Privacy Policy
How AI Risk Intelligence AS (AIRI) collects, uses and protects personal data on airi.no, in line with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven).
Last updated: 10 July 2026
1. Data controller
AI Risk Intelligence AS ("AIRI", "we", "us"), a company registered in Norway, is the data controller for personal data processed via airi.no. For any privacy question, access request, correction, deletion, objection, restriction, portability request or complaint, contact ah@airi.no.
2. Personal data we process
- Contact form & email enquiries: name, company, work email, country/jurisdiction, inquiry type and the content of your message.
- Engagement data: if we enter into an engagement, we process the business-contact and correspondence data necessary to deliver the services.
- Technical & server log data: IP address (shortened where possible), user-agent, referring URL, timestamp and requested resource — logged by our hosting provider for security and abuse prevention.
- Cookies & similar technologies: see the Cookie Policy. Analytics cookies are only set with your prior consent.
AIRI does not knowingly collect personal data from children, and airi.no is not directed at children.
3. Purposes & legal basis (Art. 6 GDPR)
- Responding to your enquiry — pre-contractual steps at your request (Art. 6(1)(b)) and our legitimate interest in handling business inquiries (Art. 6(1)(f)).
- Delivering agreed services — performance of a contract with you or your organisation (Art. 6(1)(b)).
- Site security, fraud & abuse prevention — legitimate interest in a secure, functioning site (Art. 6(1)(f)).
- Analytics (only if you consent) — your consent (Art. 6(1)(a)); withdrawable at any time via the Cookie Preferences.
- Legal & regulatory obligations — compliance with Norwegian bookkeeping and tax law and applicable EU/EEA regulation (Art. 6(1)(c)).
4. Recipients & data processors
AIRI does not sell personal data and does not share it with third parties for marketing. We use a small number of vetted processors under written data processing agreements (Art. 28 GDPR) for hosting, email delivery, error logging and analytics (only if consented). Processors currently include our website hosting and backend platform, our email/inbox provider, and — where consented — a privacy-preserving analytics tool. Personal data may also be disclosed to competent authorities where legally required.
5. International transfers
Personal data is primarily processed inside the EU/EEA. Where a processor is located outside the EU/EEA, transfers are protected by an adequacy decision or by the European Commission's Standard Contractual Clauses (SCCs) together with supplementary measures as required by Schrems II. A copy of the safeguards is available on request.
6. Retention
- Contact-form messages and email correspondence: retained for up to 24 months from last contact, unless a business relationship exists.
- Engagement records: retained for the duration of the engagement plus statutory retention periods under Norwegian bookkeeping law (up to 5 years) and applicable AML/CTF recordkeeping obligations where relevant.
- Server / security logs: retained for a short period (typically up to 90 days) unless required for incident investigation.
- Cookie consent choices: stored locally in your browser (see Cookie Policy).
7. Your rights (Art. 15–22 GDPR)
Subject to conditions in the GDPR, you have the right to:
- Access the personal data we hold about you and receive a copy.
- Have inaccurate or incomplete data corrected.
- Have your data erased ("right to be forgotten") where applicable.
- Restrict or object to processing based on legitimate interest.
- Data portability where processing is based on consent or contract and carried out by automated means.
- Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
- Not be subject to solely automated decisions with legal or similarly significant effects. AIRI does not use automated decision-making or profiling of website visitors.
To exercise any right, email ah@airi.no. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet, datatilsynet.no) or your local EU/EEA supervisory authority.
8. Security
AIRI applies appropriate technical and organisational measures against unauthorised access, loss, alteration or disclosure of personal data, including transport encryption (HTTPS/TLS), role-based access, least-privilege principles for internal tooling, and vendor due diligence for processors. No online transmission or storage is fully secure; AIRI cannot guarantee absolute security.
9. Confidentiality of AML & compliance engagements
Client project information received during AML, financial-crime or compliance engagements is handled with strict confidentiality and separately from website-visitor data. Such information is not published, used for marketing, or disclosed to third parties, except where required by law or expressly agreed in the engagement.
10. Changes to this policy
We may update this policy to reflect changes in law, technology, or our services. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be highlighted on airi.no where appropriate.
11. Contact
AI Risk Intelligence AS · Norway · ah@airi.no