Coastdesign Privacy Policy

Last updated: November 7, 2025

1. Data Controller

Coastdesign AS
Bryggegata 9, 0250 Oslo
Organization Number: 957 383 327
Email: support@coastdesign.no
Phone: (+47) 22 83 35 00

2. What Personal Data Do We Collect?

When you register in our user portal, we collect the following information:

  • Name (first and last name)
  • Email address
  • Password (stored encrypted)
  • IP address (collected during authentication for security purposes)

We do not collect any other personal data through the user portal.

3. Purpose and Legal Basis

We process your personal data for the following purposes:

  • User Account: To create and manage your user account in the user portal
  • Authentication: To verify your identity when logging in and to detect suspicious login activity
  • User Support: To be able to contact you when necessary
  • Security: IP addresses are used to protect against unauthorized access and fraud

The legal basis for processing is performance of contract (GDPR Art. 6 (1) b) - the processing is necessary to deliver the service you have entered into an agreement about.

4. Storage and Security

Retention Period

We store your personal data as long as you have an active user account with us. If you delete your account, personal data will be deleted within 30 days.

IP addresses used for authentication are retained for 90 days for security purposes.

Security

We use recognized security measures to protect your personal data:

  • Passwords are stored encrypted (hashed and salted)
  • Secure transmission via HTTPS/SSL
  • Access control for our employees
  • Data is stored in secure data centers

5. Sharing of Personal Data

We do not sell or disclose your personal data to third parties. Your personal data is only accessible to our employees who need access to deliver the service.

We use the following service providers who may have access to personal data:

  • Microsoft Azure - for hosting and operation of the user portal. Data is stored in Azure data centers within the EU/EEA.

All our suppliers are subject to data processing agreements that ensure your data is processed in accordance with GDPR.

6. Your Rights

You have the following rights under privacy legislation:

Access

You have the right to access what personal data we process about you.

Rectification

You have the right to have incorrect or incomplete information about you corrected.

Erasure

You have the right to have your personal data deleted ("the right to be forgotten"), unless we have a legal obligation to retain them.

Data Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format.

Object

You have the right to object to the processing of your personal data.

Complaint

You have the right to lodge a complaint with the Norwegian Data Protection Authority if you believe we process your personal data in violation of privacy regulations.

7. How to Exercise Your Rights

To exercise your rights or if you have questions about how we process your personal data, you can contact us at:

Email: support@coastdesign.no
Phone: (+47) 22 83 35 00

8. Changes to the Privacy Policy

We may update this privacy policy from time to time. In case of significant changes, we will inform you via email or when logging into the user portal.

9. Contact Information for the Data Protection Authority

Norwegian Data Protection Authority (Datatilsynet)
P.O. Box 458 Sentrum, 0105 Oslo, Norway
Phone: +47 22 39 69 00
Email: postkasse@datatilsynet.no
Website: www.datatilsynet.no