Norse3 Privacy Policy

Effective Date: 2 December 2025

Last Updated: 2 December 2025

Norse3 Limited (Company No. 16812462), located at 11 Dominion Way, Worthing, United Kingdom, BN14 8AQ, is committed to protecting your privacy. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in how we collect, use, and safeguard personal information. This Privacy Policy explains what data we collect through our website (https://norse3.com), how we use it, our lawful bases for processing, how long we retain data, with whom we share it, and how we keep it secure. It also describes your rights under UK data protection law and how you can contact us with any questions or requests.

Personal Data We Collect

We collect personal data that you provide to us directly, as well as some data automatically through your use of our site:

  • Information You Provide Voluntarily: When you interact with our site (for example, by filling out a contact form, subscribing to updates, or emailing us), you may give us personal information such as your name, email address, phone number, company/organization, and the content of your inquiry or message. Any personal data you choose to send us (e.g. when requesting information or support) will be collected and stored so that we can respond to you.

  • Automatically Collected Information: When you visit our website, our systems and third-party analytics tools may automatically collect certain technical data. This can include your IP address, browser type and version, device identifiers, the pages you visit on our site, the date/time of your visit, and how long you spend on each page. We also gather information about your interactions with the site (such as clicks, scrolls, and errors encountered) to help us understand usage and improve performance. This automatically collected data is generally statistical in nature and not directly used to identify you; however, it may be possible to associate it with you in combination with other information.

  • Cookies and Tracking Technologies: We use cookies and similar tracking technologies on our site. Cookies are small text files placed on your device that help the site function and provide analytics information. For example, we may use cookies to remember your preferences and to analyze website traffic. Some cookies are necessary for the site to work (e.g. to enable core features), while others are optional analytics or performance cookies. We will request your consent for any non-essential cookies, in compliance with applicable laws. You can control or disable cookies through your browser settings, but note that some site features may not function properly if cookies are refused. Please see our Cookie Policy (available on our website) for more detailed information about the cookies and tracking technologies we use and how you can manage them.

How We Use Your Personal Data

We will only use your personal data for clear and legitimate purposes. In general, we use the information we collect for the following purposes:

  • To Respond to Inquiries and Provide Services: We use contact information (like your name and email) and any details you provide to respond to your questions, requests, or feedback. For example, if you contact us via a form or email, we will use your provided information to communicate with you and address your inquiry.

  • To Operate and Improve Our Website and Services: We process usage data (including analytics and log information) to analyze how our website is used and to improve its content, functionality, and user experience. This helps us understand what parts of our site are most useful to visitors, fix problems, and make informed decisions about new content or features. We may also use personal data internally for troubleshooting, data analysis, testing, research, and statistical purposes.

  • For Marketing and Communications (with Consent): If you expressly consent (for example, by subscribing to a newsletter or opting in to receive updates), we will use your contact details to send you marketing communications about our products, services, or events that we believe may interest you. You can opt out of such communications at any time (see "Your Rights" below on withdrawing consent). We will not send you marketing emails or texts unless you have given us permission to do so.

  • For Legal Compliance and Security: We may process personal data as necessary to comply with our legal obligations. This includes using and retaining certain data to satisfy record-keeping requirements (for example, keeping transaction records for tax and accounting purposes) or to respond to lawful requests by public authorities. Additionally, we use personal data to maintain the security of our website, prevent fraud, resolve disputes, enforce our terms of service, and protect our legal rights. This may involve monitoring for suspicious activity and using your information to prevent or detect misuse of our site.

We will not use your personal data for purposes that are incompatible with the above, and we do not engage in automated decision-making or profiling that has legal or similarly significant effects on you.

Lawful Basis for Processing

Under the UK GDPR, we must have a valid lawful basis to process your personal data. We ensure that at least one of the following lawful bases applies whenever we process personal information:

  • Consent: In cases where we specifically ask for your consent to process data, we will only process your data for the purpose you agreed to. For example, we rely on consent to send you marketing emails or to place certain non-essential cookies on your device. If you give consent, you have the right to withdraw it at any time (see "Your Rights" below), and we will stop the processing that was based on consent. Note: If you contact us or voluntarily provide information, we take that as consent to use your information for the purposes of responding to you or providing the requested service (you can still ask us to delete your data afterward if you wish).

