Skip to main content
Awareness SecurityAwareness Security
NO

Privacy Policy

Last updated: 2026-01-07

Data Controller

Awareness Security AS is the data controller for personal data collected through our services.

Awareness Security AS
Hellvikveien 50
1459 Nesodden
Org.nr: 913 224 531
E-post: awaresec@awaresec.com

What data do we collect?

We collect the following categories of personal data:

  • Contact information: Name, email address
  • Organization information: Organization name, organization number
  • Engagement information: Scope, test targets, testing window, gate status, authorizations
  • Technical information: IP addresses, timestamps for actions (audit log)

Purpose of processing

We process personal data for the following purposes:

  • Delivering our security services and managing engagements
  • Communicating with you about engagements and services
  • Securing our systems and documenting actions
  • Fulfilling legal obligations and documentation requirements

Legal basis

We process personal data based on the following legal bases:

  • Performance of contract - to deliver the services you have ordered
  • Legitimate interest - for security, logging, and service improvement
  • Legal obligation - to comply with documentation requirements

Storage and retention

We store personal data as follows:

  • Data is stored on servers in Norway
  • Engagement data is stored for up to 3 years after completion, unless otherwise agreed
  • After the retention period, data is securely deleted

Sharing with third parties

We do not share personal data with third parties unless necessary to fulfill the agreement or required by law. Currently, we have no subcontractors processing personal data on our behalf.

Your rights

You have the following rights regarding your personal data:

  • Right of access - know what data we have about you
  • Right to rectification - correct inaccurate data
  • Right to erasure - request deletion of data
  • Right to restriction - limit processing
  • Right to data portability - receive data in machine-readable format
  • Right to object - oppose processing based on legitimate interest

To exercise your rights, contact us at awaresec@awaresec.com.

Cookies

We only use necessary cookies to maintain your login session. We do not use analytics or marketing cookies.

Security

We have implemented technical and organizational measures to protect your personal data, including encryption, access control, and regular security reviews.

Complaints

If you believe we process personal data in violation of privacy regulations, you can file a complaint with the Norwegian Data Protection Authority (datatilsynet.no).

Changes

We may update this privacy policy. For significant changes, we will notify you via email or in the service.