Ledidi

Solutions
Clinical Audits and Registries Governance and Compliance for Organisations Clinical Trials
Use Cases Pricing Resources About Us Contact Us Log In

Privacy policy


This Privacy Policy was last updated on the 24th of September, 2025

The privacy and security of the data you entrust us with are our highest priority. This Privacy Policy describes how Ledidi AS with affiliated companies ("we" and "us") collect, use and share information about you when you visit our website, create a Ledidi user account, pay for any of our services, participate in events or otherwise interact with us. We also describe your rights and choices regarding the information we collect about you and how you can contact us about any privacy concerns.

The Privacy Policy describes how we process your personal data, and we encourage you to read it carefully. We only collect personal data when we have a legal basis for doing so, and we limit our collection to the minimum information required.

When does it apply

This Privacy Policy applies to the information we collect about you when you interact with us or use our services. It describes how we handle information about you while acting in the capacity as a controller, meaning that we determine the purposes and means of the processing of personal data.

This Privacy Policy does not apply to the personal data that you store or process when you use our software applications or services related to your Ledidi user account (“user content” or “content”). To the extent such user content contains personal data, you are the controller, and Ledidi acts as a processor while providing agreed upon services to you.

More information about the security of our services can be found in the security documentation on our website.

Legal basis for the processing of personal data

We rely upon several legal bases to process your personal data: fulfillment of contractual obligations towards you, compliance with legal obligations, legitimate interests and, in some cases, explicit consent (e.g. marketing communications).

The personal data we collect

We collect the minimum required personal data depending on the purpose:

  • Contact details: name, email address, phone number, position, profession, organisation and/or country.
  • Communication: The content of your messages, for example, requests via our website, e-mails or support tickets or feedback via our surveys or questionnaires.
  • Payment information.
  • Website usage: Information collected when you visit and and use our website or software applications.

Information that is collected automatically:

  1. When you visit our website (Ledidi ). Our website (Ledidi ) uses cookies and similar technologies. Some of these cookies are functional, while others are used for analytical or marketing purposes. The use of non-essential cookies is based on your consent when you visit our website. For more information on the cookies we use on the site and their purpose, please see our Cookie Policy.
  2. When you use our software applications. We use analytical tools to monitor the security of our systems to improve performance, uncover technical issues and analyse use patterns. We also collect information related to your user account (the amount of data stored and processed, the number of projects, the number of collaborators and the number of projects you take part in as a collaborator). Our legal basis for collecting this information is our legitimate interest to preserve the security and performance of our systems and to improve our services and offerings, and our contractual obligation to provide you with our services according to the Terms of Service.

Personal data you provide to us:

  1. If you send us a message through the contact forms on our website, we collect your name, email address and the content of your message in order to respond to your request. We encourage you to be careful about disclosing any sensitive information about yourself or others. If you request a copy of our security documentation, we also collect information about your position and organisation. We store this information and any following correspondence in our customer relationship management (CRM) system. The information is deleted three years after your last interaction with us. The lawful basis for this data processing is our legitimate interest to be able to respond to inquiries from you, and to have documentation in case we receive complaints, grievances or legal claims.
  2. If you are approached or contacted by our sales representatives and signalise a wish to continue the dialogue, we collect your name, relevant contact details and documentation from correspondence or meetings. Processing your data in our CRM system is based on a legitimate interest in establishing customer relationships.
  3. When you create a user account, we collect your name, email address, phone number, organisation and country to uniquely identify you to provide you with our services. We also collect information related to your type of user license, subscription type, and whether you have signed up for a user account as an independent user or by invitation from an organisation or another user. When you have created a user account, we use your email address to send you important service notices and useful information (e.g., updates, new features and improvements) related to our services in accordance with the Terms of Service. We will also send you information about significant changes in our Terms of Service or Privacy Policy. When you sign up for a user account, our legal basis for collecting information about you is our contractual obligation to provide you with our services according to the Terms of Service. As a user and/or customer, you may also receive marketing communications. The legal basis for this is our legitimate interest in offering you additional options. You can unsubscribe from these emails at any time by using the unsubscribe link at the bottom of the email. You have the option to provide additional information about yourself in your user profile. This information may be shared with other users, making it easier for them to recognise one another and establish collaborations. Ledidi may collect this information (e.g., academic degree, position and role) and combine it with information on usage patterns as part of our efforts to better understand our users' needs. This information is anonymised and only used statistically. Our legal basis for processing this information is our legitimate interest in improving our services and offerings.
  4. If you buy or subscribe to any of our paid services, either on your own behalf or on behalf of others, we collect your name, email address, phone number, organisation and payment details (such as payment card information or necessary information for invoicing). This information is collected and stored both to fulfill our contractual obligations to you and to comply with our legal obligations (e.g., accounting, tax purposes and fraud detection).
  5. You may subscribe to our newsletter either by signing up on our website or by creating a Ledidi user account. In these cases, you consent to receive our newsletters either by filling out a subscription form or checking the Newsletter box when you fill out a contact form on our website. All users will automatically receive newsletters, according to the Terms of Service. You may unsubscribe from our newsletters by clicking “unsubscribe” at the bottom of a newsletter you receive from us.
  6. When you sign up for an event hosted by Ledidi (i.e. webinar, meeting, educational course), we collect your name, email address, position and organisation. We use this personal information to inform you about the event and how to attend. Our legal basis for using this information is our legitimate interest to organise the webinar and adapt its content.
  7. If you have a Ledidi user account, we may also send you invitations to participate in user surveys or respond to questionnaires. The legal basis for sending these invitations is our legitimate interest in improving our services. Participation is optional, and invitations will include a description of the purpose and how the information will be used.
  8. We do not use personal data in any way that is not covered by the purposes detailed in this Privacy Policy unless you expressly authorise us to do so. In that case, we will ask for your specific consent.

