Riskpilotby Risika
Sign inGet full access

Privacy Policy

How Riskpilot handles personal data on the Norway site.

Last updated

Who we are

Riskpilot is operated by Risika A/S, a Danish data company registered with the Danish Business Authority under CVR 37677892. Risika A/S is the data controller for personal data processed on this site, including the Norway edition.

Privacy enquiries: privacy@risika.com. General contact: hello@risika.com.

We have not appointed a Data Protection Officer. Risika A/S falls below the thresholds in Article 37 of the GDPR that make a DPO mandatory; privacy enquiries are handled directly by the addresses above.

What data we process

Riskpilot publishes information sourced from official Nordic business registers. The data shown on company and person pages typically includes:

  • Company identifiers (registration number, legal form, status, founding date).
  • Registered addresses and contact details where filed with the register.
  • Financial information from filed annual reports — revenue, results, balance-sheet items and ratios.
  • Names and roles of directors, board members, auditors and beneficial owners as published by the relevant register.
  • Industry classification (NACE) and ownership / corporate hierarchy.

All of this is data the registers themselves publish as part of their statutory transparency mandates. Riskpilot does not add private or unpublished personal data on top.

Where the data comes from

Personal data on Riskpilot originates from the five official Nordic business registers:

  • Denmark — CVR / Virk.dk (Danish Business Authority)
  • Norway — Brønnøysund Register Centre (Brreg)
  • Sweden — Bolagsverket
  • Finland — YTJ / PRH (Finnish Patent and Registration Office)
  • Iceland — Registers Iceland

For the Norway edition, the primary upstream source is Brønnøysundsregistrene. Each register publishes its data under its own open-data terms; Riskpilot reuses it in line with those terms.

Why we process it (lawful basis)

The lawful basis for processing register-sourced personal data on Riskpilot is legitimate interests under Article 6(1)(f) of the GDPR. Riskpilot's legitimate interest is to make already-public Nordic company information searchable and accessible, supporting transparency in business — used by journalists, investors, procurement teams, counterparties and the general public.

We have weighed this interest against the rights and freedoms of the individuals named (typically directors and beneficial owners). Because the underlying data is already published by statutory registers in the data subject's own jurisdiction, and because we surface only those public fields, we consider the impact on individual privacy to be limited.

For account-based products on risika.com the lawful basis is performance of a contract under Article 6(1)(b). Those products are out of scope of this Riskpilot policy.

Cookies and analytics

Riskpilot uses Google Analytics 4 (measurement ID G-WWJQK7D9L7) to understand which pages are visited and how traffic arrives. GA4 sets first-party cookies in your browser and sends pseudonymous event data to Google.

We do not run advertising cookies, retargeting pixels, or third-party social trackers. We do not sell personal data.

You can opt out of GA4 by blocking cookies in your browser settings, by using an ad-blocking or tracker-blocking extension, or by installing Google's official Analytics opt-out browser add-on.

Your rights

Under the GDPR you have the following rights in relation to personal data we process about you:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data. Note: where data is sourced from official public registers, erasure rights are narrow. The lawful, accurate version of the record lives upstream at the register, and corrections generally need to go through the register itself; we will act on register changes once they are published.
  • Restriction — ask us to limit processing while a query is being resolved.
  • Objection — object to processing carried out on the basis of legitimate interests, on grounds relating to your particular situation.
  • Complaint — lodge a complaint with a supervisory authority (see below).

How to contact us

To exercise any of the rights above, email privacy@risika.com with enough detail for us to identify the record (e.g. the company or person URL on Riskpilot). We respond to verified requests within 30 days, as required by Article 12(3) of the GDPR. Where a request is complex we may extend that period by a further two months and will tell you if we do.

Supervisory authority

If you believe we are processing your personal data unlawfully, you can complain to the Norway supervisory authority:

Datatilsynet www.datatilsynet.no

You may also complain to the Danish supervisory authority, Datatilsynet (datatilsynet.dk), which is the lead authority for Risika A/S as a Denmark-established controller.

International transfers

Google Analytics 4 may transfer event data to Google infrastructure in the United States. Google participates in the EU–US Data Privacy Framework and otherwise relies on the European Commission's Standard Contractual Clauses (SCCs) as the transfer mechanism. We do not initiate any other international transfers of personal data from Riskpilot.

Retention

Riskpilot does not store per-visitor profiles. The register-sourced content shown on company and person pages is rebuilt continuously from upstream sources, so updates and deletions made at the register propagate to Riskpilot on the next refresh. GA4 event data is retained according to the retention setting we configure in Google Analytics (currently 14 months), after which it is deleted by Google.

Updates to this policy

This policy was last updated on . When we make material changes, we'll update the date above and post a note here. Minor wording or link fixes won't bump the date.