Digital Rooms

Smarketing AS is the data controller for the processing described in this notice when you access a Digital Room hosted on the Smarketing CONNECT Hub platform.

If you were invited to the Digital Room by one of our customers, that company may also act as a data controller for follow-up communication.

Where a Digital Room is created by one of our customers, Smarketing AS may act as a data processor on behalf of that customer with respect to engagement data generated within the room. In such cases, processing is governed by a data processing agreement between Smarketing AS and the customer.

When you access and use a Digital Room, we may collect:

• Name
• Email address
• Company name
• Technical information (IP address, browser type, device type)
• Usage data (pages viewed, documents opened, time spent, interactions)

We only collect information necessary to provide the service and generate engagement insights. The platform may use cookies or similar technologies.

We process this data to:

• Provide secure access to Digital Rooms
• Enable relevant business follow-up
• Improve communication and content relevance
• Generate engagement insights for the inviting company
• Ensure platform security and prevent misuse

We do not sell personal data.

Our legal basis for processing is:

• Legitimate interest (GDPR Article 6(1)(f)) in providing structured business communication and follow-up in a B2B context
• Contractual necessity where applicable

We balance our legitimate interests against your privacy rights and only process data in a way that is proportionate and expected in a professional context.

Engagement data from a Digital Room is made available to:

• The company that invited you to the Digital Room
• Authorized personnel within Smarketing AS responsible for platform operations

We do not share data with third parties for marketing purposes.

We use trusted sub-processors for hosting and technical infrastructure. These providers process personal data on our behalf under written data processing agreements and appropriate safeguards.

Personal data is stored only for as long as necessary to:

• Fulfill the purpose of the Digital Room
• Comply with legal obligations
• Maintain relevant business documentation

Data is periodically reviewed and deleted when no longer needed.

Under GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion where applicable
• Object to processing based on legitimate interest
• Request restriction of processing

You also have the right to lodge a complaint with your local data protection authority. In Norway, this is Datatilsynet.

We use appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.