GDPR & Data Protection

This page describes how Erdal Kommunikasjon (org.nr 928 107 310) — operating the Conerix platform — processes personal data under the EU General Data Protection Regulation (GDPR) and applicable Norwegian privacy law (Personopplysningsloven).

For general privacy disclosures, see our Privacy Policy. For cookie-specific information, see our Cookie Policy.

1. Data controller and processor roles

Conerix account holders act as data controllers for recipient phone numbers, message content, and campaign metadata they submit through the platform.

Conerix acts as a data processor when delivering messages, storing delivery reports, and operating routing infrastructure on your behalf. For certain account-level data (billing, support, platform security), Conerix acts as an independent data controller.

A Data Processing Agreement (DPA) incorporating standard contractual clauses is available on request for business accounts. Contact [email protected] with subject line "DPA request".

2. Categories of personal data processed

Category	Examples	Typical role
Account data	Name, email, company, billing details, login credentials	Controller (Conerix)
Message traffic	Recipient numbers, message body, sender ID, delivery status	Processor (on behalf of customer)
Technical logs	API request metadata, IP addresses, timestamps	Controller / Processor
Support records	Ticket content, correspondence	Controller (Conerix)

3. Lawful bases for processing

Where Conerix is controller, we rely on:

Contract performance — to provide the platform, billing, and support you request.
Legitimate interests — fraud prevention, abuse monitoring, service improvement, and network security.
Legal obligation — retention and disclosure required by law or competent authorities.
Consent — where explicitly collected (e.g. optional marketing communications).

Customers must establish their own lawful basis for processing recipient data before sending messages through Conerix.

4. Your rights as a data subject

If you are located in the European Economic Area or UK, you have the following rights:

Access — obtain a copy of personal data we hold about you.
Rectification — request correction of inaccurate or incomplete data.
Erasure — request deletion where no lawful basis for retention remains ("right to be forgotten").
Restriction — request that we limit processing in specific circumstances.
Portability — receive your data in a structured, machine-readable format where applicable.
Objection — object to processing based on legitimate interests.
Withdraw consent — where processing is consent-based, without affecting prior lawful processing.

To exercise these rights, contact [email protected] or use our contact form. We respond within 30 days unless an extension is required.

You may lodge a complaint with Datatilsynet (Norwegian Data Protection Authority) or your local supervisory authority.

5. International transfers

Message delivery requires routing through carrier networks that may process data outside the EEA. When Conerix transfers personal data internationally, we implement appropriate safeguards including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with subprocessors
Technical measures including encryption in transit (TLS)

A list of key subprocessors (hosting, payment, carrier gateways) is available on request.

6. Retention

Retention periods depend on data category and legal requirements:

Message logs and delivery reports — typically 90 days, unless a longer period is required for dispute resolution or legal compliance.
Account data — retained for the duration of the account plus any statutory retention period after closure.
Support tickets — retained for up to 24 months after resolution.
Security and audit logs — retained for up to 12 months.

7. Security measures

We implement technical and organizational measures appropriate to the risk, including access controls, encryption in transit, credential hashing, and regular review of subprocessors. See our Security page for an overview.

8. Subprocessors and carriers

To deliver messages, we engage SMS gateway providers and telecommunications carriers. These parties process recipient numbers and message content solely to perform delivery services under contractual data protection obligations.

9. Data breach notification

In the event of a personal data breach likely to result in risk to individuals, we will notify affected customers and relevant supervisory authorities without undue delay, in accordance with GDPR Articles 33 and 34.

10. Contact

Data protection enquiries:

Erdal Kommunikasjon
Helgerødsletta 64, 3160 Stokke, Norway
Email: [email protected]