Privacy Policy

This statement describes how SustEvo AS processes personal data you share with us via sustevo.com. We always handle personal data in accordance with the General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act.

Data controller

SustEvo AS is the data controller for the personal data collected through this website. Questions about privacy can be sent to [email protected].

What information we collect

We only collect information you provide when contacting us via the contact form on the website. This includes:

• Name
• Email address
• Organization or company (optional)
• Message content

In addition, the hosting platform temporarily logs technical information such as IP address to protect against abuse and to limit the number of requests per user.

Purpose and legal basis

The information is used solely to respond to inquiries and follow up on potential collaboration. The legal basis is the legitimate interests under GDPR Article 6(1)(f): the ability to reply to individuals who actively contact us.

Where data is stored

Messages from the contact form are sent to a Microsoft 365 mailbox via the Microsoft Graph API. Microsoft is a data processor, and the data is stored within the EU/EEA in Microsoft’s European data centers. IP addresses used for rate limiting are stored only in server memory and are cleared on restart.

Retention period

Incoming email is retained as long as necessary to handle the inquiry and any subsequent customer relationship, normally up to three years after the last contact. After that the inquiry is deleted unless further retention is required for accounting or legal reasons.

Cookies and analytics

The website does not use tracking cookies. Anonymized traffic statistics are collected via Cloudflare Web Analytics, a cookie-free and privacy-friendly service. See our cookie statement for details.

Your rights

You have the right to:

• request access to the information we hold about you
• have incorrect information corrected
• request deletion of information we no longer have a basis to retain
• object to processing or request restriction
• receive your data in a machine-readable format (data portability)

Requests regarding your rights should be sent to [email protected]. We normally respond within 30 days.

Right to lodge a complaint

If you believe we process personal data in violation of the rules, you can lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet). Contact information is available at datatilsynet.no.

Changes

We may update this statement if services or regulations change. The current version will be published on this page.