Privacy Policy Onsio AS

Effective date: 8th of January 2025

1. Who we are

Onsio AS ("Onsio", "we", "us") provides software and B2B delivery services. This Privacy Policy explains how we collect and use personal data when you visit our website or contact us.

Company: Onsio AS

Organisation number: 934 860 691

Address: Elganeveien 1, 4373 Egersund

Email: privacy@onsio.com

2. What this policy covers

This policy applies to personal data we process through:

  • Our website
  • Our contact form and inbound inquiries
  • Direct contact via email, phone, and meetings related to inquiries

3. Personal data we collect

3.1 Data you provide

When you contact us, we may collect:

  • Name
  • Company/organisation
  • Role/title (if provided)
  • Email address
  • Phone number (if provided)
  • Message content and any information you choose to share
  • Any attachments you send us

3.2 Data collected automatically

When you use the website, technical data may be processed, such as:

  • IP address (typically in server logs)
  • Device and browser information
  • Date/time and pages viewed
  • Referrer information

4. Why we process personal data

We process personal data to:

  • Respond to inquiries and communicate with you
  • Assess whether a pilot, delivery, or meeting is relevant
  • Provide requested information about Onsio's services
  • Maintain basic website security and stability
  • Improve the website and understand usage patterns

5. Legal basis (GDPR)

We rely on one or more of the following legal bases under GDPR:

  • Legitimate interests: to respond to inquiries, operate and improve our website, and maintain security
  • Contract / steps prior to contract: to discuss and prepare potential pilots or deliveries
  • Consent: where we are required to ask for it (for example, certain cookies or marketing activities)
  • Legal obligation: where we must comply with applicable law

6. How long we keep your data

We keep personal data only as long as needed for the purpose it was collected. Typical retention:

  • Inquiries: up to 12–36 months after last contact, unless a longer period is needed for documentation or an ongoing relationship
  • Customer/project data: according to contract and applicable legal obligations
  • Technical logs: retained for a limited period for security and troubleshooting

7. Who we share data with

We may share personal data only when necessary, such as with:

  • IT and hosting providers that operate the website and email systems
  • Tools used for communication and documentation (for example, email, calendar, CRM)

We require service providers to protect personal data and only process it on our instructions when acting as processors.

8. International transfers

If any service providers process data outside the EU/EEA, we will ensure a lawful transfer mechanism is in place (for example, EU Standard Contractual Clauses) and apply appropriate safeguards.

9. Security

We use reasonable organisational and technical measures to protect personal data, including access controls and least-privilege practices. No method of transmission or storage is completely secure, but we work to protect data from unauthorised access and misuse.

10. Cookies and similar technologies

Our website may use cookies or similar technologies for basic functionality and to understand website usage. Where required, we will request your consent before using non-essential cookies. You can also control cookies through your browser settings.

11. Your rights

Depending on your situation, you may have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion (where applicable)
  • Object to or restrict processing (where applicable)
  • Request data portability (where applicable)
  • Withdraw consent where processing is based on consent

To exercise your rights, contact us at privacy@onsio.com. We may request information to verify your identity.

12. Complaints

If you believe our processing violates data protection laws, you can contact us first. You also have the right to lodge a complaint with your local data protection authority. In Norway, this is Datatilsynet.

13. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will be published on this page with an updated effective date.