Privacy statement
- 1. Introduction
- 2. Contact us
- 3. Giant Leap Technologies AS as a Processor
- 4. Giant Leap Technologies AS as a Controller
- 4.1 Processing activities in M_SOLUTION
- 4.2 Other processing activities carried out by Giant Leap Technologies AS
- 4.3 How your personal data may be shared
- 4.4 Your rights
- 5. Changes
1. Introduction
When using M_SOLUTION and interacting with Giant Leap Technologies AS, personal data about you is processed. This Privacy Statement helps you understand what personal data is collected, why it is collected and how Giant Leap Technologies AS handles, protects, stores, exports, and deletes your personal data.
Personal data is any information relating to an identified or identifiable natural person, such as an email address, street address, phone number, etc.
2. Contact us
If you have any comments or questions about our Privacy Statement, or any privacy concerns, including regarding a possible breach of your privacy, please contact us by sending an email to privacy@giantleap.no or by using the privacy request form.
You can also contact our office at:
Giant Leap Technologies AS
Karenslyst Allé 56, 0277 Oslo
Telephone: +47 24 20 18 20
3. Giant Leap Technologies AS as a Processor
For the personal data processed in M_SOLUTION, your employer is the Controller. Giant Leap Technologies AS does in such cases act as a Processor and processes the personal data on behalf of and according to instructions given by your employer. For more information regarding this, please contact customer support for the specific service.
If you want to invoke your rights in relation to the processing of your personal data in M_SOLUTION, you should direct this to your employer.
4. Giant Leap Technologies AS as a Controller
In some cases, Giant Leap Technologies AS will be the Controller for your personal data processed in the application. This is when Giant Leap Technologies AS determines the purposes and means of the processing of personal data.
When Giant Leap Technologies AS is the Controller for your personal data processed in the application, section 4.1 applies. When Giant Leap Technologies AS is the Controller for your personal data processed when interacting with us through other channels, section 4.2 applies.
4.1 Processing activities in M_SOLUTION
Giant Leap Technologies AS processes your personal data in M_SOLUTION for the processing activities as described below.
Use of cookies
When you use M_SOLUTION, we install cookies on your device that are strictly necessary for the product to function. These cookies ensure the service works properly and cannot be disabled without disrupting core functionality. They are not used for marketing or analytical purposes.
The following cookies are set on app.msolution.no:
| Cookie name | Purpose | Retention |
|---|---|---|
| AWSALB | Load balancing — ensures your session is handled by the same server | 7 days |
| AWSALBCORS | Same as AWSALB, also sent with cross-origin requests | 7 days |
| JSESSIONID | Standard server-side session identifier, required for your login session | Session |
| msolsession | M_SOLUTION authentication cookie used for secure API communication | Session |
Our legal basis for processing this personal data is our legitimate interests in providing a functional and secure product, cf. GDPR Article 6(1)(f).
Security
Giant Leap Technologies AS processes personal data in order to detect, mitigate, and prevent security threats and abuse, as well as perform necessary maintenance and debugging. The personal data involved includes your name, email address, user and web traffic data such as login ID, username, IP address, and device information.
We use New Relic for application performance monitoring and error detection. New Relic may process web traffic data including IP addresses and session identifiers as part of this monitoring.
Our legal basis for this processing of personal data is our legitimate interests, cf. GDPR article 6 nr. 1 f). The legitimate interest is to maintain a secure and well-functioning environment for our customers and operations.
We will only store your personal information for as long as necessary to fulfil the purpose of processing, and your personal data will normally be deleted after 90 days.
Service improvement
Giant Leap Technologies AS continuously strives to improve and develop the quality, functionality, and user experience of M_SOLUTION. For this purpose we use Survicate, a user feedback and product experience tool. The personal data processed includes session data, usage statistics, and anonymised user identifiers. No sensitive personal data is collected.
