Home About Me Contact Services Events

Nina Pollestad Gjerdal
In this privacy policy, we provide information about what personal data is processed, why your data is processed, and what rights you have in connection with the processing of your personal data.

Use of our services involves the transfer of personal data to countries outside the EEA. A transfer of personal data to countries outside the EEA means that the transferred data does not have the same level of protection as it would within the EEA. You can read more about this under the section “Personal Data Transferred to the USA.”

Data Controller
The data controller is the person who determines the purpose of the processing of personal data and the means used in the processing. Nina Pollestad Gjerdal (org. no.: 933587584) is the data controller for the personal data processed in connection with the services and products we offer.
Nina Pollestad Gjerdal is represented by founder Nina P.
Contact details for the data controller:
Nina Pollestad Gjerdal
Torvmyrvegen 12
4345 Bryne
Email: [email protected]

Special Categories of Personal Data
Special categories of personal data are types considered particularly sensitive and in need of protection. These include data on racial or ethnic origin, political opinions, religion, philosophical beliefs, or trade union membership, as well as genetic and biometric data used to uniquely identify an individual, health data, or data concerning a person’s sex life or sexual orientation.

As a general rule, the processing of such data is prohibited under the GDPR. However, it may be permitted if there is an exemption from the prohibition, such as the individual’s consent or the need to protect vital interests.

Nina Pollestad Gjerdal does not generally process special categories of personal data. However, we cannot control the data you choose to provide when contacting us. If we receive such data in a way that it is stored (e.g., via free text fields, surveys, or email), the information will be deleted.

Who We Process Personal Data About
We process personal data about, among others:

  • Visitors to our website

  • Customers and potential customers

  • Contact persons at our suppliers and partners

When Personal Data Is Registered
To use our services, we need to register your personal data. When and how this occurs depends on your interaction with us, including:

  • When you participate in a webinar

  • When you visit our website

  • When you register for and attend courses

  • When you contact us via email, phone, or social media

  • When you sign up for an email list (e.g., newsletters) and open the email

Purpose and Legal Basis
Nina Pollestad Gjerdal processes your data for various purposes and on different legal bases. Your data is processed so we can offer our products and services, such as courses, newsletters, or free content (e.g., “freebies”), and to market our services.

Course Participation
When you register for courses, we process personal details, contact info, payment details, course progression, and statistics. Participation in Q&A sessions includes data such as audio, video, email, and chat messages. Recordings are made available to course participants.
The purpose is to deliver agreed products and services. Legal basis: GDPR Article 6(1)(b).
Data is stored during your customer relationship and deleted three years after it ends.
Payment and invoice data are stored to fulfill legal obligations under accounting laws. Legal basis: GDPR Article 6(1)(c), and retained for up to five years.

Our course and payment service providers are U.S.-based. Transfers to the U.S. are based on GDPR Article 49, necessary for contract fulfillment.

Webinar Participation
When registering for webinars, your email and username are recorded. Chat participation means processing of what you write.
Purpose: to inform about and market our services. Legal basis: legitimate interest, GDPR Article 6(1)(f).
Webinar questions are also analyzed to improve future content. Our video conferencing provider is U.S.-based, and data transfers rely on your consent (GDPR Article 49).

Newsletters and Marketing
When subscribing to newsletters, we register your email. Newsletter content may be personalized based on purchases, webinar attendance, or downloads. We track email opens and link clicks to improve future communications.
Purpose: to inform and market to interested individuals. Legal basis: legitimate interest, GDPR Article 6(1)(f).
We also use social media posts and ads for marketing, which do not involve processing personal data or require consent.

Customer Communication
When contacting us via email, phone, or social media, we process your personal details, contact info, and any other data shared.
Purpose: to handle service/product inquiries or your customer relationship. Legal basis: legitimate interest, GDPR Article 6(1)(f).
Customer communication is deleted three years after the end of the customer relationship, or six months after last contact with potential customers. If a purchase is made, earlier communication is retained as customer dialogue.

Who Your Data Is Shared With
We do not share your personal data unless legally permitted, e.g., contractual necessity or legal obligation.
We use data processors for collection, storage, or processing on our behalf to deliver services, fulfill legal obligations, and maintain our legitimate interests. Data processing agreements are in place to ensure security.

Our Data Processors:
Kajabi
Provides our course platform, email/newsletter system, and website. It manages course participation, newsletter distribution, and purchases. The payment solution is handled by Stripe. If you prefer, you may opt out of Kajabi and receive materials via email.

Stripe
Handles payments for course purchases. Processes transaction data like payment method, product, price, etc.

Fiken AS
Our accounting system. Our accountant processes personal and transactional data in relation to bookkeeping.

Zoom
Used for webinars, strategy sessions, and Q&A. You’ll be informed if recordings occur, and participation implies consent. Chat messages are excluded from recordings, but live participation (audio/video) will be included unless you withdraw your consent—then the recording will be edited accordingly.

Transfer of Personal Data to the USA
In a privacy context, “transfer” can mean moving data between servers or granting remote access.
Transfers outside the EEA (to “third countries”) require appropriate safeguards and enforceable rights for data subjects. The former “Privacy Shield” mechanism was invalidated in 2020.

Nina Pollestad Gjerdal uses providers requiring both transfer types to the U.S. We have data processing agreements in place, and transfers are based on European Commission Standard Contractual Clauses (SCCs), ensuring a reasonable level of protection.

However, U.S. companies may be subject to laws allowing government agencies access to personal data for intelligence purposes. Such access may involve data on more individuals than the target. These disclosures are not preventable through agreements or SCCs.

Although U.S. authorities can access data, this does not guarantee they will. We and our providers cannot promise that disclosures won’t occur and we won’t be informed if they do. If disclosed, we lose control over how your data is used or deleted, and you cannot exercise GDPR rights against U.S. authorities.

Your Rights
When we process your personal data, you have rights you may exercise. You are entitled to a response as quickly as possible and no later than one month. In some cases, the response time may be extended by two months; we will inform you if this is the case.

If you wish to exercise your rights, you may contact us via:
Email: [email protected]
Mail:
Nina Pollestad Gjerdal
Torvmyrvegen 12
4345 Bryne

Access to Your Data
You can request access to the data we process about you. If you wish to do so, please use Access Request form. The access request form can be sent to [email protected]. Read more about your right of access.

Correction of Personal Data
If you discover that Nina Pollestad Gjerdal is processing incorrect information about you — for example, if you are registered with the wrong address — you may request that the data be corrected or supplemented with additional information. Read more about your right to rectification.

Deletion of Personal Data
In certain cases, you may request that we delete your personal data, for example, if you believe it is no longer necessary for the purpose for which it was collected.
Even if you request deletion, we may still be required to process your data — for instance, if we are legally obligated to do so, or if the purpose of the processing has not yet been fulfilled. Read more about your right to erasure here.

Restriction of Personal Data Processing
In some cases, you can request that the processing of your personal data be restricted.
When processing is restricted, your data may be stored but not used for other purposes without your consent, unless an exception applies.
Read more about your right to restriction of processing.

Objecting to the Processing of Personal Data
If Nina Pollestad Gjerdal processes your personal data based on the necessity to perform a task in the public interest or based on legitimate interests, you have the right to object to the processing of your personal data.

You can read more about your right to object here.
You Can File a Complaint About Our Data Processing
If you believe that your personal data has been processed in violation of data protection legislation, we hope you will inform us.
This allows us to investigate what has happened and attempt to resolve the issue.
You may also file a complaint with the Norwegian Data Protection Authority (Datatilsynet). Read here about how to file a complaint with Datatilsynet.