Privacy policy

1. Data controller

Strise acts as the data controller for any processing of personal data in connection with providing you with information and offering you services on our website www.strise.ai and through the Strise Software (the "Services"), as well as personal data we process for the purposes listed below.

Our contact information is:

Strise AS
℅ DIGS -Krambugata 2
7011 Trondheim,Norway
privacy@strise.ai

2. Purpose and legal basis for the processing of personal data

In general, Strise collects and processes personal data to be able to provide you with relevant information related to the Services, including as required by legal obligations. More specifically, we collect and process personal data on the basis of your explicit consent (ref. GDPR art. 6(1) letter a), to uphold our legitimate interest in fulfilling our contractual obligations with the company you act on behalf of, to uphold our legitimate interest in providing you with the best experience possible in relation to our webpage information and provided Services, to uphold our legitimate interest in providing the Strise Software to our customers, and to uphold our legitimate interest in processing any legal claims (ref. GDPR art. 6(1) letter f), as well as for compliance with our legal obligations (ref. GDPR art. 6(1) letter c).

We only process your personal data to the extent that it is necessary for the performance of our Services or any other contractual obligations, including as required by legal obligations, for pursuing our legitimate interests, or to the extent you have consented to any processing.

Below we have listed all the specific ways we process personal data and what categories of personal data we typically process, as well as the purpose and legal bases for such processing:

• a) Website: When you visit our website and use our digital services, we collect certain information from your computer or internet connection. This may include your IP-address, date and time of your visit, duration of your visit, content of your request (such as the specific page you visit), the website you were referred from, which pages you visit on our website, your internet service provider, your browser type and version, as well as your operating system.
  ‍
• We collect this information to uphold our legitimate interests in being able to display our website to you, measuring and improving the performance of our digital channels, as well as marketing our Services (ref. GDPR art. 6(1) letter f).
  ‍
  Please see further information about our use of cookies in the Cookie Policy on our website, including what cookies that will require your explicit consent (ref. GDPR art. 6(1) letter a).

• b) Use of Strise Software: When you register as an individual user for your company in the Strise Software, we may process your personal data. This may include your name, e-mail, company, IP- address, and certain usage of the Software.
• ‍
  We process this personal data for the purpose of delivering the agreed Service to the customer that the user works for. The legal basis for the processing is to uphold our legitimate interests in being able to carry out a contract with the company the user acts on behalf of (ref. GDPR art. 6(1) letter f).
• ‍
  When we enter into a customer agreement with a company that you represent, we will enter into a data processing agreement with the customer. If you act as a contact person for your company, we may process your personal data as an individual data controller on the basis of our legitimate interest in entering into and fulfilling a contract with your company (ref. GDPR art. 6(1) letter f). We may further store your personal data as a contact person, such as your name, work email, company and role, on the basis of our legal obligations. More specifically, we may need to store the customer contract with your company as well as any invoices on the basis of our bookkeeping obligations in the Norwegian Bookkeeping Act Section 13 (ref. GDPR art. 6(1) letter c), which requires Strise as a company to store bookkeeping information for bookkeeping purposes up to 3,5 or 5 years.

• c) Personal data in the Strise Software: The Strise Software is an artificial intelligence driven decision support service which collects and analyses data to provide information about companies for i.e. prospecting, sales, anti-money laundering and due diligence purposes. The Software targets business- related information, but a limited amount of personal data concerning physical persons may be processed in the Software. This is due to the person's public role in a company, such as CEO, board member, steering committee member, beneficial owner, or minority shareholder. This may include the following categories of personal data:
  ‍
  • 1. Personal and contact information, such as name, date of birth, gender, country, zip code and address, phone, e-mail, spouse;
       ‍
    2. Business-related information such as title, role, position, company/legal entity, business history, income, connections; and
       ‍
    3. Other information such as news stories where the person is mentioned, legal proceedings where the person is publicly announced, PEP/sanctions status of the person.