Our legal basis for this processing of personal data is our legitimate interests to improve M_SOLUTION and ensure we meet our customers’ expectations, cf. GDPR article 6 nr. 1 f). Giant Leap Technologies AS’s services are used as tools for work-related purposes, and the data collected reflects professional usage behaviour rather than personal life. No sensitive data is processed. Your personal data is processed from a business perspective in a way that we believe does not conflict with your freedoms and rights as an individual.
We will process your personal data only as long as necessary to fulfill the purpose. After three years, the personal data is deleted or anonymised for statistical use.
Usage analytics
Giant Leap Technologies AS uses Visma Product Analytics, a Visma Group-managed platform powered by Snowplow, to collect anonymised data about how users navigate and interact with M_SOLUTION. This helps us understand feature usage patterns and prioritise product development. The analytics are only active within the product for logged-in users — they are not used on the public website.
No personal data is stored in the analytics system. All data is fully anonymised, and usage patterns within M_SOLUTION reflect professional work activity performed at the direction of the user’s employer. Any transient processing of data prior to anonymisation is covered by the data processing agreement between Giant Leap Technologies AS and the employer.
Our legal basis for any processing of personal data prior to anonymisation is our legitimate interests in improving M_SOLUTION to meet our customers’ needs, cf. GDPR article 6 nr. 1 f).
4.2 Other processing activities carried out by Giant Leap Technologies AS
Giant Leap Technologies AS also processes your personal data for the processing activities as described below.
Marketing newsletters
Giant Leap Technologies AS uses HubSpot to distribute marketing communications such as newsletters. The personal data processed for this purpose is name and email address. Newsletter subscriptions and opt-out preferences are managed in HubSpot.
For individuals who have subscribed to receive our newsletter, the legal basis for processing is your prior consent, cf. GDPR article 6 nr. 1 a). For existing customers, we may send relevant product and service communications based on our legitimate interests in maintaining and developing the customer relationship, cf. GDPR article 6 nr. 1 f).
You can unsubscribe from marketing communications at any time by following the unsubscribe link in any newsletter, by contacting us at privacy@giantleap.no, or by using the privacy request form. Please note that when you unsubscribe from marketing communications, you may still receive other communications from Giant Leap Technologies AS, such as notifications necessary to manage your account or the services provided to your employer.
The personal data will be deleted when you unsubscribe or when your contact record has been inactive for 365 days.
Use of cookies
When you visit our website, we only install cookies that are strictly necessary for the website to function correctly. We do not use cookies for marketing, advertising, or analytical tracking.
Our legal basis for processing this personal data is our legitimate interests in providing a functional website, cf. GDPR Article 6(1)(f).
Security
Giant Leap Technologies AS processes personal data in order to detect, mitigate, and prevent security threats and abuse, as well as perform necessary maintenance and debugging. The personal data involved includes your name, email address, user and web traffic data such as login ID, username, IP address, and device information.
Our legal basis for this processing of personal data is our legitimate interests, cf. GDPR article 6 nr. 1 f). The legitimate interest is to maintain a secure environment for our customers and operations.
We will only store your personal information for as long as necessary to fulfil the purpose of processing, and your personal data will be deleted after 90 days.
Deliver products and services to customers
Giant Leap Technologies AS processes personal data to manage customer orders, agreements, and payments for the products and services we provide. The data processed includes basic personal details, such as name, address, telephone number, and email, along with invoice-related information.
Our legal basis for this processing of personal data is our legitimate interests, cf. GDPR article 6 nr. 1 f). The legitimate interest is to facilitate the delivery of products and services to the customer’s contact person.
We will only store your personal information for as long as necessary to fulfil the purpose of processing, but in most cases, never longer than 3 years after your last registered activity.
Registration for webinars and courses
When registering for webinars and courses, we collect personal data, which is also used for follow-up after the course, such as issuing course certificates. The personal data processed is contact information such as name and email, billing details, and details of the registered course.
Our legal basis for this processing of personal data is our legitimate interests, cf. GDPR article 6 nr. 1 f). The legitimate interest is to provide webinars and courses to interested individuals.
