Legal

Privacy Policy

Last updated: 6 March 2026

This privacy policy explains how MereCRM collects, uses, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Norwegian data protection law.

#1. Data controller

The data controller for this service is Ekdahl Enterprises AS, organisation number 987 895 918, located at Smørbukkveien 3, 3123 Tønsberg, Norway.

Contact: post@merecrm.com

#2. What data we collect

We collect the following categories of personal data:

  • Contact information — name, email address, phone number, and postal address
  • Course and enrollment data — course interests, cohort assignments, enrollment status, and milestone progress
  • Communication records — emails sent and received through MereCRM, and internal staff notes
  • Flight experience — total hours, type hours, PIC time, instrument time, and multi-crew experience (for aviation training providers)
  • Medical status — Medical Class 1 certificate status and related documentation
  • Technical data — IP address, browser type, and access timestamps for security and service operation

#3. Legal basis for processing

We process personal data under the following legal bases (GDPR Art. 6):

  • Consent — when you submit a contact form or inquiry, you explicitly consent to the processing of your data
  • Contract — processing necessary to fulfil our service agreement with schools and training providers
  • Legitimate interest — service security, fraud prevention, and product improvement

#4. How we use your data

Your data is used to:

  • Process inquiries and manage the student enrollment lifecycle
  • Facilitate communication between schools and prospective or enrolled students
  • Track course progress, milestones, and administrative records
  • Generate analytics and reports for school management (aggregated where possible)
  • Send confirmation and transactional emails related to your inquiry or enrollment

#5. Data sharing and processors

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We use trusted sub-processors for hosting, email delivery, and payment processing. All sub-processors are bound by data processing agreements and process data within the EU/EEA or under adequate safeguards (e.g. EU Standard Contractual Clauses).

#6. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described above, or as required by law. When a school terminates its subscription, student data is deleted within 90 days unless retention is required for legal or regulatory purposes.

#7. Your rights

Under the GDPR you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — restrict processing in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — withdraw consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at post@merecrm.com.

#8. Cookies and tracking

MereCRM uses only essential cookies required for authentication and session management. We do not use third-party tracking or advertising cookies.

#9. Supervisory authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no.

#10. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated by email or by a prominent notice in the application. The "Last updated" date at the top of this page indicates the most recent revision.

Questions? Contact us at post@merecrm.com — Ekdahl Enterprises AS, Smørbukkveien 3, 3123 Tønsberg, Norway. Org.nr. 987 895 918.