PRIVACY POLICY
FOR EPILOG AS
Last updated: 11.09.2025
Privacy Policy
1 Introduction.
2 Personal data we collect about you
3 How we process your personal data
4 Who we share your personal data with.
5 Transfer of personal data outside the EEA.
6 How long we store your personal data.
8 The user's responsibility to forward this privacy policy.
9 Changes to the privacy policy.
Epilog AS (org. no. 935609070) ("Epilog") is committed to your privacy and undertakes to process personal data in accordance with applicable privacy legislation.
Epilog processes personal data about persons who use our websites and our software, persons whom the users of our software solution enter information about or are to enter into an agreement with, contact persons with our service providers and business partners, potential job candidates, and others who contact us.
This privacy policy provides you with information about Epilog's processing of personal data, including what personal data we collect, why we process your personal data, and what rights you have in connection with the processing of the personal data.
Epilog is the data controller for the processing of personal data described in this privacy policy.
If you have questions about our processing of personal data or in connection with this privacy policy, you can contact Inger Sophie Haukeland (CEO) via email inger@epilog.no.
2 Personal data we collect about you
The table below shows what personal data Epilog collects about you and the typical sources of this personal data.
Category of personal data
Description
Source
Basic data
Name, email address, and phone number
From you, the user of our software, or your employer
Login data
Username, password, and IP address
From you or our software.
Estate distribution information
Family relationship to the deceased and other heirs, what you are bequeathed in any will from the deceased, inheritance from the deceased, the content of and potentially your signature on the inheritance agreement.
From you or the user of our software, or from our own software
Information about agreements and business relations
Employer, title, personal data in agreements and commercial documents, ongoing commercial correspondence, invoices, and minutes of meetings
From you, your employer, or our employees
Applicant data
CV, application, certificates, diplomas/school statements, contact details for references, interview and reference notes, and internal assessments
From you, references, and public sources
Admission and access data
Access information, including time and place of access
From you and Epilog's IT systems
Interaction data from social media
Username, likes, and comments
From you
3 How we process your personal data
Epilog will only process personal data about you when we have at least one of the following legal bases for processing:
i) You have given your consent to the processing, cf. GDPR Article 6 (1)(a).
ii) The processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR Article 6 (1)(b).
iii) The processing is necessary for compliance with a legal obligation to which Epilog is subject, cf. GDPR Article 6 (1)(c).
iv) The processing is necessary for the purposes of a legitimate interest pursued by Epilog or a third party, and such interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data, cf. GDPR Article 6 (1)(f).
The table below specifies the purpose of Epilog's processing of your personal data, the categories of personal data that Epilog processes for each purpose, and the legal bases for the processing.
Purpose
Categories of personal data
Legal basis
Retention period
To deliver our software in line with the agreement with the users
Basic data and estate distribution information
ii) The processing of the user's personal data is necessary to fulfill the agreement on delivery of software with the user.
iv) The processing of other heirs' personal data is necessary to fulfill Epilog's legitimate interest in delivering a good and complete solution in line with the agreement with the user
As long as we have rights or obligations in the relevant contractual relationship, and until the limitation period for such rights and obligations has expired
To enter into an agreement with our users and grant users access to our software
Basic data and login data
ii) The processing is necessary to enter into and fulfill the agreement on delivery of the software with the user
As long as we have rights or obligations in the relevant contractual relationship, and until the limitation period for such rights and obligations has expired
To comply with Epilog's legal obligation to maintain archives
Basic data and estate distribution information
iii) The processing is necessary to fulfill Epilog's legal obligation under the Courts of Justice Act
As long as required by the Courts of Justice Act, which is at least ten years, and longer if the character of the assignment or the content of the documents dictates so
To safeguard security on our premises
Basic data and admission and access data
iv) Epilog's legitimate interest in safeguarding security on our premises
Within 90 days from access
To manage our business and safeguard our contractual rights and obligations
Basic data and data on contractual and business relationships
iv) Epilog's legitimate interest in managing our business and safeguarding our contractual rights and obligations
As long as we have rights or obligations in the relevant contractual relationship, and until the limitation period for such rights and obligations has expired
Marketing and promotion of Epilog
Basic data
i) Your consent to digital marketing
iv) Epilog's legitimate interest in marketing our company via telephone and SMS/email to existing customers to increase sales
Until you withdraw consent
Until you are no longer a customer with us
For invoicing and bookkeeping purposes
Basic data
iii) The processing is necessary to fulfill Epilog's legal obligations under the Bookkeeping Act
iv) Epilog's legitimate interest in receiving payment for its services and products
As long as required by law, including the Bookkeeping Act – usually 5 or 3.5 years depending on the type of personal data.
