← Back to site

Privacy Policy

Last updated: 4 July 2026

⚠️ Template — review before publishing. This policy is drafted for a Norwegian company (AS) using this website. Replace every [BRACKETED] placeholder with your real details and have it reviewed by a qualified Norwegian data-protection adviser before you go live. It reflects the actual data flows of this website (Cloudflare hosting, Web3Forms form handling, system fonts, honeypot spam protection).

1. At a glance

This policy explains what personal data we collect when you visit this website and use its forms, why we collect it, and the rights you have. Personal data is any information that can identify you (such as your name and email address). We only collect what we need, we are transparent about it, and we never sell your data.

The most important point: if you submit a form on this site (for example, to request a free trial or contact us), we receive the details you enter and use them to respond to you and to set up your trial. You choose to give us this data, and you can ask us to delete it at any time.

2. Who is responsible (the controller)

The controller responsible for processing personal data on this website is:

[COMPANY NAME] AS
Org. no. [NORWEGIAN ORG. NO.]
[STREET ADDRESS], [POSTAL CODE] [CITY], Norway
Represented by: [GENERAL MANAGER / DAGLIG LEDER]
Email: [CONTACT EMAIL]

We have not appointed a Data Protection Officer, as we are not legally required to. For any privacy question or to exercise your rights, contact us at [CONTACT EMAIL].

3. The law we work under

We process personal data in accordance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), which applies in Norway through the Norwegian Personal Data Act (personopplysningsloven), and with the Norwegian Electronic Communications Act (ekomloven) for cookies and similar storage. Norway is part of the European Economic Area (EEA).

Depending on the situation, we rely on one or more of these legal bases (GDPR Art. 6(1)):

4. Your rights

Under the GDPR you have the right to: request access to your personal data; have inaccurate data corrected; have your data deleted; restrict or object to processing; receive your data in a portable, machine-readable format; and, where processing is based on consent, withdraw that consent at any time (which does not affect processing already carried out). You also have the right not to receive direct marketing — you can object at any time.

To exercise any of these rights, email [CONTACT EMAIL]. We will respond within the statutory time limit (normally one month).

If you believe we handle your data unlawfully, you may lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet, Postboks 458 Sentrum, 0105 Oslo, datatilsynet.no), or with the supervisory authority in your EEA country of residence or work.

5. Hosting (Cloudflare)

This website is hosted on Cloudflare Pages, provided by Cloudflare, Inc. Cloudflare serves the site through its global content-delivery and security network and, in doing so, processes technical connection data (see “Server log data” below) to deliver the pages reliably and to protect the site against attacks. We rely on our legitimate interest in a secure, fast and reliable website (Art. 6(1)(f)). Cloudflare acts as our processor under a data-processing agreement, and international transfers are covered by the safeguards described in section 11.

6. Server log data

When you visit the site, our hosting/CDN provider automatically records technical information that your browser transmits, which may include: browser type and version, operating system, referring URL, the requesting network/host, the time of the request, and a truncated or full IP address. This data is used only to deliver and secure the website and is not combined with other data to identify you personally. Legal basis: legitimate interest (Art. 6(1)(f)).

7. Cookies and local storage

We keep this simple: this site does not use advertising or third-party tracking cookies. We use only essential, functional storage that is needed to run the site and to remember your choices, specifically:

Because this storage is strictly necessary to provide a service you have requested, it is permitted without prior consent; nevertheless we show a banner for transparency and to let you decline non-essential storage, in line with the Electronic Communications Act (ekomloven). You can withdraw or change your choice at any time via “Cookie settings” in the footer, or by clearing your browser storage. If we ever add analytics or marketing tools, we will request your consent first and update this policy.

8. Contact and lead forms (Web3Forms)

When you submit a form on this site — for example the free-trial request or the contact form — we collect the details you enter, which may include your name, email address, organisation, role, the funding programme you are interested in, your message, and whether you asked for a demo or opted in to the newsletter. We also record the time and page of your consent, so we can demonstrate it if needed (GDPR Art. 7).

We use these details to respond to you, to set up and manage a free trial you requested, and for related follow-up. Legal basis: your consent and/or pre-contractual steps at your request (Art. 6(1)(a) and (b)); for follow-up, our legitimate interest in handling enquiries (Art. 6(1)(f)).

Form processor

Form submissions are handled by Web3Forms, a form-to-email service we use to receive your message by email. When you submit a form, the data you entered is transmitted to Web3Forms’ servers for the sole purpose of delivering it to us. Web3Forms acts as our processor. Data may be processed outside the EEA (see section 11). We do not use your form data to build advertising profiles.

Note for setup: confirm Web3Forms’ current data-processing terms and processing location, and enter its provider name/entity here before publishing.

Retention

We keep enquiry and trial-request data for as long as needed to handle your request and any resulting relationship, and thereafter only as required by law (e.g. bookkeeping duties) or until you ask us to delete it.

9. Newsletter and product updates

If you tick the newsletter box, we use your email address to send you the Grant Gni newsletter and product updates. This is based on your consent (Art. 6(1)(a)); for electronic marketing we also observe the Norwegian Marketing Control Act (markedsføringsloven), which requires prior consent. You can unsubscribe at any time via the link in every email or by contacting us; withdrawing consent does not affect earlier sends. We store your address until you unsubscribe or the purpose ends, and we may keep a minimal suppression record so we don’t email you again after you opt out.

Note for setup: name your email/newsletter provider here once chosen (e.g. your ESP), and add it as a processor. Consider double opt-in to evidence consent.

10. Spam protection

To keep forms free of automated spam we use a hidden “honeypot” field and basic checks. This runs entirely on our side and does not send your data to any third party. We do not use Google reCAPTCHA or any comparable tool that would transmit your behaviour to a third party.

11. Fonts

This site displays text using fonts already available on your device (system fonts). We do not load web fonts from Google Fonts or any other external font service, so no connection is made to Google’s servers and no IP address is transmitted for font display.

12. International data transfers

Some of our providers (in particular Cloudflare and Web3Forms) are established in, or may process data in, the United States or other countries outside the EEA. Where personal data is transferred outside the EEA, we ensure an adequate level of protection through appropriate safeguards — in particular the European Commission’s Standard Contractual Clauses and, where the recipient is certified, the EU–US Data Privacy Framework — together with appropriate technical and organisational measures. You can request more information about these safeguards from [CONTACT EMAIL].

13. How long we keep data

We keep personal data only as long as necessary for the purpose it was collected for, or as required by law. When the purpose ends and no legal retention duty applies, we delete or anonymise the data. If you ask us to delete your data, we will do so unless we are legally required to keep it.

14. Security

This website is served over an encrypted connection (SSL/TLS) — you can recognise it by the padlock and the “https://” in your browser’s address bar. We apply appropriate technical and organisational measures to protect your data. However, no transmission over the internet can be guaranteed completely secure.

15. Children

This website and our services are intended for professional and business use and are not directed at children. We do not knowingly collect personal data from anyone under 18.

16. Changes to this policy

We may update this policy to reflect changes to the website, our tools, or the law. The current version is always published on this page with its “last updated” date. Material changes affecting you will be communicated where appropriate.

17. Contact

For any privacy question or request, contact [COMPANY NAME] AS at [CONTACT EMAIL].