Privacy Policy

Data Controller

VARDE INTELLIGENCE AS ("we", "us"), a company registered in Norway, organisation number 837 434 262, is the data controller for personal data processed through this website (v4rde.io).

Contact for privacy matters: [email protected].

What We Collect

When you submit the contact form, we collect: your name, title or role (optional), organisation, email address, sector, type of inquiry, and the contents of your message. We also process technical metadata necessary for delivery and abuse prevention, including the originating IP address and the timestamp of the submission. No data is stored in any database on this website itself; submissions are transmitted as email.

Purpose & Legal Basis

We process this data for one purpose only: to assess and respond to your business inquiry. The legal basis is GDPR Article 6(1)(f) — our legitimate interest in responding to inquiries directed at us in a B2B and B2G context, balanced against your reasonable expectation of a reply when initiating contact through a public business form. You may object to this processing at any time by contacting us.

Data Processors & International Transfers

We use the following sub-processors to operate this site and the contact form:

• Hetzner Online GmbH (Germany / Finland) — hosting of the website. Data remains within the EU/EEA. Processing governed by a Data Processing Agreement (DPA) under GDPR Article 28.
• Resend, Inc. (United States) — transactional email delivery for the contact form (administrative notification and the auto-confirmation sent to you). Transfers to the United States are governed by the EU Standard Contractual Clauses (SCCs, Commission Implementing Decision (EU) 2021/914) as required by GDPR Chapter V. Resend has self-certified under the EU-U.S. Data Privacy Framework. Only the data necessary to deliver the email is transferred.
• Cloudflare, Inc. — CDN, DDoS protection and TLS termination. Cloudflare may process connection metadata (IP, user agent, request headers) for security and delivery purposes. Transfers covered by SCCs and the EU-U.S. Data Privacy Framework.

No personal data is shared with any other third party. We do not sell, rent or trade personal data under any circumstances.

Cookies & Tracking

This website does not use cookies, analytics, advertising identifiers, fingerprinting, or any form of behavioural tracking. No data is collected from your browsing activity beyond what is technically required to deliver the page.

Retention

Inquiries received through the contact form are retained in our business email system for as long as necessary to handle the matter and to maintain a record of the engagement, and in any case no longer than 24 months from the last meaningful correspondence, unless a longer period is required for legal, regulatory or contractual reasons. Server access logs and abuse-prevention metadata (IP, timestamp) are retained for a maximum of 30 days.

Security

The site is delivered exclusively over TLS. The contact form is protected by rate limiting and abuse-prevention measures. Access to inquiries is restricted to personnel with a defined need to know. Suspected security issues may be reported to [email protected].

Your Rights

Under the GDPR you have the right to access, rectify, erase, restrict or object to processing of your personal data, and the right to data portability where applicable. To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet, datatilsynet.no).

Changes to This Policy

We may update this policy as our processing activities evolve. Material changes will be reflected in the "Last updated" date below. Previous versions are available on request.