Privacy Policy

In accordance with the provisions of the Personal Data Act and the General Data Protection Regulation (GDPR), the following privacy policy ("Policy") is issued:

IDENTITY OF THE DATA CONTROLLER

The entity responsible for the use, protection, and processing of personal data is the company QA Logistikk & Distribusjon AS ("Data Controller"), which has its address for receiving inquiries at post@qald.no, when data is collected through the website https://www.qald.no ("Platform"), or through other electronic and/or telephone channels ("Other Channels") from individuals or businesses ("Customers").

PROCESSING OF CUSTOMER PERSONAL DATA

The Data Controller may request and/or collect personal data (as defined in the Personal Data Act and the General Data Protection Regulation) from customers through the website and/or other channels for use, disclosure, and/or storage ("Processing") solely for the purposes stated below. The Data Controller and/or any third party involved in any phase of the processing of personal data will maintain confidentiality regarding such data, in accordance with applicable legal provisions in Norway.

CONSENT

The customer consents that by checking the box with the text "I have read, understood and accept the terms and conditions" and then clicking on the box "I accept the terms and conditions, as well as QA's privacy policy", they accept all the terms of this policy, including the section on data transfer. This consent constitutes an electronic signature in accordance with the provisions of the Electronic Signature Act, and will have the same legal effect as a handwritten signature.

PERSONAL DATA COLLECTED AND PURPOSES

The personal data provided and/or registered by customers at the time of their access and/or registration on the website or through other channels is intended for the Data Controller to comply with the terms and conditions published on the website https://www.qald.no/ ("Terms and Conditions"). The Data Controller will use the personal data for the following primary and secondary purposes:

Primary Purposes

a) Identify the customer as an individual or business; this for security purposes and for entering into agreements for products and/or services offered by the Data Controller;

b) Send the customer information and/or documentation related to products and/or services offered or delivered by the Data Controller;

c) Verify the customer's identity for regulatory purposes, including but not limited to those related to the prevention of money laundering and terrorist financing;

d) Carry out necessary procedures for entering into agreements between the customers and the Data Controller;

e) Verify necessary regulatory documentation provided by the customers;

f) Transfer personal data to the Data Controller's suppliers so that they can offer or deliver their products and/or services;

g) Create, modify, and store customer files;

h) Transfer personal data to manage deliveries of the products offered by the Data Controller to customers;

i) Manage and operate services and products requested by customers;

j) Carry out deliveries and returns on products and/or services acquired by customers;

k) Respond to requests for exercise of withdrawal of consent to personal data or privacy rights from customers;

l) Comply with the terms and conditions.

Secondary Purposes

a) Create profiles of customers and users of products and/or services delivered by the company;

b) Conduct surveys and market studies to evaluate the quality of the Data Controller's products and/or services;

c) Send customers advertising and marketing related to products and/or services offered on the website or by third parties.

If customers do not wish their personal data to be used for secondary purposes, they can withdraw consent for secondary purposes as indicated in the section "Withdrawal of consent for the use of your personal data".

The personal data that will be used for these purposes are:

  • Name or company name;
  • Surname;
  • Organization number;
  • Proof of address;
  • Delivery address;
  • Office telephone;
  • Mobile phone;
  • Valid email address;
  • Handwritten signature;
  • Electronic signature;
  • GPS position and location data (mobile app only);

Without the above data, the customer acknowledges that the Data Controller would not be able to comply with the terms and conditions.

DATA COLLECTION IN THE MOBILE APPLICATION

Our mobile application collects the following data to deliver our services:

Location Data

  • GPS coordinates (latitude and longitude)
  • Position accuracy
  • Speed and heading
  • Timestamp of location updates

Location data is collected for the following purposes:

  • Automatic detection of trip start and trip end
  • Tracking of delivery routes
  • Documentation of transport trips for quality assurance

Location data is only collected when you are logged in and have an active trip. A visible notification is displayed when location tracking is active.

You can disable location tracking at any time in the app or revoke location permissions in your device settings.

MEANS TO LIMIT USE OR DISCLOSURE OF PERSONAL DATA

The Data Controller has adequate physical, technical, and administrative security measures to protect the personal data provided by customers. To limit the use and disclosure of personal information, customers may request this via the following email address: post@qald.no, regardless of the electronic mechanisms that may be established in the messages customers receive.

WEBSITE DISCLAIMER

The website may contain hyperlinks, links, banners, buttons, and/or search tools on the "World Wide Web" (WWW), which when used by customers, transport them to other websites or internet sites that may be owned by third parties. Personal data that customers may provide through these websites or internet sites is not covered by this policy, and their processing is not the responsibility of the Data Controller.

