This website offers general lifestyle and nutrition education only. We are not a medical provider and do not diagnose, treat, or cure any condition. Content is for informational purposes; individual experiences vary. Consult a licensed healthcare professional for personal medical advice.
Rinsesparkbright logo

Privacy Policy

Last updated: 9 June 2026

This Privacy Policy explains how Rinsesparkbright ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit rinsesparkbright.world or use our services. We process data in accordance with:

  • The General Data Protection Regulation (EU) 2016/679 (GDPR), as incorporated into Norwegian law through the Personal Data Act (Personopplysningsloven)
  • The Norwegian Personal Data Act (lov 15. juni 2018 nr. 38 om behandling av personopplysninger)
  • The Electronic Communications Act (Ekomloven) regarding cookies and similar technologies — see our Cookie Policy
  • The Marketing Control Act (Markedsføringsloven) regarding direct marketing

1. Data Controller

The data controller responsible for your personal data is:

  • Business name: Rinsesparkbright
  • Address: Kornsilovegen 54, 2316 Hamar, Norway
  • Email: assist@rinsesparkbright.world
  • Phone: +47 625 55 333

We have not appointed a separate Data Protection Officer (DPO). For all privacy enquiries, contact us using the details above.

2. Personal Data We Collect

We may collect the following categories of personal data depending on how you interact with us:

  • Identity and contact data: name, email address, telephone number, postal address (when provided)
  • Communication data: messages, inquiries, and correspondence sent via contact forms, email, or phone
  • Contract and transaction data: service bookings, payment references, invoicing details, and agreement history for paid coaching services
  • Technical data: IP address, browser type and version, operating system, device identifiers, pages visited, session duration, and referral source
  • Consent and preference data: cookie consent choices, marketing opt-in/opt-out records, and GDPR consent timestamps
  • Newsletter data: email address when you voluntarily subscribe via the homepage form

We do not intentionally collect special categories of personal data (such as health data) through general website forms. If you voluntarily include health-related information in a message, we treat it with additional care and retain it only as long as necessary to respond to your inquiry.

3. Purposes and Legal Bases for Processing

Under GDPR Article 6 and, where applicable, Article 9, we process personal data on the following bases:

  • Responding to inquiries (contact forms, email, phone) — Legal basis: GDPR Art. 6(1)(b) pre-contractual steps at your request, and Art. 6(1)(f) legitimate interest in operating our business and communicating with potential clients
  • Providing nutrition coaching servicesLegal basis: GDPR Art. 6(1)(b) performance of a contract
  • Website functionality, security, and fraud preventionLegal basis: GDPR Art. 6(1)(f) legitimate interest; Art. 6(1)(c) legal obligation where applicable
  • Analytics and site improvementLegal basis: GDPR Art. 6(1)(a) consent (via cookie banner) and Ekomloven § 3-15
  • Direct marketing by email or SMSLegal basis: GDPR Art. 6(1)(a) consent, in compliance with Markedsføringsloven § 15 (prior consent required for electronic marketing)
  • Accounting, tax, and bookkeepingLegal basis: GDPR Art. 6(1)(c) legal obligation under the Bookkeeping Act (Bokføringsloven) and the Accounting Act (Regnskapsloven)
  • Establishing, exercising, or defending legal claimsLegal basis: GDPR Art. 6(1)(f) legitimate interest

4. Voluntary Provision of Data

Providing personal data through contact forms or when purchasing services is voluntary in some contexts and contractual in others. If you choose not to provide data required to enter into or perform a service agreement, we may be unable to deliver the requested coaching service. You are not legally obliged to subscribe to our newsletter or accept non-essential cookies.

5. Data Processors and Recipients

We do not sell your personal data. We may share data with the following categories of recipients who process data on our behalf or as independent controllers:

  • Hosting and IT providers — website hosting, email delivery, and infrastructure (data processing agreements in place)
  • Analytics providers — only if you consent to analytics cookies
  • Payment service providers — when you purchase paid services (process payment data under their own privacy policies)
  • Google Maps (Google Ireland Limited) — embedded map on our contact page may process technical data; see Google's privacy policy at policies.google.com/privacy
  • Public authorities — tax authorities, police, or courts when required by Norwegian law

All processors are bound by written data processing agreements requiring GDPR-compliant handling, confidentiality, and appropriate security measures.

