Privacy Policy

Last updated: 15th January 2026

Data Controller Information

HyperionEX AS is the data controller responsible for your personal data. We are registered in Norway with registration number 741258963 and our registered office is located at Torggata 11, 0104 Oslo, Norway.

Data Collection

We collect personal data that you provide to us directly and automatically when you use our website and services. The data we collect includes:

Information You Provide

  • Contact information including name, email address, phone number, and company details when you submit enquiries
  • Communication preferences and consultation requirements
  • Professional information relevant to risk assessment services
  • Any other information you choose to provide in communications with us

Information We Collect Automatically

  • Website usage data including pages visited, time spent, and navigation patterns
  • Technical information such as IP address, browser type, and device information
  • Cookie and tracking technology data as described in our Cookie Policy

How We Use Your Information

We use the personal data we collect for the following purposes based on legitimate business interests and your consent where required:

  • To respond to your enquiries and provide risk mitigation consulting services
  • To communicate with you about our services and your account
  • To improve our website functionality and user experience
  • To comply with legal obligations and regulatory requirements
  • To protect our business interests and prevent fraud
  • To send marketing communications where you have consented or we have legitimate interest

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

  • Consent: Where you have given clear consent for specific processing activities
  • Contract: To perform our consulting services and fulfil contractual obligations
  • Legitimate interests: To operate our business, improve services, and communicate about relevant offerings
  • Legal obligation: To comply with applicable laws and regulations

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service providers who assist with website operations, analytics, and business functions
  • Professional advisers including lawyers, accountants, and consultants
  • Regulatory authorities when required by law
  • Third parties in connection with business transfers or restructuring

International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses approved by the European Commission.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Client data: For the duration of our business relationship plus 7 years for legal and regulatory compliance
  • Marketing data: Until you withdraw consent or we determine it is no longer relevant
  • Website analytics: Typically 26 months as per Google Analytics default settings
  • Contact enquiries: 3 years unless a business relationship is established

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access: Request copies of your personal data
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data in certain circumstances
  • Restriction: Request limitation of processing in certain situations
  • Portability: Request transfer of your data in a structured format
  • Objection: Object to processing based on legitimate interests or for marketing purposes
  • Withdraw consent: Withdraw consent for processing where consent is the legal basis

To exercise these rights, please contact us using the information provided below.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection principles.

Contact Information

For any questions about this Privacy Policy, to exercise your rights, or to make a complaint about our data processing, please contact us:

Data Protection Contact:
Email: privacy@hyperionex.pro
Phone: +47 21572801
Address: HyperionEX AS, Torggata 11, 0104 Oslo, Norway

Supervisory Authority

You have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) if you believe we have not complied with data protection laws. Contact details are available at www.datatilsynet.no.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of significant changes by posting the updated policy on our website and updating the "last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

This policy is governed by Norwegian law and GDPR. If you have any questions about our privacy practices, please do not hesitate to contact us at privacy@hyperionex.pro.