← Back to Home

Privacy Policy

Last updated: January 7, 2026

1. Introduction

Nordfjord Solutions AS ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information in accordance with the General Data Protection Regulation (GDPR) and Norwegian data protection laws.

Data Controller:
Nordfjord Solutions AS
Org. number: 933 621 158
Oslo, Norway

2. What Data We Collect

When you submit an inquiry through our contact form, we collect:

  • Your name
  • Company name
  • Email address
  • Phone number (optional)
  • Market/country information
  • Expected volume (optional)
  • Product specifications and requirements
  • Additional message content (optional)

We do not use cookies for tracking or analytics. We do not collect any data automatically beyond what you explicitly provide through the contact form.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6(1):

  • (b) Performance of a contract: When you submit an inquiry, you are requesting us to enter into a business relationship. Processing your contact information is necessary to respond to your request and potentially establish a commercial relationship.
  • (f) Legitimate interests: We have a legitimate business interest in responding to commercial inquiries and maintaining business relationships with potential clients. Your interests and fundamental rights do not override this legitimate interest.

4. How We Use Your Data

We use your personal data solely for the following purposes:

  • Responding to your inquiry or contact request
  • Communicating about potential business opportunities
  • Providing information about our services
  • Maintaining records of business communications

We do not use your data for marketing purposes without your explicit consent. We do not sell, rent, or share your personal data with third parties for their marketing purposes.

5. Data Storage and Security

Your personal data is stored securely using the following infrastructure:

  • Database: Supabase (PostgreSQL database hosted on EU-based infrastructure where possible, with industry-standard encryption and security measures)
  • Website hosting: Vercel (with data processing agreements in place)
  • Email communications: Migadu (EU-based email service provider)

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit and at rest, access controls, and regular security assessments.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Active inquiries and ongoing business relationships: data is retained for the duration of the relationship plus a reasonable period for follow-up (typically up to 2 years after last contact)
  • Inactive inquiries: data may be retained for up to 2 years to allow for potential future business opportunities, after which it will be securely deleted
  • You may request deletion of your data at any time (see Section 8 - Your Rights)

7. Data Sharing and Transfers

We do not sell or rent your personal data to third parties. We may share your data only in the following limited circumstances:

  • Service providers: We use trusted service providers (Supabase, Vercel, Migadu) to operate our website and business. These providers process data on our behalf under strict contractual obligations and data processing agreements.
  • Legal obligations: We may disclose your data if required by law, court order, or government regulation.

Where service providers are located outside the EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions) to protect your data in accordance with GDPR requirements.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access (Art. 15): You can request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You can request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten"), subject to certain legal limitations.
  • Right to restriction (Art. 18): You can request that we limit how we use your personal data.
  • Right to data portability (Art. 20): You can request a copy of your data in a structured, machine-readable format.
  • Right to object (Art. 21): You can object to our processing of your personal data based on legitimate interests.

To exercise any of these rights, please contact us at the email address below. We will respond to your request within one month, as required by GDPR.

9. Right to Complain

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Norwegian Data Protection Authority:

Datatilsynet
Postboks 458 Sentrum
0105 Oslo, Norway
Website: www.datatilsynet.no

10. Contact Us

For any questions about this Privacy Policy or to exercise your data protection rights, please contact us:

Email: mail@nordfjordsolutions.com
Company: Nordfjord Solutions AS
Org. number: 933 621 158
Address: Oslo, Norway

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.