Customers may find on the website: pages, campaigns, microsites, online stores, surveys, job portals, and other services that may be shared with third parties and may request their personal data ("Third-Party Websites"). All information related to personal data provided through third-party websites will be subject to the respective privacy policies found therein, unless the Data Controller states otherwise.

The Data Controller warns its customers that some services on the website may include, but are not limited to, discussion forums, personal web pages, classified ads, emails, chat rooms, among others, and therefore personal data disclosed through these channels may in some cases be available to third parties. The Data Controller will not be responsible for the use, publication, disclosure, and/or dissemination of personal data that is used, published, disclosed, and/or disseminated through the channels listed in the previous paragraph. Consequently, customers must be careful and responsible with all personal or institutional information they provide through such channels.

The website is owned by the Data Controller, which has all intellectual property rights reserved, so customers' personal data is collected on a secure server.

TRANSFER OF PERSONAL DATA

The Data Controller may disclose and/or transfer, within Norway or to countries within the EEA area, the personal data provided by customers as permitted by applicable legislation, including but not limited to its subsidiaries, affiliated companies, and/or related companies, suppliers, contractors, managers, and/or business partners to maintain and fulfill the legal relationship between the customer and the Data Controller. Third parties receiving information related to customers' personal data are required to comply with this policy as well as applicable Norwegian legislation and the General Data Protection Regulation.

When transferring personal data to countries outside the EEA area, the Data Controller will ensure that the recipient has implemented adequate security measures in accordance with the General Data Protection Regulation, such as EU-approved standard contractual clauses or other lawful transfer mechanisms.

The customer, owner of the personal data provided through the website, expressly accepts their transfer under the conditions described in this policy and in accordance with applicable legislation.

RIGHTS OF PERSONAL DATA HOLDERS

The customer has the right to:

  • Access which personal data the Data Controller has, how it is used, and the conditions for its use (Access)
  • Request correction of personal information if it is outdated, inaccurate, or incomplete (Rectification)
  • Request deletion of personal data from the Data Controller's records or databases when it is not being used correctly or is no longer necessary (Erasure)
  • Object to the use of personal data for specific purposes (Objection)
  • Restrict the processing of personal data under certain circumstances (Restriction)
  • Receive personal data in a structured, commonly used, and machine-readable format (Data Portability)
  • Withdraw consent to the processing of personal data at any time

To exercise any of these rights, customers must send a request to the Data Controller and include the following:

  • The name and surname of the personal data holder, or company name, official identification, address, telephone number, and email address to communicate the response to their request
  • Documents proving identity or, where applicable, documentation of power of attorney when acting on behalf of the personal data holder
  • A clear and precise description of the personal data for which the right is to be exercised (in case of rectification, indicate the changes to be made and provide documentation supporting the request)
  • Other relevant information that may be necessary to process the request

For this purpose, the Data Controller provides customers with the following email address: post@qald.no.

The Data Controller will respond to customers' requests without undue delay and no later than 30 days from the date of receipt of the relevant request, through the email address provided by customers for this purpose. This period may be extended by an additional two months if necessary, taking into account the complexity and number of requests.

The exercise of the aforementioned rights by customers must comply with applicable legislation in Norway.

If the customer exercises their right to erasure, objection, or withdrawal of consent for the processing of personal data necessary for the delivery of services, the Data Controller may, at its sole discretion, terminate the contractual relationship.

WITHDRAWAL OF CONSENT FOR THE USE OF PERSONAL DATA

The customer may withdraw the consent they have given to the Data Controller for the processing of their personal data. However, it is important to note that the Data Controller may have legal grounds for continued processing of certain personal data even after withdrawal of consent, for example to fulfill legal obligations or to protect legitimate interests.

RIGHT TO COMPLAIN

Customers have the right to complain to the Norwegian Data Protection Authority (www.datatilsynet.no) if they believe that the processing of their personal data violates the Personal Data Act or the General Data Protection Regulation.

CONTACT INFORMATION

For questions or inquiries regarding this privacy policy or the processing of personal data, please contact us at:

Email: post@qald.no

Phone: +4741108439

Postal address: Akersgata 32, 0180 Oslo

CHANGES TO THE PRIVACY POLICY

This privacy policy may be updated from time to time. We will publish any changes on our website and, where appropriate, notify customers by email.

Last updated: 12/12/2025