Privacy policy

Personvernerklæring NO

This privacy policy provides information about what personal data is processed, why your data is processed, and what rights you have regarding the processing of your personal data.

Using our services involves the transfer of personal data to countries outside the EEA. Transferring data outside the EEA means the data may not be protected to the same standard as within the EEA. You can read more about this under “Transfer of Personal Data to the USA.”

Data Controller

The data controller is the entity that determines the purpose and means of processing personal data. The data controller for personal data processed in connection with our services and products is ESSÄNS BREATH (Org. no. 932 573 180).

ESSÄNS BREATH is represented by manager Cecilie Amlie.

Contact details:
ESSÄNS BREATH
Attn: Cecilie Amlie
Kniplia 19A
2022 Gjerdrum

Email: cecilie@essansbreath.com

Special Categories of Personal Data

Special categories of personal data are considered particularly sensitive and include data about racial or ethnic origin, political opinions, religion, philosophical beliefs, trade union membership, genetic and biometric data used for unique identification, health information, or data about sexual life or orientation.

Under the GDPR, processing such data is generally prohibited unless specific exceptions apply, such as your explicit consent or if it is necessary to protect vital interests.

ESSÄNS BREATH generally does not process special categories of personal data. However, we cannot control the information you choose to share when contacting us. If we receive such data (e.g., via free text fields, surveys, or email), the information will be deleted.

Who We Process Personal Data About

We process personal data from:

Visitors to our website
Customers and potential customers
Contact persons at our suppliers and partners

When Personal Data is Collected

We collect your personal data when you:

Participate in webinars
Visit our website
Sign up for and attend courses
Contact us via email, phone, or social media
Subscribe to email lists, such as newsletters, or open our emails

Purpose and Legal Basis

We process your personal data to provide our products and services (e.g., courses, newsletters, or free content like “freebies”) and to market our offerings.

Course Participation
When you enroll in a course, we process your personal and contact information, payment details, course progress, and statistics. If you join Q&A sessions, we also process your image, voice, email, and chat messages. These sessions may be recorded and shared with other course participants.

Legal basis: Contract fulfillment (GDPR Art. 6(1)(b))
Data is retained for the duration of the customer relationship and deleted three years after it ends.
Payment and invoice data is also processed to fulfill legal obligations under the Norwegian Accounting Act (Art. 6(1)(c)) and retained for up to five years.

Our course and payment providers are U.S.-based companies. Therefore, your personal data is transferred to the USA based on GDPR Art. 49, as the transfer is necessary to fulfill our contract with you.

Webinar Participation
When you sign up for webinars, your email and username are registered. If you use the chat function, those messages are also processed.

Purpose: Inform and market products and services.
Legal basis: Legitimate interest (GDPR Art. 6(1)(f))
We also analyze statistics and questions to improve future webinars.

Webinar services are provided by U.S. companies, and data is transferred to the USA with your consent, per GDPR Art. 49.

Newsletter and Marketing
When you sign up for newsletters, we register your email and use it to send information and promotions. The content may be tailored based on your purchases, webinar attendance, and downloads. We also track open and click rates to improve future newsletters.

Legal basis: Legitimate interest (GDPR Art. 6(1)(f)

Customer Communication

When you contact us (email, phone, social media), we process your contact details and any other information you provide.

Purpose: Handle inquiries about our services and products
Legal basis: Legitimate interest (GDPR Art. 6(1)(f))
Customer communications are generally deleted three years after the relationship ends. Potential customer dialogue is deleted after six months unless a purchase is made.

Who We Share Your Data With

We do not share your data unless we have a legal basis to do so (e.g., contract or legal obligation). We use data processors to collect, store, or process data on our behalf. These processors are under strict agreements to safeguard your personal data.

Our data processors include:

Video conferencing providers (mainly Zoom)
Course platform providers
Newsletter and email service providers
Online payment service providers
Accounting and invoicing services
Word processing and cloud based tools

Transfer of Personal Data to the USA

Transfers may involve moving data between servers or allowing remote access. Generally, data can be transferred to third countries if safeguards are in place, including enforceable rights and effective legal remedies.

ESSÄNS BREATH currently uses U.S.-based providers, and transfers are done using standard contractual clauses approved by the European Commission.

However, U.S. authorities may request access to personal data under intelligence laws. This may involve the collection of data beyond the intended individual. Such access cannot be prevented through contracts, and we may not be notified if it occurs.

While it’s unlikely your data will be accessed by U.S. authorities, we cannot guarantee it won’t happen. If such a disclosure occurs, we lose control over the data, including how it's used or when it’s deleted. You also lose your rights under the GDPR in such cases

Your Rights

When we process your personal data, you have the following rights:

Access: You can request a copy of the data we have about you. Use our access request form and send it to cecilie@essansbreath.com
Correction: You may request correction of incorrect or incomplete data.
Deletion: You may request deletion if data is no longer necessary. However, legal obligations may prevent deletion in some cases.
Restriction: You can request to limit the processing of your data.
Objection: You can object to data processing based on legitimate interest or public interest.
Complaint: You may file a complaint with the Norwegian Data Protection Authority (Datatilsynet) if you believe we’ve mishandled your data.

If you have any questions or wish to exercise your rights, contact:

ESSÄNS BREATH
Attn: Cecilie Amlie
Kniplia 19A
2022 Gjerdrum
Email: cecilie@essansbreath.com

The Norwegian Data Protection Authority
Email: postkasse@datatilsynet.no
Website: www.datatilsynet.no

Updates to the Privacy Policy
We update this policy as needed. Changes will be published on our website.

Last updated: 25.07.25