Privacy Policy
Last updated November 20, 2025
---
General
This privacy policy applies to Axer. It explains what kind of personal data we collect when you use our services, what we use it for, and what rights you have.
1. What is personal data?
Personal data is any information that can be linked directly or indirectly to a physical person, such as name, postal address, email address, location, and mobile number.
2. Who is the data controller?
Axer, represented by the general manager, is the data controller for our processing of personal data. This means we have the main responsibility for complying with privacy regulations.
3. What personal data do we collect and where do we get it from?
To be able to deliver the best possible services, we depend on collecting various types of information, including personal data about you. What personal data we process about you and where it comes from is related to your role. We do not collect sensitive information. Below is an overview of how we normally collect personal data and what information this typically entails.
3.1 Information you provide to us
When you register on our website, you must provide some information that is stored by us, such as name, email address, and mobile number. In some cases, we also need your address to reach you by post or to know more about your location. The information you provide may also be enriched by means of lookup services or social media you give us access to, or through analysis.
3.2 Information we receive when you use our services
When you use our services, we register information about which services you use and how you use them. We collect information including:
i. Your device and your internet connection
We may register information about the device you use, for example, the manufacturer of your mobile/PC, operating system, and browser. We can also collect information about the connection to our services, such as IP addresses, network ID, and cookies.
ii. Use of service or purchase
We register information about your use of the services, such as which pages you visit, when you visit the pages, and which functions you have used on the pages.
3.3 Information we receive about you from other sources
From time to time, we receive personal data from other sources, e.g., when you come into contact with our partners or if we collect publicly available information (e.g., on the internet).
4. What do we use the personal data for, and what is the legal basis for our processing?
In this section, we give you an overview of the purposes for which we process personal data, the types of personal data we process, and the legal basis for our processing.
Deliver and improve our services. We use personal data to deliver our services to you and to ensure the best possible user experience for you, including by adapting the display of content to your screen/device and ensuring the fastest possible loading of pages. The legal basis for processing is GDPR Article 6(1)(b) (contractual obligation in line with our terms of use).
Customize services, recommendations, and product information. We want to provide you with recommendations, product information, and service customizations that are as relevant as possible to you. This will be based on both your own behaviour, e.g., based on which products and services you have used, ads you have clicked on, or articles you have read, and on the behaviour of other users with similar usage patterns to yours. The legal basis for processing is GDPR Article 6(1)(b) (contractual obligation in line with our terms of use).
Administration of relationships with tenants and home buyers in connection with the operation of letting and sale of commercial property and private residences, respectively, it is necessary for us to process personal data such as names and contact information (name, email address, and telephone number) of contact persons at tenants, contractual counterparts, and interested parties. The collection, storage, and use of names and contact information for contact persons at tenants and interested parties is based on our legitimate interest in administering the relationship, fulfilling the contractual relationship, and maintaining contact with our tenants and interested parties. The legal basis for processing is GDPR Article 6(1)(a), GDPR Article 6(1)(b), GDPR Article 6(1)(f).
Other marketing: We send out newsletters to email addresses registered as customers and others who have requested to receive our newsletter. Recipients of the newsletter can easily unsubscribe from the service by using the link included in each correspondence. The legal basis for processing is GDPR Article 6(1)(f) (legitimate interests) where we have received the email address in connection with a sale. If an existing customer relationship exists, the marketing will take place in accordance with the Marketing Act § 15(3). In other contexts, marketing is based on the consent of the person concerned, cf. Marketing Act § 15(1) and GDPR Article 6(1)(a).
Prepare statistics and understand market trends. We prepare statistics and map market trends. We do this to be able to improve and further develop our product offerings and services. As far as is practically possible, we try to do this with anonymous data, without knowing that the information is specifically linked to you. The legal basis for processing is GDPR Article 6(1)(f) (legitimate interests).
IT operations and security: Personal data stored in our IT systems may be available to us or our suppliers in connection with system updates, implementation or follow-up of security measures, error correction, or other maintenance. The legal basis for processing is our legal obligation to have satisfactory information security, cf. GDPR Articles 32 and 6(1)(c).
Administering the customer relationship (sales, follow-up, and invoicing): We use personal data to carry out sales processes (e.g., answering your inquiries or sending offers), administer agreements, send invoices, and follow up payments. We also use the information for necessary customer follow-up and administrative communication related to the service you use. The legal basis for administering the agreement and invoicing is GDPR Article 6(1)(b) (contractual obligation in line with our terms of use). We are also obliged to store certain information (such as invoicing information), and the legal basis for processing is then GDPR Article 6(1)(c) (legal obligation). For general customer follow-up, the basis is our legitimate interest, cf. GDPR Article 6(1)(f) (legitimate interests).
