Hopp til hovedinnhold

Privacy statement

Norsk versjon

1. Introduction

The Privacy Statement helps you understand what personal data we collect,why we collect it, and how we handle, protect, store, export, and delete your personal data.

Personal data is any information relating to an identified or identifiable natural person, such as an email address, street address, phone number, etc.

2. Contact us

The controller responsible for the processing of your personal data is:

Visma Software AS
Office: Karenslyst Allé 56, 0277 Oslo
Telephone number: +47 46 40 40 00

If you have any comments or questions about our Privacy Statement or any privacy concerns, including regarding a possible breach of your privacy, please contact us by sending an email to kundesenteret@visma.no or by using the privacy request form.

We will handle your requests or complaints confidentially. Our representative will contact you to address your concerns and outline the options regarding how these may be resolved. We aim to ensure that complaints are resolved in a timely and appropriate manner.

3. Processing activities

Visma Software AS processes your personal data for the processing activities as described below.

3.1 Marketing newsletters

Visma Software AS uses email as a tool to distribute marketing communication, however only if you have consented in accordance with national marketing legislation (if needed). The personal data processed for this purpose is name and email address.

Our legal basis for the processing of personal data is your consent, cf. GDPR article 6 no. 1 a). You have the right to withdraw this consent at any time without this affecting the lawfulness of the processing that took place prior to the withdrawal. Providing personal data to receive newsletters and marketing communication is voluntary. If you do not wish to provide the information, you will not receive such communication from us.
You can withdraw your consent in the following ways:

  1. Following the instructions for opt-out in the relevant marketing communication
  2. Contacting us via e-mail at kundesenteret@visma.no
  3. Contacting us via this form

The personal data will be deleted when you decide to opt out of receiving advertising and other marketing material from Visma Software AS. Please note that when you opt out of receiving marketing communication, you may still receive communication from Visma Software AS, such as order confirmations and notices necessary to manage your account or the services delivered to customers.

3.2 Profiling 

When you interact with Visma Software AS e.g. by visiting our web pages, downloading content, attending webinars, and as part of using our services, Visma Software AS will be processing your personal data to provide relevant content to you through direct marketing on social media platforms and emails, webpages or in a service, based on your preferences.

The purpose of this profiling is to deliver customized marketing to you, improve your user experience with our services/websites and deliver products that our customers are satisfied with. The personal data processed are aggregated details about you such as IP address, interests (where you have clicked, etc.), username, and device. This is done through technologies like cookies. See our Cookie Policy for a complete list of cookies that we use on our website, storage time for each cookie, recipient of cookie data, and purpose for using said cookie data.

The profiling is carried out by aggregating data about your behavior on our websites and services and using it to categorize you according to an interest profile. The consequence for you is that you will receive more customized marketing communication. The profiling does not result in automated decisions with legal or similarly significant effects for you, cf. GDPR article 22.

Our legal basis for this processing of personal data is our legitimate interest, cf. GDPR article 6 no. 1 f).The legitimate interest consists of Visma Software AS having a commercial interest in customizing marketing to individual users' preferences, which helps users receive more relevant information and reduces unnecessary marketing noise. Visma Software AS's services and tools are usually used in connection with work-related purposes, and your behavior with these tools says little about your personal life. No sensitive data is processed. Your personal data is processed from a business perspective in a way we believe does not conflict with your freedoms and rights as an individual. You have the right to object to this processing at any time, cf. GDPR article 21. For processing related to direct marketing, the right to object is absolute and requires no justification.

The personal data will be deleted when you opt out of being subject to profiling by contacting us via e-mail at  kundesenteret@visma.no or by using this form. Cookies are also subject to different retention policies. You will also always have the option to change cookie settings, and to use your right to protest cf. GDPR article 21. This can be done by clicking on “Cookies Settings” at the bottom of the webpage. In general, personal data is only stored as long as necessary to fulfill the purpose of processing, and no longer than 1 year after the last registered activity.

