Last updated: 5 June 2026
This Privacy Policy explains how Wekst ("Wekst", "we", "us", "our") collects, uses, shares and protects personal data when you visit https://wekst.com, contact us, book a meeting, or otherwise interact with our services. We are committed to processing your personal data lawfully, fairly and transparently in accordance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven).
1. Who we are (Data Controller)
Wekst is a trading name of:
- Legal name: Harwest AS
- Organisation number: 922 184 054
- Address: Harbitzalléen 25, 0275 Oslo, Norway
- Privacy contact: : [email protected]
Harwest AS is the data controller for the personal data described in this policy.
2. Scope
This policy covers personal data we process about:
- Website visitors — anyone browsing https://wekst.com
- Prospects and leads — people who contact us, book a growth meeting, or download/request information
- Clients — clinics and their representatives we work with
- Newsletter and marketing subscribers
It does not cover the personal data our clients process about their own patients or customers. When we deliver marketing services, our clients are the data controllers for their own audiences, and we act as their data processor under a separate Data Processing Agreement (DPA).
3. What personal data we collect, and why
a) Information you give us directly
When you fill in a contact form, book an online growth meeting, subscribe to our newsletter, or email us, we may collect:
- Name
- Email address
- Phone number
- Company/clinic name and role
- Any information you choose to include in your message
Purpose: to respond to enquiries, schedule and hold meetings, provide quotes and deliver our services, and to send marketing communications where you have agreed to receive them.
b) Booking data
When you book a meeting via Trafft / our booking provider, the provider processes your name, email and scheduling details on our behalf so we can arrange the meeting.
c) Information collected automatically
When you visit our website we automatically collect technical and usage data through cookies and similar technologies, including:
- IP address (often truncated/anonymised by our analytics provider)
- Browser type and device information
- Pages visited, referring URL and time spent
- Interactions with our content and ads
Purpose: to operate and secure the site, understand how it is used, and measure and improve our marketing. See our Cookie Policy for the full list of cookies and how to manage them.
d) Analytics and advertising
We use the following tools, which may set cookies and collect usage data:
- Google Analytics 4
Non-essential analytics and advertising technologies are only activated after you give consent through our cookie banner.
e) Embedded content from other websites
Pages on this site may include embedded content (for example videos, images or articles). Embedded content from other websites behaves exactly as if you had visited that other website. These third-party sites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content.
f) Uploaded media
If you upload images to our website, please avoid uploading images with embedded location data (EXIF GPS), as visitors can download and extract that information.
4. Legal bases for processing
Under the GDPR (Article 6), we rely on the following legal bases:
| What we do | Legal basis |
|---|---|
| Responding to enquiries and delivering services | Performance of a contract / steps prior to a contract (Art. 6(1)(b)) |
| Analytics and advertising cookies | Your consent (Art. 6(1)(a)) |
| Newsletter and marketing emails | Your consent, or our legitimate interest in marketing to existing clients (Art. 6(1)(a)/(f)) |
| Securing and improving our website | Our legitimate interests (Art. 6(1)(f)) |
| Bookkeeping, tax and legal compliance | Legal obligation (Art. 6(1)(c)) |
You may withdraw consent at any time (see Section 8). This does not affect the lawfulness of processing before withdrawal.
5. Who we share your data with
We do not sell your personal data. We share it only with:
- Service providers (data processors) acting on our behalf, such as our website host, analytics and advertising platforms, booking provider, email/CRM provider, and IT support. Each is bound by a data processing agreement.
- Professional advisers (e.g. accountants, lawyers) where necessary.
- Public authorities where we are legally required to disclose information.
Examples of processors we use: [Trafft, Google, email/CRM provider].
6. International transfers
Some of our providers are based outside the EU/EEA (for example in the United States). Where personal data is transferred outside the EU/EEA, we ensure an appropriate safeguard is in place, such as the EU Standard Contractual Clauses or an adequacy/Data Privacy Framework decision, so your data receives an equivalent level of protection.
7. How long we keep your data
We keep personal data only as long as necessary for the purpose it was collected:
- Enquiries and leads: up to 24 months after last contact, unless you become a client or ask to be deleted.
- Client records: for the duration of the engagement and as required afterwards for legal and accounting purposes (accounting records are kept for at least 5 years under Norwegian law).
- Newsletter subscribers: until you unsubscribe.
- Analytics data: in line with the retention settings of our analytics provider.
[If comments are enabled:] Comments and their metadata are retained indefinitely so we can recognise and approve follow-up comments automatically. Registered users' profile data is stored in their user profile and can be viewed, edited or deleted by the user at any time (except the username); administrators can also see and edit this information.
8. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten")
- Restrict or object to certain processing
- Data portability — receive your data in a portable format
- Withdraw consent at any time, where processing is based on consent
To exercise any of these rights, contact us at: [email protected]. We will respond within one month. We may need to verify your identity first. Note that some data must be retained where we are legally required to keep it.
9. Right to complain
If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with the Norwegian Data Protection Authority:
Datatilsynet — www.datatilsynet.no — Postboks 458 Sentrum, 0105 Oslo, Norway.
10. Automated decision-making and profiling
We may use analytics and advertising tools to build audience segments and measure campaign performance (marketing profiling). This may influence which of our ads you see, but it does not produce legal or similarly significant effects on you, and we do not make solely automated decisions that have legal consequences for you.
11. Data security and breaches
We take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify Datatilsynet without undue delay and, where required, inform affected individuals.
12. Children
Our website and services are directed at businesses (clinics), not at children, and we do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.
13. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest version. Significant changes will be communicated where appropriate.
14. Contact
For any questions about this Privacy Policy or how we handle your personal data:
Harwest AS (Wekst):
Harbitzalléen 25, 0275 Oslo, Norway,
Email: [[email protected]
Org. no. 922 184 054