Prevent misuse of our services. We use personal data to prevent misuse of our services. Misuse may be attempts to log into others' accounts, fraud attempts, "spamming," harassment, abuse, and other actions prohibited by Norwegian law. The legal basis for processing is our legal obligation to have satisfactory information security, cf. GDPR Articles 32 and 6(1)(c).
5. How long do we store your personal data?
We do not store your personal data longer than is necessary to fulfil the purpose of the processing. However, this does not apply if storage is required by law for a longer period than our purpose indicates.
This means, for example, that personal data we process based on your consent will be deleted when the consent is withdrawn. If the legal basis for processing is our legitimate interest, the personal data will be deleted when such legitimate interest no longer exists. Information stored in accordance with legal obligations will be deleted when the obligation ceases. A typical example of this is the retention obligation for accounting information under the bookkeeping legislation.
6. Who do we share personal data with?
In some cases, Plyo shares personal data with other companies that perform services on our behalf. This means that these third parties process information about you on our behalf. This is primarily to give you a safer and better user experience. Here are the most important examples:
- When others perform services on our behalf. For example, web and marketing agencies to operate the website and show you targeted marketing, and to create campaigns, or companies that provide technical solutions we depend on, such as software vendors, customer relationship management (CRM), or case management. These are not permitted to use this personal data for anything other than performing services for Plyo. To secure your rights, we have entered into data processor agreements with our suppliers, which, among other things, mean that your personal data cannot be used for purposes other than what we have agreed with you.
- In case of suspicion of law violations, etc., we may be forced to disclose information to public authorities unsolicited or upon order. We will also be able to disclose information in case of suspicion of fraud, or information that is necessary to resolve specific disputes.
7. How do we transfer personal data to other countries?
Some of our subcontractors are located outside the EU/EEA. This means that your personal data may be transferred to, and processed in, so-called third countries. We only transfer personal data to countries outside the EU/EEA that the EU Commission deems to provide an adequate level of protection or to subcontractors who have committed to protecting your personal data through the EU's standard contractual clauses. Where necessary, we have implemented further technical and organisational measures to achieve an appropriate level of protection.
8. What rights do you have?
Privacy regulations grant you a number of rights related to the personal data we process about you. What rights you have depends on the circumstances. In this section, you will find an overview of important rights.
Request access: You have the right to access the personal data we have registered about you, to the extent that the duty of confidentiality does not prevent this. To ensure that personal data is disclosed to the correct person, we may require that the request for access be made in writing or that identity be verified in another way.
Request rectification or erasure: You can ask us to correct inaccurate information we have about you or ask us to delete personal data. We will comply with a request to delete personal data as far as possible, but we cannot do this if there are compelling reasons not to delete, for example, that we have an obligation to document the information.
Request restriction: In some situations, you can also ask us to restrict the processing of information about you.
Object: If we process information about you based on our tasks or based on a balancing of interests, you have the right to object to our processing of information about you.
Data portability: In some cases, you will be able to access personal data you have provided to us to have it transferred in a machine-readable format to another provider.
Other rights: You also have the right to object to the processing of personal data, personal profiling, and automated decisions where relevant.
Complaint to the supervisory authority: If you disagree with the way we process your personal data, you can send a complaint to the Norwegian Data Protection Authority (Datatilsynet). You can find information about the procedure on the Datatilsynet's website: www.datatilsynet.no.
The rights may be limited according to law. Contact us via email at support@plyo.com if you wish to exercise your rights or want information about what limitations apply. We will respond to your inquiry as soon as possible, and as a rule, within one month.
9. How do we secure your personal data?
We use appropriate security measures to protect personal data against unauthorized access, alteration, or deletion.
The data controller has established routines and measures to ensure that unauthorized persons do not gain access to your personal data and that all processing of the data otherwise takes place in accordance with current law.
The data controller has established procedures to ensure confidentiality, integrity, and accessibility. The measures are both technical and organisational in nature. They include encryption, authentication solutions, and routines for verifying requests for access and rectification.
The data controller regularly assesses the security of all central systems used for handling personal data, and agreements have been entered into that oblige suppliers of such systems to ensure satisfactory information security.
Access to personal data is limited to personnel who need access to perform their work tasks.
The data controller has adopted internal IT guidelines, and the data controller provides regular training for employees with regard to security and the use of IT systems.
10. Changes to the privacy policy
We may update or change the privacy policy periodically. You will always find the latest version on our website.
11. Contact Information
If you have questions about our privacy policy or our use of personal data, please contact us at web@axer.no.