Privacy Policy for inApril’s website

Last updated: March 2025

Intro

inApril AS (“inApril”, “we”, “us” or “our”), with company registration no. 911 997 355, is a Norwegian private limited liability company launched in 2012 with the aim of transforming the seabed seismic industry by developing the next generation of node-based systems. We take your privacy seriously, and we will make sure to keep your personal data private and secure.

This Privacy Policy describes how inApril, as data controller, processes personal data that we collect or receive through your visit to our website www.inapril.no, your application for a job at inApril or when you interact with us (collectively the “Services”).

It is important that you read this Privacy Policy and understand how we collect, store and otherwise process your personal data. You are advised to periodically review this Privacy Policy for any updates that are done due to legislative amendments, changes in our practice or for other reasons.

inApril is, as Norwegian company, obligated to process your personal data in accordance with the Norwegian Personal Data Act of 2018 and the EU General Data Protection Regulation 2016/679 (GDPR), regardless of where you, as a Data Subject, are located in the world. If you are a resident outside the EU/EEA, you may have additional or supplementary rights in accordance with national or local data privacy regulations. In such cases, we will inform you of these rights as far as possible, as well as make it possible for you to exercise these rights.

Legal basis and purpose of the processing

We process your personal data to be able to provide our Services in their entirety and improve them. We collect store and use personal data for several purposes and on different legal basis.

Legitimate interest

inApril processes personal data on the basis of our legitimate interests, not overridden by your rights. The legal basis of processing your information is legitimate interests for the following purposes:

  • To provide you with the website and the applications.
  • To process and respond to your requests and inquiries.
  • To promote, develop and improve our Services, products and content.
  • To ensure the technical functionality of the website and the applications
  • To prevent fraud and perform other security measures

Legal obligation

inApril must comply with applicable law and may therefor process your personal data if you are a contact person for your company. The basis of our processing is legal obligations for the following purposes:

  • Bookkeeping.

Performance of a contract

In order to deliver the Services and in order to offer selected candidates positions with inApril we will process necessary and provided personal data. The basis of our processing is in order to perform a contract to which you are part of.

Consent

In the case where a processing activity is not covered by our legitimate interest, inApril will ensure to collect your consent for such processing.

What personal data we collect, and why

I short, you may be a Data Subject in the context as a visitor to our website, as a job applicant, or as a contact person for a company.

Below we have listed all the specific ways we collect data from you and what categories of data we typically process, as well as the legal basis for such processing. 

Please note that we only process your personal data to the extent that it is necessary for the performance of the below-mentioned purposes.

Customer relations

When your company reach out or register as a customer with us, the entity must provide us with certain information that we collect and process in our customer relation management overview. This includes the entity’s contact person’s name and contact information, entity information, communications with us, as well as other information the company provide us with in relation to its customer relationship with us. 

We collect and process this information to be able to provide you with a contractual service (GDPR art. 6.1 b) and to uphold our legitimate interest in improving our relations to our customers and to be able to provide good customer care and service (GDPR art. 6.1 f). 

In some cases, we are also compelled to process information for compliance with a legal obligation, such as compliance with the Norwegian Bookkeeping Act, or when required by law, court orders or legal processes (GDPR art. 6.1 c).

Reporting Channel for Ethics and Data Protection Requests

inApril offers a dedicated and secure channel for individuals to submit reports relating to potential breaches of ethical conduct, anti-corruption policies, or to exercise their rights under data protection laws (such as requests for access, correction, or deletion of personal data). DSAR-request cannot be submitted anonymously and will be processed by inApril, though received and forwarded by third party provider.

This channel is accessible via telephone or email and is managed by an independent third-party service provider to ensure confidentiality. Personal data submitted through this reporting tool is processed strictly for the purpose of investigating reports, ensuring compliance, and handling data subject rights. The legal basis for this processing includes compliance with legal obligations (GDPR Art. 6(1)(c)) and our legitimate interest in upholding corporate responsibility (GDPR Art. 6(1)(f)).

Where reports contain special categories of data, processing will be based on explicit consent or where necessary to establish, exercise, or defend legal claims. All reports are handled in accordance with applicable data protection regulations.

When applying for a position with us

You are welcome to apply for a position with us. If you decide to do so, we will ask you to provide certain categories of personal data:

  • Basic information: e.g. name, date of birth and nationality;
  • Contact information: e.g. your address, e-mail and phone number;
  • Qualifications: e.g. your CV, application, portfolio, diplomas and transcripts of records,
  • language knowledge, courses, certifications and any other information you provide us with in your application or interviews with us;
  • Background information: e.g. information provided to us by your references, which we either collect through official sources or through references you provide us with; and
  • Our assessments: i.e. assessments and comments we make in relation to our internal assessment of your application.

