Data protection notice

Last updated: December 2025

Scope and application

This notice applies to personal data submitted through institutional inquiry forms, engagement requests, and confidential dialogue mechanisms provided by Northflow Technologies.

It supplements the general privacy policy and addresses specific considerations for institutional engagement.

Information collected

Institutional inquiries may include:

  • Professional contact information
  • Institutional affiliation and role
  • Subject matter and context of inquiry
  • Technical requirements or specifications
  • Correspondence and related documentation

Confidential handling

Submitted information is treated as confidential and handled in accordance with institutional engagement protocols. Access is restricted to personnel directly involved in inquiry response and engagement coordination.

Confidentiality measures are designed to align with expectations appropriate for government and institutional dialogue.

Purpose limitation

Personal data is processed exclusively for the following purposes:

  • Responding to institutional inquiries
  • Coordinating engagement activities
  • Providing requested information or documentation
  • Maintaining records of institutional dialogue

Data is not used for marketing, commercial solicitation, or purposes unrelated to the original inquiry.

Data minimisation

Only information necessary for inquiry handling and engagement coordination is collected and retained. Unnecessary or excessive data is not requested or stored.

Processing location

Data processing is conducted within the European Economic Area or in jurisdictions providing equivalent data protection standards. Infrastructure and service providers are selected based on their alignment with European data protection requirements.

Third-party sharing

Personal data is not shared with third parties except:

  • Where necessary to fulfil the stated purpose of the inquiry
  • With explicit consent from the data subject
  • As required by legal obligation or regulatory authority

Third-party processors, if engaged, are subject to contractual data protection obligations.

Retention period

Personal data is retained for the duration necessary to fulfil the purpose of the inquiry or as required by applicable legal or regulatory obligations. Retention periods are reviewed periodically and data is deleted when no longer necessary.

Security measures

Technical and organisational measures are implemented to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures are designed to align with the sensitivity of institutional engagement.

Individual rights

Data subjects retain all rights established under applicable data protection regulation, including:

  • Access to personal data
  • Rectification of inaccurate information
  • Erasure under applicable conditions
  • Restriction or objection to processing

Requests may be submitted to hello@northflow.no.

Contact

Questions regarding data protection practices may be directed to hello@northflow.no. Responses will be provided in accordance with applicable regulatory timeframes.