ads tags and LinkedIn Insight Tag.

  • Legal basis: Consent (GDPR Art. 6(1)(a)) for non-essential cookies/pixels where required.

E. Website operation and security

  • Purpose: Provide core website functionality, security, and troubleshooting.

  • Legal basis: Legitimate interests (GDPR Art. 6(1)(f)).

F. Compliance and legal obligations

  • Purpose: Comply with legal obligations and respond to lawful requests.

  • Legal basis: Legal obligation (GDPR Art. 6(1)(c)).

4) Sharing and disclosure of personal data

We may share personal data with trusted suppliers that help us operate our website and communications, including:

  • Squarespace (website hosting, site operations, forms, and newsletter sign-up infrastructure)

  • Google (Google Analytics and Google Ads measurement)

  • LinkedIn (LinkedIn Insight Tag measurement)

  • Weglot (website translation functionality)

  • IT/security providers and professional advisors where necessary

These parties process personal data on our behalf as service providers (data processors) or, in certain contexts (e.g., some advertising/measurement services), as separate controllers. We share only what is necessary and use appropriate contractual protections where required.

5) International transfers

Danora operates across Norway, Sweden, the EU/EEA, and the UK. Some suppliers may process personal data outside the EU/EEA and/or the UK. Where international transfers occur, we use appropriate safeguards, such as EU Standard Contractual Clauses and/or the UK International Data Transfer Addendum, as applicable, and additional measures where required.

6) Cookies, consent, and embedded content

A. Squarespace cookie banner

We use Squarespace’s built-in cookie banner to provide information and collect consent for non-essential cookies (such as analytics and advertising cookies). You can manage your preferences through the cookie banner/settings on the website.

B. Cookie categories

We use:

  • Strictly necessary cookies (required for website functionality and security)

  • Analytics cookies (as Google Analytics)

  • Advertising/measurement cookies (as Google Ads tags, LinkedIn Insight Tag)

C. YouTube embeds

Our website may include embedded YouTube content. When you interact with embedded content, YouTube/Google may collect personal data and set cookies in accordance with their own policies and settings.

7) Data retention

We keep personal data only as long as necessary for the purposes described:

  • Enquiries (contact form/email): typically up to 24 months after last interaction (unless a longer period is needed for documentation or legal claims)

  • Newsletter subscription data: retained until you unsubscribe or request deletion (subject to reasonable administrative handling)

  • Analytics and advertising data: retained according to the settings and retention controls of the relevant tools and our internal practices

  • Legal/compliance data: retained as required by law

We may retain data longer where necessary to establish, exercise, or defend legal claims.

8) Your rights

Depending on your location (EU/EEA/UK), you may have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Request erasure (in certain cases)

  • Restrict processing (in certain cases)

  • Data portability (in certain cases)

  • Object to processing based on legitimate interests

  • Withdraw consent at any time where processing is based on consent

To exercise your rights, contact danora@danora.no.

You also have the right to lodge a complaint with a supervisory authority. In Norway, this is Datatilsynet. In the UK, this is the Information Commissioner’s Office (ICO).

9) Security

We implement appropriate technical and organisational measures designed to handle personal data in a secure manner. No online transmission or storage is completely secure, but we work to maintain a strong level of protection.

10) Third-party links

Our website may link to external sites not operated by us. We are not responsible for the privacy practices of third parties. We recommend reviewing their policies.

11) Children

Our website is not directed to children, and we do not knowingly collect personal data from children.

12) Changes to this Privacy Policy

We may update this policy from time to time. The “Last updated” date shows when changes were made. The latest version will always be published on our website.

Last updated: 21/04/2026