Privacy Policy
Last updated: 10 July 2025
Who we are
Rafmer AS is the data controller for any personal data collected via rafmer.com. You can reach us at contact@rafmer.com or by post at Sagvollvegen 375, 2833 Raufoss, Norway.
Data we collect
Information you provide: Details you enter in our interest and investment form, such as name, e-mail, company, role and any text you add.
Information we record automatically: Pseudonymous analytics data (browser type, device information, pages visited, clicks, scroll events) generated by Google Analytics 4 and LinkedIn Insight cookies, if you accept them in the cookie banner.
We do not use advertising or profiling cookies and we never sell your data.
Why we process your data and legal grounds
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide information you request, respond to inquiries | Art. 6 (1)(b) - contract or steps prior to contract |
| Measure and improve Site performance (GA4 & LinkedIn) | Art. 6 (1)(a) - consent via the cookie banner |
| Keep records of queries, defend legal claims | Art. 6 (1)(f) - legitimate interest |
| Comply with Norwegian & EU law (e.g. accounting, security) | Art. 6 (1)(c) - legal obligation |
Cookies & tracking technologies
| Cookie | Purpose | Lifetime* |
|---|---|---|
| _ga, _ga_* | Assign a random ID to recognise returning visitors (GA4) | Up to 2 years (cookie); raw event data retained 14 months |
| LinkedIn Insight Tag | Track conversions and optimize LinkedIn advertising campaigns (LinkedIn Insight Tag) | Up to 2 years (cookie); data retained according to LinkedIn's privacy policy |
| cookie_consent | Stores your cookie-banner choice | 12 months |
* _ga cookies can remain on your browser for up to 2 years, but we configure GA4 to delete raw event data after 14 months; aggregated reports may retain only non-identifiable statistics. LinkedIn Insight cookies help us measure the effectiveness of our LinkedIn advertising campaigns.
You can withdraw consent at any time by clearing cookies in your browser.
Who we share data with
| Recipient | Role | Safeguard |
|---|---|---|
| Google LLC (Ireland / USA) - Google Analytics | Data processor | Standard Contractual Clauses (SCCs) + IP anonymisation |
| LinkedIn Corporation (Ireland / USA) - LinkedIn Insight | Data processor | Standard Contractual Clauses (SCCs) + data processing agreement |
| Google Cloud Platform / Firebase (EU multi-region) - Firestore | Hosts interest-form database | SCCs; data encrypted at rest & in transit |
We will also disclose data if required by law or in connection with a merger or acquisition.
For the latest sub-processor list, see Appendix A at the end of this notice. (This section is auto-generated and kept up to date.)
International transfers
Where data leaves the EEA (e.g. Google's and LinkedIn's US servers), we rely on SCCs and additional technical measures (encryption in transit, isolated control plane) to ensure equivalent protection.
Data retention
| Dataset | Retention rule |
|---|---|
| Interest-form entries | 3 years after last interaction or immediately upon your deletion request |
| GA4 raw-event data | 14 months |
| LinkedIn Insight data | According to LinkedIn's privacy policy (typically 2 years) |
| Server & security logs | 12 months |
| Legal / financial records | As required by Norwegian law (typically 5 years) |
How we protect your data
- Industry-standard encryption keeps your data secure in transit and at rest.
- Continuous security monitoring and regular reviews help us detect and address threats early.
- Sub-processor obligations - every vendor we use must maintain security safeguards at least equivalent to ours.
Your rights (EEA/UK & similar)
- Access – Ask for a copy of the personal data we hold
- Rectification – Correct inaccurate or incomplete data
- Erasure – Have data deleted ('right to be forgotten')
- Restriction – Limit processing while a complaint is investigated
- Portability – Receive data in a machine-readable format
- Objection – Object to processing based on legitimate interest or direct marketing
- Withdraw consent – At any time, without affecting prior processing
To exercise any right, e-mail us at contact@rafmer.com. We will reply as soon as possible.
You may also lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).
Children
Our Site and services are not directed to children under 16. We do not knowingly process children's personal data.
Changes to this notice
Material changes will be highlighted on this page and, where appropriate, e-mailed to subscribers. Please review this policy periodically.
Contact
Company: Rafmer AS
Org nr: 933204081
Address: Sagvollvegen 375, 2833 Raufoss, Norway
E-mail: contact@rafmer.com
We aim to respond to all privacy inquiries within 30 days.