.png)
Who controls your data
Freysta AS is responsible for how personal data is processed in Freysta Portal.
Contact: post@freysta.com
Freysta Portal
Privacy Policy
A clear overview of how Freysta Portal handles personal data.
Privacy in short
Quick summary
Freysta Portal helps Freysta members explore jobs and communities and allows municipalities and employers to connect with them. To provide this service, we need to process some personal information. Below is a clear summary of what that means for you.
What data we process
We process account details, profile information you choose to add, messages, uploaded documents, and preferences used for jobs and community recommendations.
Who can see your information
Your information is available to you, the municipalities or employers involved in your interactions, and Freysta administrators when support or operations require it.
Freysta never sells personal data to third parties.
How communication works
Communication in the portal happens between Freysta members and municipalities, and between Freysta members and employers.
Users cannot send direct messages to other users outside those flows.
Your main rights
You can ask for access, correction, deletion, restriction, objection, and data portability under applicable data protection law.
How to contact Freysta
Freysta AS, Ovre Holen 24B, 5163 Laksevag, Norway
Organisation number: 929 913 477 MVA
Email: post@freysta.com
1. Data Controller
Freysta Portal is operated by Freysta AS.
Freysta AS, Ovre Holen 24B, 5163 Laksevag, Norway. Organisation number: 929 913 477 MVA. Email: post@freysta.com
Freysta AS is the data controller responsible for processing personal data through the portal.
2. Who Uses the Portal
Freysta Portal is used by Freysta members exploring jobs and communities, employers presenting businesses and job opportunities, municipalities working with settlement and integration, and Freysta administrators who operate and support the platform.
Different roles have access only to the information necessary for their interaction with the service.
3. Personal Data We Process
Depending on how you use the platform, we may process the following categories of data.
Account information
- name
- email address
- authentication identifiers
- account status information
Profile information
Information you choose to provide, for example:
- year of birth
- education and work experience
- language skills
- interests and preferences
- personal description
Communication data
When you communicate with municipalities or employers through the platform:
- message content
- message attachments
- thread participation
- read status
Case and document data
When municipalities use the Ferd module:
- case metadata
- tasks and notes
- journal entries
- uploaded documents
Notification data
To manage notifications we process:
- notification preferences
- notification delivery status
- technical identifiers used to deliver messages
System and security logs
To operate and protect the service we process limited technical data such as:
- audit logs of administrative actions
- system error logs
- notification delivery logs
These logs are limited to what is necessary for system operation and security.
4. Purpose of Processing
Providing the service
To create user accounts, manage profiles and enable interaction between Freysta members and municipalities or employers.
Communication
To allow Freysta members to communicate with municipalities and employers within the platform.
Recommendations and matching
The platform may recommend job opportunities and communities or villages.
Recommendations are based on user preferences and job metadata.
These recommendations are informational only and do not involve automated decisions that produce legal or similarly significant effects.
Case management
Municipalities may use the Ferd module to manage cases, documents and tasks related to integration work.
Security and system operation
We process technical and audit data to:
- ensure system reliability
- investigate errors
- prevent misuse
Support
Freysta administrators may access user accounts when necessary to assist with support requests.
Such access is logged.
5. Legal Basis for Processing
Personal data is processed on the following legal bases.
Contract
Processing necessary to provide the Freysta Portal service to registered users.
Legitimate interests
Freysta has legitimate interests in:
These interests are balanced against the privacy rights of users.
- maintaining system security
- preventing misuse
- operating and improving the service
- providing user support
Legal obligations
Certain records may be retained where required by law.
6. Service Providers
Freysta uses external service providers to operate the platform.
Examples include
- Hetzner - Hosting infrastructure for servers and databases.
- Clerk - Authentication and identity management.
- Google SMTP relay - Email delivery for system notifications.
- Azure Translator / Apertium - Translation of job listings and other public content.
These providers process personal data only on Freysta's instructions.
7. International Data Transfers
Some service providers may process data outside the European Economic Area (EEA).
When this occurs, Freysta ensures appropriate safeguards are in place, such as EU Standard Contractual Clauses or equivalent legal mechanisms.
8. Cookies and Sessions
Freysta Portal uses a secure session cookie to maintain user authentication.
The session cookie stores a signed session identifier, allows the platform to recognise logged-in users, and is not used for cross-site tracking.
Security settings include HttpOnly, SameSite protection, and secure transmission when HTTPS is used.
9. Data Retention
Personal data is retained only as long as necessary.
Examples include
- user accounts: until deletion or inactivity
- notification delivery logs: approximately one year
- system logs: limited retention through log rotation
- audit logs: retained for accountability and security purposes
Where possible, data may be anonymised or deleted when no longer required.
10. Your Rights
Under applicable data protection laws, you have the right to:
- access your personal data
- correct inaccurate data
- request deletion of your data
- restrict certain processing
- object to processing based on legitimate interests
- receive your data in a portable format
Requests can be sent to post@freysta.com.
11. Security
Freysta Portal implements several security measures, including:
- role-based access control
- database row-level security
- audit logging of administrative actions
- secure authentication
- encrypted network connections
Access to personal data is restricted to what is necessary for each role.
12. Updates to This Policy
This Privacy Policy may be updated if the service changes or if required by law.
Users may be informed of significant changes through the platform or by email where appropriate.
13. Contact
If you have questions about this Privacy Policy or how your personal data is handled, please contact Freysta AS.
Freysta AS, Ovre Holen 24B, 5163 Laksevag, Norway. Email: post@freysta.com