3.3 Recruitment

Visma Software AS processes personal data during recruitment to effectively manage recruitment processes, handle job applications, evaluate submitted documentation, conduct interviews, and contact references. The personal data processed for this purpose is contact information such as name, address, telephone number, and email, as well as CV, application and other submitted documents, as well as personality and ability tests conducted during the application process.

Our legal basis for this processing of personal data is our legitimate interest finding the right candidate, cf. GDPR article 6 nr. 1 f). For candidates we choose to move forward with and offer a job, we will process certain personal data, including your contact information and other specific personal data that you ask us to process, for the purpose of entering into a contract in accordance with GDPR article 6 no. 1 b), which concerns processing necessary to perform a contract or to take steps at your request before a contract is entered into.

The personal data will be deleted when the recruitment process ends. Usually, this happens at the latest 12 months after the application deadline, unless otherwise agreed with you. You have the right to object to processing based on legitimate interest, cf. GDPR article 21.

3.4 Security

Visma Software AS processes personal data to detect, reduce, and prevent security threats and abuse, as well as perform necessary maintenance and troubleshooting. The personal data processed includes your name, email address, user and web traffic data such as login ID, username, IP address, and device information.

Our legal basis for this processing of personal data is our legitimate interest, cf. GDPR article 6 nr. 1 f). The legitimate interest is to maintain a secure environment for our customers and operations.

We will only store your personal information for as long as necessary to fulfill the purpose of processing, and your personal data will be deleted 3 years after the latest registered activity.

3.5 Deliver products and services to customers

Visma Software AS processes personal data to handle customer orders, agreements, and payments for the products and services we offer. The data processed includes basic personal data such as name, address, phone number, and email, as well as invoice-related information.

Our legal basis for this processing of personal data is partly fulfillment of contract, cf. GDPR article 6 no. 1 b), where the data subject is a direct party to the agreement with Visma Software AS, and partly our legitimate interest, cf. GDPR article 6 no. 1 f). The legitimate interest is to facilitate the delivery of products and services to the customer's contact person.

We will only store your personal information for as long as necessary to fulfill the purpose of processing, but in most cases never longer than 3 years after your last registered activity.

3.6 Registration for webinars and courses

When registering for webinars and courses, we collect personal data, which is also used for follow-up after the course, such as issuing course certificates. The personal data processed is contact information such as name and email, billing details, and details of the registered course.

Our legal basis for this processing of personal data is our legitimate interest, cf. GDPR article 6 nr. 1 f). The legitimate interest is to manage the registration, execution, and follow-up of webinars and courses.

We will only store your personal information for as long as necessary to fulfill the purpose of processing.

3.7 Service improvement

Visma Software AS continuously strives to improve and develop the quality, functionality, and user experience of our products, services, and websites. The personal data we process includes your name, email address, user and web traffic information such as login ID, username, and IP address. Additionally, we process statistics that indicate how you use our software and engage with content on our website.

Our legal basis for processing your personal data is our legitimate interest, cf. GDPR article 6 nr. 1 f). The legitimate interest is to ensure that we meet our customers' expectations.

We will process your personal data only as long as necessary to fulfill the purpose. After three years, the personal data is deleted or anonymized for statistical use.

Chat service on our websites
When you use our chat service (AI chat) on our websites, we collect your internet address, IP address, the browser you use, chat messages, and anonymized information about how you interact with the assistant. We use this information exclusively to improve the quality and accuracy of the service's answers. To protect your privacy, we ask you to avoid providing sensitive personal data in the chat. A reminder of this is displayed every time you start a new conversation.

Our legal basis for processing your personal data is our legitimate interest, cf. GDPR article 6 no. 1 f). The legitimate interest is to be able to analyze usage patterns for troubleshooting, improving our services, and ensuring that we deliver a user-friendly and relevant solution to our customers.

All personal data (including stored conversations) collected through the use of the chat service will be deleted after 3 months.

