Privacy policy (GDPR)

Privacy policy for clients and partners etc.

Processing of personal data at DiaGraphIT® AS and its subsidiary GotreatITCloud®AS (hereafter jointly referred to as “DiaGraphIT®”)

  1. Introduction
    This privacy policy regulates our processing of personal data relating to the following individuals:
  • Contacts at business clients
  • Contacts at our suppliers and partners
  • Individuals involved in our projects
  • Visitors to our website
  • Anyone whose data we have access to when acting as data processor while installing and maintaining software we deliver to our clients

DiaGraphIT® takes privacy seriously. This makes it important that you know which information we collect and how we safeguard your privacy. This privacy policy primarily relates to our role as data controller.

However, it is also important for us to notify other ways we work to implement appropriate measures to safeguard privacy for our products and how we process personal data in our capacity as data processor. Product development: As a supplier and developer of software in the health and welfare service sector, we act in accordance with the requirements applicable to our clients in accordance with prevailing legislation and standards for the processing of personal data, including the requirement to take account of privacy in Article 25 of the GDPR and standards for information security and privacy in the health and welfare service.

Installation and maintenance assignments etc.: Whenever we gain access to personal data in our clients’ systems through performing installation, maintenance or upgrading services at our clients, we act as data processor, and process personal data on behalf of our client who is the data controller. In such cases, we enter into a data processor agreement with the data controller and act in accordance with our obligations under this agreement, including the instructions we are given by the data controller.

Whenever you use our website and/or contact us to use our services and products, DiaGraphIT® will process your personal data. Below you will find information regarding the personal data that is collected, why we collect it, and your rights relating to the processing of personal data.

The data controller for your personal data is the CEO of respectively DiagraphIT® AS or GotreatIT®Cloud AS (depending on which company the personal data is processed by).

The contact information for DiagraphIT® AS is:
Address: Vestre Strandgate 27–29
NO-4611 Kristiansand, Norway
Tel.: +47 948 07 032
Organisation no.: 986 923 993
The contact information for GotreatIT®Cloud AS is:
Address: Vestre Strandgate 27–29
Tel. +47 948 07 032
Organisation no.: 914 947 901

If you have any questions about how we process your personal data, please contact Tone Speilberg Birkenes at or on +47 948 07 032.

  1. Why we collect personal data and what type of information we collect 

We collect and use your personal data for different purposes, depending on who you are and how we contact you. Below is a list of the types of personal data we collect and why we collect it:

  1. For marketing and sending out newsletters and information about our company: e-mail address. The personal data is processed based on your consent, see GDPR Article 6, Para 1 a).
  2. To answer enquiries and maintain contact with potential and existing clients and partners: name, telephone number, e-mail address and any other personal data relating to the enquiry or contact. The personal data is processed based on a balancing of interests, see GDPR Article 6, Para 1 f). We consider this to be often necessary to be able to help you with your enquiry.
  3. To comply with our client agreements and issue invoices: Contact details that are received from business clients are used to follow up agreements and to issue invoices to the business at the request of the client. The lawful basis for processing is GDPR Article 6, Para 1 f) (balancing of interests). We consider this to be necessary to ensure that client agreements are properly implemented.
  4. Recruiting for new positions: CV, application, certificates and references. Personal data is processed on the basis of the consent that you have given, see GDPR Article 6, Para 1 a).
  5. We use cookies in order to collect information about the use of our website. We process personal data on the basis of a balancing of interests, see GDPR Article 6, Para 1 f) (balancing of interests). We consider this necessary to be able to customise our website for our users. However, we maintain your privacy by only using the data for statistical purposes. You cannot be identified as an individual from these statistics. We also erase the personal data we collect through our website on a daily basis.
  1. Disclosure of personal data to third parties

We will not disclose your personal data to third parties unless there is a lawful basis for such disclosure. Examples of such a basis will typically be an agreement with you or a legal requirement that instructs us to disclose the information.

DiagraphIT® uses data processors to collect, store or otherwise process personal data on our behalf. In such cases, we enter into agreements to safeguard information security in all stages of the processing. We currently use the following processors:

  • Evry ASA: Operating partner for DiaGraphIT®’s development environment. E-mail, Skype and backup.
  • Fast AS: Accounting firm.
  • 24Seven Office: CRM, time recording system and invoicing.
  • Atlassian: Input to the program is registered in Jira.

With the exception of processing performed in the Jira IT system, which we use as a case handling system and where the service provider states that data may be processed on their platform in countries such as the USA and Australia, all the personal data we process is processed in the EU/EEA. The transfer basis to the USA is the US Privacy Shield and the EU’s standard agreement.

  1. Storage period 

We store your personal data for as long as is necessary for the purpose of collection. This means, for example, that the personal data that we process on the basis of your consent is erased if you withdraw your consent. The personal data we process to fulfil an agreement with you is erased when the agreement is fulfilled and all of the obligations arising from the agreement have been satisfied.

  1. Your rights concerning our processing of your personal data 

You have the right to request access, rectification or erasure of the personal data we process relating to you. You also have the right to restrict processing, to object to processing and to claim the right to data portability. You can read more about these rights on the Norwegian Data Protection Authority’s website:

To exercise your rights you must contact us as outlined in item 1 of this privacy policy. We will respond to your enquiry as soon as possible and within 30 days at the latest.
You may withdraw your consent for our processing of personal data at any time. The easiest way to do this is to contact us as outlined in item 1 of this privacy policy.

  1. Complaints

If you believe that our processing of personal data is not consistent with the description given above or that we are in breach of data protection legislation in any other way, you may submit a complaint to the Norwegian Data Protection Authority.
For information about how to contact the Norwegian Data Protection Authority, please visit their website:

  1. Amendments

Any amendments made to our services or to the regulations governing the processing of personal data may result in changes to the information provided here. If we have your contact information, we will notify you of these amendments.

Are you ready to simplify your workday?