Privacy policy

Last updated: 11 April 2026

GTI is committed to processing personal data in an open, secure, and responsible way. This privacy policy explains what information we may process when you visit our website, use forms and services on gti.no, or otherwise interact with us, and what that information is used for.

1. Who is the data controller?

The data controller for personal data processed via gti.no is:

GTI Geir Tidemann
Organisation number: 936 857 116
Email: kontakt[a]gti.no
Phone: +47 450 66 559

If you have questions about how we process personal data, you may contact us by email.

2. What information we may process

The information we process depends on how you use the website and which services you use.

We may process the following types of information:

a) Information you submit yourself

When you fill in forms or contact us, we may process information such as:

  • name
  • email address
  • company name
  • website or website URL
  • information about your company’s needs, challenges, or goals
  • other information you choose to provide in free-text fields or enquiries

b) Information related to GTI Journey Diagnostic

When you use GTI Journey Diagnostic, we may also process:

  • contact details and company information you submit
  • information about company type, needs, systems in use, and other relevant assessment-related information
  • technical metadata related to submission, report status, and delivery flow
  • report content and related system data generated as part of the service

c) Technical and analytical information

When you visit the website, we may process technical information such as:

  • IP address
  • browser and device information
  • page views and user interactions
  • time and duration
  • other statistical or event-based data where this is enabled and there is a lawful basis for processing

3. What we use the information for

We use personal data for the following purposes:

  • to respond to enquiries and follow up contact requests
  • to deliver services, content, or requested assessments
  • to carry out GTI Journey Diagnostic and deliver a report
  • to administer, improve, and secure our website and services
  • to analyse website usage and measure the effectiveness of content and user journeys
  • to document and follow up dialogue, requests, and contractual relationships
  • to maintain information security, operations, and abuse prevention

4. Legal basis for processing

We process personal data on the basis of applicable privacy legislation where processing is necessary in order to:

  • respond to enquiries and take steps prior to a possible agreement, for example when you request contact, an assessment, or a service
  • fulfil an agreement, where processing is necessary to deliver a service you have requested
  • pursue our legitimate interests, such as operation, security, documentation, further development, and improvement of our website and services, provided that your rights and freedoms do not override those interests
  • comply with legal obligations, where we are required to store or document information
  • process data based on consent, where this is necessary, for example in connection with certain cookies or tracking technologies

5. Specific information about GTI Journey Diagnostic

GTI Journey Diagnostic is a digital assessment service designed to give businesses an initial indication of the current state of their customer journeys and related working areas, and to identify possible gaps in how these function in practice.

When you use this service, we process information necessary to:

  • receive the submission
  • run the assessment flow
  • generate and deliver the report
  • handle any follow-up dialogue or communication

The free version of GTI Journey Diagnostic generates the report automatically based on the information submitted. The report is not necessarily manually reviewed or quality-assured by GTI before delivery. It should therefore be understood as an indicative assessment and an initial basis for further evaluation, not as a full analysis, technical audit, or final professional assessment.

6. Use of data processors and technical sub-processors

We use technical suppliers and tools to operate the website and deliver our services. Such suppliers may process personal data on our behalf where necessary to provide the service.

For GTI Journey Diagnostic and related workflows, we may use, among other things:

  • WordPress for website publishing and website operation
  • Forminator or a similar form solution to receive submissions
  • Make for automation and processing flows
  • Google Sheets for storing and structuring submissions, status data, and related case information
  • OpenAI for processing related to the automated generation of assessment content and report drafts
  • Google Analytics 4 and Google Tag Manager for analytics and measurement, where enabled in accordance with applicable rules and consent settings

For OpenAI, the information used in the automated generation is limited. In the current setup, company name may be included, but email address and contact person name are not sent to OpenAI as part of this processing. OpenAI states that, by default, customer data sent through the API platform is not used to train its models.

We also use Cloudflare Turnstile or equivalent CAPTCHA / bot protection to protect forms and services against misuse. This may involve the processing of technical signals such as IP address, browser data, and similar security-related information.

We aim to limit the personal data shared with sub-processors to what is necessary for the purpose.

7. Sharing of personal data

We do not sell personal data.

We only share personal data with third parties when:

  • it is necessary to deliver the service
  • it takes place through data processors or technical sub-processors acting on our behalf
  • we are legally required to do so
  • you have consented where consent is required

8. Retention period

We do not store personal data longer than necessary for the purpose for which it was collected, unless we are required to keep it longer by law or have another valid legal basis.

Retention periods may vary depending on the type of information and the purpose, for example:

  • contact enquiries are stored as long as necessary to follow up the dialogue
  • submissions and report data related to GTI Journey Diagnostic are stored as long as necessary for delivery, follow-up, documentation, and reasonable administration of the service
  • technical logs and analytics data are stored in accordance with the configuration of the relevant suppliers

If you would like information about the retention period for a specific enquiry or submission, you may contact us.

9. Information security

We work to protect personal data through relevant technical and organisational measures. This includes, among other things, access control, limiting data sharing, evaluating suppliers, and maintaining a general focus on data minimisation and secure handling.

The Norwegian Data Protection Authority also highlights privacy by design and privacy by default as important principles in the design and operation of processing activities.

Although we do our best to protect information, no digital solution can guarantee completely risk-free processing.

10. Your rights

When we process personal data about you, you may, under privacy legislation, have the right to:

  • request access to the personal data we hold about you
  • request correction of inaccurate personal data
  • request deletion of personal data where the conditions are met
  • request restriction of processing
  • object to processing based on legitimate interests
  • request data portability where relevant
  • withdraw consent where processing is based on consent

You may also lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) if you believe the processing is in breach of applicable rules.

11. Cookies and tracking technologies

We use cookies and similar technologies to ensure basic functionality, analyse website usage, and, where relevant, improve user experience and measure the effectiveness of content and services.

More information is available in our Cookie Policy.

The Norwegian Data Protection Authority states that the use of cookies and other tracking technologies requires clear information, and that non-essential cookies generally require valid prior consent.

12. Changes to this privacy policy

We may update this privacy policy when necessary, for example if we change our services, tools, or the way we process personal data. The updated version will be published on this page with a new date.

13. Contact us

If you have questions about this privacy policy or about how we process personal data, you may contact:

GTI Geir Tidemann
Organisation number: 936 857 116
Email: kontakt[a]gti.no
Phone: +47 450 66 559