We will only store your personal information for as long as necessary to fulfil the purpose of processing, and your personal data will be deleted after 365 days.
Handling requests and providing support
The purpose of handling questions and concerns raised through a contact form, chatbot or similar on our website is to facilitate communication and support for users interacting with us. If you contact us via such channels, we will process the personal data that you include in the request. This will at minimum include contact details.
Our legal basis for this processing of personal data is our legitimate interests, cf. GDPR article 6 nr. 1 f). The legitimate interest is to respond to questions and concerns raised by visitors on our website and customers of M_SOLUTION.
Requests and related correspondence are only stored as long as necessary to fulfil the purpose of processing, and no longer than 3 years after the last correspondence in relation to the request.
4.3 How your personal data may be shared
4.3.1 Within the Visma Group
Giant Leap Technologies AS is a part of the Visma Group, which consists of several subsidiaries. In order to maintain an overview and insight, we may share your personal data across companies in the Visma Group.
4.3.2 Outside of the Visma Group
Giant Leap Technologies AS may also share your personal data with external third parties in the following contexts:
Processors
Giant Leap Technologies AS uses processors to process personal data. These processors are typically vendors of cloud-based services or other IT services. When using processors, Giant Leap Technologies AS will enter into a data processing agreement in order to safeguard your privacy rights. If processors are located outside the EU/EEA, we ensure legal grounds for such international transfers on your behalf, hereunder by using the EU Model Clauses. You are welcome to request more detailed information on our processors by contacting us as described in the section “Contact us”.
User communities
If you make a post, comment or similar on user communities or other forums or sites, such information can be read and used by anyone with access to such forums. Giant Leap Technologies AS is not responsible for any information you submit on such forums or sites.
Business partners
Giant Leap Technologies AS may share your personal information with partners in the event this is legitimate from a business perspective and according to applicable privacy legislation.
Public authorities
The police and other authorities may request access to information from us. This can include both personal and non-personal data.
In all such cases, we follow internal policies and procedures for assessing the access request, and confer with legal counsels. We only share information that is strictly required by law, and only on the basis of valid court orders or similar legal documents from public authorities.
To prevent unauthorised access to any information we process, we also implement technical measures such as encryption and access controls. The Visma Security Program ensures high security standards and confidentiality.
Furthermore, we ensure legal obligations in contracts with our subcontractors that ensure they too enact organisational and security measures similar to ours.
If we receive access requests from non-EEA authorities, we ensure our compliance with the Data Act article 32. Internal policies and routines are in compliance with this regulation.
4.4 Your rights
You can invoke the following rights in relation to our processing of your personal data:
- Access. You have the right to request a copy of personal data we process about you.
- Rectification. You also have the right to request rectification of inaccurate personal data concerning you. If you have an account for our sites or services, this can usually be done through the appropriate “your account” or “your profile” sections on the applicable site or service.
- Deletion. You can request deletion of personal data relating to you.
- Restriction. You may ask us to restrict the processing of your personal data.
- Portability. You may ask us to provide you or others with your personal data in a structured, commonly used and machine-readable format.
- Object. You have the right to object to our processing of your personal data on the basis of legitimate interests or for direct marketing purposes. You also have the right to object to our processing of your personal data for the performance of tasks carried out in the public interests or in the exercise of official authority or based on legitimate interests.
Please note that there may be certain exceptions or limitations to the abovementioned rights which could apply depending on the specific circumstances of your situation. In such cases, we will provide you with detailed information about the applicable exception or limitation and help you exercise your rights to the fullest extent possible, in accordance with applicable laws and regulations.
Please send an email to privacy@giantleap.no or use this privacy request form to file requests as mentioned in this section.
Finally, you also have a right to file a complaint to the data protection authorities with regards to our processing of your personal data.
5. Changes
We encourage you to review the Privacy Statement regularly. If we make significant changes to the Privacy Statement that materially alter our privacy practices, we will notify you of this.
The Privacy Statement was last updated: 2026-05-22.