This Privacy Policy applies to all personal data processed by Strengthdetoxify in connection with the operation of strengthdetoxify.world, including data submitted via the contact form. We are fully compliant with GDPR (EU 2016/679) and Norwegian Personal Data Act. Please read this policy carefully before submitting your personal information.
1. Data Controller
The data controller responsible for personal data collected through this website is:
- Business name: Strengthdetoxify
- Registered business address: Akershusstranda 15, Skur 35, 0150 Oslo, Norway
- Phone: +47 22 11 29 22
- Email: assist@strengthdetoxify.world
- Country of registration: Norway
- EU/EEA establishment: Yes
As the data controller, Strengthdetoxify determines the purposes and means of processing personal data collected through this website. All processing is conducted in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) as implemented in Norway through the Personal Data Act (Personopplysningsloven) of 2018.
2. Personal Data We Collect
We collect personal data through the following means:
2.1 Contact Form
When you submit the contact form on our website, we collect the following data:
- Full name
- Email address
- The content of your message
- The date and time of submission
- Your consent confirmation for data processing
2.2 Automatically Collected Technical Data
When you visit our website, certain technical data is automatically collected through server logs and, where applicable, cookies:
- IP address (anonymised where possible)
- Browser type and version
- Operating system
- Referring URL
- Pages visited and time spent
- Date and time of access
This technical data is collected to ensure the security and proper functioning of the website and does not, under normal circumstances, identify you as an individual.
2.3 Cookie Data
If you consent to analytics or marketing cookies, additional behavioural data may be collected. For full details, please refer to our Cookie Policy.
3. Legal Basis for Processing
We process your personal data only where a valid legal basis under Article 6 of the GDPR exists. The legal bases we rely on are as follows:
- Consent (Article 6(1)(a)): When you tick the GDPR consent checkbox on the contact form, or when you accept optional cookies via the cookie consent banner, you give us your explicit consent to process the relevant data for the stated purpose.
- Legitimate interests (Article 6(1)(f)): We process certain technical and analytical data on the basis of our legitimate interest in maintaining website security and improving our services. We balance this interest against your privacy rights and only process the minimum data necessary.
- Performance of a contract or pre-contractual steps (Article 6(1)(b)): Where you enquire about or purchase one of our educational programs, we process your data to the extent necessary to fulfil that enquiry or contract.
We do not process any special categories of personal data (Article 9 GDPR) and we do not make automated decisions that produce significant effects on individuals.
4. Purpose of Data Processing
We process your personal data for the following specific and limited purposes:
- Responding to enquiries: To read and respond to messages submitted through the contact form.
- Service delivery: To provide educational programs and personalised plans that you have requested or enquired about.
- Website maintenance and security: To monitor and maintain the technical operation of the website and protect it from misuse or attack.
- Analytics (with consent): To understand how visitors use the website in aggregate, so we can improve content and structure.
- Legal compliance: To meet our obligations under Norwegian and European law, including data protection, tax, and consumer protection regulations.
We do not use your personal data for automated profiling, direct marketing, or any purpose beyond those listed above without first obtaining your explicit consent.
5. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data with third parties for their own commercial purposes. We may share limited data with carefully selected processors in the following circumstances:
- IT and hosting providers: Our website is hosted on secure infrastructure. The hosting provider processes technical data on our behalf as a data processor under a data processing agreement.
- Email service providers: When communicating with you, we may use an email service provider. These providers act as processors and are contractually bound to handle data only as instructed by us.
- Legal and regulatory authorities: We may disclose personal data if required to do so by Norwegian law, court order, or in response to a legitimate request from a public authority.
All third-party processors with whom we share data are required to handle it in accordance with GDPR and to have appropriate technical and organisational security measures in place.
6. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our standard retention periods are as follows:
- Contact form submissions: Messages and associated personal data are retained for up to 24 months from the date of submission, or for the duration of any ongoing service relationship, whichever is longer.
- Service and contract data: Records relating to purchased programs or services are retained for 5 years in accordance with Norwegian accounting law (Bokføringsloven).
