Legal

Privacy Policy

Last updated: 27 May 2026

1. Data Controller

This Privacy Policy explains how we collect and use (process) personal data in our business. INNORWEGIAN AS, represented by its Managing Director, is the data controller for the processing.

Our contact information is:

INNORWEGIAN AS

Business address: Dronningens gate 5-7, 3211 Sandefjord, Norway

Company registration number: 932 950 308

Email: [email protected]

We take your privacy seriously, and we have taken several steps to make sure we give you clear information about how we process your data and what rights you have. If anything is unclear or missing, please do not hesitate to contact us.

2. Your Rights

Please contact us if you have any questions about your rights or wish to exercise any of them. You are entitled to a response within 30 days. You can read more on the website of the Norwegian Data Protection Authority (Datatilsynet).

  • Access and rectification: You can request a copy of all information we process about you, and ask us to correct information that is inaccurate.
  • Erasure or restriction: In certain situations, you may ask us to delete and/or restrict the processing of information about you, but we cannot delete data we are legally required to process.
  • Objection to processing: If we process information about you on the basis of legitimate interest, you have the right to object.
  • Data portability: If we process information about you on the basis of consent or a contract, you can ask us to transfer the information to you or to another data controller.
  • You also have the right to withdraw your consent at any time.
  • If you are not satisfied with how we process your data, you can lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) — but we hope you will let us know first so we can try to resolve the matter for you.

3. Whose personal data we process

We process personal data about:

  • Customers
  • Potential customers
  • Contact persons at suppliers and partners
  • Website visitors
  • Job applicants
  • Employees
  • Former employees

4. How we collect personal data

Providing personal data to us is voluntary, but in order to complete a transaction we will need a number of details from you.

We process personal data when you:

  • purchase our products/services
  • contact us by phone, our website, email or social media
  • apply for a job with us or are employed by us
  • are a supplier or partner of ours

5. Purpose, legal basis and storage

Under Article 6(1) of the General Data Protection Regulation (GDPR), personal data may be processed on the basis of:

  • Your consent
  • A contract we have entered into
  • A legal obligation we are subject to
  • Protecting the vital interests of the data subject or another natural person
  • Performing a task carried out in the public interest or in the exercise of official authority
  • A legitimate interest we consider that we have

As a general rule, personal data shall not be processed and stored longer than necessary to fulfil the purpose of the processing. If we process your personal data on the basis of a legitimate interest we consider that we have, you may object to the processing by contacting us. We will then assess your objection and respond promptly.

To ensure compliance, we conduct annual GDPR reviews where we formally assess and review our privacy work. The purpose is to amend, update and, where necessary, delete personal data.

We retain data for as long as we are required to under applicable legal obligations — for example relating to accounting, tax or employment legislation — and/or other relevant rules and regulations. You may contact us at any time if you would like us to stop processing or to delete your personal data, but please note that we cannot delete personal data we are legally obliged to process.

We have procedures in place to ensure that personal data is deleted from all relevant systems when we no longer have a purpose and/or a legal basis for continuing to process it.

Accounting records are retained for up to 5 years, in accordance with the Norwegian Bookkeeping Act (bokføringsloven).

6. How we process personal data

Below, we describe in detail when and how we process your personal data, for what purposes, on what legal basis, and for how long. We process personal data when:

You communicate with us

When you give us your business card, or contact us via our website contact form, by email, phone or social media, we process personal data. Depending on where and how you send us a message, this may include your name, contact information and any other information you choose to send us.

The purpose is to be able to respond to enquiries from you, to maintain a record of communications, and to have documentation in case we receive complaints, grievances or legal claims.

The legal basis may be:

  • A legitimate interest we consider that we have, where the legitimate interest is to be able to respond to enquiries from you, to maintain a record of communications, and to have documentation in case we receive complaints, grievances or legal claims.

We review, archive and delete enquiries as needed, but no less than once per year.

You purchase our products and services

When you purchase products and services from us, we process personal data such as your name, contact information, order and payment information, and purchase history.

The purpose is to be able to deliver products and services to you following your order/purchase, to maintain a record of products and services sold, and otherwise to administer and follow up on the customer relationship with you.

