Jump to content
Service, project, name...


Privacy policy for Webstep AS


Personal Data

Means any information about an identified or an identifiable physical person.

Personal Data is typically a name, postal address, phone number, email address, and IP address.

The Data Subject

Means the person who is directly or can be indirectly identified by f.ex a name, personal number, postal address, IP-address or one or several aspects that are special for that person’s physical, genetic, mental, economic, cultural or social identity.

Data controller  

Means the organization that determines the purpose of processing Personal Data and the means to be used for the task.

Webstep is the data controller for the Personal Data we process about you and our customers.

Data Processing  

Means the usage of Personal Data, including for example collection, registration, storage, transformation, usage and delivery.

About Webstep AS. Contact information.

Webstep provides a range of services which involve collecting Personal Data about our customers, potential customers, candidates for employment, business partners and visitors to our websites (The Data Subject). This means that Webstep processes Personal Data about The Data Subject.

Webstep is the data processor responsible for the Personal Data we collect about you. If you have any questions or comments regarding this privacy policy or how we process Personal Data then you can contact our Data Privacy Officer Morten Evenrud (mobile: +47 930 67 296) or send us an email at personvern@webstep.no.

About privacy in Webstep

Protecting your Personal Data is of high importance to us. Webstep is committed to protect and respect your right to privacy, and all our data collection is subject to the Norwegian privacy law that also includes the European Union’s General Data Protection Regulation (GDPR) as it is implemented in Norwegian law (“Personopplysningsloven”). This privacy policy applies as of July 1st 2018.

Most information we collect about our customers is required in order to manage our customer relationships, and fulfill our contractual obligations in agreements with customers. In the cases we use consent as the legal basis for processing data we require the consent to be given freely, and The Data Subject shall be provided sufficient information about how and why we collect their Personal Data.

This privacy policy covers how Webstep protects your Personal Data. Webstep is committed to follow the principles for privacy as they are described in the law, and we will:

  1. Be open about how we gather, use and store your Personal Data.
  2. Only use your data in accordance with the purpose we have gathered it for.
  3. Not gather or process more Personal Data than we need.
  4. Use the least privacy-invasive setting as default in all our systems and solutions (privacy by design).
  5. Not store Personal Data longer than necessary.
  6. Provide you with access to your Personal Data, and ensure deletion and correction of Personal Data that is incorrect or that you don’t want to be used.
  7. Use adequate security policies and tools to protect your data.

Why do we gather Personal Data about you, and what do they include?

Personal Data is gathered primarily for the purpose of administering our customer relationships and in order to deliver our services to our customers. We also need to gather information about our business partners. A lot of the information we gathered is not defined as Personal Data, such as company name and business addresses, but we also need to gather the name of contact persons, names of employees, phone numbers and email addresses, postal addresses, purchase history, bank information and more.

The agreements with our customers and business partners are the lawful basis for processing this required data.

All Personal Data we gather about our customers and business partners is collected directly from these entities and stored in Webstep’s systems.

It is voluntary to provide Webstep with Personal Data, but some of the information is required in order to provide our services and invoice our customers correctly.

As part of our customer and employee relationships we will send newsletters and invitations about seminars, courses and other events to relevante contact persons working with you, the customer, or our business partners. You shall always be given the opportunity to opt out from receiving these communications from us and we will inform you about this in all our communications.

As part of any communication with our potential clients and potential employees we will gather consent before we store information about persons in both groups.

We also process Personal Data about participants attending seminars, courses and other events, and we may process Personal Data and other information when sending newsletters. This information is stored first in our CRM-system after gathering consent for this purpose. Participants of events can at any time withdraw their consent by contacting us at personvern@webstep.no.

Webstep.com and our use of cookies

When you visit webstep.com your IP-address is registered. Webstep does not use this information to identify you as a person. The time you spend on our website is stored and anonymised.

This information is used to administer and maintain our website. Webstep.com also uses cookies. These are small packets of data stored on your computer and phone by your browser of choice. A cookie is created for each website and cannot be read by other websites. The data stored in cookies varies by type of cookie. In most cases they contain unique identifiers used to store and remember your preferred settings on a website. Webstep uses cookies in order to remember you as a user and respect your preferred settings when signing into a page and filling out a form on our site.

We also gather statistics about how our website is used in order to improve the user experience and navigation of the website. The data stored in these cookies are anonymised and cannot be used to identify you as a person.

Webstep.com contains links to other websites owned and managed by other companies. Webstep does not take responsibility for content or processing of Personal Data on other websites. You should refer to their privacy policy for more information.

In order to reserve yourself against tracking by cookies you need to change the settings in your browser.

How do we secure your Personal Data?

We are continuously working to ensure your Personal Data and other confidential information. Our security measures include physical, technical and administrative policies.

Our colleagues are given training and guidance for processing and managing Personal Data in a secure manner. We maintain security routines and access management to prevent unauthorised loss and access to the systems storing Personal Data.

We ensure that processing of Personal Data is secure and in accordance with the law, and that all processing protected from any malware.

Security breaches

Any breach of our security routines is documented and we have adequate capacity to discover and manage security breaches. Upon discovering a security breach our management is informed, the risk of the breach is evaluated, and our Data Protection Agency in Norway (Datatilsynet) is informed if necessary. The Data Subject will also be notified in case the breach represents a risk to you and your rights.

In case you discover a breach in our security on webstep.com, we ask you to please contact us immediately at personvern@webstep.no.

The Data Subject’s rights. Data retention period.

We only store Personal Data as long as necessary for the purposes described in this Privacy Policy and to fulfill legal obligations. We usually retain Personal Data for the full duration of our contracts.

You have the right to receive the following information

  • Confirmation if Webstep has stored Personal Data about you
  • Access to the Personal Data, in a common format as well as a machine-readable format
  • Detailed explanations of the Purpose of processing Personal Data and a copy of the Personal Data we store about you

The right to correct information about the Data Subject:

You can demand that Webstep corrects any incorrect details in the Personal Data stored about you in case these are provided by you, or if this information is incomplete or incorrect.

The right to be forgotten (deletion):

You can demand that your Personal Data is deleted when they are no longer needed to achieve the purpose of processing and when a consent is withdrawn. You can contact us at personvern@webstep.no in case you want to access, correct or delete the Personal Data we have stored about you.