Horisont Consulting Group AS ("Horisont", "we", "us") respects your privacy. This policy explains what personal data we collect when you visit horisontcg.com (the "Website"), why we collect it, and your rights under the General Data Protection Regulation (GDPR) and Norwegian data protection law.

1. Who we are

Horisont Consulting Group AS is a project development and management consultancy registered in Norway. We are the data controller for personal data collected through this Website.

Contact: post@horisontcg.com

2. What data we collect

2.1 Data you provide voluntarily

The Website does not include contact forms, account registration, newsletter sign-ups, or any other input fields through which you would submit personal data directly to us. If you contact us by email using a link on the Website, your email address and the contents of your message are received and stored by our email provider.

2.2 Data collected automatically

The Website does not use cookies, tracking pixels, or analytics scripts. We do not deploy tools such as Google Analytics, Meta Pixel, or any similar service.

Our web hosting provider may collect standard server log data for operational and security purposes. This typically includes:

• IP address (which may be partially anonymised by the hosting provider)

• Browser type and version

• Date and time of the request

• Pages requested

This data is retained only as long as necessary for security monitoring and is not used to identify individual visitors or to build user profiles.

2.3 Third-party links

The Website may contain links to external platforms, including LinkedIn. Clicking these links will take you to a third-party website governed by its own privacy policy. We have no control over and accept no responsibility for the data practices of third parties.

3. Legal basis for processing

Where we process personal data, we do so on one of the following legal bases:

• Legitimate interests (Article 6(1)(f) GDPR) — for server log data retained for security purposes.

• Consent (Article 6(1)(a) GDPR) — where you have explicitly provided it (e.g. by emailing us).

• Contractual necessity (Article 6(1)(b) GDPR) — where processing is required to fulfil a contract or take steps at your request prior to entering one.

4. How we use your data

We use the limited data we collect only for the purposes described above. We do not sell personal data. We do not use personal data for automated decision-making or profiling.

5. Data sharing

We do not share personal data with third parties for marketing or commercial purposes. We may share data with:

• Our web hosting provider, who processes server log data on our behalf as a data processor.

• Professional advisers (legal, accounting) where required, subject to confidentiality obligations.

• Competent authorities where required by applicable law.

6. International transfers

Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR.

7. Data retention

Server log data is retained for the minimum period necessary for security purposes, typically no longer than 90 days unless a longer period is required for the investigation of an incident.

Email correspondence is retained for as long as necessary for the purposes for which it was received, or as required by applicable law.

8. Your rights

Under GDPR, you have the right to:

• Access the personal data we hold about you.

• Rectification of inaccurate or incomplete data.

• Erasure of your personal data in certain circumstances.

• Restriction of processing in certain circumstances.

• Portability of data you have provided to us.

• Object to processing based on legitimate interests.

• Lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.

To exercise any of these rights, contact us at post@horisontcg.com. We will respond within 30 days.

9. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

10. Changes to this policy

We may update this policy from time to time. The effective date at the top of this page indicates when it was last revised. Where changes are material, we will take appropriate steps to bring them to your attention.