Privacy Statement


At Firmli, weprovide comprehensive software solutions designed to streamline Studentapplication processing and enhance business management for EducationalInstitutions and Agencies. Our Services include customised enterprisesolutions, standard CRM functionalities, and a range of Ancillary Services.

We respect yourprivacy and care about how your Personal Information is used. This PrivacyPolicy (the “Policy”) outlines how Firmli AS (“Company” or "us"or "we" or "our") and its affiliates collect,use, store, process, transfer, and disclose your information through ourwebsite“Website”), and Firmli TechnologyPlatform Software (“Software”)(together referred to as the “Platform”). This Policy applies to yourinteractions with and usage of our Platform, which facilitates efficientStudent application processing, Sub-agent management, and various AncillaryServices. Firmli integrates with multiple platforms to ensure seamless dataflow, offering a comprehensive suite of services including but not limited tocustom-built applications, standard CRM functionalities, lead management,application processing, and university agreements thereby streamliningworkflows and optimising recruitment processes (the “Services”). By reviewing this Policy, you will gain acomprehensive understanding of your privacy rights and choices.

Your access to or utilization of our Platform and/or Services operated by the company linked to this Policy implies your agreement to be governed by this Policy. By providing us with your Personal Information, you expressly consent to the use and disclosure of your Personal Information as outlined in this Policy. This Policy, along with the User Agreement[1] ,is applicable to your use of the Services and you explicitly agree and acknowledge to read the Privacy Policy in conjunction with the User Agreement. Please note that the capitalised terms not defined in this Policy are defined in the User Agreement.

The term “Personal Information” shall mean any information that relates to an identified or identifiable individual, and can include information that you provide to us and that we collect about you, such as when you engage with our Services (e.g. device information, IP address).

By utilising the Services, engaging with the Company's Platform, or furnishing your Personal Information, you explicitly agree and acknowledge that you accept the terms delineated in this Policy.

By visiting the Platform or providing your information, you expressly agree to be bound by this Privacy Policy and agree to be governed by the privacy laws including but not limited to the Norwegian Personal Data Act (personopplysningsloven), General Data Protection Regulation (GDPR),and/or any other relevant regulations governing data protection and privacy.


 1.1.       This Policy is inclusive andapplies to all Users of our Platform, irrespective of their browsing intent ortheir extent of utilising the Services offered on our Platform.               1.2.       The applicability of thisPolicy extends to Users regardless of the device type used for accessing ourPlatform, whether it be a laptop/desktop or a mobile/tablet device.               1.3.       We do not knowingly collect orsolicit Personal Information from individuals or Users who do not meet theeligibility criteria outlined in our User Agreement (see Clause 3). If you do not meet these criteria, please refrainfrom attempting to provide any Personal Information to us or using our Platformand/or Services.    


2.1.       To use our Platform, you arerequired to provide us with certain Personal Information. This may include butis not limited to the following:                                    

2.1.1.       Basic Information:                                       To book a Service demonstrationon the Website, you are required to provide us with your basic informationincluding but not limited to first name, last name, postal address, businessname, company location, and the time zone you are in to ensure accurate serviceand support, and other relevant information some of which will depend on thefeatures you use. Please note that to facilitate this booking, we utilise third-partyscheduling tools Calendly [2] [3] services, a third-partyservice provider integrated into our Website. By booking a demo,you understand and agree that you are also bound by the privacy policies andterms of these third-party tools;                                      To utilise the Platform and ourServices, you are required to provide us with your initial information aboutyour business, including business name and operational details, which will becollected via email on our Website. This helps us understand your basicrequirements and operational context.                                   

 2.1.2.       Contact information: such as emailaddress and mobile number;                                    

2.1.3.       Transaction data: If you choose topay for the Services through our Platform, we may collect certain information,such as your name and email address, to process your request. Paymentinformation, including credit/debit card details, will be required to beprovided directly to our payment processing partners. It’s important to notethat we do not access, store, or collect your credit/debit card information.;                                    

2.1.4.       Additional Information: This mayinclude information provided when using Ancillary Services facilitated bythird-party service providers. These services include commission management,education loans, forex services, assistance with bank accounts, access touniversity contracts, accommodation listings, information on institutions andscholarships, and banking services. Your interaction with these Services mayinvolve providing specific data relevant to their usage;                                    

2.1.5.       Social Media Platform: If yousubscribe to our blog, and newsletters, or contact us through social mediaplatforms including but not limited to LinkedIn, Facebook, Twitter, YouTube,Instagram, etc., we may collect and process your Personal Information availableon these platforms. This may include your name, email address, and phone numberas provided on your social media profiles;                                  

  2.1.6.       Recruitment Information: If youapply for a job at our Company through the careers page on our Website, we maycollect specific Personal Information, including your full name, email address,phone number, residential address, designation, present and expected CTC, andany other information provided in your resume;                                    

2.1.7.       Communication with us: This caninclude any communication that you send to us, including communications for anyinquiries, payments, technical support, etc;                                  

 2.1.8.       Device Identification data: Thisincludes information that may assist us in identifying your device, includinglogin information, browser type, and version, your operating system, etc; and                                    

2.1.9.       Other Data: This can include thefollowing, based on your interaction with the Platform-a.   The length of time you spent onthe Platform;b.   The period of time from whichyou became and have continued to be active on the Platform;c.    Other similar statistics we maycollect with the intention to improve the User experience of the Platform.               

