CONTACT
JOIN THE PILOT

Hyfer Privacy Policy

1. What is this policy?

This Privacy Policy describes how Hyfer AS (“Hyfer”, “we”, “us”, or “our”) collects, uses, stores, and shares personal information when you interact with our services.

Hyfer AS is a limited liability company incorporated in Norway, registered at the Brønnøysund Register Center with organization number 923 146 520, and headquartered at Slependveien 108, N-1396 Billingstad, Norway.

This policy applies when Hyfer is acting as a data controller, meaning we determine the purposes and means of processing personal data. It does not apply where we act as a data processor on behalf of another organization

Our services include:

  • Hyfer Authentication and Payment Services
  • Hyfer PKI Services
  • Pilot programs, related APIs, software, and websites (e.g., https://www.hyfer.com).

2. When do we process information?

We process information about you when:

  • You use or register for any of our services, applications, or platforms.
  • Your employer or a third party enables you to access our services.
  • You subscribe to updates, pilot programs, or marketing communications.
  • You contact us with inquiries or support requests.

3. What information do we process?

3.1 Information provided by you

Includes name, email address, phone number, company/organization, and other data submitted during account registration, inquiries, or service interaction.

3.2 Information provided by third parties

Includes personal data shared by your employer or third parties granting you access to Hyfer services.

3.3 Location data

If location-based functionality is used, data may be collected from your device (e.g., GPS, Wi-Fi, cellular) depending on settings and service context.

3.4 Device information

Includes your device type, operating system, language, battery status, network provider, and app-specific permissions.

3.5 Service usage

Includes authentication timestamps, API usage logs, transaction records, or other service interaction data.

4. How do we use information?

4.1 General

We process information about you to provide our services and for our own purposes, as further described below. If we request information about you that is not required for purposes of providing you with our services, you may decline to provide such information. You may also decline to provide information that is required for purposes of providing you with our services, but this might restrict us from providing you with such services, certain features of such services, or affect the quality of the service.

4.2 To provide our services

We use your data to:

  • Authenticate identities.
  • Enable access to secured systems and services.
  • Provide payment capabilities and logs.
  • Deliver support and maintain service performance.

The legal basis may be contract fulfillment, legitimate interests, or compliance with legal obligations.

4.3 To provide our services.

With your consent, we may:

  • Use anonymized and aggregated data to improve our authentication and PKI tools.
  • Analyze trends to enhance platform usability.

4.4 For communications and marketing

With your explicit consent:

  • We may send you relevant updates, pilot program invitations, or product information.
  • Data may be processed using tools like Google Analytics for service optimization.

You can withdraw consent at any time by emailing dpo@hyfer.com.

5. How long do we process your information?

We process information about you for as long as is necessary to provide our services to you as requested, and for the duration of any consent to our processing that you may have granted. We are required by law to retain some types of information, such as financial records, for certain periods of time.

6. How do we share information?

We may share information about you with the following third parties as necessary to provide our services and to fulfill our own purposes with processing your information:

  • Service providers (e.g., hosting, cloud infrastructure, email, analytics).
  • Partners supporting service delivery.
  • Public authorities where legally required.

For transfers outside the EU/EEA, we implement adequate safeguards, such as Standard Contractual Clauses.

7. How do we use cookies and similar technologies?

7.1 Purpose

We use cookies and tools such as Google Analytics to understand usage, improve functionality, and measure performance.

7.2 Your choices

You can disable cookies in your browser, though some features may become limited. We do not use cookies to identify users unless necessary for login or secure sessions.


8. How do we keep information safe?

We are committed to protecting the security of any information about you that we receive. We use physical and technical safeguards/security controls to secure data and implement organizational security policies, procedures and employee training, in accordance with industry standards. Access to information is restricted to only those of our employees or other persons who have a valid need for access to fulfil valid purposes for processing your information.

Whenever we transfer information about you to third parties, such as a cloud hosting service, we require such third parties to provide at least the same level of security as used for our own processing of information. Such transfer of information is subject to a data processing agreement between us and the third party receiving your information.

Any transfer of information outside the European Union will be subject to the necessary further assurances, such as compliance with the EU standard contractual clauses.


9. What are your rights?

With regards to information about you that we process, you have the right to:

(a) Access information, including a copy of all the information about you that we have processed.

(b) Rectification of incorrect or misleading information.

(c) Erasure of information, primarily relevant if the information is no longer necessary for our purposes or if you withdraw your consent to our processing.

(d) Restriction of our processing in certain cases, primarily relevant if you have disputed the accuracy of the information or objected to our processing.

(e) Object to our processing of information for our own purposes and in any case if information is used for direct marketing purposes.

(f) Data portability, meaning the transfer of information that we have processed on the basis of your consent or an agreement with you to provide services.

(g) Complain about our processing to the Norwegian Data Protection Authority or to your local supervisory authority.



10. How can you exercise your rights?

You may enforce your rights by using the applicable functionality of our services and to manage your use or your information where available by contacting our data protection officer at dpo@hyfer.com.

In cases where a third party is the data controller, and we are the data processor you should exercise your rights by contacting such third party.


11. How will we make changes to this policy?

We may update this Privacy Policy periodically. Material changes will be communicated in advance where appropriate. The latest version will always be available at https://www.hyfer.com.

© 2025 HYFER AS. ALL RIGHTS RESERVED.

WANT TO KNOW THE LATEST?

FOLLOW US ON LINKED IN

PRIVACY POLICY