This privacy policy describes how Kodemagisk A.S. (hereinafter "we") collects and uses personal data when you visit our website or use our services. We take your privacy seriously and comply with the Norwegian Personal Data Act and the EU General Data Protection Regulation (GDPR).
1. Data controller
Kodemagisk A.S. is the data controller for the processing of personal data described here.
- Organisation number: 937 052 952
- Email: post@kodemagisk.no
- Website: www.kodemagisk.no
2. What information do we collect and why?
We process personal data for different purposes depending on how you use our website.
A. Contact form
When you use our contact form, your information is stored in our database and sent to our business email.
- What is stored: Name, email address, phone number, company name and message.
- Storage location: MySQL database at Domene AS (Norway) and email server at Domene AS (Norway).
- Retention period: 2 years, after which the data is deleted manually.
- Legal basis: Consent (GDPR Art. 6.1.a). You give consent via the checkbox in the contact form.
B. Appointment booking
When you book a meeting through our website, your information is processed by Cal.com — a European scheduling service provider.
- What is processed: Name, email address and chosen time slot.
- Processing location: Cal.com (Cal.com Inc.), EU-based service via app.cal.eu.
- Storage: Cal.com stores the information in accordance with their own privacy policy.
- Legal basis: Necessary for the performance of a contract (GDPR Art. 6.1.b).
C. Cookies and analytics
We use Google Analytics 4 (GA4) to understand how our website is used, so we can improve the user experience. We use Google Consent Mode v2 to respect your choices.
- No analytics cookies are set before you have given consent via our cookie banner.
- What is collected (after consent): Anonymised IP address, browser type, pages visited and time spent on the site.
- Google Ads: We do not currently use Google Ads or remarketing cookies.
D. Cookie consent logging
When you choose to accept or reject cookies, we log your choice in our database to document consent in accordance with GDPR.
- What is stored: Anonymised consent ID, selected categories, timestamp, hashed IP address and language.
- The IP address is hashed with SHA-256 and a daily rotating salt — we cannot reconstruct your actual IP address.
- Retention period: 2 years.
- Legal basis: Legitimate interest in documenting consent (GDPR Art. 6.1.f).
3. Who do we share information with? (Data processors)
We never sell your data to third parties. However, we use reliable subcontractors to operate our services technically.
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Web hosting and database | Domene AS (Org. 880478982) | Norway | Website and database hosting |
| Email server (SMTP) | Domene AS | Norway | Sending and receiving email |
| Web analytics | Google Ireland Ltd. | Ireland/EU | Statistics and traffic analysis (consent only) |
| Appointment booking | Cal.com Inc. | EU (app.cal.eu) | Meeting booking and calendar management |
| Content management (CMS) | Sanity AS | Norway/EU | Storage and delivery of website content |
As our main provider (Domene AS) has servers in Norway, your core data is not transferred outside the EEA.
4. Security
We have implemented strict technical measures to secure your data:
- The website is encrypted with SSL/TLS (HTTPS).
- The database is secured behind a firewall and is not directly exposed to the internet.
- The contact form is protected against spam with honeypot technology.
- The cookie consent endpoint is protected with rate limiting (10 requests per minute per IP).
- All code is version controlled via GitHub with protected branches.
- Access to personal data is restricted to the data controller.
5. Your rights
Under the Personal Data Act, you have the right to:
- Request access to the information we have stored about you.
- Request correction of inaccurate information.
- Request deletion ("the right to be forgotten") when the information is no longer necessary.
- Withdraw consent for cookies via the cookie settings at the bottom of the page.
- Withdraw consent for the contact form — contact us and we will delete your data.
- Data portability: Receive your data in a machine-readable format.
To exercise your rights, contact us at post@kodemagisk.no. We respond within 30 days.
6. Right to complain
If you believe we are processing personal data in violation of the regulations, we hope you will contact us first. However, you always have the right to file a complaint with Datatilsynet (the Norwegian Data Protection Authority).
- Website: www.datatilsynet.no
- Email: postkasse@datatilsynet.no
- Address: Postboks 458 Sentrum, 0105 Oslo
7. Retention periods and deletion routines
We do not store personal data longer than necessary for the purpose of the processing.
| Category | Storage location | Retention | Justification |
|---|---|---|---|
| Contact form | Database (Domene AS, Norway) | 2 years | Customer service and follow-up. Deleted manually quarterly. |
| Cookie consent log | Database (Domene AS, Norway) | 2 years | Documentation of consent. Deleted manually quarterly. |
| Appointment booking | Cal.com (EU) | Per Cal.com's policy | Managed by Cal.com as data processor. |
| Web server logs | Domene AS | 30 days | Security and troubleshooting (provider default). |
| Analytics (GA4) | Google Cloud (EU) | 14 months | Default retention period for aggregated statistics. |
| Accounting records | Accounting system | 5 years | Required by the Norwegian Accounting Act. |
8. Changes to this policy
We reserve the right to update this privacy policy. Significant changes will be announced on the website. We recommend reviewing this policy regularly.