Privacy Statement

When you visit spant.no or contact us, we may collect and process the following types of personal data:

• •Contact Information: Name, email address, phone number, company name and message content, for example when you fill out a contact form, request a demo or otherwise reach out to us.
• •Website & Technical Data: IP address, browser type and version, device information, pages visited, time spent on pages and referrer sources, collected through cookies and analytics tools.

We use this information to respond to your inquiries, improve our website, and understand how visitors interact with our content.

Our Salesforce ISV applications (such as Proff Connect) are designed with a privacy-first architecture:

• •We do not store your CRM data on Spant servers.
• •We do not access your Salesforce org unless you explicitly and temporarily grant access for support purposes.
• •Data retrieved from third-party APIs (such as Proff / Enento) flows directly into your Salesforce org, under your control.

Customer CRM data remains inside the Customer's own Salesforce environment. Under GDPR:

• •The Customer is the Data Controller for CRM data in its Salesforce org.
• •Salesforce acts as an independent processor or service provider under the Customer's Salesforce agreement.
• •Proff / Enento acts as an independent controller or processor under the Customer's separate API agreement.
• •Spant does not act as a Data Processor for Customer CRM data in normal operation, since we do not host or process that data outside Salesforce.

If the Customer grants Spant temporary access to their Salesforce org for support or troubleshooting, such processing is limited to the specific support case and is governed by the applicable Data Processing Agreement (DPA) between the Customer and Spant.

We use cookies and similar technologies on our website to provide a reliable user experience and to understand how the website is used.

• •Necessary Cookies: Required for basic site functionality such as navigation and access to secure areas.
• •Analytics Cookies: Used to analyze traffic and usage patterns so that we can improve content and performance.

You can manage or disable cookies at any time through your browser settings. Disabling certain cookies may affect website functionality.

Spant does not sell or rent personal data to third parties. We share personal data only when necessary to operate our business or when required by law.

We may use trusted third-party service providers, for example for website hosting, email distribution, analytics or CRM. These providers act on our behalf and are bound by confidentiality and data processing agreements.

We may also disclose personal data where required to comply with legal obligations, enforce our rights, or respond to lawful requests from public authorities.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure and destruction.

For our ISV applications, Customer data benefits from Salesforce's platform security features such as authentication, authorization, encryption in transit, audit logging and fine-grained access controls.

If we process personal data about you, you have the following rights under GDPR, subject to certain conditions:

For personal data you have provided to us via our website, you can contact us using the details below to exercise your rights.

For personal data stored inside your own Salesforce org via our ISV applications, you as the Customer are the Data Controller and remain responsible for handling data subject requests.