The Software may further process personal data through the use of flags/flagging in the Software. By this we mean that the Software may indicate to the user that a physical person is connected to a predetermined factor by showing a flag. A physical person may be flagged in the Software in three different scenarios: i) if they have a role in a company at the time a flagged event occurs with the company, i.e. the company is bankrupt, ii) if a person is on a Politically Exposed Person (PEP) list or a sanctions list, or iii) if the person is linked to hits from Adverse Media Screening (AMS), which entails a combination of name match and relevant, predetermined AMS terms (like tax evasion, fraud, litigation etc.), as well as additional factors to classify the connection between the two.
‍
The personal data is collected from sources within the public domain, such as news, public records, social media posts, company websites, press releases or otherwise disclosed. Strise also uses third party providers to collect some of the personal data. The Software only provides the customer with a functionality to shorten and streamline the access to any relevant company related information. Strise uses intelligent systems to filter the information before providing it to its customers. All personal data is updated when the source of information is updated.
‍
Strise processes personal data in the Software for the purpose of providing the services within the Software to Strise's customers, hereunder providing information about legal entities in the system that is as complete as possible, to update and improve the Software and to offer support and functionality. The legal basis for the processing of personal data in the Software is our legitimate interest in providing the Software to our customers for the above mentioned purposes (ref. GDPR art. 6(1) letter f). Please note that you have the right to object to our processing of your personal data in the Strise Software, ref. GDPR art. 21(1). In such instances, Strise may only continue to process your personal data if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
‍
If the personal data in the Software reveals special categories of personal data pursuant to GDPR article 9 no. 1, such as information regarding sexual orientation, health data and political opinions or religious beliefs, the legal basis for the processing is GDPR art. 9(2) letter e – the processing relates to personal data which are manifestly made public by the data subject.
The personal data will not be used for any other purposes than for providing the Software to Strise's customers.

d) Contacting Strise: When you use our contact form on the website to talk to sales or when you contact us with questions or requests by other means, you may provide us with information about yourself or your company. Upon doing so, we collect the information provided by you, such as; name, e-mail, phone number, company information and role, as well as any other information that you provide us with.
‍
We collect this information to be able to carry out our contract with the company you act on behalf of (ref. GDPR art. 6(1) letter f) or to uphold our legitimate interest in replying to your requests or questions (ref. GDPR art. 6(1) letter f).

e) Recordings of meetings for sales and support: We may process personal data, including video, audio and transcriptions from recorded calls, to enhance our prospecting, sales, customer support, product development and onboarding activities. These recordings and transcriptions allow us to improve service quality, ensure effective onboarding, and support our internal training and product development. Each participant will be informed in advance and can choose not to consent to the recording for the meeting. The personal data processed may include names, contact information, job titles, image, and likeness of participants, and any other information shared during recorded calls that identifies or relates to participants.

We process information to support our legitimate interest in enhancing sales processes, customer support, onboarding, and business and product development efforts, including improved interactions with both current and prospective customers, and our service in general (GDPR Art. 6(1)(f)).

f) Customer stories on our website: We may ask our customers if they are willing to share their customer stories on our website in order to advertise and inform about our Services. If you represent your company in one of these stories on our website, we may process personal data about you, such as your name, role, company and all other personal data you choose to share in the customer story.

The legal basis for processing your personal data through customer stories is our legitimate interest in promoting our Services and sharing information about our customers to other potential customers (ref. GDPR art. 6(1) letter f).

g) Newsletter and other information:  If you subscribe to our newsletter, we collect your name, e-mail and role. If you are an existing customer or user of the Strise Software, we may also send you necessary information even though you do not expressly subscribe to our newsletter.

The legal basis for sending newsletters is your explicit consent (ref. GDPR art. 6(1) letter a). The legal basis for sending e-mails to our existing customer relations or users is to uphold our legitimate interest in following up our customers by providing relevant news and relevant information about our Services (ref. GDPR art. 6(1) letter f, see also the Norwegian Marketing Act art. 15 (3)).

