1. Introduction

Fonn Group values your privacy and is dedicated to safeguarding your personal data. This privacy notice explains how Fonn Group processes the personal data you provide to us, or that we collect, in the course of our business operations, including through our websites.

2. Important information. Who are we?

This privacy notice is issued on behalf of Fonn Group AS and its affiliated companies. Accordingly, references to “Fonn Group”, “we”, “us” or “our” in this privacy notice refer to the specific company within the Fonn Group with which you have a contractual relationship or are otherwise interacting with. This includes the following companies within the Fonn Group:

• Fonn Group AS
• Fonn Group Americas Inc.
• Fonn Group Germany GmbH
• FonnGroup APAC Pte Ltd.
• Fonn Group Ltd. 
• Mimir Media Tech AS
• Saga Media Tech AS
• Kunnusta AS

This privacy policy sets out the nature of our processing of your personal data, including why, how and based on what legal basis we process your personal data. This privacy policy also sets out your rights pursuant to EU’s General Data Protection Regulation 2016/679 (the “GDPR”) and the relevant national data protection legislation implementing the GDPR (together the “Data Protection Legislation”). 

This privacy policy applies to our processing of personal data as data controllers. Where we process personal data as a processor on behalf of our clients, see their privacy policies for information as to how your personal data is processed. 

3. Contact details

If you wish to contact Fonn Group to exercise your rights, or have any questions about our processing of your personal data, you may contact our global Data Protection Officer (“DPO”) at: dpo@fonngroup.com. 

4. What personal data do we process?

Personal data refers to any information about an individual that can be used to identify them. Information you provide to us, as well as data we collect in the course of our business operations, may include personal data.

Fonn Group may process (ie., collect, use, store, transfer and otherwise process) different categories of personal data about you, such as:

• “Contact and identification data”: Such as full name, title, company email address, mobile phone number, geographical location, information about your right to represent the company you work for.
• “Billing and financial data”: Such as bank accounts, reference persons and other relevant information that we have a duty to process to keep accounts and send invoices. 
• “Technical and statistical data”: Such as technical and statistical data from the service and our websites, such as IP address and information about your activity on the service. 
• “Device information”: Technical and statistical data from your computer (or mobile device) in connection with your use of our websites, such as IP address, browser type and version, session behaviour, traffic source, screen resolution, preferred language, geographic location, operating system and similar information about your device and device settings / usage. 
• “Communication data”: Such as your input in forms on our websites or email correspondence with us, and any other written and / or oral communication with our contact persons and customer support. Where you contact our support team we may also record the conversation to ensure that we are able to provide precise and efficient support.  
• “Marketing data”: Such as your preferences in receiving marketing from us and your communication preferences.
• “Professional / employment data”: Such as educational background, professional qualifications, employment history, CV and any other data you may provide us with in a recruitment situation. 

5. How is your personal data collected?

We use different methods to collect data from you and about you, including but not limited to:

Direct interactions with you: A large part of the information we process about you, we receive from you. You may give us information about yourself in different ways, for example when you use our services, subscribe to our newsletters / publications, attend / register for our events, contact us for a demo of our services or contact our customer support. This also includes a situation where you send us an application for employment. 

Interactions with the company you represent: We may receive information about you from the company you represent, for example to allow you to use our services, to enter into an agreement with us, or to enable billing.

Interactions through social media and other public sources: We may collect information about you through social media and other public information, such as your public LinkedIn profile, and other social media / public sources. Please see more information regarding our social media partners in Section 9 below. For candidates for employment we may also use publicly available information, such as that found through LinkedIn or other public sources to review your application. 

Third parties: We may receive personal data about you from various third parties, including but not limited to partners, recruitment agencies and past or current employers.

6. For what purposes and based on what legal basis do we process your personal data?

Below is a description of the purposes for the processing of the personal data and the legal bases we rely on to do so. Where applicable, we have also identified our legitimate interests.

Please note that we may process your personal data under more than one legal basis, depending on the specific purpose for which it is used. If you require further details about the specific legal basis we are relying on in cases where multiple grounds are mentioned, please do not hesitate to contact us.

