Lead & Shine
Lead & Shine

Privacy Policy

Privacy Policy

When, how and why Randi Naess stores information about you as a person and your privacy


This privacy statement gives you information about how we collect and process your personal data through your use of our website www.randinaess.no or any subdomains, including all information you provide to us when you purchase a product or service, sign up to our e mailing list or participating in a prize draw or competition.

By providing us with your data, you guarantee us that you are over 13 years of age.

Randi Næss is the data controller and we are responsible for your personal data (referred to as "we", "us" or "our" in these privacy rules).

If you have any questions about these privacy policies, please contact us using the details below.


Full name of legal entity: CHANGE ENTHUSIASM BY RANDI NÆSS, org.no. 896 442 562

Email address: [email protected]

Postal address: Change Enthusiasm by Randi Næs, Turbinveien 36, 0195 Oslo

It is very important that the information we have about you is accurate and up to date. Notify us when your personal information changes by emailing us at [email protected] or updating the settings in your Login.



Personal data means all information that is capable of identifying an individual. It does not include anonymized data.

We may process the following categories of personal information about you:

  • Communication data that includes any communication you send to us, whether through the contact form on our website, via email, text, social media, social media messages or other communications you send us. We process this data to communicate with you, for registration and for establishing, pursuing or defending legal claims. Our legal basis for this treatment is our legitimate interests, which in this case shall respond to communications sent to us, to retain and establish, pursue or defend legal claims.
  • Customer data that contains data related to the purchase of goods and / or services, such as name, title, billing address, delivery email address, telephone number, contact information, purchase details and card information. We process this data to deliver the goods and / or services you have purchased and to keep track of such transactions. Our legal basis for this treatment is the execution of an agreement between you and us and / or take action upon request to enter into such an agreement.
  • User data that contains data on how you use our website and any online services together with data that you submit for publication on our website or through other electronic services. We process this data to operate our website and to ensure that relevant content is provided to you, to ensure the security of our website, to maintain backup of our website and / or databases, and to enable the publishing and administration of our site, other electronic services and business. Our legal basis for this treatment is our legitimate interests, which in this case should enable us to properly manage our website and our business.
  • Technical data that includes data on the use of our website and online services such as your IP address, login data, details of your browser, length of visits to pages on our website, page views and navigation paths, details of the number of times you use our site, time zone settings and other technology on the devices you use to access our site. The source of this data is from our analysis system. We process this data to analyze the use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertising to you, and to understand the effectiveness of our advertising. Our legal basis for this treatment is our legitimate interests, which in this case will enable us to properly manage our website and business and to grow our business and determine our marketing strategy.
  • Marketing data that contains data on your preferences when you receive marketing from us and our third parties and your communication preferences. We process this data so that you can participate in our campaigns and competitions, courses and webinars, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our legal basis for this treatment is our legitimate interests, which in this case are to study how customers use our products / services, develop them, expand their business and determine their marketing strategy.

We may use customer data, user data, technical data and marketing data to deliver relevant website content and ads to you (including Facebook ads or other display ads) and to measure or understand the effectiveness of the advertising we serve you. Our legal basis for this treatment is legitimate interests that are increasing our business. We may also use such data to send other marketing communications to you about relevant products and services, such as online courses; books; live broadcasts such as webinars; events, online courses and courses; and guidance services. Our legal basis for this treatment is either consent or legitimate interests (namely growing our business).

We do not collect sensitive data about you. Sensitive data refers to data containing details of race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade unionism, health information and genetic and biometric data. We do not collect information on criminal convictions and offenses.

Where we are required to collect personal information by law or under the terms of the agreement between us and you do not provide us with this data when requested, we may not be able to execute the agreement (for example, to deliver goods or services to you). If you do not provide us with the requested data, we may have to cancel a product or service you have ordered, but if we do, we will notify you at that time.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if required, for example, to send you good advice and tips, inspiration and relevant knowledge that Randi Naess disseminates in her message. If we need to use your details for an unrelated new purpose, we will notify you and explain the legal grounds for processing.