Anyone receiving the information items above can easily opt out using the link included in our e-mails.

h) Applying for a position with us: You are welcome to apply for a position with us, either by contacting us or by applying through our third-party provider Amby AS. If you decide to apply for a position with us, we may process the following categories of personal data:

1. • Basic information: e.g. name, date of birth and nationality;
2. Contact information; e.g. your address, e-mail and phone number;

1. Qualifications: e.g. your CV, application, diplomas and transcripts of records, language knowledge, courses, certifications, tests done in connection with the recruitment, and any other information you provide us with in your application or interviews with us;
2. Background information: e.g. information provided to us by your references, which we either collect through official sources or through references you provide us with; and
3. Our assessments: e.g. assessments and comments we make in relation to our internal assessment of your application.

Strise will not ask candidates to share special categories of personal data, however, Strise cannot rule out that such personal data will not be processed in case the candidate chooses to share this information with Strise.

The legal basis for processing personal data for recruitment purposes is to enter into a potential employment contract with you (ref. GDPR art. 6(1) letter b). If the application includes special categories of personal data, the legal basis is the employer's obligations in the field of employment law (ref. GDPR art. 9(2) letter b). Further, Strise may process personal data during and after the recruitment process on the basis of our legitimate interests in performing our own research to find the right candidate for the position to be filled (ref. GDPR art. 6(1) letter f). Strise may also keep job applications after the recruitment process is finished on the basis of your explicit consent (ref. GDPR art. 6(1) letter a and GDPR art. 9(2) letter a), if you wish for us to keep the application in the event of future job openings.

i) Social Media: When you visit or interact with our social media pages (e.g., LinkedIn, Facebook, TIkTok, Instagram, and YouTube), the platform providers process your personal data according to their own privacy policies.
‍
If you like, comment, share, or otherwise engage with our content, some personal data (such as your name, profile picture, job title, company name, and comments) may become visible to us. We may use this publicly available professional information to respond to your engagement, track trends, and—where relevant—to contact you regarding Strise’s products and services if your professional role suggests a legitimate business interest.
‍
We may also collect and store publicly available professional data from sources such as LinkedIn (e.g., name, job title, company, and business contact details) in our CRM system to facilitate B2B marketing and outreach. If we contact you, we will do so in a professional context and provide you with the opportunity to opt out of further communications.
‍
We rely on our legitimate interest (GDPR Art. 6(1)(f)) as a legal basis for this processing, ensuring that our outreach is relevant, non-intrusive, and limited to business-related interactions. We will only process personal data when users engage with Strise in a professional context. We retain this data only as long as necessary to fulfill the purpose for which it was collected. This means we periodically review stored data and delete it when it is no longer relevant for outreach or engagement. If you opt out of communications, we will register that you have opted out. You may request access to, correction of, or deletion of your data at any time by contacting us at privacy@strise.ai.
‍
For more information on how social media platforms process your personal data, please refer to their respective privacy policies:

1. https://www.facebook.com/privacy/policy/
2. https://www.linkedin.com/legal/privacy-policy
3. https://privacycenter.instagram.com/policy/
4. https://www.tiktok.com/legal/page/us/privacy-policy/en 
5. https://policies.google.com/privacy (Youtube)

3. Sources of personal data

Within the Software, Strise collects personal data primarily from open and publicly accessible sources regarding legal entities. All the data we collect is within the public domain or has been made public by the legal entities or the data subject themself, such as news, public records, social media posts, company websites, press releases or otherwise disclosed. We merely use intelligent systems to filter this information and provide this to our customers through our Services. All personal data is updated when the source of information is updated. For other processing activities, the personal data is generally collected from the data subject. Our customers may, however, share personal data with Strise relating to their individual users of the Software.

