<\/p>\n
Last updated:<\/b> 22. April 2026<\/p>\n
This Privacy Policy explains how Tiepoints services <\/b>(Including, but not restricted to Tiepoint P.O.R.T.A.L)<\/em> collects, uses, stores, and protects personal data. It is intended to meet the transparency requirements of the EU General Data Protection Regulation (GDPR)<\/b> and the Norwegian Personal Data Act (personopplysningsloven)<\/b>, which incorporates the GDPR into Norwegian law.<\/p>\n <\/p>\n Data Controller:<\/b> Tiepoint AS<\/p>\n Organisation number:<\/b> 928 795 098 Email:<\/b> kommunikasjon@tiepoint.no<\/p>\n If you are using Tiepoints services on behalf of a company or organisation<\/b> (e.g., your employer), that organisation may also have responsibilities under GDPR for how operational logs and personal information is used internally. If in doubt, contact your organisation’s privacy contact.<\/p>\n <\/p>\n This Privacy Policy applies to the Tiepoint P.O.R.T.A.L mobile application and related services we provide (together, the “Service”).<\/p>\n <\/p>\n We collect the following categories of personal data:<\/p>\n We do not<\/b> intentionally collect special category data (such as health data) through our Services.<\/p>\n <\/p>\n We use the data above for the following purposes:<\/p>\n <\/p>\n All processing of personal data must have a lawful basis.<\/p>\n Depending on how you use the Service, we typically rely on one or more of the following legal bases:<\/p>\n <\/p>\n Where the Service is used to support UAS operations under the Easy Access Rules: Unmanned Aircraft Systems (Regulation (EU) 2019\/947 and Regulation (EU) 2019\/945)<\/strong>,\u00a0operators are required to have procedures ensuring compliance with GDPR and to perform a data protection impact assessment (DPIA) when required by the data protection authority under GDPR Article 35.<\/p>\n <\/p>\n <\/p>\n We follow the GDPR principle of storage limitation: we keep personal data only as long as needed for the purposes described above, and as required by law.<\/p>\n <\/p>\n Operational logs (including location data recorded as part of the log) are retained where required for drone operator record keeping. Pilot information is retained for at least 5 years<\/b>, but will not be deleted unless the pilot activily requests such an action.<\/p>\n This retention aligns with EU UAS rules of operations under the Easy Access Rules: Unmanned Aircraft Systems (Regulation (EU) 2019\/947 and Regulation (EU) 2019\/945)<\/strong>, where the UAS operator must keep and maintain up\u2011to\u2011date records including:<\/p>\n These retentions are also applicable for the Norwegian Civil Aviation Authority (Luftfartstilsynet) for operations in Norway.<\/p>\n <\/p>\n After the minimum retention period:<\/p>\n <\/p>\n Drone regulations and operator requirements commonly involve maintaining operational logs (e.g., flight time records with key details).<\/p>\n For specific-category documentation, Luftfartstilsynet checklists also expect operators to describe how and how long logs and documents are stored<\/b>, referring to UAS.SPEC.050 record\u2011keeping requirements.<\/p>\n <\/p>\n We do not sell, rent, or share your personal data with third\u2011party companies for their own use.<\/b><\/p>\n We may disclose personal data only in limited situations, such as:<\/p>\n <\/p>\n We aim to store and process personal data within the EEA (including Norway)<\/b>.<\/p>\n If, in the future, personal data is transferred outside the EEA, we will ensure an appropriate transfer mechanism is in place (e.g., EU Standard Contractual Clauses), and we will update this Privacy Policy accordingly.<\/p>\n <\/p>\n We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, loss, or misuse. Measures may include access controls, encryption in transit and\/or at rest, logging and monitoring, and role-based access where relevant.<\/p>\n No system can be guaranteed 100% secure, but we work continuously to protect your data.<\/p>\n <\/p>\n You have rights under GDPR and Norwegian law, including:<\/p>\n As a main rule, you are entitled to receive a response within one month<\/b> after contacting us about your rights.