We may process your personal information without your knowledge or consent where required or permitted by law.

We do not perform automated decision-making or any form of automated profiling.



We may collect data about you by providing the data directly to us (for example, by filling out forms on our site, signing up to receive good advice and tips or by emailing us). We may automatically collect certain data from you when you use our site using cookies and similar technologies. Please read paragraph 11 for more information. 

We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search providers such as Google based outside the EU, technical service providers, payment services and delivery services, such as data brokers or from software that collects data from different sources.

We can also receive data from publicly available sources.



Our legal basis for processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely growing our business).

In accordance with the Privacy and Electronic Communications Rules, we may send you marketing communications from us if (1) you have purchased or requested information from us about our goods or services, or (2) you agreed to receive marketing communications and you have not chosen to unsubscribe from the list / newsletters. According to these regulations, if you are a corporation, we may send you marketing emails without your consent. However, you can still choose to unsubscribe from the list at any time so that you do not receive a blog or marketing email.

Before we share your personal information with a third party for your own marketing purposes, we obtain your express consent.

You can ask us or third parties to stop sending you marketing communications at any time by following the connection links in each email sent to you OR by emailing us at [email protected].

If you choose to unsubscribe from the blog and marketing communications list, this termination does not apply to personal information offered as a result of other transactions, such as purchases, orders, etc.



We may need to share your personal data with the parties listed below:

  • Service providers offering IT and system management services.
  • Professional advisors, including lawyers, bankers, accountants and insurance companies
  • Government agencies that require that we report treatment activities.
  • Third parties such as copywriters, customer support and virtual assistants.
  • Third parties to whom we sell, transfer or merge parts of our business or our assets.

We require all third parties to whom we transmit your data to respect the security of your personal data and to process it in accordance with the law. We require all third parties to whom we transmit your data to respect the security of your personal data and to process it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.



Countries outside the EEA do not always provide the same level of protection for your personal data, so European law prohibits the transfer of personal data outside the EEA, unless the transfer meets certain criteria.

Some of our third-party service providers are based outside the EEA, so the processing of your personal data will involve the transfer of data outside the EEA.

When we transfer your personal data out of the EEA, we do our best to ensure a similar level of data security by ensuring that at least one of the following guarantees is implemented:

We only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. Or, when using certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission, which provide personal data with the same protection it has in Europe.

When we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield, which requires them to provide equivalent protection to personal data shared between Europe and the United States.

If none of the above guarantees are available, we may ask for your explicit consent to the particular transfer. You have the right to withdraw your consent at any time.



We have put in place appropriate security measures to prevent your personal information from being lost, used or accessed in an unauthorized manner, altered or disclosed. In addition, we restrict access to your personal data to employees, partners, agents, contractors and other third parties who, through the work, need access to your information. They only process your personal information on our instructions and are subject to the duty of confidentiality.

We have initiated procedures to deal with any suspicious breaches of personal data, and will notify you and any applicable suspected breach party, where we are legally required to do so.



We will only retain your personal information for as long as necessary to fulfill the purposes for which we have collected it, including to satisfy legal, accounting or reporting requirements.

To determine how long it is necessary and appropriate to retain the data, we look at the amount, the case and the sensitivity, the potential risk of injury by unauthorized use or disclosure, treatment purposes, if these can be achieved in other ways and legal requirements.

For tax purposes, the law requires that we retain basic information about our customers (including contact, identity, business, finance and transaction data) for five years after they cease to be customers.

In some circumstances, we may anonymize your personal information for research or statistical purposes. If so, we may use this information indefinitely without further notice to you.



Under data protection law, you have rights in relation to your personal information, which include the right to request access, correction, deletion, restriction, transfer, objection to processing, data transferability and (where the legal basis for processing is consent) to withdraw consent.

You can read more about these rights here:

If you wish to exercise any of the rights set forth above, please email us at [email protected].