  • Performance of a Contract (or Steps Prior to a Contract): If you become a customer or client of Norse3, or you request our products/services, we will process your personal data as needed to fulfill our contractual obligations to you. For instance, where you have entered into an agreement with us for services, we must use your information to deliver those services. Similarly, if you inquire about our services or request a quote, we may need to use your contact and related information to take steps at your request before potentially entering into a contract (for example, discussing your requirements or preparing an offer).

  • Legitimate Interests: We may process your data as necessary for Norse3's legitimate business interests, provided that those interests are not overridden by your data protection rights. This means we have assessed that the processing is needed for purposes that can benefit our business (such as effective service delivery or improving our offerings) and that it does not unfairly impact your privacy. For example, it is in our legitimate interest to use certain data to maintain and improve our website and services, to communicate with you regarding your inquiries, and to ensure IT security and fraud prevention. We may also use analytics to understand our audience and market our services (in a measured way) as part of our business interests. In all cases where we rely on legitimate interests, we will consider your rights and expectations and will put in place appropriate safeguards to protect your privacy. You have the right to object to processing based on our legitimate interests (see "Your Rights" below).

  • Legal Obligation: We will process or retain personal data where we are required to by law. This includes situations such as complying with court orders, responding to lawful requests by government agencies, or fulfilling accounting and tax requirements. For example, UK law may require us to keep certain transaction records for a number of years for tax or audit purposes. When processing is necessary for compliance with a legal obligation, this will be our lawful basis.

We will typically identify the applicable lawful basis at the point we collect your personal data (for instance, by indicating when something is voluntary/consensual). If you have questions about the specific legal basis for any particular processing of your data, feel free to contact us for more information.

Data Retention: How Long We Keep Your Data

We will not retain your personal data for longer than is necessary for the purposes we collected it, unless a longer retention period is required or permitted by law. In practice, this means:

  • General Retention Periods: For inquiry data (e.g. information you provide when contacting us), we will typically retain your information for as long as needed to respond to and resolve your inquiry, and for a short additional period in case you have follow-up questions. If you become a client, we may retain your data for the duration of our relationship and as long as necessary thereafter to continue providing services or support. For marketing communications, we will retain your contact details until you unsubscribe or withdraw your consent (or the information is otherwise no longer needed). Automatically collected usage data may be retained for internal analysis purposes; such data is generally retained for a shorter period, except when used to strengthen security or improve our services, or we are legally obligated to retain it.

  • Legal and Business Requirements: In some cases, we may need to keep certain information for longer periods to meet legal obligations or legitimate business needs. For example, we are required by law to retain certain financial or transactional records for a number of years for tax, audit, or compliance purposes. We may also retain information as necessary to resolve disputes, enforce our agreements, or protect our legal rights. In all such cases, we will ensure the confidentiality of the data and will not use it for any purpose other than the reason it must be kept.

When personal data is no longer required for the purposes for which it was collected (and no legal requirement to keep it exists), we will either securely delete it or anonymize it (remove identifying details) so that it can no longer be associated with you. If deletion or anonymization is not immediately possible (for example, because the data is stored in backup archives), we will securely store and isolate it from further use until deletion is feasible.

Sharing of Personal Data with Third Parties

We treat your personal data with care and confidentiality. We do not sell or rent your personal information to third parties for their own marketing purposes. However, we may share your data with certain trusted third parties in order to run our business, provide our services to you, or as otherwise described below:

  • Service Providers: We use third-party companies and individuals to support our website and operations. This includes, for example, website hosting providers (who may store or process data on our behalf), IT infrastructure providers, email service providers, analytics services, and other technical support. We only share data with these providers to the extent necessary for them to perform their services for us (for instance, giving our hosting provider the information required to serve the website, or allowing an analytics tool to collect site usage data). These third parties are contractually obligated to handle data securely and only for the purposes we specify.

  • Analytics and Tracking Tools: We may share certain limited data with analytics services to help us understand how our site is used. For example, we use Google Analytics (a web analytics service) to collect information about website traffic and usage patterns. Google Analytics may process your IP address and other technical data for these purposes. However, we configure such tools to respect privacy as much as possible (for instance, by anonymizing IP addresses where feasible). The information obtained through analytics is generally aggregated and used to improve our site. You can opt out of Google Analytics by using a browser add-on if you prefer, or by rejecting analytics cookies via our cookie consent banner.