AI assistant in our products
When you use our AI assistant in a product, we ask for consent to store the conversation you have with the AI assistant. The conversation may contain personal data, including sensitive information, depending on what you choose to write yourself. The purpose of the storage is to further develop and improve the assistant's ability to provide relevant and correct answers. It is entirely voluntary to share the conversation log, and you can use the AI assistant with full functionality even if you choose not to share this information with us.

Our legal basis for processing your personal data is based on your voluntary, specific, and informed consent, cf. GDPR article 6 no. 1 a). You have the right to withdraw this consent at any time without this affecting the lawfulness of the processing that took place prior to the withdrawal. To withdraw your consent, you can contact us via email at kundesenteret@visma.no or by using this form.

All personal data (including stored conversations) collected through the use of the AI assistant will be deleted after 3 months.

3.8 Handling requests and providing support

Requests and support via our websites
The purpose of handling questions and inquiries submitted through contact forms, the chat service, or similar on our websites is to facilitate communication and support for our users. If you contact us through such channels, we will process the personal data you include in the request. This includes at minimum your contact details. In the chat service on our websites, we collect internet address, IP address, the browser you use, chat messages, and anonymized information about how you interact with the assistant.

Our legal basis for the processing of personal data is our legitimate interest, cf. GDPR article 6 no. 1 f). The legitimate interest is to answer questions and inquiries that visitors to our website may have.

Inquiries and related correspondence are stored only as long as necessary to fulfill the processing purpose, and no longer than 3 years after the last correspondence related to the inquiry. When using the chat service on our websites, personal data will be deleted after 3 months.

Requests and support via the AI assistant in our products
If you ask to speak with a human via the AI assistant in our products, you can choose to consent to our support consultants reading the conversation between you and the AI assistant. The purpose is to give you faster and more precise help by providing the advisor with context for your inquiry. We will then process personal data such as name, email, user ID, and the content of the chat messages. We remind you that the conversation may contain sensitive personal data if you have provided this yourself in the chat. Sharing the conversation is completely voluntary, and you will receive support even if you choose not to share this information.

For personal data you consent to share with support, your employer is the data controller. In such cases, Visma Software AS acts as a data processor and processes the personal data on behalf of and in accordance with instructions given by your employer. If you wish to exercise your rights related to the processing of personal data shared with support, you must direct your inquiry to your employer.

All personal data collected via our AI assistant is deleted after 3 months.

3.9 User testing

Visma Software AS continuously conducts user tests to gather insights necessary to improve and develop the quality, functionality, and user experience of our products, services, and websites. Participation in user testing is voluntary and is based on your explicit consent. The personal data we process in this context includes your name, email address, information regarding demographics and professional role, as well as data collected during the test itself. This includes image, video and/or audio recordings of your participation, screen recordings, notes, transcriptions, and feedback regarding your interaction with our solutions.

Participation in user testing is based on your voluntary, specific, and informed consent, cf. GDPR Article 6(1)(a). You may withdraw your consent at any time.

We will process your personal data only as long as necessary to fulfill the purpose of the insight. After two years, the personal data, including video and/or audio recordings, will be deleted or anonymized for statistical use.

3.10 Customer feedback

Visma Software AS systematically collects feedback through micro-surveys, which may be sent via the app, mobile, email, or a link. These surveys typically measure Net Promoter Score (NPS), Customer Effort Score (CES), or Customer Satisfaction (CSAT), and may include custom questions. A typical survey requests a rating followed by an optional free-text explanation. Please note that you always have the right to decline a survey. We will not contact you if you do not respond to the survey, which means you decide when your personal data is used.

To process your feedback effectively, we collect data related to your response, your identity, and your usage context. This data includes, but is not limited to, your score and comments, your username/ID and email address, the company name and country associated with your account, and the specific product or service you are using.

The purpose of processing personal data is to manage your feedback. This includes registering your score or comments from the survey. We use this data to better understand your needs and inform you of any measures taken based on your feedback. We may contact you to clarify your feedback, follow up on your input, or request further feedback.