2.2.       You agree to provide us withyour Personal Information whenever you use our Services by performing any ofthe following functions:                                    

2.2.1.       Accessing our Platform by meansof any web browser or any device;                                    

2.2.2.       Registering for our Services onthe Platform;                                   

2.2.3.       Inquiring about our Servicesthrough our Platform;                                    

2.2.4.       Initiating and maintainingcorrespondence with us.               2.3.       We take extra precautions toensure that such Personal Information is kept secure and confidential, and wewill only retain this data for as long as necessary for the purposes for whichwe collect it as per the permissible laws of the land.              

2.4.       This Policy will not apply toany unsolicited information provided by you through the Platform or through anyother means. This includes, but is not limited to, information posted on anypublic areas of the Platform. All such unsolicited information shall be deemedto be non-confidential, and we will be free to use and disclose suchunsolicited information without limitation.               

2.5.       We shall not be liable for anyloss or damage sustained by you as a result of any disclosure (inadvertent orotherwise) of any Personal Information concerning your credit cards, or debitcards in the course of any online transactions or payments made for anyServices offered through the Platform. For this purpose, we recommend that yougo through the terms of service of the payment service providers.               

2.6.       Access to your PersonalInformation is limited to our Consultants, employees, agents, partners, andthird parties, who we reasonably believe will need that information to enableus to provide Services to you. However, we are not responsible for the confidentiality,security, or distribution of your own Personal Information by our partners andthird parties (who have their own privacy policies) outside the scope of ouragreement with such partners and third parties.               

2.7.       When you use our Platform, wecollect and store your information, which is provided by you from time to time.In general, you can browse the Platform without telling us who you are orrevealing any Personal Information about yourself. Once you give us yourPersonal Information, you are not anonymous to us. Where possible, we indicatewhich fields are required and which fields are optional. You always have theoption to not provide information by choosing not to use a particular service,product, or feature on the Platform.    

3.       HOW DO WECOLLECT THE INFORMATION?               

3.1.       We employ various methods togather information, ensuring a comprehensive understanding of User interactionsand preferences. The collection of Personal Information is facilitated throughthe following processes:                                    

3.1.1.       Information you give us: When youprovide us with the information referred to in Clause

2.1 through the methodsoutlined in Clause 2.2;                                    

3.1.2.       Session Management: We study sessionmetrics to understand how Users interact with the Platform. This helps us learnthe average time Users spend on the Platform and when they prefer to engage. Weuse tools like Google Analytics (or alternatives) to collect anonymous data,including the number of views, how long Users stay, and where they're visitingfrom. This data allows us to optimize the User experience, making informedenhancements to cater to User preferences and behaviours;                                    

3.1.3.       User analytics: We analyse Userbehaviour and preferences by collecting and analysing Personal Information andmaintaining a track within the Platform to track and ensure accuracy, promptlyidentify any unusual behaviour, and detect fraudulent activities, allowing usto take immediate corrective action.               3.2.       In addition to direct Userinteractions, we leverage cookies and similar technologies to enhance thefunctionality and User experience on the Website. These allow us to collect andprocess additional information for various purposes:                                    

3.2.1.       Cookies: We utilize cookies, whichare small text files stored on Users' devices. These cookies assist in trackingUser preferences, optimising the Platform’s functionality, and providing acustomised experience. Users have the option to manage cookie preferencesoutlined through their browser settings. Below are the categories of cookiesused on our Platform, along with a description of what they are used for:                                      Strictly Necessary Cookies: Thesecookies are needed to run our Platform, to keep it secure when you areaccessing the Platform, and to obey regulations that apply to us. They alsohelp us keep your details safe and private;                                      Functional Cookies: These cookiesare used for remembering things such as your region or country, your preferredlanguage, accessibility options like large font or high-contrast pages;                                      Performance Cookies: These cookiestell us how you and our other Users use our Platform. We combine all this datatogether and study it. This helps us to improve the performance of our Servicesand/or the Platform;                                      Targeting/Advertising Cookies: Thesecookies are used to deliver content more relevant to you and your interests.They may also be used to limit the number of times you see an advertisement.                                    

3.2.2.       Purpose of Cookies We Use: Weutilise Personal Information obtained through cookies to enhance the speed andsecurity of your interaction with us. These cookies serve various purposes:                                      Preferences: Cookies enable theWebsite to remember information that alters the site’s behavior or appearance,such as your preferred language or geographic region. By retaining yourpreferences, we can customise and present advertisements and other contenttailored to you.                                      Security/Optimization: Cookies playa crucial role in maintaining security by verifying Users, preventingfraudulent use of Services, and safeguarding User data from unauthorisedaccess. Specific types of cookies assist in blocking various types of attacks,such as attempts to pilfer content from Website forms.                                      Processing: Cookies contribute tothe efficient functioning of the Website, allowing us to deliver the Servicesexpected by visitors and/or Users. These cookies facilitate tasks likenavigating web pages and accessing secure sections of the Website.                                      Advertising: We employ cookies toenhance the appeal of advertising to our Users. Common uses include selectingadvertisements based on relevance, improving campaign performance reporting,and avoiding the repetition of ads you may have already seen. Cookies captureinformation about your interactions with the Website, including your mostvisited pages.                                     Communication: Information collectedthrough cookies may be utilised to communicate with you, including sendingnewsletters, seeking your opinions and feedback, and providing Services andpromotional materials.                                      Analytics and Research: Cookies aidin comprehending how individuals utilise our Services, enabling us to enhancethem for a better User experience. This data-driven insight helps us refine andimprove our offerings.                                    

