CoLab Privacy Policy EN

Privacy Policy

Last updated: 21.05.2020

Izy AS (“us”, “we” or “our”) operates and is responsible for processing the mobile application (hereinafter referred to as “the service”).

We are concerned that you as a customer should trust us and how we process your personal information. In this privacy statement, we explain why we collect information about you, how we use this information, and how we take account of your privacy. Use of personal data must comply with the Personal Data Act. We, as the controller, will ensure that we use your personal information in accordance with the law.

Who are we?

By “We” is meant the companies listed below. Canteens and locations selling goods and services through the app may belong to several different companies, but they are all under the 4Service group and the privacy statement is the same for everyone. 4Service Gruppen AS will always be responsible for your customer relationship.

4Service Gruppen AS, 897 392 232

Gastro Catering AS, 822 062 482

Gastro Kitchen AS, 818 523 262

Sweet + Salt AS, 987 018 321

Sweet + Salt Canteen AS, 814 525 902

4service FS AS, 819 702 802

4service Canteen AS, 990 035 946

This page provides information about how we use personal information.

Purpose and basis of treatment

The purpose of using the personal data collected is to provide the services and purchases that you enter into or agree to, as well as

to notify you of changes to our service

in order to provide you with customer support

  • To enable you to use interactive features of our service if you choose to do so, for example via beacons
  • To analyze anonymized personal information so that we can improve our service
  • To collect valuable information so that we can improve our service
  • To maintain our service
  • To detect, prevent and solve technical problems
  • To inform your employer of your purchases in cases where the employer is involved in payment, subsidy and any salary deductions.

The basis for this will be agreement or consent and otherwise in accordance with the provisions of the Personal Data Act / GDPR. When it comes to sending you information about, for example, safety-related topics such as fire alarms and fire drills, about events in the building and other relevant information related to the workroom, the treatment basis is justified interest, but you can choose not to receive such information. The basis for processing is law for the storage of accounting information.

Any consent you give may be withdrawn at any time.

Types of information collected – personal information:

When you use our service, we may ask you to provide us with certain personally identifiable information that is necessary to contact you and provide the service, as well as confirm your identity (“personal data”). Depending on what services you use, this is typicaly:

  • E-mail address
  • First name and last name
  • Employer
  • Department
  • Purchase and order history
  • Cookies, see our own cookie terms

We may also collect information that your browser sends us when you use the service. Such usage data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, which pages you have visited in connection with the service, date and time, how much time you have spent on these pages, unique device identifiers and other diagnostic data. Our cookie policy is available here: informasjonskapsler

When using the service from a mobile device, the usage data may include information such as the type of mobile device you use, unique ID of the mobile device, the IP address of the mobile device, the operating system and type of browser you use for the mobile devices, unique device identifiers and other diagnostic data.

Especially about location information

We may use and store information about your whereabouts only if you allow us to do so. We use this information to provide features that help us improve and customize our service.

You can enable or disable location services at any time when using the service by changing the device settings.


4Service Gruppen AS will only retain your personal information for as long as necessary for the purposes set out in this privacy statement. Names, emails and contact information are retained as long as the service is in use, but other personal information that we are not legally required to retain is anonymized after 90 days. We will also retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain the information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

4Service Gruppen AS will also store usage data in anonymized form for internal analysis purposes.

Transmission of information

Your information, including personal information, may be transferred to, and stored on, computers located outside your state, province, country or other state jurisdiction where privacy laws may differ from those in your jurisdiction.

Your personal data is processed only in Norway and is not available outside of Norway, but the above point may be located on a computer / server in another country, typically in a cloud service.

Disclosure of personal data

Your employer

We transfer your personal information and purchase history to your employer in cases where the employer is involved in payment, subsidy and any salary deductions. This is a prerequisite for being able to provide the services to you as a user, in collaboration with your employer as our contractor for our services.

Business Transaction

If 4Service Gruppen AS becomes the subject of a merger, acquisition or sale of assets, your personal information may be transferred. We will notify you before your personal data is transferred.

Data security

It is important to us that your data is secure, but keep in mind that no method of transmission over the Internet or electronic storage is 100% secure. Although we use commercially acceptable standards to protect your personal data, we cannot guarantee absolute security.

Your rights

The Personal Data Act and GDPR grant you a number of rights such as the right of access, rectification, deletion, data portability and limitation in and of your personal data with us. To assert such rights, contact

Please note that we may ask you to confirm your identity before responding to such requests.

You have the right to complain to the Data Inspectorate if you are not satisfied with how we collect and process personal data about you, see more on

service providers

We may use third-party companies to organize our service, deliver the service on our behalf, perform service-related services or help us analyze how our service is used.

These third parties have access to your personal data only to perform these tasks on our behalf and are under no obligation to disclose or use the information for any other purpose.

We use the following data processors for your information:

Izy AS – 922 177 775 is our app provider, here you store all information you enter about yourself, as well as all transactions you make in the application

Appfarm AS, 919 697 199, as supplier of our integration platform that handles data flow in and out of our core systems, such as accounting.

√ėkonomiBistand AS, 983 949 150, which is our partner against Visma’s accounting systems. Here all orders are stored in accordance with the Accounting Act.

Iriz AS, 914 201 217 is our technical supplier, they develop the application and are responsible for security. Iriz AS has insight into the database where your data is stored and can make changes to it.


We may use third party providers to provide information security in our service and to analyze the use of our service.

Google Analytics

Google Analytics is a web analytics service provided by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our service. This data is shared with other Google services. Google can use data collected to contextualize and customize the ads for its own ad network.

For more information about Google’s privacy practices, please visit the Google Privacy Policy Website: ¬†


We can provide paid products and / or services within the service. In that case, we use third-party payment processing services (such as payment processors).

We do not store or collect your credit card information. This information is provided directly to our third-party payment partners if your use of your personal information is subject to the privacy policy. Such payment partners are independent processing agents, such as Vipps, NETS and STRIPE. These payment processors comply with standards set by PCI-DSS. PCI-DSS requirements help ensure secure handling of payment information.

Other payment companies we work with are:

Apple Store In-App Payments

Their privacy statement can be read at

Google Play In-App Payments

Their privacy statement can be read at

Links to other websites

Our service may contain links to other websites not operated by us. If you click on a third party link, you will be redirected to the third party website. We strongly recommend that you review the privacy policy of each site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies or practices of any third party websites or services.

Changes to this Privacy Statement

We may need to update our privacy statement from time to time. We will notify you by email and / or post a prominent notice on our service 14 days before a change takes effect.

Contact Us

Feel free to contact us if you have any questions about this privacy statement:


Or visit this page on our website: