This Privacy Policy explains how Cyviz AS (org. no. 965 451 129), Grenseveien 21, 4316 Sandnes, Norway — as data controller — collects, uses, and protects personal data when you visit cyviz.com or interact with our website. We are committed to handling your information transparently and in accordance with the EU General Data Protection Regulation (GDPR), Norway's Personal Data Act (Personopplysningsloven), and applicable privacy laws in other jurisdictions including California (CCPA/CPRA).
Contents
1. Data Controller
The data controller responsible for processing personal data described in this policy is:
| Company | Cyviz AS |
| Org. no. | 965 451 129 |
| Address | Grenseveien 21, 4316 Sandnes, Norway |
| Privacy contact | privacy@cyviz.com |
If you have questions about how we handle your personal data, or wish to exercise your data protection rights, please contact us using the details above.
2. What Personal Data We Collect
We collect personal data through several distinct interactions on our website. The categories depend on how you use the site:
a) Website Browsing & Analytics
- IP address (truncated/anonymised where possible)
- Browser type and version, operating system, device type
- Pages visited, time spent on pages, referral source
- Cookie identifiers and similar tracking technologies (see Section 4)
b) Contact, Demo Request & Enquiry Forms
- Full name and business email address
- Company name, job title, and country (if provided)
- The content of your message or enquiry
- Technical metadata: timestamp and IP address of form submission
c) Newsletter & Marketing Subscription
- Email address
- First name (if provided)
- Subscription preferences and consent timestamp
- Email engagement data (open rates, clicks) — see Section 4
d) Job Applications
- Name, contact details, and CV/résumé contents
- Cover letter and any additional information you choose to provide
We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has submitted personal data to us, please contact us so we can delete it.
3. Purposes & Legal Basis
The table below sets out the purposes for which we process your personal data and the corresponding legal basis under GDPR Article 6:
| Purpose | Data involved | Legal basis |
|---|---|---|
| Operate and improve the website; analyse usage patterns | Browsing data, cookies, IP address | Art. 6(1)(f) — Legitimate interests or Art. 6(1)(a) — Consent (for non-essential cookies) |
| Respond to contact form enquiries and support requests | Name, email, message content | Art. 6(1)(b) — Contract performance / pre-contractual steps or Art. 6(1)(f) — Legitimate interests |
| Process and follow up on demo or trial requests | Name, email, company, job title | Art. 6(1)(b) — Contract performance / pre-contractual steps |
| Send marketing emails, product news, and updates | Email, first name, engagement data | Art. 6(1)(a) — Consent (opt-in required) or Art. 6(1)(f) — Legitimate interests (existing customers, soft opt-in) |
| Personalised advertising and retargeting | Cookie identifiers, browsing data | Art. 6(1)(a) — Consent |
| Evaluate job applications | CV, contact details, cover letter | Art. 6(1)(b) — Pre-contractual steps or Art. 6(1)(a) — Consent (for talent pool retention) |
| Comply with legal obligations (e.g. accounting, tax) | Transaction and contact data | Art. 6(1)(c) — Legal obligation |
Where we rely on legitimate interests, we have conducted a balancing test and concluded that our interests do not override your fundamental rights and freedoms. You may request a copy of our legitimate interest assessment by contacting us.
4. Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies. A cookie is a small text file placed on your device. We categorise cookies as follows:
For a complete and up-to-date list of all cookies we use — including names, providers, and individual retention durations — please refer to our Cookie Declaration, available via the Cookie Settings link.
5. Third-Party Processors & Data Sharing
To operate our website and related services, we engage third-party data processors. These processors are bound by data processing agreements (DPAs) and are only permitted to process personal data on our documented instructions.
| Category | Examples | Purpose |
|---|---|---|
| CRM & Marketing Automation | HubSpot | Contact management, lead tracking, email marketing |
| Web Analytics | Google Analytics | Understanding website usage and performance |
| Advertising Platforms | LinkedIn, Google Ads | Targeted advertising and campaign measurement |
| Web Hosting & Infrastructure | Cloud/CDN provider | Hosting, security, and content delivery |
| Email Delivery | Transactional email provider | Sending confirmation and marketing emails |
| IT & Productivity | Microsoft 365 | Internal communication and data storage |
We do not sell your personal data. We do not share your personal data with third parties for their own commercial purposes beyond what is described in this policy.
6. International Data Transfers
Some of our third-party processors operate or store data outside the European Economic Area (EEA). Where this is the case, we ensure that any transfer of personal data is protected by appropriate safeguards, which may include:
- A European Commission adequacy decision for the destination country
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules (BCRs) or other approved transfer mechanisms
You may request further information about the specific transfer mechanisms we rely on by contacting us at privacy@cyviz.com.
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our general retention principles are:
-
Contact and enquiry data Retained for up to 3 years from last contact, or until you request deletion.
-
Marketing email data Retained until you unsubscribe or withdraw consent, after which it is promptly suppressed or deleted.
-
Website analytics data Anonymised or aggregated after 26 months, or as configured per platform.
-
Cookie data As specified in the Cookie Declaration. Most marketing cookies expire within 90–365 days.
-
Job application data Retained for 6 months from the end of the recruitment process, or longer with your explicit consent for our talent pool.
-
Accounting and legal records Retained for the period required by Norwegian accounting law (5 years).
When personal data is no longer required, it is securely deleted or anonymised in accordance with our internal data management procedures.
8. Your Rights Under the GDPR
If you are located in the EEA or Norway, you have the following rights regarding your personal data. We will respond to your request within 30 days (extendable to 90 days for complex requests):
To exercise any of these rights, please contact us at privacy@cyviz.com. We may need to verify your identity before processing a request. Exercise of rights is free of charge.
You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) if you believe we have handled your data unlawfully:
Website: datatilsynet.no · Phone: +47 74 07 70 00 · Email: postkasse@datatilsynet.no
9. California Residents — CCPA/CPRA
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights. This section supplements the rest of this policy.
Categories of Personal Information Collected (last 12 months)
- Identifiers (name, email address, IP address)
- Internet or other electronic network activity (browsing history, cookie data)
- Professional or employment-related information (company, job title — when provided)
- Inferences drawn from the above to create a profile for marketing purposes
Your CCPA/CPRA Rights
-
Right to Know Request disclosure of the categories and specific pieces of personal information we have collected about you.
-
Right to Delete Request deletion of personal information we hold about you, subject to certain exceptions.
-
Right to Correct Request correction of inaccurate personal information we hold about you.
-
Right to Opt-Out of Sale or Sharing We do not sell personal information for monetary consideration. However, sharing data with advertising partners via cookies may constitute "sharing" under CPRA — you may opt out at any time via our Cookie Settings.
-
Right to Limit Use of Sensitive Personal Information We do not collect sensitive personal information as defined under CPRA.
-
Right to Non-Discrimination We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To submit a CCPA/CPRA request, contact us at privacy@cyviz.com with the subject line "California Privacy Request". We will respond within 45 days. You may designate an authorised agent to make a request on your behalf.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the way we operate our website. When we make material changes, we will update the "Last updated" date at the bottom of this page.
We encourage you to review this policy periodically. If changes are significant, we may provide a more prominent notice (e.g. a banner on the website or a notification email to subscribers).
Questions or Requests?
To exercise your rights, ask about this policy, or report a data protection concern, contact our privacy team directly. We aim to respond within 30 days.
Last updated: April 2026 · Cyviz AS, Stavanger, Norway