  • Business Partners and Affiliates: If Norse3 Limited is working with partner companies or within a group structure, we may share your information with our affiliates or business partners who contribute to providing the service to you (for example, a partner involved in delivering a project you have requested). In such cases we will ensure those parties are also bound to protect your data and use it only for the relevant purposes.

  • Legal Requirements and Protection: We may disclose personal data to third parties (such as regulators, law enforcement or legal advisors) if required to do so by law, or if we believe in good faith that such action is necessary to (a) comply with a legal obligation or request, (b) protect the rights, property, or safety of Norse3, our users, or others, or (c) investigate fraud or security issues. For example, we may need to provide information in response to a court order or enforceable government request.

  • Corporate Transactions: In the event that Norse3 Limited is involved in a merger, acquisition, sale of assets, or similar corporate transaction, personal data may be transferred to the new owner or party in control as part of that deal. We would only do this in compliance with data protection laws, and the receiving party would be required to honor the commitments we have made in this Privacy Policy.

Whenever we share your data with third parties, we only do so after ensuring that your information will be handled with appropriate safeguards and security. We require all third-party recipients to process your personal data in a manner that is consistent with this policy and in accordance with applicable law. Aside from the situations outlined above, you will be notified and/or asked for consent before your personal data is shared with any other third parties.

Data Security

We take the security of your personal data very seriously. Norse3 Limited has implemented appropriate technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include, for example, storing data on secure servers, using encryption protocols (such as HTTPS/TLS) to protect data in transit, and restricting access to personal data to only those employees, contractors, and service providers who need it for the purposes described above. We regularly review our security practices and update them in line with technological developments and regulatory requirements.

While we strive to protect all information, please note that no method of transmission over the Internet or method of electronic storage is completely secure. Despite our best efforts, we cannot guarantee absolute security of your data. However, we have procedures in place to deal with any suspected data security breaches. In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant supervisory authority (the ICO in the UK) when we are legally required to do so, and will take all reasonable steps to mitigate any potential harm.

You also play a role in keeping your data secure. We encourage you to use strong, unique passwords and to protect your own devices and accounts against unauthorized access. If you believe your interaction with us or your data may no longer be secure (for example, if you suspect that the security of an account you have with us has been compromised), please contact us immediately so that we can help resolve the issue.

International Data Transfers

Norse3 is based in the United Kingdom, and generally we aim to store and process personal data within the UK or the European Economic Area (EEA). However, some of the third-party service providers we use or technical systems in place might involve transferring or accessing personal data from other countries. For example, if we use a cloud hosting service or an analytics provider located outside the UK, your data may be transferred to or stored on servers in another country.

Whenever we transfer personal data outside of the UK (or outside of the UK/EEA region), we will ensure that adequate protections are in place as required by UK data protection law. In particular, we will only transfer data to countries that have been officially deemed to provide an adequate level of data protection, or we will use approved safeguards such as Standard Contractual Clauses (SCCs) or an equivalent legal mechanism to ensure your data remains protected. We will also take any additional steps required under UK GDPR to legitimize the transfer. This means your rights and protections will travel with your data.

If you would like more information about the specific mechanisms we use for international data transfers (if any), please contact us using the details provided in the "Contact Us" section.

Your Rights Under UK GDPR

Under UK data protection law, you have a number of important rights regarding your personal data. We respect and uphold these rights, which include:

  • Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy, together with any just-in-time notices we provide when collecting your data, is intended to keep you informed about how we handle your information.

  • Right of Access: You have the right to request access to the personal data we hold about you, and to obtain information about how we process it. This is sometimes called a "Data Subject Access Request." Upon request, we will provide you with a copy of the personal data we have about you, in accordance with the law. In most cases we will not charge a fee for this, and we will respond within one month (or the legally required timeframe).

  • Right to Rectification: If any of the personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected or updated. Upon your request, we will rectify any incorrect or incomplete data about you to ensure it is accurate.

  • Right to Erasure: You have the right to request that we delete your personal data in certain circumstances (this is also known as the "right to be forgotten"). For example, you can ask us to erase data if it is no longer necessary for the purpose we collected it, if you have withdrawn your consent (where the processing was based on consent), or if you object to our processing (see below) and we have no overriding legitimate grounds to continue. Please note that this right is not absolute – sometimes we may need to retain certain information if required by law or for legitimate business reasons (we will inform you if that is the case). We will always assess and respond to erasure requests on a case-by-case basis, in line with the UK GDPR.