4. Third party providers and recipients of personal data

We will not share your personal data with others unless you either give us your consent to do so (ref. GDRP art. 6(1) letter a), or if we have legal basis to share your data, e.g. if we are required by law to disclose your personal data (ref. GDPR art. 6(1) letter c), or it can be justified on the basis of our legitimate interest in doing so (ref. GDPR art. 6(1) letter f).

Our customers and users of the Software have access to some or all of the personal data in relation to the legal entities they search for. Strise's customers processes personal data in the Software for their own purposes and legal bases, without any joint determination with Strise Personal data may further be disclosed to public authorities if this is necessary to fulfill a legal obligation.

Strise is currently using third parties in providing the Services, including third parties that provide cloud infrastructure, software bug reporting, and account administration. When we use third party sub- contractors or service providers to provide our Services, we will take appropriate legal precautions and corresponding technical and organizational measures in order to ensure that your personal data is protected in accordance with applicable data protection law. Our service providers may be based in locations all over the world. This means that your personal data may be transferred outside of the EU/EEA. If that is the case, we will implement appropriate security measures in accordance with chapter five of the GDPR, in order to sufficiently protect your personal data, such as agreements including EU standard contractual clauses (SCC).
‍
A copy of the list of third parties used by Strise may be available upon request by emailing at privacy@strise.ai.

5. How we protect your personal data

Both our data processors and we have implemented appropriate technical and organizational measures to ensure a sufficient level of security when processing your personal data and to prevent loss or unlawful processing (ref. GDPR art. 32). Such measures are, for example, internal routines, data processing agreements and IT-security procedures to verify access rights. More specifically, the employees of Strise have bound themselves to comply with professional secrecy and concealment regarding the information they receive during the processing of personal data. Privacy and security guidelines have been communicated to employees and privacy safeguards are strictly enforced within Strise. We will also carry out data protection impact assessments when it is likely that processing your data may result in a high risk with respect to your rights and freedoms in relation to your personal data.

6. Retention of personal data

Personal data will not be stored for longer than needed for the purposes mentioned in this Privacy Policy. In relation to personal data in the Software, this entails that personal data will be stored in the database only as long as and only to the extent that it is necessary to provide timely and accurate information to customer decision-makers as part of providing the Software. The database is automatically updated on a regular basis, and personal data will not be stored beyond a reasonable time after it has been removed from the original source. For our customers and users of the Software, this means that when our customer relationship with your company is terminated, we will erase your personal data as soon as our purpose with processing such data is no longer relevant, unless we are compelled by law or have other legal basis to store this data any longer.

7. Rights of the data subject

You have several rights under the applicable data protection regulations. We have provided a list of the rights you can exercise in your relationship with us as a data controller below. If you wish to exercise your rights, please contact us and we will respond to your inquiry as soon as possible, but in general no later than a month after the receipt of your enquiry.

1. Access: You have a general right of access to the personal data we have registered about you.
2. Rectification and erasure: You have a general right to request that we should rectify any incorrect personal data about you and erase personal data about you. Please note that personal data that is essential to the customer relationship with us cannot be deleted, unless you also explicitly request termination of the customer relationship with us.
3. Restriction: You have a general right to ask us to stop (“freeze”) the processing of your personal data, e.g. where you are of the opinion that we process personal data about you illegally and you do not wish us to erase these data pursuant to our routines for such erasure until the matter has been clarified.
4. Data portability: You have a general right to request transfer of your personal data in a common, machine-readable format.
5. Objection: You have a general right to object to our processing of personal data about you if this is justified by special circumstances on your part.
6. Right to appeal: If you do not agree with the way in which we process your personal data, you may submit an appeal to the Norwegian Data Protection Authority (in Nw: Datatilsynet). We ask that you contact us beforehand, so that we may clarify any misunderstandings.
7. Withdraw your consent: If our processing of personal data is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
   ‍

8. Changes to this Privacy Policy

We evaluate this Privacy Policy from time to time in light of changing business practices, technology and legal requirements. The most up-to-date version of our Privacy Policy is available on our website.