1. Data Controller
CloudBiz AS
Organization Number: 918 465 952
VAT Number: NO918465952MVA
D-U-N-S Number: 346244342
Tiursvingen 25
1407 Vinterbro
Norway
Email: post@cloudbiz.no
Phone: +47 23 96 6000
CloudBiz AS is the data controller for personal data processed in connection with our services. This privacy policy describes how we collect, use, store, and protect your personal data in accordance with the Norwegian Personal Data Act and the EU General Data Protection Regulation (GDPR).
2. Personal Data We Collect
We collect the following categories of personal data:
Contact Information and Customer Data
- Name, email address, phone number, and company information
- Organization number and billing information
- Correspondence and communication history
Technical Information
- IP address, browser type, and device identifiers
- Cookies and similar technologies
- Log data from use of our services
Google Business Profile Data (when using integration services)
- Google account information including name and email address
- OAuth access tokens for API access
- Google Business Profile information including business name, address, hours, images, and reviews
- Posts and updates published through our services
3. Purposes and Legal Basis
We process personal data for the following purposes:
| Purpose | Legal Basis | Description |
|---|---|---|
| Service Delivery | Contract (Art. 6(1)(b)) | Necessary to develop, deliver, and maintain ordered services |
| Google Business Profile Integration | Consent (Art. 6(1)(a)) | Based on your authorization via OAuth to manage business profile |
| Customer Service and Communication | Contract and Legitimate Interest (Art. 6(1)(b), (f)) | Responding to inquiries and follow-up |
| Billing and Accounting | Legal Obligation (Art. 6(1)(c)) | Compliance with accounting law requirements |
| Service Improvement | Legitimate Interest (Art. 6(1)(f)) | Analysis and optimization of our solutions |
| IT Security | Legitimate Interest (Art. 6(1)(f)) | Protection against security breaches and fraud |
4. Google API and OAuth Integration
Our Use of Google APIs
CloudBiz AS uses the Google Business Profile API to provide integration services that allow you to manage your Google Business Profile directly from our solutions. To enable this functionality, we request access via Google’s OAuth 2.0 authentication.
Data We Retrieve from Google
- Basic profile information (name, email address)
- Google Business Profile data for the locations you authorize
- Statistics and insights data from the business profile
How We Use Google Data
- To display and manage your business profile via our services
- To publish posts and updates on your behalf
- To retrieve and display reviews and statistics
We Guarantee That
- Google data is used ONLY to deliver the functions you have requested
- We NEVER sell your data to third parties
- We do NOT use data for advertising, retargeting, or profiling
- We do NOT use data for credit assessment or similar purposes
- Humans do not read the data unless you explicitly consent, it is necessary for security reasons, or we are legally obligated
Withdrawal of Access
You can revoke our access to your Google account at any time via Google Security Settings. Upon revocation, we will delete your OAuth tokens within 7 business days.
5. Sharing of Personal Data
We share personal data with the following categories of recipients:
Data Processors
- Hosting providers for infrastructure operations
- Cloud storage services for secure data storage
- Email and communication tools
Third-Party Services
- Google LLC (for Google Business Profile API integration)
- Payment providers for billing
All data processors are bound by data processing agreements that ensure personal data is processed in accordance with GDPR and this privacy policy.
We never sell personal data to third parties.
6. Transfer to Countries Outside the EEA
Some of our service providers, including Google LLC, are located in the USA. For transfers to the USA, we rely on:
- EU-U.S. Data Privacy Framework for companies certified under the program
- EU Standard Contractual Clauses (SCCs) with supplementary measures where necessary
You can request a copy of relevant transfer mechanisms by contacting us at post@cloudbiz.no.
7. Storage and Deletion
We store personal data as long as necessary for the purposes for which they were collected:
| Data Category | Retention Period |
|---|---|
| Customer information | During contract period plus 3 years |
| Invoices and accounting materials | 5 years (accounting law requirement) |
| OAuth tokens | Until consent is withdrawn or contract terminates |
| Google Business Profile data | Deleted upon termination or withdrawal of access |
| Log data and technical data | Maximum 12 months |
| Email correspondence | 3 years after customer relationship ends |
8. Your Rights
Under GDPR, you have the following rights:
Right of Access: You can request information about what personal data we process about you.
Right to Rectification: You can demand that incorrect or incomplete information be corrected.
Right to Erasure: You can request deletion of personal data when no longer necessary, or you withdraw consent.
Right to Restriction: You can request that processing be restricted in certain situations.
Right to Data Portability: You can request to receive personal data in a structured, machine-readable format.
Right to Object: You can object to processing based on legitimate interest.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of previous processing.
To exercise your rights, contact us at post@cloudbiz.no. We respond to inquiries within 30 days.
9. Cookies
We use cookies to ensure the website functions and to improve user experience.
Necessary Cookies
These are required for basic functionality and security, and do not require consent.
Analytics and Performance Cookies
Used to understand how visitors use the website. These are only set after your consent.
Marketing Cookies
Used for targeted advertising. These are only set after your consent.
You can manage your preferences via our cookie banner or in your browser settings. For complete details, see our Cookie Policy.
10. Security
We implement appropriate technical and organizational measures to protect personal data, including:
- Data encryption in transit (TLS/SSL)
- Secure storage of OAuth tokens and credentials
- Access control and authentication
- Regular security updates of systems
- Employee training in privacy and security
11. Right to Complain
If you believe our processing of personal data violates privacy regulations, you have the right to complain to:
Norwegian Data Protection Authority (Datatilsynet)
P.O. Box 458 Sentrum
0105 Oslo
Phone: +47 22 39 69 00
Email: postkasse@datatilsynet.no
Website: www.datatilsynet.no
We encourage you to contact us first so we can attempt to resolve the issue.
12. Changes to the Privacy Policy
We may update this privacy policy in case of changes to our services or applicable regulations. Significant changes will be communicated via email or on our websites. We recommend reviewing this statement regularly.