Juridex AS (“Juridex”, “we”, “our”, or “us”) respects your privacy and is committed to protecting any information we hold about you. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data whenever you access or use Juridex products, services, features, and technologies, including our public websites (the “Site”), SaaS platform, desktop and browser plug-ins, APIs, and related applications (collectively, the “Services”). It also describes your rights and how to exercise them.
By using the Site or Services (together, the “Online Services”), you accept the practices described in this Privacy Policy. Questions? Write to Kontakt@webavanse.no
Subscribers and Content
• We license the Services to professional organisations (“Subscribers”) under separate agreements.
• For any documents, queries, or other materials uploaded to or generated by the Services (“Content”), Juridex acts as data processor and the Subscriber is the data controller.
• All other personal data described in this Policy is processed by Juridex as data controller.
Third-party sites
This Policy applies only to juridex.no, app.juridex.no, and related sub-domains that we operate. It does not apply to external websites that link to or from our Online Services.
• Account details: name, business e-mail, organisation, role/title, preferred language, password hash or SSO ID
• Communications: enquiries, support tickets, feedback, phone recordings, e-mail content
• Social-media interactions: public profile name, contact details, analytics from LinkedIn, YouTube, X/Twitter, etc.
• Surveys and contests: voluntary responses, satisfaction ratings, prize-draw entries
• Reviews & testimonials: quotes and job titles you have agreed we may publish
• Log data: IP address, browser type, referrer, date/time, pages viewed, click paths
• Device data: device model, OS, screen resolution, locale, time-zone
• Usage data: features used, API calls, session duration, error reports (never your Content)
• Cookies and similar tech: essential, functional, and analytics cookies (e.g., Google Analytics). You can disable cookies in your browser, though some features may not work.
• Identity-verification vendors, marketing partners, event organisers, or Subscribers who provision your account.
We index public legal sources (court decisions, statutes, etc.). Although these may mention individuals, we use them only to provide search and analytics functions—not to profile those individuals.
We may combine and de-identify data to create usage statistics or trend reports. This information cannot reasonably identify you.
Main purposes and legal bases
• Provide, secure, and support the Services; perform our contract with your organisation (GDPR Art 6 (1)(b)).
• Respond to enquiries, troubleshoot issues, and improve customer experience (legitimate interest, Art 6 (1)(f)).
• Product analytics, feature development, and cost allocation (legitimate interest).
• Identity verification, fraud prevention, and IT-security monitoring (legitimate interest).
• Customer surveys, reviews, and testimonials (consent or legitimate interest).
• Direct marketing about Juridex products and events (consent).
• Compliance with legal obligations such as tax or AML rules (Art 6 (1)(c)).
• Defence or exercise of legal claims (legitimate interest).
Typical retention periods
• Contract-related data: subscription term plus up to one year for audit logs.
• Support communications: duration of ticket plus three years.
• Marketing data: until you withdraw consent or opt out.
• Statutory data (e.g., bookkeeping): five to seven years or as required by law.
• Litigation holds: until claims are resolved and limitation periods expire.
• Affiliates in the Juridex group (under this Policy)
• Service providers for hosting, authentication, analytics, support, payments, etc., bound by data-processing agreements
• Third-party integrations you enable (e.g., Microsoft Word plug-in)
• Other users in your workspace when you collaborate
• Successors in mergers, acquisitions, or asset sales
• Authorities when required by law or necessary to protect rights, safety, or property
Our primary infrastructure sits in the EEA. If personal data is transferred outside the EEA, we rely on:
• Adequacy decisions, or
• Standard Contractual Clauses (SCCs) plus transfer-impact assessments, or
• An approved certification such as the EU-US Data Privacy Framework, or
• A specific derogation (e.g., your explicit consent).
Your rights remain the same regardless of where the data is processed.
Under the GDPR you may:
Access the data we hold about you
Request correction of inaccurate or incomplete data
Request deletion (“right to be forgotten”) in certain cases
Restrict or object to specific processing
Receive a portable copy of data you provided us
Withdraw consent at any time
Lodge a complaint with your supervisory authority (e.g., Datatilsynet in Norway)
To exercise any right, e-mail Kontakt@webavanse.no. We may ask for proof of identity before acting on the request.
We employ administrative, technical, and physical safeguards such as encryption in transit and at rest, role-based access controls, regular penetration testing, and continuous monitoring. A detailed Security Whitepaper is available on request.
We keep personal data only as long as necessary for the purposes described above or as required by law. When no longer needed, data is deleted or irreversibly anonymised; backups are purged on a fixed schedule.
We may update this Policy from time to time. The “Last updated” date shows when the latest version took effect. Material changes will be announced on the Site or by e-mail. Continued use of the Online Services after the update means you accept the revised Policy.
