Privacy statement

The Visma Privacy Statement helps you understand what personal data we collect and why we collect it, and how we handle, protect, store, export, and delete your personal data. 

Personal data is any information relating to an identified or identifiable natural person, such as an email address, street address, phone number, etc.

The type of personal data that Visma processes about you may be:

  • Basic personal information such as name, address, telephone number, email and demographic information
  • User and web traffic information such as login ID, username, and IP address
  • Financial information such as invoice-related information
  • Content you have uploaded or provided such as photos, comments, articles and videos
  • Statistics that show how the users use our software and consume content we offer
  • Information provided through job applications

For the purposes mentioned in the section “Why we process personal data”, Visma does not process sensitive personal data about you.

In general, Visma collects personal data directly from you or other persons linked to our Customer. If the Customer you work for purchases Visma products or services via a Visma partner company, we may collect information about you from the partner company. 

We will also use cookies and other tracking technologies when you use Visma websites, use our applications/services and interact with us via email, in order to optimise your experience of Visma, our products and our sites. Please see our cookie policy for more information. 

In some cases, we may also collect information about you from other sources. These sources may be third-party data aggregators, Visma’s marketing partners, public sources or third-party social networks.

This Visma Privacy Statement applies when Visma and its subsidiaries (Visma) process your personal data for various purposes when you interact with us, such as:

Buy and deliver

  • Facilitate customer orders, agreements, payments
  • Offer services directly to you, such as e-learning, webinars, reports, etc.
  • Provide requested offers on products and services to Customers
  • Create and facilitate accounts for users of our services

Support and improve

  • Improve and develop the quality, functionality and user experience of our products, services and Visma Sites
  • Offer customer support of our products and services
  • Operate user communities to educate and enable interaction between users and Visma

Security

  • Detect, mitigate and prevent security threats and abuse, and perform maintenance and debugging

Marketing

  • Manage and send marketing preferences and content
  • Create interest profiles in order to promote relevant products and services (profiling)

Recruiting

  • To manage recruitment processes and process job applications
  • Evaluate submitted documentation, conduct interviews and call references

Information regarding how personal data is processed in one of our many services is outlined in the respective data processing agreement for that service. Visma does in such cases act as a data processor and processes the data on behalf of and according to instructions given by the Customer. For more information regarding this, please contact customer support for that specific service.

Within the Visma Group 

As Visma consists of many different subsidiaries, it is important for us that we provide the best possible overall experience for you. In order to maintain an overview and insight, Visma may share your personal data across companies in the Visma Group. 

Outside of the Visma Group

Visma may also share your personal data with external third parties in the following contexts:

Visma user communities

If you make a post, comment or similar on Visma user communities or other forums on Visma Sites, such information can be read and used by anyone with access to such forums. Visma is not responsible for any information you submit on such forums or Visma Sites. 

Business partners

Visma may share your personal information with our partners in the event this is legitimate from a business perspective and according to applicable privacy legislation. 

Public authorities

The police and other authorities may request access to personal information from Visma. In these cases, Visma will only provide the data if there is a court order etc. to do so.

Visma uses processors to process personal data. These processors are typically vendors of cloud services or other IT hosting services. 

When using processors, Visma will enter into a data processing agreement in order to safeguard your privacy rights. If processors are located outside the EU/EEA, Visma ensures legal grounds for such international transfers on your behalf, hereunder by using the EU Model Clauses. 

For information on sub-processors used to provide you a Visma service, please visit our Visma Trust Center. 

You are always welcome to request an overview and more detailed information on Visma’s processors. For how to contact Visma, please see the last section of this statement.

Visma will only store your personal information as long as required to perform our contractual obligations. When processing your personal data on other legal basis, such as legitimate interest, data is stored as long as necessary to fulfil the purpose of processing.

Hence, your personal data may be subject to different retention policies based on the type of data and the purpose of collecting it. Here are some examples: 

When recruiting, Visma will delete your personal information such as CV, application and other documents when the recruitment process is closed, typically maximum 6 months after application deadline, unless otherwise agreed upon with you.

