Privacy Policy

AMELIA SMUTS

 

This privacy policy informs you about what personal data is processed, why your data is processed, and what rights you have in relation to the processing of your personal information.

Using our services involves the transfer of personal data to countries outside the EEA. A transfer of personal data to countries outside the EEA means that the information transferred does not enjoy the same level of protection as within the EEA. You can read more about this in the section titled “Personal Data is Transferred to the USA.”

 

Data Controller

The data controller is the one who determines the purpose of processing personal data and which means are to be used in processing. The data controller for the personal data processed in connection with the services and products we offer is AMELIA SMUTS (org. no.: 818668082).

AMELIA SMUTS is represented by MS, AMELIA SMUTS.

 

Contact information for the data controller:

AMELIA SMUTS

UELANDSGATE 61A

0460 OSLO

Email: [email protected]

 

Special Categories of Personal Data

Special categories of personal data are considered particularly sensitive and worthy of protection. These include information about racial or ethnic origin, political opinions, religion, philosophical beliefs, or union membership, as well as the processing of genetic and biometric data for uniquely identifying a person, health data, or data concerning a person’s sex life or sexual orientation.

According to the GDPR, processing such data is generally prohibited unless there is a specific exemption. For example, this can be based on consent or necessity to protect vital interests.

AMELIA SMUTS does not generally process special categories of personal data. However, we cannot control the information you choose to provide. If such data is submitted in free-text fields, surveys, or emails, and ends up being stored, it will be deleted.

 

Who We Process Personal Data About

We process personal data about, among others:

* Visitors to our website

* Customers and potential customers

* Contact persons at our suppliers and partners

 

When Personal Data Is Registered

To use our services, we must register your personal data. When and how this occurs depends on your interaction with us, including:

* Participation in webinars

* Website visits

* Course registration and participation

* Contact via email, phone, or social media

* Signing up for email lists or newsletters and when opening these emails

 

Purpose and Legal Basis

Your personal data is processed so that we can provide you with our services and products (e.g., courses, newsletters, free content) and for marketing purposes.

 

Course Participation

When enrolling in a course, we process personal data such as your identity, contact details, payment info, course progress, and statistics. If you participate in Q&A sessions, we may process audio, video, email, and chat messages.

Recordings of sessions are shared on the course platform and accessible to other course participants.

Legal basis: GDPR Article 6(1)(b) – processing necessary to fulfill a contract.

Data is kept during your customer relationship and deleted three years after it ends.

Billing data is retained for up to five years to comply with legal obligations under the Accounting Act (Article 6(1)(c)).

Our course and payment service providers are US-based, requiring data transfers to the USA, under GDPR Article 49, due to necessity for fulfilling the service agreement.

 

Webinar Participation

When registering for webinars, your email and username are recorded. If you use the chat, whatever you write will also be processed.

Purpose: Marketing and product awareness through online events.

Legal basis: Our legitimate interest in marketing (Article 6(1)(f)).

Chat content may also be used for improving future webinars.

Our video conferencing provider is based in the US; data transfers occur under Article 49 with your consent.

 

Newsletter and Marketing

If you subscribe to our newsletter, your email address will be recorded.

We personalize newsletters based on purchases, webinar participation, and downloaded content. We also track opens and clicks to optimize future emails.

Purpose: Informing and marketing to customers and potential customers.

Legal basis: Our legitimate interest in direct marketing (Article 6(1)(f)).

 

Customer Communication

When contacting us via email, phone, or social media, your identity, contact info, and any additional data you provide will be processed.

Purpose: Responding to inquiries and managing customer relationships.

Legal basis: Our legitimate interest in communicating effectively with customers (Article 6(1)(f)).

Customer interactions are kept for three years after the relationship ends.

Dialog with prospects is kept for six months unless a purchase is made.

 

Who We Share Your Data With

We do not share your personal data unless we have a legal basis (e.g., your agreement or legal obligation).

We use data processors who process personal data on our behalf for service delivery, compliance, and contractual fulfillment. We always sign agreements with processors to ensure proper data handling.

Our data processors include:

Zoom - video conferencing (webinars, Q\&A sessions)

Kajabi - course platform and newsletter service

Jottacloud - cloud storage (Norwegian provider)

 

Transfer of Personal Data to the USA

"Transfer" can mean either moving data between servers or remote access to personal data.

Generally, personal data may be transferred to third countries if sufficient safeguards are in place. However, the **Privacy Shield** agreement with the US was invalidated in 2020.

We use US-based service providers, requiring both types of data transfer. While we use standard contractual clauses (SCCs) approved by the European Commission, some US laws allow government agencies to request personal data. These requests can affect individuals not directly targeted.

Such disclosures cannot be fully prevented with SCCs. While it's uncertain whether your data will be requested or used by US authorities, if disclosed, we lose control over how it’s used or when it's deleted. You also lose the ability to exercise your GDPR rights regarding this data.

 

Your Rights

You have rights when we process your data. If you contact us to exercise these, we’ll respond as quickly as possible, within one month. This deadline may be extended by two months if needed.

To exercise your rights, email: [email protected]

Or write to:

AMELIA SMUTS

UELANDSGATE 61A

0460 OSLO

 

You have the right to:

Access: You can request to see what personal data is held about you.

Correction: You can request corrections to inaccurate or incomplete data.

Deletion: You may request deletion of data when it’s no longer needed, though we may retain it if legally required.

Restriction: You can request restricted processing in certain cases.

Objection: You may object to processing based on legitimate interests or public interest.

Complain: If you believe your data is mishandled, contact us or file a complaint with the Norwegian Data Protection Authority (Datatilsynet).