  • Right to Restrict Processing: You have the right to request that we suspend or limit the processing of your personal data in certain situations. For instance, if you contest the accuracy of the data or have objected to our processing, you can ask us to restrict processing while we address your concern. When processing is restricted, we are still permitted to store your data but not use it further until the issue is resolved (apart from certain exceptions, such as ensuring the data is not processed in the future or as needed for legal claims).

  • Right to Data Portability: In cases where we process your personal data by automated means based on your consent or on a contract, you have the right to data portability. This means you can request that we provide the personal data you gave us in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another data controller (or to have us transfer it for you, where technically feasible). This right exists to help you reuse your data across different services. It applies only to information you have provided to us.

  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances. You can object at any time to processing for direct marketing purposes, and if you do so we will stop processing your data for that purpose. You can also object if we are processing your data based on legitimate interests (or performing a task in the public interest), and you believe that such processing has a disproportionate impact on your rights. In some cases we may have compelling legitimate grounds to continue processing despite your objection, but we will assess each objection carefully. If you object to any direct marketing, we will cease using your data for that marketing promptly.

  • Right to Withdraw Consent: If we are processing your personal data on the basis of your consent, you have the right to withdraw that consent at any time. For example, if you have subscribed to our newsletter and no longer wish to receive it, you can withdraw your consent and we will stop that processing. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. (Note: You can withdraw consent to marketing communications by using the "unsubscribe" link in our emails or by contacting us directly.)

  • Rights Related to Automated Decision Making: As noted above, Norse3 does not currently engage in any fully automated decision-making (without human involvement) that produces legal or similarly significant effects. However, we mention this for completeness: if we ever did so, you would have the right not to be subject to a decision based solely on automated processing that significantly affects you, and the right to human intervention and to express your point of view.

  • Right to Complain: If you have a concern or complaint about how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), which is the supervisory authority for data protection issues in the UK. You can find more information about how to contact the ICO and your rights on their website: www.ico.org.uk. The ICO's address is Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. We ask that before you escalate a complaint to the ICO, you please consider contacting us first to give us a chance to address your concerns. We take privacy complaints seriously and will investigate any complaint and attempt to resolve it to your satisfaction.

Exercising Your Rights: You can exercise any of your rights by contacting us using the details in the "Contact Us" section below. We may need to ask you for certain information to verify your identity before fulfilling your request (this is to protect your data from unauthorized access). In general, you will not have to pay a fee to exercise your rights. However, if a request is manifestly unfounded or excessive (for example, repetitive requests), we may charge a reasonable fee or, in rare cases, refuse to act on the request. We will explain any such decision to you if it arises. We will respond to all legitimate requests as quickly as possible and within the timeframe required by law (usually within one month).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us.

You can reach Norse3 Limited by email or postal mail as follows:

Email: privacy@norse3.com

Postal Address: Data Protection – Norse3 Limited, 11 Dominion Way, Worthing, BN14 8AQ, United Kingdom

We will endeavor to respond to your query or request promptly and professionally. If you are contacting us to exercise one of your data protection rights, please provide sufficient information for us to verify your identity and locate your records (for example, your name, contact information, and the nature of your request). This will help us to process your request as efficiently as possible.

Third-Party Links

Our website may contain links to websites or services operated by third parties (for example, social media pages or partner websites). Please be aware that this Privacy Policy applies only to Norse3's website and not to any third-party websites that we do not control. We are not responsible for the content, privacy practices, or handling of personal data by any external sites. If you follow a link to any other website, we recommend you review that third party's privacy policy to understand how they may collect and use your information.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify users by posting the updated policy on this page with a new effective date, and/or by additional means if required by law. We encourage you to review this page periodically to stay informed about how we are protecting your information.

In the event of any material changes that affect how your personal data is processed, we may also seek your consent if required. Your continued use of our website after any changes to this Privacy Policy indicates your acceptance of the revised terms.

This Privacy Policy is issued by Norse3 Limited. If you have any questions about the content of this policy, please contact us at the email or address provided above. We are committed to protecting your privacy and ensuring that we handle personal data in compliance with UK GDPR and the Data Protection Act 2018.

Cookie Preferences

Manage your cookie settings to control how we collect and use data on this site.

Google Analytics (Tracking)

Helps us understand site usage and improve your experience.

Marketing Cookies

Used to deliver relevant content and promotional messages.

Performance Cookies

Enhance site performance and ensure smooth functionality.