3.2.3.       Web Beacons, Pixel Tags, and Trackers: We may employ web Web Beacons, Pixel tags, and tracking URLs, whichare tiny graphic images and/or small blocks of code placed on Platform pages,ads, or in our emails that allow us to determine whether you performed aspecific action. When you access these pages or when you open an email, you letus know that you have accessed the web page or opened the email. These toolshelp us measure responses to our communications and improve our web pages andpromotions;                                    

3.2.4.       Log Files: Our servers automaticallycollect information sent by Users' devices, known as log files. This data mayinclude IP addresses, device information, browser type, and timestamps. Logfiles are instrumental in analyzing trends, administering the Website, anddiagnosing technical issues;                                    

3.2.5.       Third-Party Analytics: We mayintegrate third-party analytics services to further understand User behaviour.These services utilise their own tracking technologies to compile reports onPlatform activity, aiding us in improving our Services;                                    

3.2.6.       Location Data: As part of ourServices, we may also collect precise geolocation data, including GPS signals,device sensors, Wi-Fi access points, and cell tower IDs. We collect this typeof data if you grant us access to your location. You can withdraw your consentat any time by disabling the GPS or other location-tracking functions on yourdevice;                                     

3.2.7.       Information from other sources: We may collect PersonalInformation from other sources, including but not limited to:                                      If a User or any third party submits a complaint aboutyou, we may receive information relating to the specific complaint made inorder to understand and, where relevant, address the complaint; and                                      To the extent permitted byapplicable law, we may receive additional information about you, such asreferences, demographic data, and information to help detect fraud and safety issuesfrom

(i) third-party service providers, other third parties, and/or partners,or
(ii) Users and any other individuals, entities, and authorities, and combineit with information we have about you. For example, we may receive backgroundcheck results or fraud warnings from identity verification service providersfor use in our fraud prevention, security investigation, and risk assessmentefforts. We may receive information about you and your activities on and offthe Firmli Platform, including from Users, members of the public, orgovernmental, public, or tax authorities, or about your experiences andinteractions with and/or from our partners.    

4.       WHY DO WECOLLECT YOUR INFORMATION?               

4.1.       We shall collect yourinformation only for lawful and legally permissible purposes, which are asfollows:                                    

4.1.1.       Contractual Necessity: We processyour Personal Information to fulfil our contractual obligations with you, whichinclude without limitation tasks such as developing and deploying CustomisedSoftware, providing standard CRM solutions, Ancillary Services, etc;                                    

4.1.2.       Processing of Personal Information on Behalf of the User: This section pertains to the Personal Information of Studentscollected by our Customised Software Clients and Standard Software Clients (defined in the User Agreement), whereFirmli facilitates such collection and processing of Student applications. CustomisedSoftware Clients and Standard Software Clients determine the purpose andmethods of processing this Personal Information. Firmli processes such PersonalInformation strictly on behalf of and in accordance with the CustomisedSoftware Clients and Standard Software Clients’ instructions, solely to deliverits Services to them.                                    

4.1.3.       Transactions and Payments: Tofacilitate secure and efficient payment processing, as well as handletransactions related to Services on the Platform. Also, Personal information isutilised to enable or authorise payment services, including detecting andpreventing money laundering, fraud, abuse, and security incidents, complyingwith legal obligations, enforcing payment policies, and improving paymentservices;                                    

4.1.4.       Communicate with you: We use yourPersonal Information to communicate with you concerning Services via differentchannels (e.g., by phone, e-mail, chat), including to provide you with noticesabout your subscription, including expiration and renewal notices, emailinstructions, etc;                                    

4.1.5.       Fraud Prevention and Credit Risks: We use Personal Information to prevent and detect fraud and abuse toprotect the security of our Users;                                    

4.1.6.       Troubleshoot Problems: We use yourPersonal Information to provide functionality, analyse performance, healthcheck servers,  fix errors, and improvethe usability and effectiveness of the Platform and/or Services;                                    

4.1.7.       Compliance with law: To be able toperform any contractual and legal obligation;                                    

4.1.8.       Enhancing User Experience: Toanalyze User behaviour and preferences for improving our Services and Userexperience and to be able to provide location-specific services;                                    

4.1.9.       Recommendations and Personalisations: We use your Personal Information to recommend features, products,and Services that might be of interest to you, identify your preferences, andpersonalise your experience with the Platform and/or Services;                                 

4.1.10.       Enhanced Advertising and Marketing Efforts: In our efforts to provide, personalise, measure, and enhance ouradvertising and marketing endeavours, we engage in several key activities.Firstly, we utilise User information to send promotional and marketingmessages, tailoring them to suit individual preferences and interests.Additionally, we strive to customise and optimise advertising on variousplatforms to ensure relevance and effectiveness. Furthermore, we administerreferral programs, rewards, surveys, sweepstakes, contests, and otherpromotional activities to engage Users and foster community participation.Through the analysis of User characteristics and preferences, we aim to sendtargeted promotional messages that resonate with each User segment. Finally, weextend invitations to Users for events and relevant opportunities, enrichingtheir overall experience with our Platform;                                 

4.1.11.       You may opt out of receivingany or all, of these communications from us by following the unsubscribe linkor by emailing us at;and                                 

4.1.12.       Providing alerts/notifications: Toeffectively communicate with you through emails/SMS/notifications through theWebsite to inform you about any other new Services that we may from time totime develop.    