AI Features and Analytics

Ledidi has some sub-suppliers with AI-powered features provided by third-party vendors, including HubSpot (data enrichment), Chargebee (predictive billing analytics), and Freshdesk (prompts, summarisations, analytics insights).

When these features are enabled:

  • Ledidi and these vendors may act as independent controllers for certain processing activities.
  • Vendors may determine their own purposes for processing aggregated or anonymised data.

Ledidi maintains a list of its sub-processors, including those supporting AI-driven features.

Legal basis for AI-driven processing activities

When enabling AI-powered features that rely on enrichment, predictive analytics, or third-party AI tools, legitimate interest will constitute the legal basis for such processing activity. You will receive the necessary information about the purpose and scope of processing.

How we share your personal data

Ledidi does not sell or share personal information with marketers or unaffiliated third parties. We may share information about you with our trusted service providers for specific purposes such as payment processing, subscription plan management and billing, and to manage our relations with our customers and users. We may also share your personal data with third-party sub-processors providing AI enrichment, analytics, and predictive modelling capabilities. Before engaging any AI-related sub-processors, we conduct a full Transfer Impact Assessment (TIA) and ensure adequate safeguards are in place. A complete list of our service providers can be provided to you by contacting us at dpo@ledidi.no.

All our service providers are subject to contractual terms that limit their use of your personal data in accordance with applicable data protection legislation. Further, we require all our service providers to contractually commit to protecting the security and confidentiality of the personal data they process on our behalf and to have appropriate safeguards and compliance measures to ensure an adequate level of protection of personal data.

Ledidi maintains a list of its sub-processors, including those supporting AI-driven features. A complete list of our service providers can be provided to you by contacting us at dpo@ledidi.no. You may also subscribe to receive notifications whenever we add or remove sub-processors. You also have the right to object to the use of new AI vendors within the notice period.

International data transfers

Some of our service providers are registered outside of the EEA, and personal data may therefore be transferred to and processed in countries outside the EEA. We require all our service providers to contractually commit to protecting the security and confidentiality of the personal data they process on our behalf and to have appropriate safeguards and compliance measures to ensure an adequate level of protection of personal data. We only use providers on the condition that enforceable rights and effective remedies for data subjects are ensured. Ledidi's existing measures to accommodate international data transfers include the EU Commission’s approved Standard Contractual Clauses (SCCs). We carry out a Transfer Impact Assessment (TIA) for each provider to identify and implement appropriate safeguards. Contact us at dpo@ledidi.no to get a copy of the SCC or TIA.

For AI-related processing and analytics, some personal data may be transferred to vendors located outside the EEA, who will act as independent controllers and process the personal data for their own purposes. Such a transfer will be subject to an adequate legal basis and safeguards that ensure the transfer of personal data is in accordance with applicable privacy legislation. These safeguards may include, among other things, the following:

  • Standard Contractual Clauses (SCCs), including module 1 for controller-to-controller transfers
  • UK Addendum and Swiss-specific adaptations
  • EU-U.S. Data Privacy Framework

Retention of personal data

We retain your personal data as long as we are providing services to you or as long as it is required for us to fulfil the relevant purposes described in this Privacy Policy. Unless we are required by applicable laws and regulations to keep your information, we will either delete your personal data when the purpose of the processing has been achieved or within three years after your last interaction with us, or earlier if you instruct us to do so in accordance with this Privacy Policy and the Terms of Service, if you have a Ledidi user account.

How we protect your personal data

Ledidi has implemented technical, organisational and administrative security measures to protect your personal data. We continuously seek to ensure that the data we collect is protected against loss, destruction, corruption and unauthorised access. Our security framework is updated regularly in line with technological developments. Your personal data is only accessed by a limited number of personnel who need access to data to perform their duties. When we share data with our service providers, we authorise them only to use or disclose your data to perform services on our behalf or to comply with legal requirements. Before engaging any service provider, we perform a risk assessment.

Your rights and choices

You can request access to and information about what data we store and process about you at any time. You have the right to request the correction, deletion and restrictions in the processing of your personal data, as well as the right to object to the processing of personal data about you in accordance with applicable data protection laws. You may also have the right to receive your data and transmit that data to another controller.

Consents that you have given can be withdrawn at any time. Withdrawal of your consent does not affect the legality of the storing, processing or transfer of your personal data before the withdrawal.

Any questions or concerns that you may have regarding this Privacy Policy can be sent to our Data Protection Officer at dpo@ledidi.no.

If you believe that we have not complied with your statutory rights in accordance with applicable data protection legislation, you have the right to send a complaint to the Norwegian Data Protection Authority (www.datatilsynet.no). However, we kindly ask you to contact us first so that we may address your concerns or resolve any misunderstandings.

Exercising Your Rights with AI Vendors

For certain AI-driven processing carried out by third-party vendors acting as independent controllers, such as HubSpot enrichment, Chargebee analytics, or Atlassian AI services, you may exercise your data subject rights directly with these vendors. Ledidi will provide their contact information upon request and support you where feasible.

Updates to this Privacy Policy

We will update this privacy policy when required by changes in our practice or in privacy legislation. In the event of material changes to our information practices, we will point out those changes on our webpage and, in some cases, send you a notification of changes by email. You agree to any modifications or changes by continuing to use our services after such information has been provided to you.

Contact information

If you have any concerns about privacy at Ledidi, please contact us at dpo@ledidi.no or at LEDIDI AS, Attn: Ledidi AS, Gaustadalleen 21, 0349 Oslo, Norway.