Echo Algori Data – Last updated: December 8, 2025 (v2.0)
This privacy policy describes how Echo Algori Data collects, uses, stores and protects your personal data when you visit our websites (echoalgoridata.no and echoalgoridata.com) or use our services.
We take privacy seriously and comply with GDPR and Norwegian privacy legislation. See also:
Echoalgoridata av Kisuule
St. Olavs gate 32
0166 Oslo, Norge
Org.nr.: 928 592 405
E-post: privacy@echoalgoridata.no
Echo Algori Data is the data controller for personal data we collect through our websites and in connection with our services, unless otherwise agreed (e.g. in a data processing agreement where we act as a data processor on your behalf).
This privacy policy applies to:
When we process personal data on behalf of our customers (as data processor), this is regulated by a separate data processing agreement (DPA) between us and the customer.
We may receive information from business partners, public registers or social media when you choose to link your account or share information through these platforms.
We use personal data for the following purposes:
Service Delivery
To deliver, administer and improve our consulting, development and automation services.
Communication
To respond to inquiries, send project updates, invoice information and relevant service information.
Service Improvement
To analyze usage patterns, identify errors and improve the user experience on our websites.
Marketing
To send newsletters and service information, only with your consent. You can unsubscribe at any time.
Security and Compliance
To protect our systems, prevent fraud and comply with legal obligations.
We process personal data based on the following legal grounds under GDPR:
Contract (Art. 6(1)(b))
When processing is necessary to fulfill a contract with you or at your request before entering into a contract.
Consent (Art. 6(1)(a))
For newsletters, marketing and non-essential cookies. You can withdraw consent at any time.
Legitimate Interest (Art. 6(1)(f))
For website operation, security, fraud prevention and service improvement.
Legal Obligation (Art. 6(1)(c))
For accounting requirements, tax purposes and other legal obligations.
We store personal data only as long as necessary for the purpose for which it was collected:
After the retention period expires, the data will be deleted or anonymized. Upon specific deletion request from you, we will delete data within 30 days, unless we have a legal basis to retain it.
We take the security of your personal data seriously and have implemented appropriate technical and organizational measures:
In Case of Security Breach
If a personal data breach occurs that poses a risk to your rights, we will notify relevant supervisory authorities within 72 hours and you directly if the risk is high.
We never sell your personal data. We may share information with the following categories of recipients:
Service Providers
Hosting (Vercel), email (Mailtrap), analytics (Vercel Analytics), and others who help us deliver our services. All are subject to data processing agreements.
Group Companies
ALG Dynamics (USA) and other group partners for project delivery, always subject to the same privacy standards.
Legal Requirements
Public authorities when required by law, or to protect our rights and security.
When transferring data to countries outside the EU/EEA, we use the EU Commission's Standard Contractual Clauses (SCC) or equivalent approved mechanisms to ensure adequate protection.
In accordance with the Norwegian E-Com Act (effective January 1, 2025) and GDPR, we use cookies with your consent where required:
Strictly Necessary Cookies
Required for basic functions. Does not require consent under E-Com Act.
| Name | Purpose | Duration | Type |
|---|---|---|---|
| locale | Language selection (no/en) | 1 year | First-party |
| __next_* | Next.js session management | Session | First-party |
Analytics Cookies (require consent)
Used for anonymized traffic analysis and performance measurement.
| Service | Purpose | Provider | Privacy |
|---|---|---|---|
| Vercel Analytics | Anonymized traffic analysis | Vercel Inc. (USA) | No PII |
| Vercel Speed Insights | Core Web Vitals measurement | Vercel Inc. (USA) | No PII |
E-Com Act 2025 Compliance
We follow Datatilsynet's guidelines from April 2025. Consent for non-essential cookies is: freely given, specific, informed, and unambiguous. "Accept" and "Reject" are presented with equal visual weight.
You can manage and withdraw consent at any time via browser settings or by contacting us. Note that blocking necessary cookies may affect website functionality.
Under GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of the information we have about you.
Right to Rectification
Ask us to correct inaccurate or incomplete information.
Right to Erasure
Request that we delete your data ("right to be forgotten").
Right to Restriction
Request that we restrict processing in certain situations.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interest.
To exercise your rights, contact us at privacy@echoalgoridata.no. We will respond within 30 days.
We use AI technology in our services and on our websites:
AI Service Providers We Use:
| Provider | Purpose | Location |
|---|---|---|
| Anthropic (Claude) | Text generation, analysis, agents | USA (SCC) |
| OpenAI (GPT) | Text generation, embeddings | USA (SCC) |
| Google (Gemini) | Multimodal AI, research | USA/EU (SCC) |
| DeepSeek | Code assistance, analysis | CN (SCC) |
SCC = EU Standard Contractual Clauses for international transfers
EU AI Act Compliance
We are preparing for the EU AI Act (effective August 2025-2027). Our AI systems are classified as minimal or limited risk. We implement AI literacy, documentation, and transparency requirements as per the regulation.
Human Oversight (GDPR Art. 22)
We do not make legally binding decisions solely based on automated processing. You always have the right to human review of decisions that significantly affect you.
If you believe we are not processing personal data in accordance with regulations, you have the right to complain to the Data Protection Authority:
We appreciate if you contact us first so we can try to resolve the matter directly.
We may update this privacy policy as needed. Changes take effect when published on this page with an updated date.
For material changes, we will notify you via email or a prominent notice on the website.
Do you have questions about this privacy policy or how we process your personal data?
Email (privacy): privacy@echoalgoridata.no
Email (general): info@echoalgoridata.no
| Version | Date | Changes |
|---|---|---|
| 2.0 | 08.12.2025 | Added detailed cookie table, E-Com Act 2025 compliance, AI provider list, EU AI Act references |
| 1.0 | 07.12.2025 | Initial version with 14 sections |
Privacy | Terms | GDPR Compliant