5.1.       To facilitate our Services andenhance User experience, we may share Personal Information with the followingentities:                                    

5.1.1.       Transactions: We may share paymentgateway links with you for making payments for our Services, and to facilitatesecure and efficient transaction processing, we may share your PersonalInformation necessary for transaction processing with such payment gatewayservice providers;                                    

5.1.2.       Third-party Service Providers: Wemay collaborate with third-party service providers to perform various functionson your behalf, including ancillary services such as commission management,education loans, forex services, and assistance with bank accounts. Theseservice providers may access the necessary Personal Information to fulfilltheir functions. They are also bound to process Personal Information incompliance with applicable laws. It's important to note that we do not own orcontrol these third parties. When you interact with these providers and utilisetheir services, you are consenting to share your information directly withthem, and your use of their services is governed by their respective privacypolicies;                                    

5.1.3.       Affiliates:We may share your information with our affiliates, in which case we willrequire those affiliates to honour this Privacy Policy. Affiliates may includeour parent company and any subsidiaries, joint venture partners, or othercompanies that we control or that are under common control with us;                                    

5.1.4.       Business Transfers: If we reorganise or sell all or a portion of our assets, undergo amerger, or are acquired by another entity, we may transfer your information tothe successor entity.  If we go out ofbusiness or enter bankruptcy, your information would be an asset transferred oracquired by a third party.  Youacknowledge that such transfers may occur and that the transferee may declineto honour commitments we made in this Privacy Policy.                                    

5.1.5.       Legal Compliance:                                       We may disclose yourinformation to courts, law enforcement, governmental or public authorities, taxauthorities, authorised third parties, or other users, if and to the extent weare required or permitted to do so by law or where disclosure is reasonablynecessary to:

(i) comply with our legal obligations,
(ii) comply with a validlegal request, such as a subpoena or court order, or to respond to claimsasserted against Firmli,
(iii) respond to a valid legal request relating to acriminal investigation to address alleged or suspected illegal activity, or torespond to or address any other activity that may expose us, you, or any otherof our Users to legal or regulatory liability,
(iv) enforce and administer ouragreements with users, including our User Agreement, additional legal terms,and policies,
(v) respond to requests for or in connection with current orprospective legal claims or legal proceedings concerning Firmli and/or thirdparties, in accordance with applicable law, or
(vi) protect the rights,property or personal safety of Firmli, its employees, its user, or users of thepublic;                                      Where legally required orpermissible according to applicable law, we may disclose user information torelevant tax authorities or other governmental agencies, depending on where youare based, for the purpose of the tax authorities’ determination of propercompliance with relevant tax obligations;                                      Where appropriate and/orlegally required, we may notify the User about legal requests, unless:

(i)providing notice is prohibited by the legal process itself, by court order wereceive, or by applicable law, or

(ii) we believe that providing notice wouldbe futile, ineffective, create a risk of injury or bodily harm to an individualor group, or create or increase a risk of fraud upon or harm to Firmli, ourUsers, or expose Firmli to a claim of obstruction of justice.                                    

5.1.6.       Service Improvement: We may share certain aggregated, anonymized information with thirdparties (for example, for Google Analytics) in order to assess the Platformusage and information pertaining to the ease of navigation;                                    

5.1.7.       Advertisements: We use third-partyadvertising companies to serve ads when you visit our Website. These companiesmay use information (not including your name, address, email address, ortelephone number) about your visits to the Website and other websites in orderto provide personalised advertisements about goods and services of interest toyou;                                    

5.1.8.       Collaborations: We may share yourPersonal Information with reputable partners to facilitate joint initiatives,promotions, or integrated services; and                                    

5.1.9.       Growth and Expansion: As our Platform evolves and expands, there may be instances wheresharing Personal Information with new entities or parties becomes necessary forthe enhancement of our Services. Any such sharing will be carried out with theutmost consideration for user privacy and in accordance with relevant legalframeworks.              

5.2.       We do not ever sell or rentyour Personal Information without your express approval.                

5.3.       We are not responsible for theactions of third parties with whom you share personal or sensitive data, and wehave no authority to manage or control third-party solicitations. If you nolonger wish to receive correspondence, emails, or other communications fromthird parties, you are responsible for contacting the third party directly.    

6.       HOW LONG DO WEKEEP YOUR PERSONAL INFORMATION?In compliance with applicable laws, we retain your PersonalInformation for a duration no longer than necessary for the purpose for whichit was collected or as mandated by relevant laws. The Data Center where yourdata is stored is automatically selected based on the country you choose whensigning up for Firmli services. After the termination of your Firmli Services,your Personal Information will be removed from the active database during thenext scheduled cleanup, which occurs every 6 months. Any data removed from theactive database will also be deleted from backups within 3 months thereafter.Upon the expiration of the reasonable retention period, Personal Informationshall be promptly deleted from our records. Consequently, it's important tonote that the rights to access, erasure, rectification, and data portabilitycannot be enforced after the expiration of the retention period. Additionally,we may continue to retain your Personal Information for the following purposesincluding but not limited to:               

6.1.       Legitimate Business Interest: We mayretain your Personal Information as necessary for our legitimate businessinterests, such as the prevention of money laundering, fraud detection andprevention, and enhancing safety. For example, if we suspend your access to ourServices for fraud or safety reasons, we may retain information to prevent thatUser from accessing our Services again in the future;               

6.2.       Legal, Tax, Reporting, and Auditing Obligations: We may retain and use your Personal Information to the extentnecessary to comply with our legal, tax, reporting, and auditing obligations;               

6.3.       Shared Information: Information you haveshared with others, such as reviews and forum postings, may continue to bepublicly visible on Firmli, even after your you are not using our Servicesanymore; and               

6.4.       Residual Copies: Because we takemeasures to protect data from accidental or malicious loss and destruction,residual copies of your Personal Information may not be removed from our backupsystems for a limited period of time.    


 7.1.       While our primary practice isto store all data on servers located within the Oslo, Norway, it's important tonote that certain circumstances may necessitate the transfer of your PersonalInformation to countries outside your residential country. These transfers mayoccur for various purposes outlined in this Policy.               