Our legal basis for processing your personal data is our legitimate interest, cf. GDPR Article 6(1)(f). Our legitimate interest is to increase the quality of our products and services and deliver the best possible user experience. We use the feedback to develop our products in the direction our customers desire and to continuously improve the overall quality.

We will only process your personal data for as long as necessary to fulfill the purpose of the processing mentioned above. Your personal data will either be anonymized or deleted no later than 3 years after it was collected.

4. How your personal data may be shared

4.1 Within the Visma Group

Visma Software AS as a part of the Visma Group, which consists of several subsidiaries. In order to maintain an overview and insight, we may share your personal data across companies in the Visma Group.

4.2 Outside of the Visma Group

Visma Software AS may also share your personal data with external third parties in the following contexts:

Processors
Visma Software AS uses processors to process personal data. These processors are typically vendors of cloud-based services or other IT services. When using processors, Visma Software AS will enter into a data processing agreement in order to safeguard your privacy rights. If processors are located outside the EU/EEA, we ensure legal grounds for such international transfers on your behalf, hereunder by using the EU Model Clauses. You are welcome to request more detailed information on our processors by contacting us as described in the section “Contact us”.

User communities
If you make a post, comment,or similar on user communities or other forums or sites, such information can be read and used by anyone with access to such forums. Visma Software AS is not responsible for any information you submit on such forums or sites.

Business partners
Visma Software AS may share your personal data with selected business partners, including technology partners, sales partners, consultants, auditing firms, and other service providers, to the extent this is necessary to deliver our services, manage our business, or fulfill legal obligations. Sharing with business partners takes place only on the basis of a valid legal basis according to GDPR article 6, and we enter into necessary agreements to ensure that personal data is processed in accordance with applicable privacy legislation.

Public authorities
The police and other authorities may request access to information from Visma Software AS. This can include both personal data and non-personal data.

In such cases, we follow internal guidelines and procedures to evaluate the access request and consult with legal experts. We share only information that is strictly required by law, and only on the basis of valid court orders or similar legal documents from public authorities.

To prevent unauthorized access to all information we process, we also implement technical measures such as encryption and access control. The Visma Security Program safeguards high security standards and confidentiality.

We ensure our legal obligations in contracts with our subcontractors, who are also required to implement organizational and security measures equivalent to our own.

If we receive access requests from authorities outside the EEA, we carefully evaluate such requests in accordance with applicable privacy legislation. We share only information where this is required by law, and only on the basis of valid court orders or equivalent legal documents.

5. Your rights

You can invoke the following rights in relation to our processing of your personal data:

  • Access. You have the right to request a copy of the personal data we process about you.
  • Rectification. You also have the right to request rectification of inaccurate personal data concerning you. If you have an account for our sites or services, this can usually be done through the appropriate "your account" or "your profile" sections on the applicable site or service.
  • Deletion. You can request deletion of personal data relating to you.
  • Restriction. You may ask us to restrict the processing of your personal data.
  • Portability. You may ask us to provide you or others with your personal data in a structured, commonly used, and machine-readable format.
  • Object. You have the right to object to our processing of your personal data on the basis of legitimate interest or for direct marketing purposes. You also have the right to object to our processing of your personal data for the performance of tasks carried out in the public interest, or in the exercise of official authority or based on legitimate interest.

Where the processing is based on consent, you have the right to withdraw your consent at any time, without this affecting the lawfulness of the processing that took place prior to the withdrawal.

Please note that there may be certain exceptions or limitations in the above rights that may apply depending on the circumstances of your situation. In such cases, we will provide you with detailed information about the relevant exception or limitation and help you exercise your rights to the greatest extent possible, in accordance with applicable laws and regulations.

Please send an email to kundesenteret@visma.no or use this privacy request form to file requests as mentioned in this section.

Finally, you also have a right to file a complaint to the data protection authorities with regards to our processing of your personal data.

6. Changes

We encourage you to review the Privacy Statement regularly. If we make significant changes to the Privacy Statement that materially alter our privacy practices, we will notify you of this.

The Privacy Statement was last updated: 2026-03-18.