This Privacy Policy explains how Superwork ("Superwork", "we", "us" or "our") collects, uses, shares and protects personal data when you visit superwork.co, contact us, or work with us. We are based in Norway and process personal data in accordance with the EU/EEA General Data Protection Regulation (GDPR).
If you have questions about this policy or how we handle your data, email us at thorstein.nordby@superwork.co.
1. Who we are
Superwork is a HubSpot and Revenue Operations consultancy. For the purposes of the GDPR, Superwork is the data controller for personal data collected through our website and in the course of our client relationships. When we deliver services inside a client's systems, we act as a data processor on that client's instructions.
2. Information we collect
Information you give us
When you fill in a form, book a call, subscribe to our newsletter, or email us, we collect the details you provide — typically your name, email address, company, role, and the content of your message.
Information we collect automatically
When you visit our website, we automatically collect certain device and usage data, including your IP address, browser type, time zone, the pages you view, and how you interact with the site. We collect this through cookies, log files and similar technologies (such as pixels and web beacons).
HubSpot tracking
We use HubSpot to run our website and marketing. HubSpot may record visits, page views, email opens and clicks, and form submissions, and associate them with your contact record so we can understand and improve our communications.
3. How we use your information
- To respond to your enquiries and provide the information you request;
- To deliver, manage and improve our services to clients;
- To send you updates, newsletters or marketing where you have consented or where we have a legitimate interest, and you can opt out at any time;
- To operate, secure, analyse and improve our website;
- To comply with our legal and contractual obligations.
4. Legal bases for processing
Under the GDPR we rely on one or more of the following legal bases:
- Consent — for example, marketing emails and non-essential cookies;
- Contract — to provide services you or your organisation have requested;
- Legitimate interests — to run, secure and improve our business and website, where not overridden by your rights;
- Legal obligation — where we are required to process data by law.
5. Cookies and tracking
We use cookies and similar technologies that fall into four categories: strictly necessary, analytics, functionality, and advertising. Some are set by us and some by third parties such as HubSpot, Google, LinkedIn and Meta. Cookie lifespans range from a few minutes to up to 400 days.
You can accept or decline non-essential cookies through our cookie banner, and you can manage or delete cookies in your browser settings at any time. Disabling some cookies may affect how the site works.
6. How we share your information
We do not sell your personal data. We share it only with trusted service providers ("processors") who help us run our business, including:
- HubSpot — CRM, website, forms and marketing;
- Google Analytics — website analytics;
- Advertising networks (such as LinkedIn and Meta) — measurement and, where consented, advertising;
- Hosting, email and infrastructure providers needed to operate our services.
We may also disclose data where required by law. You can opt out of Google Analytics using Google's browser add-on, and out of interest-based advertising through the settings offered by Google, LinkedIn, Meta and the relevant industry opt-out tools.
7. International transfers
Some of our providers (such as HubSpot and Google) process data outside the EU/EEA, including in the United States. Where data is transferred internationally, we rely on appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision.
8. Data retention
When you submit a form on our website, we keep your information for our records unless and until you ask us to delete it. More generally, we retain personal data only for as long as necessary for the purposes described in this policy or as required by law, after which it is deleted or anonymised.
9. Your rights
If you are in the EU/EEA, you have the right to:
- Access the personal data we hold about you;
- Ask us to correct or update inaccurate data;
- Ask us to delete your data ("right to be forgotten");
- Restrict or object to certain processing;
- Request a copy of your data in a portable format;
- Withdraw consent at any time, without affecting prior processing.
To exercise any of these rights, email thorstein.nordby@superwork.co. You also have the right to lodge a complaint with your local data protection authority — in Norway, that is the Norwegian Data Protection Authority (Datatilsynet).
10. Children
Our website and services are intended for businesses and are not directed at children. We do not knowingly collect personal data from children.
11. Do Not Track
Our website does not currently respond to "Do Not Track" signals from browsers, as there is no agreed industry standard for them.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, notify you. Please review it periodically.
13. Contact us
For any privacy question or request, contact us at thorstein.nordby@superwork.co or our contact page.