7.2.       You understand and accept thatother countries may have differing (and potentially less stringent) lawsrelating to the degree of confidentiality afforded to the information it holdsand that such information can become subject to the laws and disclosurerequirements of such countries, including disclosure to governmental bodies,regulatory agencies, and private persons, as a result of applicablegovernmental or regulatory inquiry, court order or other similar processes. Inaddition, a number of countries have agreements with other countries providingfor the exchange of information for law enforcement, tax, and other purposes.               

7.3.       If we transfer your PersonalInformation to third parties for purposes stated in this Policy, we will useour best endeavours to put in place appropriate controls and safeguards toensure that your Personal Information is kept accurate, adequately protected,and processed only for specified and reasonable purposes in a manner that isfair, transparent and has a lawful basis, and is stored for no longer than isabsolutely necessary.    


8.1.       We prioritize the security ofyour data by utilising secure cloud servers, where your Personal Information isencrypted at rest, adding an extra layer of protection against unauthorizedaccess. We implement reasonable physical, electronic, and procedural safeguardsto ensure the confidentiality and integrity of your information. At Firmli, weprioritize the security of your data using robust measures to safeguardconfidentiality and integrity. We employ industry-standard AES-256 encryptionfor data at rest on secure cloud servers. Data transmitted over public networksis protected by Transport Layer Security (TLS) 1.2/1.3 encryption, mitigatingrisks of unauthorised access or alterations.               

8.2.       Internally, we manage andcontrol encryption keys through our proprietary Key Management Service (KMS).While Users cannot currently upload and use their own encryption keys, ourencryption protocols are designed to meet stringent security standards.               

8.3.       Further, to defend againstpotential Distributed Denial of Service (DDoS) attacks, we leverage advancedtechnologies from reputable service providers, implementing proactivemitigation measures to ensure service availability and reliability. Also,routine security measures include automated and manual penetration testing,conducted by certified third-party scanning tools and proprietary in-housetools. These tests thoroughly assess our Platform's security posture andidentify vulnerabilities for timely remediation.               

8.4.       While we work diligently toprotect the security of your Personal Information during transmission by usingencryption protocols, it's important to note that we do not accept liability incase of any data loss. Additionally, we do not accept liability for any loss ofUser Content.               

8.5.       Despite our comprehensivemeasures, Users should acknowledge and accept the inherent securityimplications of data transmission over the Internet and the World Wide Web.Complete security cannot be guaranteed, and inherent risks persist. Therefore,Users bear the responsibility of safeguarding their access to our Services. Weremain committed to continually enhancing our security protocols to addressemerging threats and maintain the trust of Users.    


9.1.       We have an Incident SupportTeam dedicated to informing and assisting respective Users in the event of asecurity breach. We notify our affected Users within 3-4 business days of theincident. Upon request, our affected Users will receive a comprehensive reportwithin 7-10 business days.               

9.2.       However, subject to Clause 9.1,in the event of a data breach or security incident, we maintain a proactiveapproach to ensure swift resolution and mitigate potential risks. We haveestablished a comprehensive incident response plan designed to address suchoccurrences promptly and effectively:                                    

9.2.1.       Identification: We promptly identify andacknowledge any signs of a data breach or security incident within our systemsor infrastructure;                                    

9.2.2.       Containment: Immediate action is takento contain the impact of the breach, preventing further unauthorised access ordamage to data;                                    

9.2.3.       Notification: We prioritise transparencyby promptly notifying affected parties, including Users and relevantstakeholders, about the breach and its potential impact on their data;                                   

9.2.4.       Collaboration: We collaborate withrelevant authorities, such as regulatory bodies and law enforcement agencies,to report the incident and comply with any legal obligations or regulatoryrequirements; and                                    

9.2.5.       Post-Incident Assessment: Following theresolution of the incident, we conduct thorough assessments to evaluate theeffectiveness of our response measures and identify areas for improvement.  


10.1.       Firmli AS will act as the datacontroller where we make decisions on how your Personal Information is used inconnection with the Platform or our Services. We will act as the data processorwhere we only use your Personal Information as authorised and instructed by athird party in connection with the website, or our applications or services.            

10.2.       Where we are acting as the datacontroller, we are responsible for the obligations of a data controller underdata protection laws in connection with the processing of your PersonalInformation and we use this Privacy Policy to provide you with informationabout our use of your Personal Information.           

10.3.       Where we are acting as a dataprocessor, the relevant third party will be acting as a data controller andwill be responsible for the obligations of a data controller under dataprotection laws in connection with the processing of your Personal Information.If you are accessing the Platform, or our Services through a third party, youshould contact them with queries regarding the processing of your PersonalInformation or compliance with data protection law.            

10.4.       You understand and acknowledgethat Firmli AS is the controller for the processing of your PersonalInformation. Our contact information is: Address: Oslo Science Park, Gaustadalléen 210349 Oslo,NorwayEmail: privacy@firmli.comOrganisation no.: 925 402 168 


11.1.       You, as a data subject, mayhave certain rights to your Personal Information with us, as under:                                

11.1.1.       Request access to your Personal Information: This allows you to receive a copy of the Personal Information wehold about you, and to check that we are lawfully processing it;                                 

11.1.2.       Request the correction of your Personal  Information: Thisallows you to ask for any incomplete or inaccurate information we hold aboutyou to be corrected;                                 

11.1.3.       Request the erasure of your Personal Information: This allows you to ask us todelete or remove your Personal Information from our systems where there is no good reason for us tocontinue processing it;                                 

11.1.4.       Object to the processing of your Personal  Information: Thisallows you to object to our processing of your Personal Information  for a specific purpose (for example, formarketing purposes);                                 

