Legal
Privacy Policy
Last updated: May 13, 2026
1. Introduction
RE:WASTE is operated by Digital Flow AS ("we", "us", or "our"). This privacy policy describes how we collect, use, store, and protect your personal data when you use the RE:WASTE platform - an operating system for scalable circular waste and reuse infrastructure.
We are committed to handling your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Norwegian data protection legislation.
2. Data Controller
The data controller responsible for your personal data is:
Digital Flow ASNorway
info@digitalflow.no
3. Personal Data We Collect
We collect and process the following categories of personal data:
- Account information - name, email address, phone number, and company details.
- Usage data - how you interact with the platform, pages visited, features used, and timestamps.
- Technical data - IP address, browser type, device type, and operating system.
- Communication data - messages or support requests you send to us.
- Cookie data - preferences and analytics data collected via cookies (see Section 8).
4. Purpose and Legal Basis
We process your personal data for the following purposes and on the following legal bases under GDPR Article 6:
| Purpose | Legal basis |
|---|---|
| Providing and operating the RE:WASTE platform | Contract (Art. 6(1)(b)) |
| User authentication and account management | Contract (Art. 6(1)(b)) |
| Customer support and communications | Legitimate interest (Art. 6(1)(f)) |
| Platform analytics and performance improvements | Legitimate interest (Art. 6(1)(f)) |
| Analytics cookies (e.g. Google Analytics) | Consent (Art. 6(1)(a)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Account data is retained for the duration of your subscription and deleted within 90 days of account termination unless a longer retention period is required by law.
6. Data Sharing and Third Parties
We do not sell your personal data. We may share data with trusted third-party service providers who assist in operating the platform (e.g. cloud infrastructure, email delivery, analytics). These processors are bound by data processing agreements and may only process data on our documented instructions.
We may disclose data when required by law, a court order, or regulatory authority.
7. International Data Transfers
Some of our service providers may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
8. Cookies and Tracking Technologies
We use cookies to ensure the platform functions correctly, remember your preferences, and collect analytics data to improve our service. The table below lists all cookies used on this platform.
Essential cookies
| Cookie | Purpose | Duration |
|---|---|---|
| rewaste_cookie_consent | Used to store the user's cookie consent preferences. | 1 year 1 month 1 day |
| rewaste-session | Used to identify the user's browsing session. | 2 hours |
| XSRF-TOKEN | Used to secure both the user and our website against cross-site request forgery attacks. | 2 hours |
Analytics cookies
| Cookie | Purpose | Duration |
|---|---|---|
| _ga | Main cookie used by Google Analytics, enables a service to distinguish one visitor from another. | 2 years 2 months 2 days |
| _ga_1442KRK8HK | Used by Google Analytics to persist session state. | 2 years 2 months 2 days |
| _gid | Used by Google Analytics to identify the user. | 1 day |
| _gat | Used by Google Analytics to throttle the request rate. | 1 minute |
You can review and update your cookie preferences at any time:
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access - request a copy of the personal data we hold about you.
- Right to rectification - request correction of inaccurate or incomplete data.
- Right to erasure - request deletion of your personal data ("right to be forgotten").
- Right to restriction - request that we limit processing of your data.
- Right to data portability - receive your data in a structured, machine-readable format.
- Right to object - object to processing based on legitimate interests.
- Right to withdraw consent - withdraw any previously given consent at any time.
To exercise your rights, contact us at info@digitalflow.no . You also have the right to lodge a complaint with Datatilsynet (the Norwegian Data Protection Authority).
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. Access to personal data is restricted to authorised personnel on a need-to-know basis.
11. Changes to This Policy
We may update this privacy policy from time to time. When we make material changes, we will notify you via the platform or by email. The "last updated" date at the top of this page indicates when the policy was last revised.
12. Contact Us
For any questions or concerns about this privacy policy or our data practices, please contact:
Digital Flow AS - Privacyinfo@digitalflow.no
digitalflow.no/contact