InfAI Privacy Policy

Last Updated: February 2025

1. Introduction

InfAI AS ('we,' 'us,' or 'our') is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our services, in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. Data Controller

InfAI is the data controller responsible for processing your personal data. If you have any questions or requests regarding this Privacy Policy, you can contact us at:
📧 Email: hei@infai.tech
📍 Address: Flyvein 3, 0770, Oslo, Norway

3. Personal Data We Collect

We collect and process the following categories of personal data:

• Identity Data: Name, contact details, and organization information.

• Usage Data: Information about how you use our services, including log files and device data.

• Communication Preferences: Information about your preferences for receiving communications.

• Cookies and Tracking Technologies: Data collected through cookies and similar technologies (see Section 6 - Cookies).

We do not process special categories of personal data (e.g., health data, biometric data) unless explicitly required and permitted under applicable laws.

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contractual Necessity: To provide and fulfill our services.

• Legitimate Interests: To analyze and improve user experience, prevent fraud, and ensure security.

• Legal Obligations: To comply with applicable laws and regulatory requirements.

• Consent: For marketing communications and non-essential cookies (you may withdraw consent at any time).

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• Service Delivery: To provide, maintain, and improve our services.

• Communication: To respond to inquiries, send updates, and notify you of changes.

• Marketing: To send newsletters and promotional materials (only with your consent).

• Security & Compliance: To protect against fraud, security threats, and comply with legal obligations.

We do not use your data for automated decision-making or profiling that significantly affects you.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. These help us understand user behavior and remember preferences. You can manage your cookie preferences through our Cookie Policy or adjust your browser settings.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. When data is no longer required, we securely delete or anonymize it.

8. Data Sharing & International Transfers

We do not sell your personal data. However, we may share it with: • Service Providers: Third parties that assist in providing our services (e.g., cloud hosting, analytics).

• Legal Authorities: If required by law or to enforce our rights. If your data is transferred outside the European Economic Area (EEA), we ensure adequate protection through:

• EU Standard Contractual Clauses (SCCs)

• Adequacy decisions by the European Commission • Other appropriate safeguards as required by GDPR

9. Your GDPR Rights

As an EU resident, you have the following rights under GDPR:

• Right of Access: Obtain a copy of your personal data.

• Right to Rectification: Correct inaccurate or incomplete data.

• Right to Erasure ('Right to be Forgotten'): Request deletion of your data when no longer necessary.

• Right to Restriction: Limit processing in certain circumstances.

• Right to Data Portability: Receive your data in a structured format.

• Right to Object: Object to processing based on legitimate interests or direct marketing.

• Right to Withdraw Consent: Withdraw consent for marketing or cookies at any time.

To exercise any of these rights, contact us at:
hei@infai.tech.

You also have the right to file a complaint with your local Data Protection Authority (DPA).

10. Security Measures

We implement technical and organizational measures to protect your data from unauthorized access, loss, or misuse. However, no system is completely secure, so we encourage responsible data sharing.