11.1.5.       Request the transfer (data portability) of your Personal  Information: Thisallows you to request the transfer of your Personal Information in astructured, commonly used, machine-readable format, either to you or to a thirdparty designated by you and, if technically feasible, have it transmitted toanother controller without any hindrance. This provision is applicable providedthat your information is processed by automated means and that the processingis based on your consent, on a contract of which you are part of, or onpre-contractual obligations thereof;                                 

11.1.6.       Request the restriction: You have theright to request the restriction of processing of your Personal Information.This means we will store your Personal Information but not further process it,except in limited circumstances (e.g., with your consent or for legal claims);                                 

11.1.7.       Request further information on the processing of your PersonalInformation: You have the right to obtain furtherinformation on how we process your Personal Information. This includes detailsabout the purposes of the processing, the categories of Personal Informationinvolved, the recipients or categories of recipients with whom the PersonalInformation has been or will be shared, and the envisaged retention period ofthe Personal Information.                                 

11.1.8.       Withdraw your Consent: This right onlyexists where we are relying on your consent to process your PersonalInformation. If you withdraw your consent, we may not be able to provide youwith access to certain features of our Platform. We will advise you if this isthe case at the time you withdraw your Consent.                                 

11.1.9.       User’s State-Specific Rights:                                    If youare a citizen of the European Union, you have additional rights listed in Schedule I. Please refer to Schedule Ibelow for more detailed information on your rights.                                   If youare residing in the United States including states such as  California, Colorado, Connecticut, Delaware,Florida, Iowa, Montana, Nevada, Oregon, Texas, Utah, Vermont, Virginia, orWashington, or are otherwise protected by privacy or consumer health data lawsin those jurisdictions, please refer to ScheduleII that outlines state-specific rights and protections afforded to you.                                   If youare residing in the UK or Switzerland, you have rights listed in Schedule III. Please refer to ScheduleIII below for more detailed information on your rights.                                   If youare residing in the Philippines, you have rights listed in Schedule IV. Please refer to Schedule IV below for more detailedinformation on your rights.                              

11.1.10.       Pleasenote that these Schedules are supplemental to our Privacy Policy.                              

11.1.11.       In relation to the above, youcan exercise such right by sending us an email with your request to privacy@firmli.comalong with the necessary proof of identity requirements that we may requireprior to processing such a request from you.                              

11.1.12.       It's important to note that wemay not accommodate a request to change information if we believe the changewould violate any law or legal requirement or cause the information to beincorrect.                              

11.1.13.       While we strive to cover theprivacy rights of Users in various jurisdictions through this Privacy Policyand the accompanying Schedules, we understand that some Users may be in regionswith specific data protection laws that are not explicitly addressed here. Ifyou are a User whose data subject rights are not clearly covered in thisPrivacy Policy or the Schedules, please reach out to us for assistance at can contact us to:

(a) inquire about the processing of your PersonalInformation;

(b) request access, rectification, or erasure of your PersonalInformation;

(c) restrict or object to the processing of your PersonalInformation; and

(d) exercise any other rights granted under applicable dataprotection laws in your jurisdiction.                              

11.1.14.       We are committed to respectingand protecting your privacy and will make every effort to accommodate yourrequests and address your concerns in accordance with applicable laws.                              

11.1.15.       Please be aware that theserights are subject to legal restrictions. We will respond to your request assoon as possible, typically within one month at the latest. If you believe thatour processing of your Personal Information is unlawful, you have a right tocomplain to the Norwegian Data Protection Authority. We hope that you willfirst contact us so that we can assess your objections and clarify anymisunderstandings.  

12.       HOW CAN YOUEXPRESS YOUR COMPLAINTS AND CONCERNS?Usersatisfaction is one of the key focus areas and an integral part of ourPlatform’s founding principles and business policies. We strongly believe thatUser satisfaction is the most important factor in the growth and development ofour business and hence, we have adopted User centricity as a priority indeveloping our business processes. The terms below shall constitute our “User Grievance Redressal Policy” whichoutlines the framework for addressing User grievances:             

12.1.       Objective: The objective of thisGrievance Policy is to provide a framework:                                 

12.1.1.       to ensure the provision oftimely and effective resolution of issues raised by the User; and                                  

12.1.2.       to keep the User informed aboutthe manner in which they can reach out to us to resolve their queries andgrievances.            

12.2.       Governing Principles: The policy ongrievance redressal is governed by the following principles:                                 

12.2.1.       User shall be treated fairly atall times;                                 

12.2.2.       issues raised by Users arealways attended to with courtesy and on time;                                 

12.2.3.       Users are provided witheffective and satisfactory resolution within a reasonable time period; and                                  

12.2.4.       Users are fully informed ofavenues to escalate their issues/ grievances if they are not fully satisfiedwith the response to their complaints.            

12.3.       User Support: Any User can reach outto our User support team/ representative through electronic mode by way of anemail communication at; and            

12.4.       Must Know: You must know andunderstand that-                                 

12.4.1.       We DO NOT solicit confidentialdetails like your OTP/CVV/PIN/Card Number/ Bank account details through anymeans.                                  

12.4.2.       Scamsters/fraudsters attemptvarious techniques such as ‘phishing’, to contact, influence, and defraudconsumers. We regularly caution our Users against sharing any personal orpayment-sensitive information with unknown persons as such sharing leads tounauthorized use and/or fraud and consequent financial loss.                                 

12.4.3.       We shall not be liable for anyloss, damage, or expense incurred by a User where the User has shared personaland/or payment-sensitive information with scamsters/fraudsters.                                 

12.4.4.       We also request and encourageour Users to report such attempts or incidents to us at privacy@firmli.comto enable us to investigate and explore legal recourse.  

