Privacy Policy for Disputas

Disputas AS │ Last updated: 19.03.2022

This privacy policy applies to Disputas in relation to the “Ponder” service. We are responsible for processing personal data that is described in this privacy policy, and for controlling the use of said data. Our contact information can be found at the bottom of this page.

Disputas will not share personal data in other cases or in other ways that is described in this privacy policy, unless the user gives consent to this.

1 Who we process personal data from

We collect and process personal data from visitors of our website and users of the Ponder product.

2 Purpose, types of personal data and legal basis for processing

Section 2.1 to section 2.4 of this privacy policy gives an overview of our purpose for processing of personal data, the kinds of personal data we process, and the legal basis for the processing of personal data.

2.1 Personal data processing related to the registration of a user account in Ponder

In connection with the registering and management of your Ponder user account, we process the following personal data:

  • Name and surname
  • Date of birth
  • Email address
  • Year of study and place of study

This personal data which is collected when you create a user account will be used to deliver the Ponder service to you and to manage your user relations with us. This involves connecting your user data to the texts you produce in Ponder so that you can easily manage and recall your work. In addition, the data will be used to create statistics of the Ponder userbase.

For any processing that is described in this section, the legal basis for processing is either GDPR Article 6 a) (consent), Article 6 b) (agreement), or Article 6 f) (legitimate interest).

The purpose of processing personal data in relation to your user account, is for us to use personal data to create data on the Ponder program based on demographics and place of study, and to offer a better user experience.

2.2 Interactive data processing related to the use of “Ponder”

In relation to your use of the Ponder program, certain information of your interaction with the program, such as comments, analyzes, classifications and assessments that you perform in the program, will be registered (“Interaction data”). This information will be processed in order for us to offer you access to the tools and services of the Ponder program, in addition to making it easier for you to access your own Interaction data. The legal basis for processing Interaction data is either GDPR Article 6 a) (consent) or Article 6 b) (agreement).

We will also connect your Ponder user account data to the Interaction data you produce. We process this information with the purpose of creating statistics to improve our services. The legal basis for this data processing is GDPR Article 6 f) (legitimate interest).

2.3 Anonymization of interactive data

Interaction data we collect from you will be stored in a database which is separated from your user data and your personal information. If you wish to delete your user account, any connection between the Interaction data, user data and personal data will be removed in a way which makes the Interaction data fully anonymized and impossible to track back to you as a person. This means that we can and will keep any Interaction data that you have produced if you delete your user account or request your personal information to be deleted.

We will also, regardless of whether you have deleted your account or requested deletion, periodically anonymize Interaction data for the purposes of developing our services or to cooperate with third parties. We may also hand over anonymous data to research institutions for research purposes.

2.4 Cookies

We use cookies when you use Ponder or visit our websites under the These cookies are used in accordance with this privacy policy. A closer description of our use of cookies can be found in our cookie policy.

3 Data storage

Disputas reserves the right to store personal data connected to your user account for as long as needed, and for a maximum time of twelve months. This reservation does not apply if the user requests the data deleted in accordance with GDPR Article 17.

3.1 Who do we share personal data with?

Personal data will never be sold or transferred to any third parties, except when expressly stated in section 3 of this privacy policy.

We enter data processor agreements with any third parties which we share your personal data with, or which otherwise process data on behalf of us. These agreements shall ensure that your personal data is processed in accordance with our privacy policy.

Below is a general description of the data processors we make use of:

  • Our providers of ICT-services will have access to personal data if the data is stored at the provider, or if the provider gets access to the personal data in accordance with an agreement with us. This will for instance apply to our provider of cloud services, Google Cloud.
  • Our providers of Cookie-services will have access to personal information about you as far as is reasonably necessary for the cookies to work when you visit our website. Read our cookie policy for more information.

3.2 Google cloud

Personal data we collect about you will be stored in Google Cloud. This means that Google has insight in the stored personal information, as Google is responsible for the security of the storage. In order to minimize the security risks associated with using Google as a data processor, we make sure your personal data is saved exclusively on servers within the EEA, and we avoid saving sensitive personal data on their servers in case of a security breach. We find there to be an overall low risk of harm, both in likelihood and potential severity.

3.3 Sharing of data with academic institutions

Disputas reserves the right to transfer Interaction data to academic institutions. Personal data may be processed by such institutions alongside the Interaction data, in accordance with this privacy policy. These data are processed with research and educational purposes.

4 The user’s rights

The user has full ownership of its personal data. By using Ponder, you are given the rights described in the GDPR Chapter 3, including the right to:

  • Withdraw your consent: If the user wishes to withdraw any consent regarding the processing of their personal data, this can be done at any time.
  • Request erasure or rectification: If the user wishes erasure or rectification of personal data we process, this will be arranged by Disputas. We will however remind the user that anonymous Interaction data created by the user will not be deleted, as they are not personally identifiable on their own. Only identifiable data will be erased or changed.
  • Get insight into any personal data we hold about you: We give insight in the personal data connected to the user upon request.
  • Have your personal data delivered to you (data portability): The user may have its data delivered in a digitally portable fashion upon request.

If you disagree with the way we process your personal data, you can contact us or the Norwegian Data Protection Authority.

5 Security

Disputas is committed to establishing procedures to handle your personal data with utmost care in accordance with applicable rules and regulations. The measures we undertake are technical and organizational in nature, and we will regularly carry out security assessments and control in our systems that are used to process the personal data.

6 Changes in the privacy policy

We reserve the right to make changes to this privacy policy. In the event of significant changes, we will notify you directly of the changes to the email address you have provided to us. You will always find the latest version of this privacy policy on our website.

7 Contact us

Disputas can be reached via email to The Norwegian Data Protection Authority protects your right to privacy, and can be reached on