Privacy Policy

This statement describes how SustEvo AS processes personal data you share with us via sustevo.com. We always process data in accordance with the General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act.

Data controller

SustEvo AS is the data controller for personal data collected through this website. Questions about privacy can be sent to [email protected].

What information we collect

We only collect information you provide when you contact us via the contact form on the site. This includes:

• Name
• Email address
• Organisation or company (optional)
• Content of the message

In addition, the hosting platform temporarily logs technical information such as IP address to protect against abuse and to limit the number of inquiries per user.

Purpose and legal basis

The information is used solely to respond to inquiries and to follow up potential collaborations. The legal basis is legitimate interests under GDPR Article 6(1)(f): to be able to respond to individuals who actively contact us.

Where the information is stored

Messages from the contact form are sent to a Microsoft 365 mailbox via the Microsoft Graph API. Microsoft is a data processor, and the data are stored within the EU/EEA in Microsoft's European data centres. IP addresses used for rate limiting are only stored in the server's memory and are cleared on restart.

Retention period

Incoming email is retained as long as necessary to handle the inquiry and any subsequent customer relationship, normally up to three years after the last contact. Thereafter the inquiry is deleted unless further retention is required for accounting or legal reasons.

Cookies and analytics

The site does not use tracking cookies. Anonymous traffic statistics are collected via Cloudflare Web Analytics, which is a cookie-free, privacy-friendly service. See our cookie statement for details.

Your rights

You have the right to:

• request access to the information we hold about you
• have inaccurate information corrected
• request deletion of information we no longer have a basis to retain
• object to processing or request restriction
• receive your data in a machine-readable format (data portability)

Requests concerning your rights should be sent to [email protected]. We normally respond within 30 days.

Right to lodge a complaint

If you believe we are processing personal data in violation of the rules, you may lodge a complaint with the Norwegian Data Protection Authority. Contact information is available at datatilsynet.no.

Changes

We may update this statement in response to changes in services or regulation. The version in force at any time will be published on this page.