Privacy policy
Data controller
This privacy policy explains how we collect and use (process) personal data. The Managing Director of Helpful Partners is the data controller. Our contact information is:
Helpful Partners
Business address: Frysjaveien 42E, 0884 Oslo
Organisation number: 926582267
Email address: hello@helpfulpartners.com
We take your privacy seriously and have taken several steps to ensure clear information about how we process your data and what rights you have. Don’t hesitate to contact us if anything seems unclear or missing.
2. Your rights
Contact us if you have questions or want to exercise any of your rights. You are entitled to a response no later than 30 days. Read more on the Norwegian Data Protection Authority’s website.
Access and rectification: You can request a copy of all information we process about you, and ask us to correct information that is inaccurate.
Erasure or restriction: In some situations you can ask us to delete and/or restrict the processing of information about you, but we cannot delete data we are legally required to process.
Object to processing: If we process information about you based on legitimate interest, you have the right to object.
Data portability: If we process information about you based on consent or a contract, you can ask us to transfer your information to you or to another controller.
You also have the right to withdraw your consent at any time. If you are not satisfied with the processing of your data, you can lodge a complaint with the Norwegian Data Protection Authority, but we hope you will tell us directly first so we can try to resolve the matter properly.
3. Who we process personal data about
We process personal data about:
Customers
Prospective customers
Contact persons at suppliers and partners
Website visitors
Job applicants
Employees
Former employees
4. How we collect personal data
Providing personal data to us is voluntary, but to complete a purchase we do need certain information from you. We process personal data when you:
Purchase our services
Contact us by phone, SMS, website, email, or social media
Subscribe to our newsletter
Register for events we organize
Respond to a survey
Use our website
Apply for a job with us or work for us
Are our supplier or partner
5. Purpose, lega basis, and storage
Under GDPR Article 6(1), personal data may be processed on the basis of:
Your consent
A contract we have entered into
A legal obligation we have
A legitimate interest we believe we have
As a rule, personal data should not be processed and stored longer than necessary to fulfill the purpose of the processing. If we process your personal data based on a legitimate interest we believe we have, you can object to the processing by contacting us. We will then assess your objection and get back to you promptly.
To ensure compliance, we conduct annual GDPR audits where we formally review our privacy work. The purpose is to amend, update, and, where necessary, delete personal data.
We retain data as long as we are required to under applicable legal obligations, for example related to accounting, tax, or employment law, and/or other relevant rules and regulations. You can contact us at any time if you want us to stop processing or delete your personal data, but note that we cannot delete personal data we are legally obliged to process.
We have routines to ensure that personal data are deleted from all relevant systems when we no longer have a purpose and/or a legal basis to continue processing them. Accounting records are kept for up to five years, pursuant to the Bookkeeping Act.
6. How we process personal data
Below we describe in detail when and how we process your personal data, for what purposes, on what legal basis, and for how long. We process personal data when:
You communicate with us
When you give us your business card or contact us via the website (contact form, comment field, chat or similar), by email, by phone (calls, text messages), or on social media, we process personal data. Depending on where and how you contact us, this can include your name, contact information, IP address, and other information you choose to share. We use a CRM system to process personal data about prospective and existing customers.
The purpose is to respond to your inquiries, for record-keeping, and to have documentation in case we receive complaints, claims, or legal demands. Legal basis may be your consent, or a legitimate interest we believe we have, namely to respond to your inquiries, maintain history, and keep documentation in case of complaints, claims, or legal demands. We review, archive, and delete inquiries as needed, but no less than once per year.
You purchase our services
When you purchase services from us, we process personal data such as name, contact information, order and payment information, and purchase history. Purpose is to deliver services to you according to your order/purchase, to keep a record of sold services, and to otherwise administer and follow up the customer relationship with you. Legal basis may be a contract we have entered into or legal obligation we have, including under the Bookkeeping Act and the Tax Act.
Marketing in existing customer relationships
When you become a customer, we process personal data as mentioned above. If you have an existing customer relationship with us, we may send you marketing by email and SMS, in line with Section 15 of the Norwegian Marketing Control Act. The legal basis will then be legitimate interest, but can also be consent. The purpose of the marketing is to provide good customer service. You can unsubscribe from marketing by email and SMS at any time. Information on how to unsubscribe is included in all emails and SMS messages we send that are related to marketing. The data are processed as long as the customer relationship exists, or until you unsubscribe from the marketing list.
