NorrLab AB

Privacy Policy

Effective date: 24 March 2025   |   Version: 1.0   |   Applicable law: GDPR (EU) 2016/679 


1. Introduction 

NorrLab AB ("we", "us", "our") is committed to protecting your privacy. We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the Swedish Data Protection Act (2018:218), and other applicable legislation. 

This Privacy Policy describes what personal data we collect, how we use it, the legal bases for processing, how long we retain it, and what rights you have. 

This policy applies to all visitors to www.norrlab.com, anyone who contacts us, and anyone who engages us as a service provider.  

2. Data Controller 

The data controller responsible for the processing of your personal data is: 

NorrLab AB 

Website: www.norrlab.com 

Contact: Please use the contact form at www.norrlab.com/contactus 

If you have questions about how we handle your personal data, please do not hesitate to get in touch. 

3. What Personal Data Do We Collect? 

We collect personal data in the following situations: 

3.1 When You Contact Us 

Via the contact form at www.norrlab.com/contactus, we may collect: 

  • Full name 
  • Email address 
  • Phone number (if provided) 
  • Company name 
  • The content of your message 

3.2 Technical Data When You Visit Our Website 

We use Matomo (a privacy-focused analytics tool) and the LinkedIn Insight Tag to analyse traffic and improve our website. Data collected may include: 

  • IP address (anonymised) 
  • Browser type and version 
  • Operating system 
  • Referring URL 
  • Pages visited and time spent 
  • Click behaviour on the website 

3.3 Cookies 

We use cookies to ensure the functionality of our website and for analytics purposes. You can choose to allow all cookies or only essential cookies via our cookie banner. For full details, please read our Cookie Policy at www.norrlab.com/cookie-policy. 

4. Purposes and Legal Bases for Processing 

All personal data is processed for a specific purpose and on the basis of a legal ground under Article 6 GDPR: 

Purpose: Handling enquiries and customer communication 

Legal basis: Legitimate interest (Art. 6.1.f) / Performance of a contract (Art. 6.1.b) 

Purpose: Improving and optimising the website (web analytics) 

Legal basis: Legitimate interest (Art. 6.1.f) / Consent (Art. 6.1.a) for cookies 

Purpose: Marketing analytics via LinkedIn Insight Tag 

Legal basis: Consent (Art. 6.1.a) 

5. Retention Periods 

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law: 

  • Contact enquiries: 24 months from the most recent interaction, or until the matter is closed 
  • Customer relationships: For the duration of the contract and up to 7 years thereafter (Swedish Bookkeeping Act) 
  • Web analytics data (Matomo): 13 months 
  • LinkedIn data: In accordance with LinkedIn's own retention policies 
  • Cookies: See Cookie Policy 

Once the retention period has expired, data is securely deleted or anonymised. 

6. Recipients of Personal Data 

We share your personal data with third parties only where necessary and with appropriate safeguards in place. 

6.1 Data Processors 

The following vendors process personal data on our behalf (as data processors): 

  • GleSYS AB – web hosting and server infrastructure (Sweden) 
  • Matomo (Vertel AB) – web analytics (Sweden / EU) 
  • LinkedIn Corporation – marketing analytics (USA – see section 7) 

6.2 No Sale of Data 

We never sell your personal data to third parties. 

7. International Transfers 

LinkedIn Corporation is based in the United States. Transfers of data to LinkedIn are carried out on the basis of the European Commission's Standard Contractual Clauses (SCCs) pursuant to Article 46 GDPR. LinkedIn is also certified under the EU-U.S. Data Privacy Framework. 

All other processing takes place within the EU/EEA. 

8. Your Rights 

Under the GDPR, you have the following rights regarding your personal data: 

Right of access (Art. 15) 

You have the right to request a copy of the personal data we hold about you. 

Right to rectification (Art. 16) 

You have the right to request that inaccurate or incomplete data about you is corrected. 

Right to erasure (Art. 17) – "the right to be forgotten" 

You may request the deletion of your personal data under certain conditions, for example where the data is no longer necessary for the purposes for which it was collected. 

Right to restriction of processing (Art. 18) 

You may request that we restrict the processing of your data in certain circumstances. 

Right to data portability (Art. 20) 

You have the right to receive the data you have provided to us in a structured, commonly used, machine-readable format, where processing is based on consent or a contract. 

Right to object (Art. 21) 

You have the right to object to processing based on legitimate interest. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests. 

Right to withdraw consent 

Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. 

To exercise any of your rights, please contact us via the contact form at www.norrlab.com/contactus. We will respond without undue delay and no later than 30 days. 

9. Right to Lodge a Complaint 

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY), which is the supervisory authority for data protection matters in Sweden. 

Integritetsskyddsmyndigheten (IMY) 

Website: www.imy.se 

Email: imy@imy.se 

Phone: +46 8 657 61 00 

You may also contact the supervisory authority in your country of residence within the EU/EEA. 

10. Security Measures 

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or improper disclosure. These include: 

  • Encrypted communication via HTTPS 
  • Access controls for systems and databases 
  • Regular security reviews 
  • Data processing agreements with all data processors 

11. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time. For material changes, we will provide a clear notice on our website. The current version is always available at www.norrlab.com. 

This policy is effective as of 24 March 2025. 


NorrLab AB  |  www.norrlab.com  |  Configuration & Integration Experts 

https://deployed.dynamaker.com/applications/test/U03vWBf84mY/