You provide us with such personal information, as well as any other information that you might choose to share with us in this respect, on a voluntary basis. We will collect and process this information in order to respond to your application and to consider whether to enter into an employment contract with you (ref. GDPR art. 6(1) letter b). We will delete the information related to your application as soon as it is no longer relevant for this purpose.

External Links and Social Media

Our website has links to other sites, which have their own privacy policies. If you provide personal data to these sites, their privacy policies apply. inApril is not responsible for how these sites handle your data. We recommend reading their privacy policies and Terms of Use.

If you like, comment or interact in any way with our page on social media, some of your personal information becomes available to us such as your name, profile picture, comments and likes. All this information is specifically and voluntarily provided by visitors to the respective social media page. 

We do not store this information anywhere, though it will still be available to us on the social media page. We may use this information to track trends, engagement and likes, and we do not use this information otherwise unless it is to get in contact with you directly to respond to your comment or interaction. 

We collect this information to uphold our legitimate interest in marketing of our products and services. The processing also upholds our legitimate interest in replying to your requests or questions, and in order to stay updated on trends and likes (GDPR art. 6.1 f).

Cookies

We collect personal information through our own and third-party cookies found on the Sites. Cookies are small amounts of data that may include a unique identifier that may be stored on your device. Some of these cookies are persistent, which means that they will still be stored on your electronic device for a limited period of time after you have left our website. Session cookies are deleted as soon as you leave the website.

We use cookies to collect information and control access to our services. We use both necessary and functional cookies for these purposes. You can set your device to reject our use of cookies, but please note that you may lose access to parts of our services where we use necessary or functional cookies.

Data storage and how we share and disclose information

Data processors

Some of our service providers are located outside the EU/EEA. In the event that personal data is transferred to subcontractors in third countries the transfers will be performed according to prevailing data protection regulations, including GDPR chapter V, ensuring the safety of the personal data is equivalent to the protection in EU/EEA. We use external subcontractors for hosting services, fulfilling and delivering orders, providing HR and technical support, security and accounting.

In the event of criminal prosecution or other cases against our customers, users or suppliers, we may be obliged to entrust personal data and use this data for the establishment, exercise or defense of legal claims.

We will never sell, transfer or otherwise share personal data for any reason other than defined in this Privacy Policy, unless required by law or with your explicit consent.

Third parties

We may share information with affiliates and/or other third parties. We only allow our third-party service providers to use information we share with them for what is strictly necessary to perform the service they provide to us.

Beyond that, we will not share, publish, sell or otherwise hand over any of your personal data to any third parties without you specifically asking us to do so.

Your rights

You have several rights under the applicable data protection regulations. We have provided a list of the rights you can exercise in your relationship with us as a data controller below. If you wish to exercise your rights, please contact us and we will respond to your inquiry as soon as possible, but no later than a month after the receipt of your enquiry.

Access

Most of the data we process about you is available to you on our Services. You still have a general right of access to the personal data we have registered about you.

Rectification and erasure

You have a general right to request that we should rectify any incorrect personal data about you and erase personal data about you. Please note that personal data that is essential to the customer relationship with us cannot be deleted, unless you also explicitly request termination of the customer relationship with us.

Restriction

You have a general right to ask us to stop (“freeze”) the processing of your personal data, e.g. where you are of the opinion that we process personal data about you illegally and you do not wish us to erase these data pursuant to our routines for such erasure until the matter has been clarified.

Data portability

You have a general right to request transfer of your personal data in a common, machine-readable format.

Objection

You have a general right to object to our processing of personal data about you if this is justified by special circumstances on your part.

Withdraw your consent

If our processing of personal data is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Enforcement and the right to complain

In accordance with the GDPR, we undertake to address complaints regarding your privacy and our collection and use of your personal data. Inquiries or complaints regarding this Privacy Policy should first be directed to us (see Reporting Channel for Ethics and Data Protection Requests section).

If you have reservations or grounds to complain about our processing of your personal data, you can also submit an appeal to the Norwegian Data Protection Authority (Datatilsynet). We ask that you contact us beforehand, so that we may clarify any misunderstandings.

Duration of storage of personal data

Your personal data will not be stored for longer than needed for the purposes mentioned in this Privacy Policy, unless we are compelled by law to store this data any longer.

Updating this Privacy Policy

We may amend this Privacy Policy from time to time. The most up-to-date version of our Privacy Police will always be available on our website.‍

Contact

If you have any questions or concerns regarding the processing of your personal data, or if you wish to exercise one or more of your data protection rights, please contact us. Please note that we may ask you to verify your identity before responding to such requests.