As long as you or the business you represent have outstanding payments, and until the limitation period for our payment claim has expired.
Manage and respond to inquiries
Basic data and other personal data included in the inquiry
iv) Epilog's legitimate interest in providing good support and clarifying questions by answering and handling inquiries and other communication
Until six months from when your inquiry was answered
To recruit employees
Basic data and applicant data
ii) The processing is necessary to enter into an employment agreement with you (if relevant)
iv) Epilog's legitimate interest in finding a qualified person for the position
Until six months from when the position was filled, unless you have consented to your applicant data being stored longer or it is necessary to store the applicant data to defend or assert legal claims
Epilog may also collect or receive other types of personal data if it is necessary to fulfill the purposes listed above.
In some cases, Epilog may also use your personal data for certain purposes that are not incompatible with the purpose for which the data was originally collected or received, such as auditing, analysis, reporting, innovation, dispute resolution, and mergers and acquisitions.
Please note that Epilog may not be able to fulfill the relevant agreement, evaluate your application, or fulfill Epilog's or your legal rights and obligations if you object to Epilog's processing where ii) and iii) are the legal basis for the processing.
4 Who we share your personal data with
Epilog may disclose your personal data to the following categories of recipients, to the extent necessary for the purposes mentioned above:
v) To Epilog's suppliers (e.g., IT suppliers) acting as data processors for the purposes mentioned above. Epilog will enter into data processing agreements with relevant suppliers to ensure that they do not process the data for purposes other than what is described in this privacy policy.
vi) To authorities and third parties if required by law, for example, financial institutions or the Financial Supervisory Authority of Norway; or
vii) To Epilog's advisers, owners, and other business partners to the extent necessary to run Epilog's business in a manner standard in our industry, which may also include third parties in connection with potential mergers or acquisitions of Epilog's business.
When you "like" or become a member of our Facebook page or other social media, this will be shared with the relevant platform. The same applies to all activity on our social media, such as content you post or posts you like. The relevant social media platform has its own privacy policies, where you can find more information about the processing of personal data in relation to such social media platforms.
5 Transfer of personal data outside the EEA
Epilog may transfer personal data to some of Epilog's suppliers and business partners located in countries outside the EEA. Epilog will ensure that your privacy is safeguarded by implementing appropriate security measures, so-called transfer mechanisms, to protect your privacy (for example, the EU's standard contractual clauses). You can contact us in accordance with section 1 of this privacy policy if you want more information about such international transfers or a copy of the transfer basis.
6 How long we store your personal data
Epilog stores your personal data as long as necessary to fulfill the purposes of the processing as defined above. The specific retention period or criteria used to determine this timeframe are specified for each individual processing activity in the table above.
You have several rights in connection with Epilog's processing of your personal data. Such rights include:
Right
Description
Information
To get more information about how Epilog processes your personal data.
Access
To receive a copy of the personal data Epilog processes about you.
Rectification
To request rectification and completion of the personal data Epilog has about you.
Erasure
To request the erasure of personal data, unless there is a legal basis for us to retain it.
Restriction
To request that Epilog restricts the processing of your personal data.
Data portability
To request that your personal data is transferred to you in a structured, commonly used, and machine-readable format and to transfer said data to another controller without hindrance from us.
Objection
To object to Epilog's processing of your personal data. You also have the right to object to being subject to a decision based solely on automated processing (if relevant).
Withdraw your consent
If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time.
Please note that these rights are subject to conditions and limitations under the Personal Data Act, including the General Data Protection Regulation (GDPR). If you wish to exercise your rights or want more information about the conditions/limitations, you can contact us via the contact details specified in section 1 above.
If you believe that Epilog processes your personal data in violation of applicable privacy legislation, you can lodge a complaint with the Norwegian Data Protection Authority. Epilog encourages you to contact us before submitting such a complaint, so that we can evaluate your objection and clarify any misunderstandings.
8 The user's responsibility to forward this privacy policy
As a user of our software, we ask you to forward this privacy policy to other heirs about whom you provide information in connection with using the software.
9 Changes to the privacy policy
Epilog may amend this privacy policy from time to time, when deemed necessary or appropriate to ensure that Epilog complies with applicable privacy legislation. Epilog will notify you of such changes where required under applicable privacy legislation.