Privacy Policy for Havguard

1. Introduction

Havguard AS is committed to protecting your privacy. We have designed our website to minimize the amount of personal data we collect. This Privacy Policy explains how we process the limited technical data required to operate this website.

For the purposes of the General Data Protection Regulation (GDPR), we are the Data Controller.

Contact Information:

Company Name: Havguard AS

Address: Johan Strandruds Vei 10, 1366 Lysaker

Email: emilie@havguard.com

2. No Cookies Used

We respect your digital privacy. This website does not use cookies. We do not place any files on your device, and we do not track your behavior across other websites. Consequently, we do not require a cookie consent banner.

3. Data Collection and Processing

Although we do not track you with cookies, the technical infrastructure of the internet requires the brief processing of certain technical data to deliver this website to you. We process this data based on our Legitimate Interest (GDPR Article 6(1)(f)) in operating a secure, fast, and functional website.

We process the following categories of data:

A. Server Logs & Security (Content Delivery)

When you load our website, your device connects to our content delivery partner, Sanity.io.

Data Processed: Your IP address, browser type (User-Agent), and the time of the request.

Purpose: To deliver text and images to your screen and to protect the website against security threats (such as DDoS attacks) and fraud.

Retention: This data is logged for security purposes for a limited period (typically 30 days) and then automatically deleted.

B. Privacy-Friendly Analytics

We use Fathom Analytics to understand website traffic trends without compromising your privacy.

Data Processed: Your IP address and User-Agent are sent to Fathom's servers.

Anonymization: Fathom immediately creates a cryptographic hash of this data to count a "page view." This process is irreversible.

Retention: The raw IP address is discarded immediately after processing. The anonymized hash is retained for less than 48 hours to prevent duplicate view counts and is then deleted. No personal data is permanently stored.

C. Employee Profiles

We display professional profiles of our team members on this website, which may include names, photographs, and professional contact details.

Purpose: To facilitate business communication and provide transparency about our team.

Legal Basis: Legitimate Interest in promoting our services and personnel.

4. Data Sharing and Transfers

We do not sell your data. We share technical data only with the service providers necessary to run this website.

Sanity Inc.

Role: Hosting & Content Delivery Network (CDN)

Location: USA / Global

Safeguards: Sanity is certified under the EU-US Data Privacy Framework (DPF), ensuring that data transfers to the US comply with GDPR standards. 

Fathom Analytics

Role: Website Analytics

Location: Canada

Safeguards: Transfers are protected by the European Commission’s Adequacy Decision, which recognizes Canada as providing an adequate level of data protection. 

5. Your Rights

Under the GDPR, you have the right to access, rectify, erase, and restrict the processing of your personal data. You also have the right to object to processing based on legitimate interest.

Note on Exercising Rights: Because we do not use cookies or store persistent user profiles, we generally cannot identify you in our system. If you request to see "your data," we may be unable to fulfill the request unless you can provide specific technical proofs (such as the exact IP address and timestamp used during your visit) that allow us to locate your session in our security logs.

If you believe your rights have been violated, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).