tosdalen-privacy

Privacy Policy for Tosdalen.no

Effective Date: March 31, 2026

This Privacy Policy explains how personal data is collected, used, and protected when you use the website tosdalen.no (the “Service”), including when you log in using Facebook Login.

This policy is intended to comply with the EU General Data Protection Regulation (GDPR) and applicable Norwegian data protection laws.

---

1. Data Controller

The data controller responsible for processing personal data in connection with the Service is:

• Service Name: Tosdalen
• Website: https://tosdalen.no
• Contact Email: admin@tosdalen.no

For privacy-related inquiries, requests, or complaints, contact us via email.

---

2. Personal Data We Collect

a. Data from Facebook Login

When you log in using Facebook Login, we receive the following information from Meta Platforms, based on the public_profile permission:

• First and last name
• Profile picture URL
• App-scoped user ID

We do not request or collect additional Facebook data such as your email address, friends list, or private activity.

b. User-Generated Content

If you use the platform to post or interact with content, we collect:

• Text, media, and other content you choose to publish
• Related information such as timestamps

This content may be visible to other users or publicly accessible depending on how the Service is configured.

c. Technical Data

We automatically collect limited technical data necessary to operate and secure the Service:

• IP address
• Browser type and version
• Operating system
• Pages visited and timestamps

---

3. Purpose and Legal Basis for Processing

We process personal data under the following legal bases:

Purpose	Data	Legal Basis
Account creation and login	Facebook profile data	Performance of a contract (Article 6(1)(b))
Providing platform features (displaying profiles and content)	Name, profile image, user-generated content	Legitimate interests (Article 6(1)(f))
Security and fraud prevention	Technical data	Legitimate interests (Article 6(1)(f))
Handling user requests and legal obligations	Contact communications	Legal obligation (Article 6(1)(c))

Where legitimate interests are used, they are limited to operating, securing, and improving the Service in a balanced way.

---

4. Data Sharing and Processors

We do not sell personal data.

Personal data may be processed by third-party service providers only as needed to operate the Service, such as:

• Hosting providers (within the EEA)
• Email providers (for support communication)

These providers process data only on our behalf and under appropriate agreements where required.

---

5. Data Storage and Security

Data is stored on systems located within the European Economic Area (EEA).

We use reasonable technical and organizational measures to protect personal data, including:

• Encryption in transit (TLS)
• Access controls
• Secure database practices

---

6. Data Retention

We retain personal data only as long as necessary:

• Account and profile data: kept while your account is active
• User-generated content: kept until account deletion or removal by the user
• Inactive accounts: may be deleted after 36 months of inactivity
• Server logs: kept for up to 90 days unless needed longer for security reasons

When data is deleted, it is removed from active systems. Copies may remain in backups for a limited period and are deleted according to normal backup schedules.

---

7. Your Rights

Under the GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Request data portability

To exercise your rights, contact: admin@tosdalen.no

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

---

8. Facebook Data Deletion Instructions

If you used Facebook Login, you can request deletion of your data associated with the Service.

Step 1: Remove Facebook Access

1. Log in to Facebook
2. Go to Settings & Privacy → Settings
3. Select Apps and Websites
4. Find Tosdalen and remove it

This prevents further data sharing from Facebook.

Step 2: Request Deletion from Tosdalen

To delete your data stored by us:

• Send an email to admin@tosdalen.no with subject: “Data Deletion Request”
• Include your name or identifying information used on the Service

After verifying your request, we will:

• Delete your account profile
• Remove your Facebook-linked identifier
• Delete or anonymize related user content

Deletion is completed within 14 business days unless legal obligations require limited retention.

---

9. Cookies

We use only necessary cookies required for login and session management.

We do not use advertising or tracking cookies. If this changes, we will request user consent where required.

---

10. Changes to This Policy

We may update this Privacy Policy from time to time. Important changes will be communicated through the Service before they take effect.