R & D Nordic – Privacy Statement
Last updated: 30 May 2025
1. Who We Are
R & D Nordic AS (“we”, “our”, “us”) is a consultancy registered in Norway, organisation no. 927071444. We specialise in AI, R&D strategy, grant funding and data-privacy advisory services.
2. What Data We Collect
Our website (rdnordic.com) is a static site hosted on GitHub Pages.
- No cookies
- No analytics
- No third-party trackers
Visiting our pages leaves no personal data on our servers.
The only personal data we receive is what you actively send to us, typically:
| Channel | Data | Purpose |
|---|---|---|
Email (mailto:rdnordic@proton.me) |
Name, email address, message content | Responding to your enquiry and, if agreed, delivering our services |
3. How We Handle Your Email
- Secure transport & storage – We use Proton Mail, an end-to-end encrypted email provider based in Switzerland and GDPR-compliant. Your messages are encrypted at rest on Proton’s servers.
- Access – Only R & D Nordic personnel directly involved in your enquiry can read your message.
- Retention –
- General correspondence: deleted once our dialogue or project is complete.
- Accounting/contractual records: Norwegian bookkeeping rules require us to keep invoices and supporting contractual documentation for five (5) years (§ 13, Bokføringsloven). We retain only the minimum personal data necessary for that legal obligation.
4. Legal Basis
Under the EU/EEA General Data Protection Regulation (GDPR):
- Art. 6(1)(b) – Contract: pre-contract discussions and service delivery.
- Art. 6(1)(c) – Legal obligation: bookkeeping and tax records.
- Art. 6(1)(f) – Legitimate interest: responsive communication while minimising data.
5. Your Rights
You have the right to:
- Access – know what data we hold about you.
- Rectification – correct inaccurate data.
- Erasure – request deletion when no longer needed.
- Restriction & Objection – limit or oppose processing under certain conditions.
Contact us at rdnordic@proton.me and we will respond within one month.
6. Data Transfers
We do not sell, share or transfer your data to third parties, the only data that may be shared (never sold), is via our communication over email through:
- Proton Mail (encrypted email hosting based in Switzerland).
- Norwegian authorities if legally required (e.g., tax audit).
7. Information Security
- All internal devices use full-disk encryption and MFA.
- Access to Proton Mail secured with hardware-token 2FA.
- Regular security reviews and least-privilege access controls.
8. Changes to This Statement
We may update this notice if legal or operational requirements change. The latest version is always available on our site with the “last updated” date.
9. Contact & Data Controller
R & D Nordic AS
Hamar, Norway
Email: rdnordic@proton.me
If you believe we process your data unlawfully, you can lodge a complaint with Datatilsynet (Norwegian Data Protection Authority). This is what we make a living out of so we genuinely want you to know we take privacy seriously. We don't need to track you or collect invasive data to do our job.