Privacy Policy

This Privacy Policy explains how HyperQuarry AS ("we", "us", or "our") collects, uses, and protects your personal information when you visit our website or use our services. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Last updated: January 2026

Data Controller Information

HyperQuarry AS is the data controller responsible for your personal data. Our contact details are:

HyperQuarry AS
Markveien 134
0102 Oslo, Norway
Registration Number: 592316487
VAT Number: NO598216437MVA
Email: privacy@hyperquarry.top
Phone: +47 21 98 65 82

Data Collection

The data we collect includes personal information that you provide directly to us and information that is automatically collected when you use our website. We collect the following types of personal data:

Information You Provide

  • Contact information (name, email address, phone number)
  • Organisation details (company name, position)
  • Communication content (messages, enquiries, feedback)
  • Service preferences and requirements
  • Professional qualifications and experience (when relevant to our services)

Automatically Collected Information

  • Website usage data (pages visited, time spent, navigation patterns)
  • Technical information (IP address, browser type, device information)
  • Cookie and tracking data (with your consent)
  • Referral sources and marketing campaign interactions

How We Use Your Information

We use of your data is based on legitimate legal grounds under GDPR. How we use your information depends on the services you use and your relationship with us:

Service Provision

  • Providing certification programme accreditation guidance and consulting services
  • Responding to enquiries and communication requests
  • Delivering requested information about our services
  • Managing client relationships and project delivery

Business Operations

  • Processing payments and maintaining financial records
  • Compliance with legal and regulatory requirements
  • Internal business administration and record keeping
  • Quality assurance and service improvement

Marketing and Communication

  • Sending relevant service updates and educational content (with consent)
  • Marketing our services to potential clients (where legally permitted)
  • Analysing market trends and service demand
  • Improving our website and user experience

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: Where you have given clear consent for specific processing activities
  • Contract: Where processing is necessary for performing our services
  • Legal obligation: Where we must process data to comply with legal requirements
  • Legitimate interests: Where processing is necessary for our legitimate business interests

Data Sharing and Disclosure

We do not sell or rent your personal data to third parties. We may share your information in the following circumstances:

  • With service providers who assist in delivering our services (under strict confidentiality agreements)
  • With professional advisors (lawyers, accountants, auditors) when necessary
  • With regulatory authorities when required by law
  • In connection with business transfers (mergers, acquisitions) with appropriate safeguards
  • To protect our rights, property, or safety, or that of our clients or the public

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Certification schemes and codes of conduct

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. Our data retention periods are:

  • Client data: For the duration of our business relationship plus 7 years for legal compliance
  • Marketing data: Until you withdraw consent or for 3 years from last interaction
  • Website analytics: Up to 26 months (Google Analytics default)
  • Cookie data: As specified in our Cookie Policy
  • Financial records: 7 years as required by Norwegian law

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: Request copies of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data in certain circumstances
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent for specific processing activities

To exercise your rights, please contact us using the contact information provided below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Staff training on data protection and security
  • Incident response procedures

Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us at:

Data Protection Officer
HyperQuarry AS
Email: privacy@hyperquarry.top
Phone: +47 21 98 65 82
Address: Markveien 134, 0102 Oslo, Norway

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal data unlawfully. In Norway, you can contact:

Norwegian Data Protection Authority (Datatilsynet)
Website: www.datatilsynet.no
Phone: +47 22 39 69 00
Email: postkasse@datatilsynet.no

This Privacy Policy is effective as of January 2026 and applies to all personal data processed by HyperQuarry AS.