This Policy may be updated at our sole discretion or due to changesin the law. Such changes, unless otherwise stated, will be effective from theday and date of posting on the Platform. We reserve the right to update thePolicy without obligation to notify Users. It is recommended to regularlyreview this Policy for any changes, as your continued access and use of thePlatform will be considered your approval and acceptance of all modificationsto this Policy. In cases where applicable law mandates, we may notify you ofupdates through email. If you do not agree with this Policy governing ourPlatform, please refrain from using the Platform or the Services provided byus. 

Should youneed additional information or have any questions or complaints regarding thehandling of your Personal Information, please reach out to us in writing at: Email:                          

ScheduleI-  European Union Residents

Firmli is committedto ensuring its compliance with the European Union General Data ProtectionRegulation (‘GDPR’).Although ourPrivacy Policy explains how Firmli meets all of its obligations for Usersresiding in Norway, Firmli also has some Users who are habitually located inthe European Union (‘EU Residents’) that have additional rights with respect totheir Personal Data.

Personal Data is defined as: “Anyinformation relating to an identifiable person who can be directly orindirectly identified in particular by reference to an identifier”. This should be considered fundamentallyinterchangeable with the expression “Personal Information” for the purposes ofthis Privacy Policy.Under the GDPR,Firmli AS is primarily a “controller” of Personal Data, as opposed to being a“processor”. As part of its GDPR compliance, Firmli provides the Services in away that ensures: Personal Data (i.e. Personal Information) is processedfairly, lawfully, and in a transparent manner; and collected and processed onlyfor specified and lawful purposes.We ensure that thePersonal Information we collect about you is accurate, complete, and used forits intended purpose. You may access, review, correct, and update yourInformation or close your account by contacting us by email at the contactdetails below.


In certaincircumstances, you have certain rights regarding your Personal Information. Asummary of each right and how you can exercise it is detailed below. Toexercise any of these rights, please contact us at requests should include information to allow us to verify your identity(e.g. your name, address, email address or other information reasonablyrequired).Where we receiveyour request to exercise one of these rights, we will respond without unduedelay and within the time required by applicable law. This may be extended incertain circumstances, e.g. where requests are complex or numerous.We will provide theinformation free of charge, except where requests are manifestly unfounded orexcessive, e.g. because of their repetitive character. In these circumstances,we may charge a reasonable fee or may refuse to act on the request. We willadvise you of any fees prior to proceeding with a request. We may ask foradditional information to verify your identity before carrying out a request.


Right to access and/or correct your Personal Information

You have theright to access the Personal Information we hold about you, and to be providedwith a copy of the information (in most circumstances). You also have the rightto correct any information we may hold about you that is inaccurate.

Right to restrict the use of your Personal Information

You have theright to ask us to restrict the processing of your Personal Information whereone of the following applies:
●    The processing is unlawful, butyou want us to restrict the use of the data instead of deleting it;
●    Where you contest the accuracyof your Personal Information, the restriction will apply until we have verifiedthe accuracy or corrected your Personal Information;
●    We no longer require thePersonal Information for the purposes of the processing, but are required tokeep it in connection with a legal claim;
●    You have exercised your rightto object to the processing. The restriction will apply until we have takensteps to verify whether we have compelling legitimate grounds to continueprocessing. 

Right to withdraw     consent and request deletion of your Personal Information

●    You have the right to ask us todelete your Personal Information in most circumstances. There are also certainexceptions where we may refuse a request for erasure, for example, where thePersonal Information is required to comply with a legal obligation or for theestablishment, exercise, or defence of legal claims.
●    You may object to our use ofyour Personal Information for marketing purposes. Users can opt out of thisthrough the functionality provided in each marketing communication (e.g. byclicking “unsubscribe” at the bottom of an email).
●    Further, You may also object tothe processing of your Personal Information in cases where we have usedlegitimate interests as the basis for processing. In such cases, we will stopprocessing your Personal Information until we verify that we have compelling legitimategrounds for processing that outweigh your interests, rights, and freedoms inasking us to stop processing the data, or in limited cases where we need tocontinue processing the data for the establishment, exercise, or defence oflegal claims. 

Right to data portability

In most cases,you have the right to receive all Personal Information you have provided to usin a structured, commonly used, and machine-readable format and to transmitthis data to another data controller, where technically feasible.

Right to lodge a complaint with a supervisory authority

If you wish toraise a complaint in relation to how we processed your Personal Information,please contact us at ____________We take your privacy and data protection very seriously in ExpertGate and weendeavour to address your complaint as expediently and as thoroughly as we canto find a satisfactory resolution for you.

ScheduleII-  United States Residents

Ifyou reside in California, Colorado, Connecticut, Delaware, Florida, Iowa,Montana, Nevada, Oregon, Texas, Utah, Vermont, Virginia, or Washington, or areotherwise protected by privacy or consumer health data laws in thosejurisdictions, this section supplements our main Privacy Policy and outlinesspecific rights and protections afforded to you.

Your Privacy Rights:

●    Right to access: You can access theinformation that has been provided by you by reaching out to us at

●    Right to withdraw consent: Theconsent that you provide for the collection, use, and disclosure of yourPersonal Information will remain valid until such time it is withdrawn by youin writing. If you withdraw your consent, we will stop processing the relevantPersonal Information except to the extent that we have other grounds forprocessing such Personal Information under applicable laws. We will respond toyour request within a reasonable timeframe. You may withdraw your consent atany time by contacting us; and

●    Right to Opt-Out: You have the rightto opt out of certain processing activities, such as the sale of PersonalInformation or the use of Personal Information for targeted advertisingpurposes. Firmli will respect your preferences and refrain from such activitiesupon your request.

