Compliance & Data Protection

ColLabNordic is committed to protecting your data and operating in full compliance with Norwegian and European regulations.

GDPRCompliant
Norwegian ASRegistered
SSL/TLSEncrypted
EU HostedData Residency

GDPR Compliance

General Data Protection Regulation (EU 2016/679)

ColLabNordic fully complies with the General Data Protection Regulation (GDPR), incorporated into Norwegian law via Personopplysningsloven. We implement comprehensive data protection measures to safeguard your personal information.

Your Rights Under GDPR

Right to Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate personal data

Right to Erasure

Request deletion of your data

Right to Portability

Export your data in a standard format

Right to Object

Object to processing of your data

Right to Restrict

Limit how we use your data

Data Processing Principles

  • Lawfulness & Transparency: We process data only with valid legal basis and inform you about how we use it.
  • Purpose Limitation: Data is collected for specific, explicit purposes and not used beyond those purposes.
  • Data Minimization: We collect only the data necessary for providing our services.
  • Accuracy: We take steps to ensure personal data is accurate and up to date.
  • Storage Limitation: Data is retained only as long as necessary or required by law.
  • Security: We implement appropriate technical and organizational security measures.

Norwegian Regulatory Compliance

Operating under Norwegian law

ColLabNordic is a registered Norwegian company (Aksjeselskap/AS) operating in full compliance with Norwegian business and data protection laws.

Personopplysningsloven

The Norwegian Personal Data Act implements GDPR into Norwegian law. We comply with all requirements for processing personal data of Norwegian residents.

Bokføringsloven (Accounting Act)

Financial records, contracts, and transaction data are retained for a minimum of 5 years as required by Norwegian accounting law. This includes invoices, payment records, and contractual documentation.

Foreldelsesloven (Limitation Act)

Contract and claim-related documentation may be retained for up to 10 years to establish, exercise, or defend legal claims as permitted under the statute of limitations.

Markedsføringsloven (Marketing Act)

All influencer marketing content facilitated through our platform must comply with Norwegian marketing regulations, including proper disclosure of sponsored content.

Data Retention Policy

How long we keep your data

We retain data only as long as necessary for the purposes for which it was collected, or as required by law. Here's an overview of our retention periods:

Data TypeRetention PeriodLegal Basis
Profile DataUntil account deletionConsent / Contract
MessagesUntil account deletionContract performance
Contracts5-10 yearsLegal obligation
Payment Records5 years minimumBokføringsloven
Invoices5 years minimumBokføringsloven
Login Sessions90 daysLegitimate interest (security)

Account Deletion

Right to erasure (GDPR Article 17)

You can request deletion of your account at any time through your account settings. When you delete your account, we process your data as follows:

Immediately Deleted

  • Profile information (bio, photos)
  • Social media handles
  • Service packages
  • Campaign applications
  • Notifications
  • Login sessions

Anonymized / Retained

  • Contracts (anonymized, retained 5-10 years)
  • Payment records (retained per law)
  • Messages (content redacted)
  • Reviews (reviewer anonymized)

Important Note

Account deletion is not available while you have active contracts or open disputes. Please complete or cancel all active work before requesting deletion.

Request Your Data

Right to access & data portability (GDPR Articles 15 & 20)

Login Required

You need to be logged in to request your personal data export.

Login to Continue

Security Measures

How we protect your data

Encryption in Transit

All data encrypted via TLS 1.3

Encryption at Rest

Database and storage encryption

Secure Authentication

OAuth 2.0, password hashing (bcrypt)

New Device Verification

OTP verification for unknown devices

EU Data Residency

All data stored in European data centers

Regular Security Audits

Continuous monitoring and updates

Questions or Requests?

If you have questions about our compliance practices or want to exercise your data protection rights, please contact us:

Contact: Use our contact form

Response Time: Within 30 days (as required by GDPR)

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no

Last updated: January 2026