Privacy Policy
Privacy Policy for Lønna AS
Last updated: 05. January 2025
We are committed to privacy and data protection. This Privacy Policy (“Policy”) explains how we collect, use and protect your personal information when you use our online service and platform, Lonna.no (the “Service”). Please read this Policy carefully to understand how we process your personal information. By using Lonna.no, you consent to our privacy practices as described here.
1. Contact Information
- Email: hei@lonna.no
2. Information We Collect
- Registration Information: When you create a user account, we may ask for personal information such as your name, email address and other relevant information.
- Usage Information: We collect information about how you use the Service, including interactions with content and features.
- Content: Information and content you share or upload to the Service, including resumes and job applications.
- Referral Links and Coupons: The use of referral links and coupons will allow us to see who has used them to administer and verify the use of such offers.
3. How we use the information
- Provide the Service: We use your information to deliver, administer and improve the Service.
- Communications: We may contact you via email or other contact information to send you updates, news and relevant information about the Service.
- Personalization: We use your information to adapt the Service to your preferences and needs, including the use of AI technology (such as OpenAI, Anthropic, Google GCP Gemini) to tailor your job applications and improve the user experience.
4. Legal basis for processing
We process your personal data based on the following legal bases:
- Performance of contract: To fulfill our contractual obligations towards you, cf. GDPR Article 6 (1) b.
- Consent: When you have given your consent to the processing of your personal data, cf. GDPR Article 6 (1) a. You can withdraw your consent at any time.
- Legitimate interest: To pursue our legitimate interests, for example to improve and customize the Service, cf. GDPR Article 6 (1) f.
- Legal obligation: When the processing is necessary for compliance with our legal obligations, cf. GDPR Article 6 (1) c.
5. Shared Information
- Third Parties: We may share information with third-party service providers who assist us with the Service. These providers have limited access to your information and are subject to strict confidentiality requirements.
- Legal Requirements: We may also share your information in accordance with legal requirements, such as court orders, laws or regulations.
- No data exchange without consent: No data exchange takes place without the consent of the user. We limit the amount of personally identifiable information (PII) as much as possible.
6. Information Security
We take the security of your personal information seriously and have implemented reasonable measures to protect it from unauthorized access, modification, disclosure or destruction. Communication between endpoints takes place encrypted on isolated network layers as far as possible. Our sub-processors are thoroughly assessed and must document satisfactory procedures for privacy and information security.
7. Storage of information
We store your personal information for as long as necessary for the purposes described in this Statement, unless longer storage is required by applicable laws and regulations.
8. Your rights
You have the right to request access to, correction or deletion of your personal information. You can also object to the processing of your information or request restriction of processing. Contact us at hei@Lonna.no to exercise your rights. To protect your identity, we may request confirmation of your identity by providing identification.
Read more about your rights on the Data Protection Authority's website: Datatilsynet – Rights.
9. Use of external services
We use the following external services:
- SendGrid (A service from Twilio)
- Purpose: Sending emails and newsletters
- Shared Data: Email address, name, email content
- Legal Basis: Consent
- More Information: SendGrid and Twilio Privacy Policy
- PostHog EU
- Purpose: Analyzing user behavior
- Shared Data: IP address, browser type, pages visited
- Legal Basis: Legitimate interest
- More Information: PostHog Privacy Policy
- Microsoft Clarity Analytics
- Purpose: Understanding user interactions
- Shared Data: User behavior, mouse movements, clicks
- Legal Basis: Legitimate interest
- More Information: https://privacy.microsoft.com/en-GB/privacystatement
- Cloud Services (AWS, Azure, Google GCP Gemini)
- Purpose: Hosting databases, applications, and cloud storage
- Shared Data: Data stored in our systems
- Legal Basis: Performance of contract
- More Information:
- Google Cloud Privacy Statement
- Norwegian Servers for Subprocessing and Automation
- Purpose: Subprocessing content and automating tasks
- Shared Data: User data related to automation tasks
- Legal Basis: Performance of contract
- Stripe for Payment Processing
- Purpose: Handling payments
- Shared Data: Payment information, contact information
- Legal Basis: Performance of contract
- More Information: Stripe Privacy Policy
- Facebook, Google Analytics, TikTok, Instagram, and YouTube
- Purpose: Track user behavior and deliver advertising
- Shared Data: IP address, browser type, pages visited
- Legal Basis: Consent and legitimate interest
- More Information:
- AI Services (OpenAI, Anthropic, Google GCP Gemini)
- Purpose: Provide automated responses and support to users, AI-powered services and analytics
- Shared Data: User input and interaction data
- Legal Basis: Legitimate interest and consent
- More Information:
10. Data Security
We take the security of your personal information seriously and have implemented reasonable measures to protect it against unauthorized access, modification, disclosure or destruction. Communication between endpoints takes place encrypted to the extent possible on isolated network layers. Our sub-processors are thoroughly assessed and must document satisfactory procedures for privacy and information security.
11. Data transfer
The use of sub-contractors may result in the transfer of personal data to countries outside the EU/EEA, but only if the processing takes place in an approved country or on the basis of the EU's standard contractual clauses. The service is developed based on "Large Language Models" (LLM) from Microsoft Azure OpenAI, which is operated from data centers in the USA. Please note that OpenAI does not use user data to train its own models. You can read more about how data is processed and security measures here: Microsoft OpenAI Data Privacy. Data is both transmitted and stored encrypted, and neither employees nor data processors have direct access to customer data.
12. Automated decisions and profiling
We use automated decisions and profiling in connection with the use of AI services to customize and improve the user experience. This may include tailored job applications and recommendations based on your interaction with the Service.
13. Your rights
You have the right to request access to, correction or deletion of your personal information. You can also object to the processing of your information or request restriction of processing. Contact us at hei@lonna.no to exercise your rights. To protect your identity, we may request confirmation of your identity by providing identification.
Read more about your rights on the Data Protection Authority's website: Datatilsynet – Rights.
14. Complaint
If you believe that Lonna.no processes personal data in violation of data protection legislation, you can complain to the Data Inspectorate. The contact information for the Data Inspectorate can be found here: Data Inspectorate – Contact us. We naturally hope that you will first contact us to find a solution. Customer service will process your inquiry as soon as possible, and as a general rule within 30 days.
15. Changes to the Statement
We reserve the right to update this Statement from time to time to reflect changes in our privacy practices. Changes will be announced on this page, and the changed Statement will come into effect immediately. In the event of major changes, you will be notified of this.
16. Cookie consent
We use cookies to improve your experience on our website. For more information about our use of cookies and how you can manage your consents.
17. Contact information
If you have any questions or concerns about this Privacy Policy or our processing of personal information, please contact us at hei@lonna.no.