●    Right to correction: You areresponsible for maintaining the accuracy of the information you submit to us,including but not limited to your Branding Content, Customisation Information,and User Content..For any necessary updates or corrections to your PersonalInformation, Users can easily modify details using the provided Dashboardfunctionalities or by reaching out to us at

●    Right of Access and Portability: Insome jurisdictions, applicable law may entitle you to request certain copies ofyour Personal Information or information about how we handle your PersonalInformation, request copies of Personal Information that you have provided tous in a structured, commonly used, and machine-readable format, and/or requestthat we transmit this information to another service provider, wheretechnically feasible.

●    Right of Erasure: In some jurisdictions, you can request that your PersonalInformation be deleted. 

Appeals Process:Ifyou disagree with Firmli's response to your privacy rights request or believeyour rights have not been adequately addressed, you have the right to appeal.You can submit your appeal in writing to our Data Protection Officer at privacy@firmli.comwith the subject line "Appeal of Privacy Rights Request" or you cansend us a notice at the following addressAddress: Oslo Science Park, Gaustadalléen 210349 Oslo, NorwayEmail:privacy@firmli.comOrganisation nr.: 925 402 168 

Data Retention and De-Identification:

Firmliis committed to retaining Personal Information only for as long as necessary tofulfil the purposes for which it was collected, as outlined in our main PrivacyPolicy (see Clause 6). We may alsotake measures to de-identify Personal Information in accordance with applicablelaws and regulations.

Additional Information:

Formore detailed information on how Firmli handles your Personal Information,including our data collection practices, security measures, and third-partydisclosures, please refer to our main Privacy Policy available.                   Schedule -III: United Kingdom (UK) or SwitzerlandResidentsIf you are aresident of the UK or Switzerland, you have a number of rights under applicabledata protection laws in relation to your Personal Information. Under certaincircumstances, you have the right to:

●    Have access to your PersonalInformation by submitting a request to us;
●    Have your Personal Informationdeleted;
●    Have your Personal Informationcorrected if it is wrong;
●    Have the processing of yourPersonal Information restricted;
●    Object to further processing ofyour Personal Information, including to object to marketing from us;
●    Make a data portabilityrequest;
●    Withdraw any consent you haveprovided to us;
●    Restrict any automaticprocessing of your Personal Information; and
●    Complaint to the appropriateSupervisory Authority.
●    To exercise any of theserights, please contact us at                  

Schedule- IV: Philippines Residents

As a datasubject under the Philippines Data Privacy Act, you are entitled to thefollowing rights: (a) Right to Information:You have theright to be informed whether your Personal Information is being processed, andto receive specific information prior to the entry of your Personal Informationinto our processing system or at the next practical opportunity. This includes: 
●    Description of the PersonalInformation being processed
●    Purposes for which yourPersonal Information is being or will be processed
●    Scope and method of PersonalInformation processing
●    Recipients or classes ofrecipients to whom your Personal Information may be disclosed
●    Methods utilised for automatedaccess, if allowed, and the extent of such access
●    Identity and contact details ofthe Personal Information controller or its representative
●    Period for which theinformation will be stored
●    Existence of your rights toaccess, correction, and the right to lodge complaints. (b) Right of Access: You have theright to access a copy of the data we hold about you, including: 
●    Contents of your PersonalInformation that have been processed
●    Sources from which yourPersonal Information was obtained
●    Names and addresses ofrecipients of your Personal Information
●    Manner in which your data wereprocessed
●    Reasons for the disclosure ofyour Personal Information to recipients
●    Information on automatedprocesses affecting or likely to affect decisions about you
●    Date when your PersonalInformation was last accessed and modified
●    Designation, name, or identityand address of the Personal Information controller. 

(c) Right to Rectification:You have theright to dispute any inaccuracy or error in your Personal Information andrequest its immediate correction by the Personal Information controller, unlessthe request is vexatious or unreasonable. Upon correction, the controller shallensure accessibility of both the corrected and retracted information torecipients upon reasonable request. 

(d) Right to Erasure:You have theright to suspend, withdraw, or order the blocking, removal, or destruction ofyour Personal Information from the controller’s filing system upon discoveryand substantial proof that the information is incomplete, outdated, false,unlawfully obtained, used for unauthorised purposes, or no longer necessary forthe purposes it was collected. 

(e) Right to Object:You have theright to object to the processing of your Personal Information, including profilingbased on automated processing. This right applies where the processing is basedon legitimate interests pursued by the data controller or a third party, or fordirect marketing purposes. (f) Right to Indemnification:You have theright to be indemnified for any damages sustained due to inaccurate,incomplete, outdated, false, unlawfully obtained, or unauthorised use of yourPersonal Information. 

Transmissibility of Rights of the Data Subject: 

The lawful heirsand assigns of the data subject may invoke the rights enumerated above at anytime after the death of the data subject or when the data subject isincapacitated or incapable of exercising these rights. 

Right to Data Portability 

You have theright to receive a copy of your Personal Information undergoing processing inan electronic or structured format that is commonly used and allows for furtheruse by you, where feasible and applicable under the law. 


The rightsspecified above do not apply if the processed Personal Information is usedsolely for scientific and statistical research purposes, with strictconfidentiality and no decisions affecting the data subject being made on thisbasis. Likewise, these rights do not apply to the processing of PersonalInformation gathered for investigations related to criminal, administrative, ortax liabilities of a data subject.        Place a hyperlink here.let not specific on thisCorrected. Made it generic. Now it says that incase you use any third-party tools to schedule a demo, users should besubject to their terms and privacy policies too.