The legal basis may be:

  • A contract we have entered into.
  • A legitimate interest we consider that we have, where the legitimate interest is to be able to respond to enquiries from you, to maintain a record of communications, and to have documentation in case we receive complaints, grievances or legal claims.

You apply for a job or work for us

When you apply for a job with us, we process personal data such as your name, contact information, CV and other information we need to assess your application.

The legal basis may be:

  • A contract we have entered into.

The legal basis may vary depending on where we are in the recruitment process and what type of position is involved.

For employees, we process personal data as mentioned above, in addition to information necessary to pay salaries and otherwise administer the employment relationship.

The legal basis may be:

  • A contract we have entered into.
  • A legal obligation we are subject to.

Most personal data about employees is processed on the basis of the employment contract and is, as a general rule, deleted when the employment ends — unless particular grounds (such as a dispute over termination or dismissal) require it to be retained longer.

You are a supplier or partner of ours

When you enter into an agreement with us, whether as a supplier, partner or data processor, we process personal data such as your name, contact information and correspondence.

The purpose is to be able to enter into an agreement with you, and the legal basis may be:

  • A contract we have entered into.
  • A legitimate interest we consider that we have.

The information is retained for as long as we have an ongoing relationship. We process personal data related to general correspondence and communication as described above.

You use our website

We have kept this website deliberately simple. We do not use advertising trackers, marketing pixels or social media trackers of any kind, and we do not build profiles of our visitors.

We use Cloudflare Web Analytics to understand how the site is performing at an aggregate level — for example how many people visit, which pages they look at, and which sites they come from. The service does not use cookies, does not fingerprint your device, and does not identify you personally. The data is processed by Cloudflare on our behalf as our data processor. Our legal basis is a legitimate interest in understanding how the site is used and improving it for visitors.

The only cookies set directly through our website are strictly necessary cookies from Cloudflare, our hosting and security provider, used to protect the site against bots and abusive traffic. These cookies do not identify you personally and, in line with section 2-7b of the Norwegian Electronic Communications Act (ekomloven), do not require separate consent. Our legal basis for these is a legitimate interest in keeping the website secure and available.

A small number of features on the website are powered by third parties — Google Fonts, Formspree (contact form) and Calendly (booking). Where those features involve loading a resource from, or sending data to, a third-party server, that party may process data on its own domain. Full details, including which cookies are set and by whom, are in our cookie policy.

7. Who we share personal data with

In order to run our business efficiently and securely, we sometimes need to share your personal data with parties such as:

  • Data processors: providers of various services who process your personal data on our behalf*
  • Professional advisers from sectors such as law, finance, accounting, auditing and insurance
  • Support providers for IT and administration systems
  • Public authorities to which we are required to report

We require all parties with whom we share your personal data to safeguard your data in accordance with good information security practices and the requirements of the GDPR. We enter into data processing agreements with all who process data on our behalf, and confidentiality agreements where needed.

*We use data processors for:

  • email, calendar and online meetings
  • bookkeeping, accounting and invoicing
  • cloud storage
  • website hosting and security
  • contact form delivery
  • online booking

For security reasons, we have not named these providers, but please feel free to contact us if you would like to know more.

8. Security

We take information security seriously, and we will always do our utmost to safeguard your personal data in the best possible way. Among other things, we use:

  • strong passwords
  • backups
  • two-factor authentication

to protect our data and prevent unauthorised access to view, modify, delete or in any way affect the data we store, including your personal data.

We only use reputable providers of IT and administration services such as web hosting, website and PC security, antivirus software, email provider, backup, and more. We only allow others to access and/or process your personal data in accordance with our instructions, and only where strictly necessary (for example, IT support).

This Privacy Policy was last updated: 27 May 2026

Change log:

27 May 2026 — Added Cloudflare Web Analytics to the "You use our website" section. The service is cookieless and does not identify visitors, but we still describe what data is collected, who processes it and on what legal basis.

27 May 2026 — Aligned the policy with our actual practice and our Cookie Policy. Removed references to activities we do not currently offer (newsletter, events, surveys, SMS communication, marketing to existing customers). Rewrote the "You use our website" section to accurately reflect that the site uses only strictly necessary cookies from Cloudflare and does not require visitor consent.

21 May 2026 — Privacy Policy created.

← Back to home