Last updated: 04.10.2025
Data Processor: Reai AS
(org no: 935606403
), Søndre Kullerød 8, 3241 Sandefjord
, Norway
Contact: post@reai.no
, Tel: 47958629
These terms describe how ReAI AS processes personal data on behalf of its customers (“Customer”) when using ReAI services. This is a web-published, simplified DPA that complies with GDPR and Norwegian privacy law. It is not intended for separate signing.
1. Roles and Instructions
The Customer is the data controller and determines purposes/means. ReAI AS is the data processor and processes data only according to documented instructions from the Customer and these terms.
2. What data and who
Typically processed data: contact information (name, email, phone), user/customer IDs, accounting and transaction data entered by the Customer, and technical logs (IP, browser/OS) for operations/security.
Special categories of data are not processed without a separate written agreement.
3. Purpose and legal basis
- Provision of services and support (contract/legitimate interest)
- Operations, security, troubleshooting, and fraud prevention (legitimate interest)
- Service-related communication/notifications (contract/legitimate interest)
4. Security
We implement appropriate technical and organisational measures: access control, encryption where relevant, secure development and operations practices, logging/monitoring, backups, and vulnerability/incident management.
5. Subprocessors
We may use subprocessors (hosting, email, operations). They are bound by data processor agreements with equivalent requirements. Significant changes to the supplier list may be notified. The Customer may request an overview and may object on reasonable grounds.
6. Transfers outside the EEA
Only occur with a valid transfer basis (e.g., EU Standard Contractual Clauses, Data Privacy Framework) and necessary supplementary measures.
7. Retention period
Personal data is stored as long as necessary for the purpose. After this, data is anonymised or deleted according to our routines and legal requirements. Technical logs normally have a shorter retention period.
8. Breaches/incidents
In the event of a personal data security breach, we notify the Customer without undue delay and share available information for the Customer’s assessment and any regulatory notifications.
9. Assistance to the Customer
We reasonably assist with requests from data subjects (access, correction, deletion, data portability), DPIA activities, and compliance documentation.
10. Upon termination of the agreement
The Customer may choose deletion or return of personal data. Deletion is confirmed. Copies in backups are removed according to normal rotation unless law requires further retention.
11. Customer obligations (brief)
The Customer must have a valid processing basis, provide required privacy information, and configure/use the service in accordance with GDPR and these terms.
12. Changes
We may update these terms as needed. Material changes will be clearly notified before taking effect.
13. Contact
Questions about these terms or privacy: post@reai.no
Note: This document is intended for simple, public web viewing as part of our terms. For customers needing detailed regulatory annexes, we can provide an extended DPA on request.