Privacy Policy

The data controller is the Swiss-Norwegian Chamber of Commerce, registered in Oslo, Norway. Full legal and contact details are listed in our Impressum. For any privacy matter you can reach us at oddmartin.guttulsrud@gmail.com.

Information you provide to us — when you fill in the contact form or the membership application, we collect the data you submit (e.g. name, email, company, message). We use this only to respond to your enquiry or process your application.

Server logs — like most websites, our hosting provider (Vercel) keeps short-lived access logs containing IP address, request path, and user agent. This is used for security and abuse-prevention.

Cookies & similar technologies— we store your cookie-consent choice in your browser's local storage so we can remember it. We do not run analytics or advertising cookies unless you explicitly accept them, and you can change or withdraw your choice at any time via the "Cookie settings" link in the footer. When bot-protection (Cloudflare Turnstile) is active on our forms, Cloudflare may set its own cookie to run the challenge. For the full list of cookies and their purposes, see our Cookie Policy.

For visitors in the EU/EEA we rely on Article 6(1)(b) GDPR (necessary to enter or perform a contract) for membership and contact-form submissions, and Article 6(1)(a) (consent) for any optional analytics.

For visitors in Switzerland, processing is carried out under the revised Federal Act on Data Protection (nFADP).

Contact-form submissions: up to 24 months after the last contact. Membership applications and member records: for the duration of the membership plus 7 years for accounting purposes. Server logs: up to 30 days.

We do not sell or rent personal data. We share it only with the service providers strictly necessary to operate the site:

• Vercel (hosting & content delivery, EU regions)
• Supabase (database & authentication, EU region)
• Cloudflare (bot-protection / CAPTCHA on our forms via Turnstile)
• Sentry (error and performance monitoring) — only when enabled, and configured to avoid capturing form content

These providers act as processors under our written instructions and are bound by data-processing agreements.

We process personal data within the EU/EEA (our hosting and database providers operate in EU regions). As a Norway-based controller we are subject to the GDPR as applied in the EEA, supervised by Datatilsynet, and we also comply with the Swiss revised Federal Act on Data Protection (nFADP) for data subjects in Switzerland.

Transfers between the EEA and Switzerland do not require additional safeguards, as Switzerland benefits from an EU adequacy decision (and recognises the EEA in turn). Where a processor is located outside the EEA or an adequate country, the transfer is protected by the European Commission's Standard Contractual Clauses (and equivalent Swiss safeguards).

You can request access to, correction of, or deletion of your personal data at any time. You may also object to or restrict processing, request data portability, and lodge a complaint with your supervisory authority (in Norway: Datatilsynet; in Switzerland: FDPIC).

To exercise any of these rights, contact us at oddmartin.guttulsrud@gmail.com.

We may update this policy from time to time. Material changes will be announced on this page with an updated "Last updated" date.