You apply for a job or work for us
When you apply for a job with us, we process personal data such as name, contact information, CV, and other information we need to assess your application. The legal basis may vary depending on where we are in the recruitment process and the type of position. The data are deleted after a candidate is selected for the job, unless you have consented to us storing your information longer in case you wish to apply at a later time. Such consent will be renewed annually. For employees we process the personal data mentioned above, in addition to information necessary to pay wages and otherwise administer the employment relationship. Legal basis may be a contract we have entered into or a legal obligation we have.
Most employee data are processed based on the employment contract and are generally deleted when the employment ends, unless special reasons (such as a dispute over termination or dismissal) make it necessary to retain them longer.
You register for an event
When you participate in events with us, we process personal data such as name and contact information. For paid events, we also collect order and payment information. Purpose is to offer relevant courses, talks, and workshops, or to fulfill a contract for a booked event.
Legal basis may be your consent or a legitimate interest we believe we have. We may also use your personal data to send you a request to evaluate the event you attended, and possibly to invite you to other similar events. The legal basis is legitimate interest, namely to continuously improve our products and services and provide good customer follow-up. Retention depends on the type of event, but usually the data are deleted no later than within 12 months.
You respond to a survey
We always inform you about the purpose of the surveys we conduct and whether they are anonymous. We do not share the information with others, or use it for purposes other than those stated. For anonymous surveys, we do not collect personal data. The legal basis for non-anonymous surveys may be your consent or a legitimate interest we believe we have.
You are a supplier or collaborate with us
When you enter into an agreement with us as a supplier, partner, or data processor, we process personal data such as name, contact information, and correspondence. The purpose is to enter into an agreement with you, and the legal basis may be a contract we have entered into or a legitimate interest we believe we have. The information is stored as long as we have an ongoing relationship. We process personal data linked to general correspondence and communication as described above
You use our website
When you use our website, we process personal data in line with our cookie policy. The purpose is to administer our website, market the company, and respond to inquiries from visitors. The legal basis for cookies that store or process information falling under Section 2-7b of the Electronic Communications Act is consent through a pre-setting in your browser, in line with the Norwegian Communications Authority’s recommendations as described there.
7. Who we share personal data with
To run our business efficiently and securely, we sometimes need to share your personal data with parties such as:
Providers of various services who process your personal data on our behalf*
Professional advisors in sectors such as legal, finance, accounting, audit, and insurance
Support for IT and administrative systems
Public authorities we are obligated to report to
We require all parties we share your personal data with to protect your data according to good information security and the requirements of the GDPR. We enter into data processing agreements with all who process data on our behalf, and non-disclosure agreements as needed.
*We use data processors for:
Analytics
CRM
Email, calendar, and digital meetings
Bookkeeping, accounting, and invoicing
Cloud storage
Newsletters
Advertising tools
Electronic signature
Surveys
For security reasons, we have not specified these by name, but feel free to contact us if you want to know more.
8. Transfer of data outside the EU/EEA
In some cases, your personal data are transferred outside the EU/EEA. For example, we have outside the EU/EEA:
A provider to handle newsletter distribution
A provider to process customer data
A provider to make services available on our website
Providers for website security
Transfers of personal data outside the EU/EEA are only permitted to countries approved by the European Commission, or under appropriate safeguards under the GDPR. This can, for example, be the EU’s Standard Contractual Clauses. For security reasons we have not specified these by name. Please contact us if you want to know more about which such processors we use, what safeguards apply to such transfers, and what additional security measures we have implemented.
9. Security
We take information security seriously and will always do our utmost to safeguard your personal data in the best possible way. Among other things, we use strong passwords, access control, backups, and two-factor authentication to secure our data and prevent unauthorized access to view, change, delete, or in any way affect the data we store, including your personal data.
We only use reputable providers of IT and administrative services such as web hosting, website security, email provider, backup, and more. We allow others to access and/or process your personal data only according to our instructions and only where strictly necessary (e.g., for IT support).
We have established procedures for handling data breaches and, in the event of an incident, we will notify the Norwegian Data Protection Authority within 72 hours of discovering the breach. If the breach entails a high risk to privacy, we will also notify affected individuals.
This privacy policy was last updated: 31 October 2025.