- Website server logs: Technical log data is retained for up to 12 months for security purposes, after which it is automatically deleted or anonymised.
- Cookie consent records: Records of your cookie preferences are stored in your browser's local storage and are cleared when you clear your browser data, or when you update your preferences.
At the end of each retention period, data is securely deleted or anonymised in a way that prevents re-identification.
7. International Data Transfers
Norway is a member of the European Economic Area (EEA), and the data protection framework applied here is equivalent to that of the EU. We aim to process all personal data within the EEA wherever possible.
In cases where data is transferred outside the EEA — for example, if a hosting or email service provider operates infrastructure in a third country — we ensure that appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission for relevant countries
- Binding Corporate Rules where applicable
You may request information about the specific safeguards in place for any international transfer by contacting us at the details provided in Section 13.
8. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights in relation to your personal data. These rights apply where we process your data based on consent or legitimate interest:
- Right of access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
- Right to rectification (Article 16): You have the right to request that inaccurate or incomplete personal data be corrected without undue delay.
- Right to erasure (Article 17): In certain circumstances, you have the right to request the deletion of your personal data ("the right to be forgotten").
- Right to restriction (Article 18): You may request that we restrict the processing of your data while a dispute or correction request is being handled.
- Right to data portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, machine-readable format.
- Right to object (Article 21): You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
To exercise any of these rights, please contact us in writing using the details in Section 13. We will respond to verified requests within one month of receipt, with possible extension to three months for complex requests.
9. Security Measures
We take the security of your personal data seriously and implement appropriate technical and organisational measures in line with Article 32 of the GDPR. These include:
- All pages on this website are served over HTTPS (TLS encryption), preventing interception of data in transit.
- Access to systems containing personal data is restricted to authorised personnel only, using strong authentication controls.
- We conduct periodic reviews of our data processing practices and security controls.
- Our hosting infrastructure is operated under security-certified conditions with physical access controls.
- We maintain procedures for detecting, reporting, and investigating personal data breaches in line with Articles 33 and 34 GDPR.
While we take these measures seriously, no method of data transmission over the internet is 100% secure. If you have reason to believe that your data has been compromised, please contact us immediately.
10. Cookies
This website uses cookies and similar technologies. Strictly necessary cookies are used without consent as they are essential for the website to function. Optional analytics and marketing cookies are only placed on your device if you provide explicit consent via the cookie banner.
For a detailed explanation of the cookies we use, their purpose, duration, and how to manage your preferences, please see our Cookie Policy.
11. Children's Privacy
This website and its services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under the age of 16. If you are a parent or guardian and believe that a child has submitted personal information through this website, please contact us immediately so that we can delete the relevant data.
Under the Norwegian Personal Data Act, consent for children under 15 must be given or authorised by a parent or guardian with parental responsibility.
12. Changes to This Policy
We may update this Privacy Policy from time to time in response to changes in the law, our data processing activities, or best practice. The date at the top of this page reflects the most recent revision.
Where changes are material — meaning they affect your rights or how your data is used — we will take reasonable steps to notify you. Continued use of the website after a policy update constitutes acceptance of the revised terms, unless your explicit consent is required by law, in which case we will seek it separately.
We encourage you to review this page periodically to stay informed about how we protect your information.
13. Contact and Complaints
If you wish to exercise any of your data protection rights, have questions about this policy, or wish to raise a concern, please contact us:
- By post: Strengthdetoxify, Akershusstranda 15, Skur 35, 0150 Oslo, Norway
- By phone: +47 22 11 29 22
- By email: assist@strengthdetoxify.world
We take all privacy enquiries seriously and aim to respond within one month. If you are not satisfied with our response, or believe that our processing of your data is unlawful, you have the right to lodge a complaint with the Norwegian Data Protection Authority:
- Datatilsynet
- Postboks 458 Sentrum, 0105 Oslo, Norway
- www.datatilsynet.no
You also have the right to seek judicial remedy before a competent court.