i lived near bergen for a few years - the winter gloom and rain certainly got me down even at that relatively moderate norsk latitude. i can only imagine how much worse it must be in bodø or tromsø

What, apart from sauna, do the Nordic folk use for compensation? My guess is that working 9-5 is counterculture.

there wasn't much sauna out in the sticks near bergen. a dedication to kaffe, napoleonskake, cognac and friluftsliv, in personally widely varying proportions, seemed to get most of the people around me through the winter

I also have been skiing since I could walk, but nowadays outside of the occasional "randonnée" I find it quite boring. Ski resorts are just cash machines, often overcrowded & overpriced

It's less of a problem if you do x-country

Then in Switzerland at least, conditions did indeed change compared to when I was a youngster. Less snow, season start-end shifted, etc

but it's true that it's great for kids.

I live in Ottawa, Canada, and our seasons distinguish themselves, sometimes dramatically. I love them all - especially so when I can get out and be active in them. For me, in the winter, this takes the form of fat biking.

@U050SC7SV I don’t enjoy skiing as much as I did when I lived in the alps, but here in Oslo we have a decent family skihill which is a 20 min drive away. EUR900 or so for a seaonspass for the whole familiy. Beats sitting in the basement 🙂

I live in sweden now, so it's x-country or nothing essentially

Yup, only reasonable skiresort in Sweden is Riksgrensen, but that’s awfully far north.

https://gdpr.eu/compliance-checklist-us-companies/ Article 45 seems the place to look but I’m not 100% sure. I need to find out for myself for Synthetica.

some us companies also implement something - there used to be Privacy Shield or st. but it may be outdated now? - that allows them to process PPI. As always, the only one who can givu you a reliable answrr is a gdpr lawyer 😔

As a US company with a global customer base that has had to implement GDPR compliance, I'll give you my non-lawyer opinion: there are three main things a company needs to do: 1) be clear in the terms of service what PII data is collected and why -- and make sure that if PII is not needed for an operation, you don't collect/use it 2) be able to provide a complete download (or printout) of all data collected about a user if they request that under the GDPR law 3) be able to erase/randomize all of the data you've collected about a user if they exercise their "right to forget" If those services need the IP address to do their work, it's OK to let them, but your ToS would need to state that is happening. If those services don't need the IP address, don't send it (or send a random one). I can't remember whether an IP address on its own is considered PII -- I'd have to go read the rules again -- but I think it might only be considered PII if it can be attached to something else that might contribute to PII? Most people's IP addresses are dynamic, especially for an app on a phone, so the IP address they report moves around a lot -- so the IP alone isn't PII but if you link the IP and, say, user ID somewhere, then that would be PII (given that the user ID is going to be linked to other information, such as email address and/or first/last name, etc) -- and associating a series of IP addresses with a single user ID is not PII but enables quite a bit of tracking (GPS data attached to a user ID is even more specific -- but Apple and Google and others do this "all the time", along with nearly all fitness tracking apps). Even so, if you require the IP address for your business purpose, you are allowed to collect and store it as long as you say so in your ToS and you have ways to "forget" it if a user asks for erasure under GDPR. Remember: IANAL.

thank you lovely people... my thinking was that if IP address is PII and someone makes a connection to the service (outside EU) than that is already leaking PII effectively. But I'll read up on it some more tomorrow... now time for bed.

ttfn