Privacy Policy

When you use Sunstone AS' services, you trust us with your information.

At Sunstone AS, we consider the privacy and security of our customers a top priority. We are committed to protecting the data you share with us. This Privacy Policy explains how Sunstone AS ("Sunstone") processes information that can be used to directly or indirectly identify an individual ("Personal Data") collected through the use of our services.

1. Processing of personal data

1.1 Contact information

To be able to provide our services we collect your contact details, including name and email, and sometimes telephone number and postal address. The processing is based on the agreement between Sunstone and the customer.

The purpose for processing the data is to be able to provide the services, for customer administration, for improving the services and for providing information about our services.

Sunstone is the data controller ("Controller") for any processing of Personal Data through the services. Sunstone has the following address: Rådhusgata 4, 0151 Oslo, Norway.

1.1 Information and marketing

When accepting our Terms of Service, you consent to Sunstone providing you information about products and services that may be of interest to you. Sunstone may contact you by email, snail mail or telephone. You may at any time contact us if you no longer wish to receive information, news or offers from us. Please see contact information below. The processing is based on your consent.

1.2 Customer support

When you contact Sunstone, we keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements. The processing is based on legitimate interest.

1.3 Device information

We collect information from or about the computers, phones, or other devices where you install or access our services, depending on the permissions you have been granted. The processing is based on legitimate interest. We may associate the information we collect from your different devices, which helps us provide consistent services. Here are some examples of the device information we collect:

Attributes such as the operating system, hardware version, device settings, file and software names and types and device identifiers. We may also collect connection information such as the name of your mobile operator or ISP, browser type, language and time zone and IP address.

2. Vendors, service providers and other partners

We only provide strictly necessary information to vendors, service providers, and other partners who globally support our business, such as providing technical infrastructure services, analysing how our services are used, providing customer service, facilitating payments, or conducting research and surveys. These partners must adhere to strict confidentiality obligations in a way that is consistent with this Privacy Policy and the agreements we enter into with them. We have entered into data processing agreements with all data processors we work with in order to ensure information security. Sunstone may transfer Personal Data to countries outside the EU/EEA and will in such case ensure that sufficient contractual measures are in place, e.g. EU Model Clauses.

Data is stored at Google Data Centers in Finland. For more information visit Google Cloud Privacy Notice

3. Information security

Any information stored in or by using our services is treated as confidential. All information is stored securely and is accessed by authorized personnel only. Sunstone implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.

In particular:

  • We encrypt data in transit and data at rest in our services;
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems; and
  • We restrict access to personal information to Sunstone employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

4. Access, rectification and deletion of personal data

You have the right to request access, rectification and deletion of your Personal Data held by Sunstone as the Controller. Further, you have the right to restrict our processing, to object to our processing and to port Personal Data elsewhere. Access request regarding Personal Data should be directed to Sunstone according to the information provided below.

Your Personal Data will be retained as long as necessary to fulfil the purpose of the processing of the Personal Data. Unless there is a mandatory statutory requirement to store the information for a longer period, the Personal Data will then be deleted.

5. Changes to the Privacy Policy

This Privacy Policy may be updated from time to time. You will given the opportunity to review the revised policy before continuing to use our services.

6. Contact

If you have any questions related to Sunstone's processing of Personal Data, please contact: [email protected]

If you believe that our collection, storage and use of Personal Data does not comply with our privacy policy or does not comply with applicable laws, you may complain to the local data protection authority (in Norway; Datatilsynet).