6. Transfers Outside the EEA

We primarily store and process data within the European Economic Area (EEA). If personal data is transferred to countries outside the EEA (for example, through third-party services such as Google), we ensure appropriate safeguards are in place, including:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other lawful transfer mechanisms under GDPR Chapter V

You may request information about the safeguards applied to specific transfers by contacting us.

7. Data Retention

We retain personal data only as long as necessary for the purposes described, unless a longer period is required by law:

  • Contact form and general inquiries: up to 24 months after last communication
  • Active coaching clients: for the duration of the agreement plus 24 months, unless longer retention is justified
  • Newsletter subscriptions: until you unsubscribe or withdraw consent
  • Cookie consent records: 12 months, after which consent is requested again
  • Server logs and security data: up to 90 days
  • Accounting and billing records: minimum 5 years under Bokføringsloven § 13 and applicable provisions of Regnskapsloven
  • Marketing consent records: for as long as marketing continues plus 24 months for documentation purposes

When retention periods expire, data is deleted or irreversibly anonymised.

8. Your Rights Under GDPR and Personopplysningsloven

As a data subject in Norway, you have the following rights:

  • Right of access (GDPR Art. 15) — obtain confirmation of processing and a copy of your data
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data
  • Right to erasure (Art. 17) — request deletion where legally applicable
  • Right to restriction of processing (Art. 18) — limit processing in certain circumstances
  • Right to data portability (Art. 20) — receive data in a structured, commonly used, machine-readable format where processing is based on consent or contract
  • Right to object (Art. 21) — object to processing based on legitimate interests, including profiling and direct marketing
  • Right to withdraw consent (Art. 7(3)) — at any time, without affecting the lawfulness of processing before withdrawal
  • Right not to be subject to automated decision-making (Art. 22) — we do not use automated decision-making or profiling that produces legal or similarly significant effects

To exercise your rights, email assist@rinsesparkbright.world or write to us at Kornsilovegen 54, 2316 Hamar, Norway. We will respond without undue delay and within one month, which may be extended by two further months for complex requests as permitted under GDPR Art. 12(3).

You have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):

9. Direct Marketing (Markedsføringsloven)

We send electronic marketing communications (email, SMS) only with your prior, explicit consent, as required by Markedsføringsloven § 15. Each marketing message includes a simple, free-of-charge option to opt out. You may also withdraw marketing consent at any time by contacting us or using the unsubscribe link in any email. Withdrawal does not affect the lawfulness of marketing sent before withdrawal.

10. Data Security

We implement appropriate technical and organisational measures under GDPR Art. 32, including:

  • HTTPS/TLS encryption for data in transit
  • Access controls limiting personal data to authorised personnel
  • Secure hosting environments with regular updates
  • Staff awareness of data protection obligations
  • Procedures for detecting, reporting, and investigating personal data breaches as required by GDPR Art. 33–34

While we take reasonable precautions, no method of transmission or storage over the internet is completely secure.

11. Children's Privacy

Our services are directed at adults. We do not knowingly collect personal data from children under 13 without verified parental consent, in line with Personopplysningsloven § 5 and GDPR requirements for information society services offered directly to children. If you believe we have collected data from a child without proper consent, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. The "Last updated" date at the top indicates the most recent revision. Material changes will be communicated through the website where appropriate. We encourage you to review this page periodically.

13. Related Policies and Contact

Please also read our Cookie Policy, Terms of Use (Vilkår) Pricing (Priser), and Right of Withdrawal (Angrerett).

For privacy-related questions or requests:

Rinsesparkbright
Kornsilovegen 54, 2316 Hamar, Norway
Email: assist@rinsesparkbright.world
Phone: +47 625 55 333