Privacy Policy

Proff Connect is operated by Avenor AS (“we”, “our”, “us”). This policy applies to all users of our website (proff.avenor.no) and Salesforce application integration. By using our services, you agree to the practices described in this Privacy Policy.

• Information you provide directly (name, email, company, message in forms).
• Account and usage data when using our Salesforce app.
• Company data retrieved via Proff Premium API (organization numbers, roles, financials, etc.).
• Technical data such as IP address, browser type, device, and cookies.
• Support communications and any other data you choose to provide when contacting us.

• To provide and improve the Proff Connect integration in Salesforce.
• To process requests, support tickets, and customer communication.
• To ensure compliance with Salesforce Security Review and GDPR requirements.
• To prevent misuse and maintain the security of our services.
• To improve our product through aggregated analytics and customer feedback.

We use cookies to personalize content, improve your experience, and analyze usage (e.g., Google Analytics). You may disable cookies in your browser, but some features may not function properly.

We process personal data under GDPR Art. 6(1)(b) (contract), Art. 6(1)(c) (legal obligation), and Art. 6(1)(f) (legitimate interest in providing secure and efficient services). Where required, we rely on consent (Art. 6(1)(a)).

• We never sell your data.
• Data may be shared with trusted processors (Salesforce, hosting providers, analytics tools) under strict agreements.
• Company data originates from Proff (Enin / Proff Forvalt API) and is displayed within Salesforce.
• All processors operate under GDPR-compliant agreements.

We store personal data only as long as necessary for the purposes described. Typical retention times: support communications (12 months), leads (24 months), contractual data (5 years). Data is deleted upon request or contract termination.

• Right to access, correct, or delete your data.
• Right to restrict or object to processing.
• Right to data portability.
• Right to withdraw consent at any time.
• Right to lodge a complaint with your local Data Protection Authority.
• To exercise rights, contact us at hei@avenor.no.

We follow Salesforce ISV best practices, use TLS encryption, AES-256 storage encryption, access controls, monitoring, and conduct regular security reviews to keep data safe.

Some processors may be located outside the EU/EEA. Where transfers occur, they are safeguarded by Standard Contractual Clauses (SCCs) or equivalent mechanisms to ensure GDPR compliance.

We may update this policy from time to time. Any material changes will be notified via our website, with an updated revision date.

For questions about this Privacy Policy or your data rights, contact Avenor AS at hei@avenor.no.