Category of Personal Data	Purpose	Legal Basis
Contact and identification data	We process this personal data to manage our relationship with our partners, customers and potential customers. This may include information related to your participation in one of our events, demos or trials.	Where we have a relationship with you or your employer we process this personal data to fulfil the contract we have with you or your employer. Where we do not have an agreement, we have a legitimate interest in utilising your personal data to stay in touch and manage our business dealings.
Billing and financial data	We process this personal data to comply with our billing and bookkeeping obligations. This data is also processed to ensure that we can send the relevant invoices to our customers and partners.	We have a legitimate interest in carrying out the processing in order to maintain our financial affairs. Additionally, we are legally obliged to maintain certain documentation in line with relevant bookkeeping laws.
Technical and statistical data	We process this personal data to ensure that we are able to manage the Fonn Group website.	Where the personal data is required for the functioning of the website, the processing is based on our legitimate interest in having an operating website.  Where the personal data is analytical and statistical in nature and not necessary for the functioning of our website, we use your consent to be able to process this data.
Device information	We process this personal data to ensure that we are able to manage the Fonn Group website.	Where the personal data is required for the functioning of the website, the processing is based on our legitimate interest in having an operating website.  Where the personal data is analytical and statistical in nature and not necessary for the functioning of our website, we use your consent to be able to process this data.
Your communication with us	We process this personal data to maintain our relationship with you and to ensure that we can provide assistance regarding any questions, comments or concerns you may have.	We have a legitimate interest in ensuring that we are able to stay in touch with our customers, partners, potential customers and any other party that communicates with us. We need to be able to respond to any queries or other communication directed towards us.
Marketing data	We process your marketing information to provide you with marketing, relevant offers and updates related to our services.	We process your marketing related information where you have consented to us providing your with direct marketing. Alternatively, we may use legitimate interest in providing your with marketing insofar as permitted by law.
Professional employment data	We process this personal data to go through any application that you may send us and to ensure that we are able to continue growing our team.	We have a legitimate interest in processing information that you provide us with in a recruitment process to enable us to review your application and hire new talent to our team.

7. Sharing personal data

Internal. We may share your personal data internally, with other companies within the Fonn Group.
External. We may share your personal data externally, to the following third parties:

• The company you represent;
• Business partner(s) that we host events with or create content with;
• Authorities and other parties involved in a potential or existing legal case;
• Authorities such as tax authorities where relevant;
• Recruitment agencies who assist us in the employment process. We may also use TeamTailor for our recruitment processes, please our privacy policy with respect to TeamTailor here;
• Our service providers who provide, inter alia, IT and system administration services (please see list of our current subprocessors here); and
• Professional advisers and service providers acting as processors and joint controllers, including lawyers, and others, who provide legal, advisory, audit services.

8. International transfers out of the EEA

Fonn Group operates in jurisdictions both within and outside of the European Economic Area (“EEA”). Whenever Fonn Group, or one of our suppliers, transfers your personal data outside the EEA, we will ensure that we use a safeguard recognized by the Data Protection Legislation to enable the transfer. For certain processing activities, it may be possible to opt for a processing location in the EEA, please see our current list of subprocessors here. Where personal data is transferred outside the EEA either of the following safeguards may be used:

• A decision by the EU Commission that the country outside of the EEA to which your personal data is transferred has an adequate level of protection, which corresponds to the level of protection afforded by the GDPR. In particular, we rely on the EU Commission’s adequacy decision for the US via the EU-US Data Privacy Framework where the parties that receive the data are certified, and the adequacy decision for the UK; and 
• Entering into the EU Commission’s standard clauses with the recipient of the personal data outside the EEA. This means that the recipient guarantees that the level of protection for your personal data afforded by the GDPR still applies, and that your rights are still protected. This is the legal basis for processing we use when personal data is transferred to the USA when there is no certification through the EU-US Data Privacy Framework. 

9. Social Media 

Fonn Group has corporate accounts on social media platforms such as LinkedIn. The processing of personal data on these platforms is subject to the terms and conditions and privacy policies of the respective platforms. 

We use these accounts to promote and improve our products and services, and the legal basis for this legitimate interest is GDPR Art. 6(1)(f). If you contact us via one of these accounts or wish to share some of the content we publish, we will be able to see basic account information such as your name and email address. We will respond to you on the same platform and process personal data in connection with such communication. You are free to stop following our accounts or delete your comments and messages. Note that unfollowing our accounts does not automatically delete your personal data.

Please be aware that these providers engage in international data transfers to the United States. We encourage you to read their privacy policies to learn more about how they process your personal data. 

10. Data retention: for how long will we retain your personal data?

Fonn Group will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or regulatory requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Personal data that is anonymised may be processed for a longer duration. For the avoidance of doubt, anonymised data does not enable the identification of the data subject shall not constitute personal data and, therefore, the Data Protection Legislation shall not apply. 

11. Your rights

The Data Protection Legislation provides you with several rights you can assert against us. Do note that there are exceptions and further conditions for the rights described below, and not all rights will be relevant in all our interactions. In summary you may:

• Request access to the personal data we process about you, including the right to receive a copy of this personal data;
• Request the transfer of your personal data (“data portability”);
• Request correction of your personal data where you believe the information we have about you to be incorrect;
• Request restriction on the processing  of your personal data;
• Request that your personal data is deleted (the right to be forgotten); 
• Object to our processing of your personal data; 
• Withdraw your consent to our processing of your personal data where our processing is based on your consent; and 
• Ask Fonn Group to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time at hello@fonngroup.com. 

If you would like to exercise your rights or have any questions related to our processing of your personal data, please contact us as indicated by using the contact details set out in Section 3 of this privacy policy. If you have complaints about our processing of your personal data, you can lodge a complaint with the data protection authority in the EU/EEA country where you live, work or where the infringement took place. The contact details of the respective data protection authorities can be found here.

12. Changes to this privacy notice 

This privacy notice is dated 16 January 2026. 

We may make changes to this privacy notice periodically without notice, and in such cases, the privacy notice will reflect the updated date.