Privacy Policy
Last Updated: December 2025
1. Overview
Nordic Leads AS (“NL,” “we,” “us,” and “our”) respects your privacy and is committed to protecting it through compliance with this Privacy Policy (“Privacy Policy”). This Privacy Policy describes how we collect and use your Personal Information when you visit our website at https://nordicleads.ai (including all subdomains), communicate with us, or we otherwise process your Personal Information (collectively, the “Services”), except as specified below with respect to our role as a controller.
We use GoHighLevel (GHL) as our primary platform for managing leads and marketing activities. When we process Personal Information on behalf of our clients or partners using GHL, we act as a controller for the data we collect directly, while GHL acts as our processor. This Privacy Policy applies to Personal Information we collect and control. For data processed solely by GHL on our behalf, GHL’s privacy policy may also apply in addition to this one.
Please read this Privacy Policy to understand our policies and practices regarding your Personal Information and how we will handle it. If you do not agree with our policies and practices, do not use our Services. By accessing or using our Services, you agree and consent to this Privacy Policy. This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR) as applicable in Norway and the EEA, as well as A2P (Application-to-Person) messaging regulations for SMS and other communications.
2. Information That We Collect About You
We collect Personal Information about you:
Directly from you when you provide it to us. When you engage with our Services, such as signing up for marketing communications, requesting information, or interacting with our telemarketing or other marketing campaigns, we may collect your full name, email address, phone number, and in some cases, your address. If you provide Personal Information about others, you are responsible for ensuring you have the authority to do so and for obtaining any necessary consents.
From third parties. We may obtain information from marketing partners, data providers, or public sources, including name, contact details, and professional information.
Automatically when you use our Services. We collect information about your device (e.g., IP address, browser type) and interactions with our website or communications, using cookies and similar technologies. For more details, see our separate Cookies Policy (if applicable) or contact us.
We primarily collect this data for telemarketing purposes currently, but we plan to expand to other marketing strategies, such as email marketing, SMS campaigns, social media advertising, and more. All collections are conducted with appropriate consents where required for GDPR and A2P compliance.
3. How We Use Information We Collect About You
We use your Personal Information for the following purposes:
- To Provide and Improve Services. To deliver marketing services, personalize communications, analyze usage, and develop new features.
- For Marketing and Communications. To conduct telemarketing, send emails, SMS messages, or other marketing materials based on your consent. We ensure A2P compliance by obtaining opt-in consent for SMS and providing easy opt-out options like unsubscribe from email list and reply with STOP on SMS.
- For Customer Support and Business Operations. To respond to inquiries, manage accounts, perform billing, and comply with contractual obligations.
- To Protect and Secure Services. For fraud prevention, security monitoring, and compliance with laws.
- For Statistical and Analytical Purposes. To identify trends and improve our marketing strategies.
- For Legal, Regulatory, and Compliance Purposes. To meet obligations under GDPR, A2P regulations, and other laws.
We do not use your Personal Information to train public AI models. Any AI features in our Services (e.g., via GHL) are used solely to enhance our offerings, with data processing limited to the specific service.
LEGAL BASIS FOR OUR USE: Under GDPR, we process Personal Information based on:
Your consent (e.g., for marketing communications, including telemarketing and SMS).
Legitimate interests (e.g., improving Services, fraud prevention), where not overridden by your rights.
Contractual necessity (e.g., fulfilling requests).
Legal obligations (e.g., record-keeping).
If consent is the basis, you can withdraw it at any time without affecting prior processing. We are the data controller for Personal Information collected through our Services. Contact us for details on legal bases.
4. How We Protect Your Information
We implement reasonable administrative, technical, and organizational measures to protect your Personal Information against unauthorized access, loss, or disclosure, in line with GDPR requirements. We require processors like GHL to apply similar protections. No system is 100% secure; notify us immediately if you suspect a breach.
5. When We Share Your Information
We may share Personal Information with:
- Affiliates and Subsidiaries. For purposes consistent with this Policy.
- Service Providers and Processors. Such as GHL for platform services, hosting, analytics, and marketing tools. Contracts ensure GDPR-compliant protections, including data processing agreements.
- Marketing Partners. For joint campaigns or advertising, with your consent where required.
- For Legal Purposes. To comply with laws, respond to authorities, or protect our rights.
- In Business Transactions. Such as mergers or acquisitions.
We do not share your phone number or consent status for marketing without your express consent, ensuring A2P compliance. For international transfers (e.g., to GHL in the US), we use safeguards like the EU-U.S. Data Privacy Framework (DPF) or standard contractual clauses.
6. Data Retention:
We retain Personal Information only as long as necessary for the purposes outlined, or to meet legal requirements (e.g., GDPR mandates). For marketing data, we retain based on consent validity or until withdrawal. We may anonymize data for statistical use. Contact us to request deletion.
7. Information From Children
We do not knowingly collect Personal Information from children under 16. If we discover such data, we will delete it promptly.
8. Links to Other Websites and Services
We are not responsible for third-party sites or services linked from our Services, including their privacy practices.
9. Do Not Track:
Our Services do not currently respond to DNT signals.
10. Your Legal Rights:
Under GDPR (applicable in Norway/EEA), you have rights to:
- Access, correct, or delete your Personal Information.
- Object to or restrict processing.
- Data portability.
- Withdraw consent.
- Lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no.
To exercise rights, contact us (see below). We respond within one month, extendable if complex. For A2P/SMS, opt out via "STOP" or contact us.
If you are in other jurisdictions (e.g., US, Australia, Canada), additional rights may apply; contact us for details. We do not discriminate based on rights exercises.
11. International Data Transfers:
As a Norwegian company, we may transfer data to processors outside the EEA (e.g., GHL in the US). We ensure adequacy through DPF certification (where applicable) or standard contractual clauses.
12. Privacy Policy Updates
We may update this Policy; changes are effective when posted. We notify you of material changes as required by law. Continued use constitutes acceptance.
How to Contact Us
For questions or requests:
Email: [email protected]
For GDPR inquiries, we are reachable at the above email.
We respond to complaints within 45 days where required.