Another example is contact information stored for marketing purposes, including leads or prospects. Such personal data will be deleted no later than 24 months after the last registered activity. 

For further information regarding deletion, feel free to contact Visma (see contact information in the last section of this statement).

You can invoke the following rights in relation to our processing of your personal data:

  • Access. You have the right to request a copy of personal data we process about you. 
  • Rectification. You also have the right to request Visma to rectify inaccurate personal data concerning you. If you have an account with Visma for a Visma Site, this can usually be done through the appropriate "your account" or "your profile" sections on the applicable Visma Site or service.
  • Deletion. You can request Visma to delete personal data relating to you. 
  • Restriction. You may ask us to restrict the processing of your personal data
  • Portability.  You may ask us to provide you or others with your personal data in a structured, commonly used and machine-readable format.
  • Object. On grounds relating to your particular situation, you have the right to object to our processing of your personal data on the basis of legitimate interests or for direct marketing purposes. You also have the right to object to our processing of your personal data for the performance of tasks carried out in the public interests or in the exercise of official authority or based on legitimate interests. 

Please note that there may be certain exceptions or limitations to the abovementioned rights which could apply depending on the specific circumstances of your situation. In such cases, we will provide you with detailed information about the applicable exception or limitation and help you exercise your rights to the fullest extent possible, in accordance with applicable laws and regulations.

Please use this form to file requests as mentioned in this section.

Finally, you also have a right to file a complaint to the data protection authorities with regards to our processing of your personal data.

The legitimate interest

When you interact with Visma e.g. by visiting Visma web pages, downloading content, attending webinars, and as part of using Visma’s services, Visma will be processing your personal data based on legitimate interest. One of Visma's legitimate interests is the processing of personal data for direct marketing purposes. 

Visma uses your personal data to provide relevant content to you through direct marketing on social media platforms and emails, webpages or in a Visma service, based on your preferences. The personal data processed are aggregated details about you such as IP address, interests (where you have clicked, etc.), username and device. This is done through technologies like cookies and is called profiling. Visma will also be able to combine this information with information about the customer relationship we may have with your company.

Visma uses email as a tool to communicate marketing, however only if you have consented in accordance with national marketing legislation (if needed). If you have consented, you will always have the possibility to opt out as described below, or when you receive an email containing marketing. 

Right to opt-out of marketing communications

You have the right to opt out of receiving marketing communications from Visma and be subject to profiling. You can do this by either:

(a) Following the instructions for opt-out in the relevant marketing communication

(b) Changing preferences under the relevant edit account section if you have an account with Visma

(c) Contacting us via this form

(d) Using the applicable subscription management tool

You will also always have the option to opt into/out of cookies on a particular web page, through our cookie banner. 

Please note that even if you opt out from receiving marketing communications, you may still receive administrative communications from Visma, such as order confirmations and notifications necessary to manage your account or the services provided to Customers.

We encourage you to review the Statement regularly. If we make significant changes to our Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect. 

The Privacy Statement is revised at least yearly and changes are approved by the Visma Compliance Council. Last updated: 2023-01-19.

Visma is a European corporation, with legal entities, business processes, management structures and technical systems that cross borders. Visma delivers software and services to private and public businesses in Europe. Visma’s head office is located in Oslo.

All major decisions regarding privacy in Visma are made at a corporate level by the Visma Compliance Council supervised and chaired by the Data Protection Officer (DPO). The controller responsible for the processing of your personal data is:

Visma Group and its subsidiaries
Head Office: Karenslyst allé 56, 0277 Oslo, Norway
Telephone number: +47 46 40 40 00

We value your opinion. If you have any comments or questions about our Privacy Statement, or any privacy concerns, including regarding a possible breach of your privacy, please contact us by using this form.

We will handle your requests or complaints confidentially. Our representative will contact you to address your concerns and outline the options regarding how these may be resolved. We aim to ensure that complaints are resolved in a timely and appropriate manner.