Last updated
14 May 2026
This policy explains how ProdSys collects, uses, and protects personal data when you visit prodsys.com, book a demo, contact us, or use the ProdSys application.
On this page
Who we are
ProdSys is a cloud ERP platform built by PSIT Software AS, a Norwegian software company based in Trondheim.
Data controller: PSIT Software AS, Ingvald Ystgaards veg 1, 7047 Trondheim, Norway. Organization number: 921 238 789.
When you use the ProdSys application as an employee of one of our customers, that customer is the data controller for your data — not us. See our GDPR page for details on the controller-processor relationship.
What we collect
The data we collect depends on how you interact with us.
Website visitors
When you visit prodsys.com, we collect:
- • IP address (truncated to anonymize before storage)
- • Browser type and version, operating system
- • Pages visited, time on site, referring page
- • Approximate geographic location (country level)
When you book a demo or contact us
When you submit a form (demo booking, contact form, newsletter signup), we collect:
- • Name and work email
- • Company name and your role
- • Company size and country
- • Anything you write in a message field
As a customer
When your company becomes a ProdSys customer, we collect:
- • Contact details for billing, technical, and primary contacts
- • Billing information (company name, address, VAT number, payment method)
- • Support communications and tickets
- • Usage data (login frequency, modules accessed, performance metrics) — at aggregate level for product improvement
What we do not collect
We do not collect special category data (race, religion, health, sexual orientation, etc.) about visitors or prospects. We do not buy contact lists. We do not track you across other websites. We do not sell or rent personal data to anyone.
Why we collect it
Every piece of data we collect has a specific purpose:
| Purpose |
What we use |
| Run prodsys.com | Technical logs, anonymized IP, performance data |
| Respond to demo requests | Form submissions (name, email, company, role) |
| Provide and improve the product | Customer account info, aggregated usage data |
| Bill customers | Billing details, payment information |
| Provide customer support | Support tickets, communications |
| Send relevant product updates | Customer contact email (opt-out anytime) |
| Understand website usage | Privacy-friendly analytics |
We do not use your data for profiling, automated decision-making with legal effect, or targeted advertising.
Legal basis for processing
Under GDPR, we must have a legal basis for processing personal data. We rely on these:
Contract performance (Article 6(1)(b))
For everything we need to do to deliver the ProdSys service to our customers — account setup, billing, support.
Legitimate interests (Article 6(1)(f))
For responding to your inquiries, securing our systems, preventing fraud, and improving our product. We balance our interests against your privacy rights — and you can object at any time.
Consent (Article 6(1)(a))
For optional analytics cookies, marketing emails, and any processing that you specifically opt into. You can withdraw consent at any time.
Legal obligation (Article 6(1)(c))
For things like accounting records and tax compliance, which we are legally required to keep for a defined period.
Sharing & third parties
We do not sell personal data. We share data only with the following:
- ✓ Sub-processors who help us deliver the service (cloud hosting, email, support tooling). All are bound by GDPR-compliant DPAs and operate within the EU. Full list on the GDPR page.
- ✓ Authorities, when legally required by valid legal process. We will inform affected customers where permitted.
- ✓ Professional advisors (auditors, lawyers, accountants) under confidentiality obligations.
International transfers: All customer data stays in the European Union. We do not transfer personal data outside the EU/EEA.
How long we keep data
We keep personal data only as long as needed for the purpose we collected it — and no longer.
| Type of data |
Retention period |
| Website logs | 90 days |
| Demo / contact requests (no follow-up) | 12 months |
| Prospect contact info (active conversation) | As long as the conversation is active + 24 months |
| Customer account & usage data | Duration of contract + 30-day grace period |
| Billing & financial records | 10 years (legal requirement) |
| Support communications | Duration of contract + 24 months |
| Encrypted backups | 90 days after deletion from active systems |
You can request earlier deletion at any time — see "Your rights" below.
Cookies & tracking
We use a minimal set of cookies and similar technologies. No cross-site tracking, no advertising cookies.
ALWAYS ON
Essential cookies
Needed for the site to work: session, security, language preference. Cannot be disabled.
OPT-IN
Analytics
Privacy-friendly analytics (no cross-site tracking, no personal identifiers). Helps us understand which pages are useful.
NEVER
Advertising
We never use advertising cookies, retargeting pixels, or third-party tracking on prodsys.com.
You can manage analytics consent at any time via the cookie banner or your browser settings.
Your rights
Under GDPR you have the right to:
Access
Get a copy of the personal data we hold about you.
Correction
Fix inaccurate or incomplete data.
Erasure
Request deletion of your personal data ("right to be forgotten").
Restriction
Limit how we process your data in specific cases.
Portability
Receive your data in a machine-readable format.
Objection
Object to processing based on legitimate interests or marketing.
To exercise any right, email post@prodsys.com. We respond within 30 days at the latest, usually much faster.
You can also lodge a complaint with your local data protection authority. In Norway: Datatilsynet.
Changes to this policy
We may update this policy as our service evolves. The date at the top shows when it was last changed. For material changes that affect your rights, we will notify customers by email and post a prominent notice on prodsys.com. Continued use of the service after a change constitutes acceptance of the updated policy.
Questions about this policy, or about how we handle your data?
Postal address
ProdSys, Att: Privacy
Ingvald Ystgaards veg 1
7047 Trondheim, Norway
See also: GDPR & data protection · Security · Terms of Service