Skip to content
Paperfix
Polski Українська Norsk English
Jurisdiction: Norway

Privacy Policy and data protection

§ 1. General Information and Data Controller

This Privacy Policy explains how personal data is collected, processed, and protected in connection with private, non-commercial consultation, administrative support, translation, and in-person accompaniment (møteassistanse) provided personally by an individual (hereinafter referred to as the Controller) representing Paperfix.no in Norway.

All data processing activities are conducted in compliance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven).

§ 2. Categories of Personal Data Processed

In connection with the assignment, the Controller may process the following categories of personal data:

• Contact details: First name, last name, address/correspondence address, email address, phone number.

• Case documentation: Any documents and details necessary for performing the assignment before public bodies (NAV, Skatteetaten, UDI, Helfo, custody, banks, consulates), including employment contracts, payslips, certificates, decisions, tax assessments.

• In-person accompaniment data (møteassistanse): Details of scheduled appointments at public offices, banks, or police, including dates, times, and supporting notes from meetings.

• Transaction data: Phone numbers associated with Vipps, transaction metadata from bank transfers.

§ 3. Purposes and Legal Basis for Processing

Personal data is processed solely for purposes necessary for the proper organization and execution of the assignment:

• Performance of the agreement for assistance and language services (GDPR Art. 6(1)(b)): Providing consulting, translations, drafting applications and appeals, and personal support during scheduled public meetings.

• Pursuing legitimate interests (GDPR Art. 6(1)(f)): Communication, coordinating meeting times, archiving correspondence history, defending against potential legal claims, and verifying case progress.

§ 4. Data Recipients and Processors

Received personal data is treated as strictly confidential. The Controller does not sell or disclose personal data to commercial third parties.

Data may be transferred to trusted technical service providers for the website based on data processing agreements and in compliance with EU Standard Contractual Clauses (SCC).

Transfer of details to public authorities or banks occurs solely at the customer's request and consent as part of the assignment's execution.

§ 5. Data Retention Period

Data is stored for periods strictly related to the purpose of processing and the legal requirements of the Kingdom of Norway:

• Case documents and correspondence: Retained for a period of up to 3 years from the completion of the service, which is directly linked to the general limitation periods for contractual claims under Norwegian law (foreldelsesloven § 2).

• Billing and financial data: Retained for a period of 5 years from the end of the financial year, in accordance with the requirements of the Norwegian Bookkeeping Act (bokføringsloven).

§ 6. Security Measures

The Controller uses modern technical and organizational safety measures, including encrypted devices protected by password and certified SSL encryption on the website.

Upon expiration of the mandatory retention periods, all files, documents, and copies of correspondence are permanently deleted from all digital media.

§ 7. Rights of Data Subjects (Art. 15-22 GDPR)

In accordance with the GDPR, every data subject is entitled to:

• Access their personal data and obtain a copy thereof (Art. 15 GDPR).

• Rectify (correct) their data (Art. 16 GDPR).

• Erase their data ('right to be forgotten' - Art. 17 GDPR) – with the exception of situations where further storage is necessary to fulfill the purposes specified in § 5(2).

• Restrict processing (Art. 18 GDPR) and request data portability (Art. 20 GDPR).

• Object to processing (Art. 21 GDPR) and withdraw consent at any time.

• Lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or other competent supervisory authorities within the EEA (Art. 77 GDPR).