Privacy policy - Optra Risk AS

Optra Risk AS (“Optra Risk”, “we”, “us”, “our”) is committed to protecting your privacy and handling personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with our business activities, including when you visit www.optrarisk.com, contact us, or otherwise interact with us.

Last updated: 01.01.2025

We process personal data primarily to communicate with customers and partners, deliver our services, and meet legal and contractual obligations. We do not intentionally collect sensitive personal data unless it is strictly necessary and lawful, and we encourage you not to share sensitive information unless specifically requested.

This Privacy Policy applies to personal data processed by Optra Risk AS as a data controller, unless otherwise stated.

1. Data Controller (who is responsible)

Optra Risk AS
c/o Partner, Kjersti Setså Jensen
Haakon VIIs gate 10, Norway
Email: kjersti.s.jensen@optrarisk.com
Phone: +47 951 65 082

If you have any questions about privacy or personal data, please contact us using the details above.

2. What personal data we may collect

We may collect personal data in the following situations:

A) If you contact us

When you contact us by email or via a contact form, we may collect:

Name
Email address
Phone number (if provided)
The content of your message and any information you choose to share

B) When you visit the website (technical data)

When you access our website, our systems may automatically collect:

IP address
Browser type and device information
Pages visited and time spent on the site
Date/time and general website usage data

We do not request sensitive personal data (such as health information or national identification numbers) through the website.

3. Why we process personal data (purpose)

We process personal data to:

Respond to inquiries and communicate with you
Provide information about our services
Deliver services and manage customer relationships
Maintain, operate, and secure the website and our systems
Improve website content and user experience
Meet legal obligations and protect our legitimate interests

4. Legal basis under GDPR

Our processing is based on one or more of the following legal grounds:

Legitimate interests (Article 6(1)(f)) – responding to inquiries and operating our business
Consent (Article 6(1)(a)) – where you voluntarily submit information
Contract (Article 6(1)(b)) – when processing is necessary to perform an agreement
Legal obligation (Article 6(1)(c)) – when required by law

5. Cookies and analytics

Our website may use cookies to ensure website functionality and to understand website traffic and usage. Where analytics tools are used, cookies may be set by such tools.

You can control or delete cookies through your browser settings. You can also manage or update your cookie preferences at any time via our cookie banner.

6. Sharing of personal data

We do not sell personal data.

We may share personal data with:

Trusted service providers who support us with website operation, IT services, or communications
Public authorities, where disclosure is required by law

All data processors act under appropriate data processing agreements.

7. International transfers

If we use service providers located outside the EU/EEA, we will ensure that appropriate safeguards are in place in accordance with GDPR, such as Standard Contractual Clauses.

8. Data storage and retention

We store personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by applicable law.

If you are a customer or business contact, we may retain relevant correspondence and contact details for follow-up and documentation purposes.

9. Security

We use reasonable technical and organisational measures to protect personal data, including:

Secure transmission (HTTPS)
Access controls and internal routines

Please note that no method of transmission over the internet is completely secure.

10. Your rights

Under the GDPR, you have the right to:

Access your personal data
Request correction of inaccurate data
Request deletion (where applicable)
Object to certain processing
Request restriction of processing
Data portability (where applicable)
Withdraw consent (if processing is based on consent)

To exercise your rights, please contact: kjersti.s.jensen@optrarisk.com

You also have the right to file a complaint with the Norwegian Data Protection Authority (Datatilsynet).

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The most recent version will always be published on our website.