‍

Roles and responsibilities

The Visma group consists of approximately 200 companies. Visma Software International AS is the controller for personal data processed in the Visma Community. Although several companies within the Visma group use the Community, Visma Software International AS is the specific legal entity responsible for your data.

‍

Contact us

If you have any comments or questions about our Privacy Statement, or any privacy concerns, including regarding a possible breach of your privacy, please contact us by using the privacy request form. 

If you want to contact our Data Protection Officer for Visma Software International AS, please send an email to dpo.swint@visma.com.

You can also contact our Head Office at: 

Karenslyst allé 56, 0277 Oslo, Norway

Telephone number: +47 46 40 40 00

‍

Processing activities

We process your personal data for several distinct purposes. Below, we explain what we do, the legal basis for the processing, and how long we store your data.

To provide the Community service 

To provide you with our Community service, we must process some of your personal data. We use this data to manage your user account, provide you with the correct access permissions, and enable you to create posts and participate in discussions. The personal data we process includes your name, email address, language, country, and any existing customer data linked to your account.

Our legal basis for this processing is the performance of a contract, cf. GDPR Article 6(1)(b). This processing is necessary for us to fulfill our user agreement with you.

We will store your personal data for as long as you have an active user account in the Visma Community. If you choose to disable your account, this data will be deleted.

‍

To improve our products and services

We use your posts and suggestions to develop and improve our products and services. To do this, we process your username and the content of your posts.

Our legal basis for this processing is our legitimate interest, cf. GDPR Article 6(1)(f). Our legitimate interest is to improve our products and services based on user feedback.

We will store this data for as long as it is necessary to fulfil this purpose. Your posts will be retained in the Community to maintain the integrity of discussions, as detailed in the section below.

‍

To retain Community content

To maintain the integrity and value of the discussions for all users, we keep your posts and the associated username visible in the Community even after your user account is disabled.

Our legal basis for this processing is our legitimate interest, cf. GDPR Article 6(1)(f). Our legitimate interest is to ensure that community discussions remain useful for other users. We do not consider this to be intrusive to your privacy, as the Community is a voluntary platform for professional discussion. Your posts will be retained indefinitely to fulfil this purpose.

‍

To understand user interests and personalise communications

We process your data to build a profile based on your stated interests and your actions within the Community, such as which topics you follow or which posts you like. We use this profile to provide you with more relevant information and marketing communications from Visma, both within and outside the Community.

Our legal basis for this processing is our legitimate interest, cf. GDPR Article 6(1)(f). Our legitimate interest is to conduct direct marketing to provide you with more relevant content, in line with Recital 47 of the GDPR.

We will process your personal data for this purpose until you object to it. You have an absolute right to object to processing for direct marketing purposes at any time through your profile settings.

How your personal data may be shared

To provide the Community service, we may share your personal data with:

Other Visma Group Companies

Companies within the Visma Group that are affiliated with the Community may process your data to help fulfill the purposes listed above.

Processors 

We use processors to process personal data to operate the Community platform, send emails, and perform analytics etc. When using processors, we enter into a data processing agreement in order to safeguard your privacy rights. If processors are located outside the EU/EEA, we ensure legal grounds for such international transfers on your behalf, such as by implementing EU Model Clauses. You are welcome to request more detailed information on our processors by contacting us as described in the section “Contact us”. 

Public authorities

The police and other authorities may request access to information from us. This can include both personal and non-personal data. 

In all such cases, we follow internal policies and procedures for assessing the access request, and confer with legal counsels. We only share information that is strictly required by law, and only on the basis of valid court orders or similar legal documents from public authorities.

To prevent unauthorised access to any information we process, we also implement technical measures such as encryption and access controls. The Visma Security Program ensures high security standards and confidentiality.  

Furthermore, we ensure legal obligations in contracts with our subcontractors that ensure they too enact organisational and security measures similar to ours. 

If we receive access requests from non-EEA authorities, we ensure our compliance with the Data Act article 32. Internal policies and routines are in compliance with this regulation. 

‍

Your rights

You can invoke the following rights in relation to our processing of your personal data:

• Access. You have the right to request a copy of personal data we process about you. 
• Rectification. You also have the right to request rectification of inaccurate personal data concerning you.
• Deletion. You can request deletion of personal data relating to you. 
• Restriction. You may ask us to restrict the processing of your personal data
• Portability.  You may ask us to provide you or others with your personal data in a structured, commonly used and machine-readable format.
• Object. You have the right to object to our processing of your personal data on the basis of legitimate interests or for direct marketing purposes. You also have the right to object to our processing of your personal data for the performance of tasks carried out in the public interests or in the exercise of official authority or based on legitimate interests. 

Please note that there may be certain exceptions or limitations to the abovementioned rights which could apply depending on the specific circumstances of your situation. In such cases, we will provide you with detailed information about the applicable exception or limitation and help you exercise your rights to the fullest extent possible, in accordance with applicable laws and regulations.

Please use this privacy request form to file requests as mentioned in this section.

Finally, you also have a right to file a complaint to the data protection authorities with regards to our processing of your personal data.

‍

Changes

We encourage you to review the Privacy Statement regularly. If we make significant changes to the Privacy Statement that materially alter our privacy practices, we will notify you of this. 

The Privacy Statement was last updated: 2025-10-14.