Privacy Policy

Svinnsikt AS is the data controller for the personal data described in this Privacy Policy, unless otherwise stated.

Company name: Svinnsikt AS
Address: Sundeveien 15, 4550 Farsund, Norway
Email: post@svinnkompetanse.no
Phone: +47 918 46 075

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us using the details above.

This Privacy Policy applies to:

• visitors to our website
• individuals who contact us by form, email, or phone
• customer representatives and users of the Svinnsikt platform
• data processed through our app and dashboard, to the extent Svinnsikt acts as data controller

In some cases, Svinnsikt may process data on behalf of a business customer. In such cases, the customer may be the data controller and Svinnsikt may act as a data processor under a separate data processing agreement.

We collect only the personal data that is necessary for the relevant purpose.

A. Information You Provide to Us

When you contact us, request a demo, book a meeting, or register for our Services, we may collect:

• name
• email address
• phone number
• company name
• job title
• any information you include in your message or request

If you contact customer support, we may also collect the content of your enquiry and any related communication.

B. Information Collected Through the Svinnsikt Platform

When the Svinnsikt platform is used, we may process:

• user account details
• login and account administration data
• food waste registration data
• operational data related to waste categories, quantities, estimated costs, reporting, and usage of the platform
• images submitted through the mobile app, AI camera, or related tools, where this functionality is enabled

C. AI Image Processing

If AI-based image recognition is used, images may be processed in order to:

• estimate weight
• identify or classify waste
• improve the accuracy of the relevant feature
• generate data metrics and reports for the customer

Svinnsikt is designed according to the principle of data minimisation. Unless otherwise agreed, configured by the customer, or required for troubleshooting, documentation, or service improvement, raw images are not stored longer than necessary for the relevant purpose. In many cases, the main retained output will be the resulting data, such as category, quantity, and estimated value.

D. Automatically Collected Data

When you visit our website or use our Services, we may automatically collect:

• IP address
• browser type
• device type
• operating system
• app and platform usage data
• log data relating to security, stability, and performance

We use personal data for the following purposes:

• to provide, operate, and maintain our Services
• to create and manage user accounts
• to respond to enquiries, schedule meetings, and provide support
• to deliver reports, dashboards, and related platform functionality
• to process payments, invoicing, and customer administration
• to monitor service performance, prevent misuse, and maintain security
• to improve features, workflows, and platform quality
• to comply with legal obligations
• to establish, exercise, or defend legal claims when necessary

Under the GDPR, we must have a valid legal basis for processing personal data.

We normally rely on one or more of the following legal bases:

Performance of a Contract

We process personal data where necessary to provide the Services, manage accounts, deliver agreed functionality, and administer the customer relationship.

Taking Steps Prior to Entering into a Contract

If you request a demo, contact us about a potential subscription, or book a meeting, we may process your data in order to respond and take relevant pre-contractual steps.

Legitimate Interests

We may process personal data where necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms. This may include:

• responding to business enquiries
• improving service quality
• maintaining security and preventing fraud or misuse
• internal administration and documentation
• limited service analytics and troubleshooting

Legal Obligation

We may process and retain personal data where necessary to comply with legal obligations, including accounting, bookkeeping, tax, and other regulatory requirements.

Consent

Where required by law, we will rely on your consent, for example for certain cookies or similar technologies. You may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Our website may use cookies or similar technologies for necessary functionality, security, analytics, and user experience improvements.

Where required by applicable law, we will request consent before using non-essential cookies. More detailed information may be provided in our Cookie Policy or cookie banner.

We do not sell, rent, or trade personal data.

We may share personal data only when necessary and only with appropriate safeguards, including:

Service Providers

We may use trusted third-party providers for services such as:

• cloud hosting
• infrastructure and storage
• analytics
• customer communication
• support systems
• invoicing and administration

These providers may process personal data only on our instructions and under appropriate contractual safeguards.

Business Transfers

If Svinnsikt is involved in a merger, acquisition, financing process, reorganisation, or sale of assets, personal data may be disclosed to relevant parties, subject to confidentiality and applicable law.

Legal Requirements

We may disclose personal data where required by law, regulation, court order, or valid request from a public authority.

Our aim is to store and process personal data within the EEA whenever possible.

If personal data is transferred outside the EEA, we will ensure that appropriate safeguards are in place in accordance with applicable data protection law, such as the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism.

We retain personal data only for as long as necessary for the purpose for which it was collected, unless a longer retention period is required by law.

As a general guideline:

• website enquiries and contact form submissions: normally up to 12 months after the last relevant contact, unless further dialogue or a customer relationship follows
• customer account and subscription data: for as long as the customer relationship remains active and for a reasonable period thereafter for follow-up, documentation, and legal purposes
• support correspondence: normally up to 24 months after the case is closed, unless longer retention is necessary
• service logs and technical security logs: retained only as long as reasonably necessary for security, troubleshooting, and documentation
• accounting and invoicing data: retained as required by applicable bookkeeping and tax laws

Where possible, personal data will be deleted, anonymised, or aggregated when no longer needed.

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These measures may include:

• access controls
• encryption where appropriate
• role-based permissions
• secure hosting arrangements
• monitoring and logging
• internal procedures for incident handling and data protection

No system can guarantee absolute security, but we work continuously to maintain an appropriate level of protection.

If you are located in the EEA or otherwise have rights under applicable data protection law, you may have the right to:

• request access to your personal data
• request correction of inaccurate or incomplete data
• request deletion of personal data
• request restriction of processing
• object to processing based on legitimate interests
• withdraw consent at any time where processing is based on consent
• request data portability, where applicable
• lodge a complaint with a supervisory authority

If you are not satisfied with how we handle your personal data, you may contact the Norwegian Data Protection Authority (Datatilsynet).

Our Services are not intended for children, and we do not knowingly collect personal data from children through our website or Services.

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or our data protection practices.

When we make material changes, we will update the Effective Date at the top of this page and, where appropriate, provide additional notice.

If you have questions, requests, or concerns regarding this Privacy Policy or our processing of personal data, please contact:

Svinnsikt AS
Sundeveien 15
4550 Farsund
Norway
Email: post@svinnkompetanse.no
Phone: +47 918 46 075