You do not have to pay a fee to access your personal data (or to perform any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuses to comply with your request in such circumstances.

We may need to ask for specific information from you to help us verify your identity and ensure that you have the right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not given to anyone who does not have the right to receive it. We may also contact you to inquire about further information related to your request to increase the speed of our response.

We try to respond to all legitimate requests within a month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

If you are not satisfied with any aspect of how we collect and use your data, you have the right to appeal to your local data protection regulatory authority.



This site may contain links to third-party websites, plugins and applications. Clicking on these links or activating these links may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave the site, we encourage you to read the privacy policy of each site you visit.



You can set your browser to deny all or some browser cookies, or to notify you when websites set or access cookies. If you disable or deny cookies, please note that some parts of this site may become inaccessible or may not work properly. Cookie / cookie info

Cookies are small files stored by your browser on your machine. If you open another browser on your machine, the same cookies will not be transferred there. Cookies themselves have no value as they store only a random identification number. It is only when you link this information to a database that the information can be processed. Randi Næs confirms that this information is processed strictly and is only used for the purpose intended for data collection. Identification of users is done only in cases where it is strictly necessary. A cookie usually contains four parameters:

Cookie name Unique cookie ID (this one is associated with your browser) How long the cookie will be stored on your machineThe domains that the cookie applies to

Because of the last point here, it is very difficult to abuse a cookie. A cookie itself has little value before being linked to a database. Therefore, it will have low or no value if someone tries to move it to another domain, because one does not have access to the database.



Google Analytics is an analysis tool we use to analyze user behavior at www.randinaess.no. This is a free Google service that lets you see the number of visitors, pageviews, traffic sources, length of visit, geographic location and much more. To store visitor information, Google Analytics uses a javascript, which in turn creates 5 different cookies. These cookies are used to store the pattern of movement on a website and each movement. These cookies are:

__utma: Stored for 2 years from last visit. __utmb: Stored for 30 min from last visit. __utmc: Stored until the browser closes. __utmz: Stored for 6 months from last visit. __utmv: Stored for 2 years from last visit. _ga: Stored for 2 years from last visit.



We use the Facebook page plugin and Facebook comments that use cookies. Facebook cookies are set if you have previously visited Facebook, or clicked "like" or another link on our Facebook page. Cookies / cookies are also used in connection with offers and advertisements on Facebook.



On our website you will find different registration boxes. This means that you can register on our e-mail list for newsletters, advice and tips or you can register to receive eg a pdf-document or an e-book. You will then be asked to register your name and email address. It will be clear what we are going to send you. For example, if you sign up for a newsletter list, it will say how often you can expect to hear from us. We use Drip's service for sending this type of e-mail, and you will always have the opportunity to unsubscribe from lists you are on by clicking on a "unsubscribe" link in the e-mail you receive.



When purchasing a course from Randi Næs we ask you to register your name, e-mail address, postal address. When you log on to www.randinaess.no and the course portal in Kajabi, a cookie will be stored in your browser. This is to give you access to your courses and membership while logged in. This cookie is individually linked to you and some of your activity will be tracked. For example, if you trying to sign in to your account with the wrong password, we may see a failed login attempt in the log. This means that in most cases we can see the reason why you are not coming in and can help you with it.



As mentioned earlier, you can unsubscribe at any time from email lists you are on. If you have purchased courses with us, you also have the right to delete all data we have stored on you on the website. But in that case, it means that we will no longer be able to provide you with the service you have purchased, as it will not be possible to log in to our online courses without an e-mail address and password.

If you have an account on this site or have left comments, you can request an export file containing the personal information we hold about you. This includes all data you have provided to us. You can also request that we delete all personal information we hold about you.

We cannot delete accounting documents as we are required to keep them for 5 years.



We reserve the right to update our privacy policy at any time. We will notify you by email if you subscribe to our list and by updating the date of notification here on this page.


Last updated: August, 2020