Privacy Policy

This Privacy Policy explains how gravinovae AS collects, uses, and protects your personal information when you visit our website or use our services. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Last updated: 15th January 2026

Data Controller Information

gravinovae AS is the data controller for the personal information we collect and process. You can contact us using the details provided in the contact information section below.

Data We Collect

We collect various types of personal data to provide and improve our services. The data we collect includes information you provide directly to us and information collected automatically when you use our website:

• Contact Information: Name, email address, phone number, company name, and job title when you contact us or request information
• Communication Data: Records of correspondence when you contact us through our website, email, or phone
• Website Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and referral sources
• Technical Data: Browser settings, operating system, and other technical information necessary for website functionality
• Marketing Data: Your preferences for receiving marketing communications and information about how you engage with our content

How We Use Your Information

We use your personal information for various purposes based on legitimate business interests, contractual necessity, or your consent. How we use your data includes the following activities:

• Service Provision: To provide our analytics services, respond to inquiries, and deliver customer support
• Communication: To send you requested information, service updates, and respond to your questions
• Website Improvement: To analyse website usage, improve functionality, and enhance user experience
• Marketing: To send relevant marketing communications about our services, with your consent
• Legal Compliance: To comply with legal obligations and protect our legitimate business interests
• Security: To maintain the security and integrity of our systems and prevent fraud

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: For marketing communications and non-essential cookies
• Contract: To provide services you have requested or to take steps before entering into a contract
• Legitimate Interests: For website analytics, security, and business development activities
• Legal Obligation: To comply with applicable laws and regulations

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please see our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

• Service Providers: With trusted third-party providers who help us operate our business and provide services
• Legal Requirements: When required by law, court order, or to protect our rights and interests
• Business Transfers: In connection with a merger, acquisition, or sale of business assets
• Consent: With your explicit consent for specific purposes

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Our data retention periods are as follows:

• Contact Inquiries: 3 years from last contact or until you request deletion
• Marketing Data: Until you unsubscribe or withdraw consent
• Website Analytics: 26 months for Google Analytics data
• Legal Records: As required by applicable laws and regulations

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data in certain circumstances
• Restriction: Request limitation of processing in certain situations
• Portability: Request transfer of your data to another service provider
• Objection: Object to processing based on legitimate interests or for marketing purposes
• Withdraw Consent: Withdraw consent for processing based on consent

To exercise these rights, please contact us using the information provided below.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of significant changes by posting the updated policy on our website and updating the "last updated" date.

Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) if you believe we have not handled your personal data in accordance with applicable laws.