<\/p>\n Please note: if we must retain certain logs for legal\/regulatory reasons, we may not be able to delete\/anonymise those records immediately upon request; instead, we will restrict use where possible while meeting our obligations.<\/p>\n <\/p>\n If you believe we process your personal data unlawfully, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet<\/b>).<\/p>\n <\/p>\n The Service is not intended for children. If we rely on consent as a legal basis in relation to information society services offered directly to children, Norwegian law sets the age of consent at 13 years<\/b>.<\/p>\n If you believe a child has provided us personal data, please contact us so we can take appropriate steps.<\/p>\n <\/p>\n We may update this Privacy Policy from time to time. The “Last updated” date at the top shows when changes were last made. If changes are material, we will provide appropriate notice within the Service or by other reasonable means.<\/p>\n <\/p>\n For questions about privacy or to exercise your rights, contact:<\/p>\n Email:<\/b> kommunikasjon@tiepoint.no<\/p>\n Address:<\/b> Bleiksveien 46, 8480, Andenes<\/p>\n <\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]\n","protected":false},"excerpt":{"rendered":" Tiepoint – Privacy Policy Last updated: 22. April 2026 This Privacy Policy explains how Tiepoints services (Including, but not restricted to Tiepoint P.O.R.T.A.L) collects, uses, stores, and protects personal data. It is intended to meet the transparency requirements of the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven), which incorporates the GDPR into Norwegian law. 1. Who we are (Data Controller) Data Controller: Tiepoint AS Organisation number: 928 795 098Address: Bleiksveien 46, 8480, Andenes Email: kommunikasjon@tiepoint.no If you are using Tiepoints services on behalf of a company or organisation (e.g., your employer), that organisation may also have responsibilities under GDPR for how operational logs and personal information is used internally. If in doubt, contact your organisation’s privacy contact. 2. Scope This Privacy Policy applies to the Tiepoint P.O.R.T.A.L mobile application and related services we provide (together, the “Service”). 3. Personal data we collect We collect the following categories of personal data: User identifiers User ID(s) such as email address (used to identify and authenticate users). Device data Device ID \/ device identifier (used to maintain secure access and link logs to the correct device\/account). Location data Location of the user (e.g., GPS […]<\/p>\n","protected":false},"author":12,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"\n\n\t Last updated:<\/b> 12 February 2026<\/p>\n This Privacy Policy explains how Tiepoint P.O.R.T.A.L<\/b> (the \"App\") collects, uses, stores, and protects personal data. It is intended to meet the transparency requirements of the EU General Data Protection Regulation (GDPR)<\/b> and the Norwegian Personal Data Act (personopplysningsloven)<\/b>, which incorporates the GDPR into Norwegian law.\u00a0 <\/p>\n Data Controller:<\/b> Tiepoint AS<\/p>\nOrganisation number:<\/b> 928 795 098 Address:<\/b> Bleiksveien 46, 8480, Andenes<\/p>\n Email:<\/b> support@tiepoint.no<\/p>\n If you are using the App on behalf of a company or organisation<\/b> (e.g., your employer), that organisation may also have responsibilities under GDPR for how operational logs are used internally. If in doubt, contact your organisation's privacy contact.<\/p>\n This Privacy Policy applies to the Tiepoint P.O.R.T.A.L mobile application and related services we provide (together, the \"Service\").<\/p>\n We collect the following categories of personal data:<\/p>\n User identifiers<\/b><\/p>\n<\/li>\n<\/ol>\n User ID(s)<\/b> such as email address<\/b> (used to identify and authenticate users).<\/p>\n<\/li>\n<\/ul>\n Device data<\/b><\/p>\n<\/li>\n<\/ol>\n Device ID \/ device identifier<\/b> (used to maintain secure access and link logs to the correct device\/account).<\/p>\n<\/li>\n<\/ul>\n Location data<\/b><\/p>\n<\/li>\n<\/ol>\n Location of the user<\/b> (e.g., GPS position) when using the Service where this is required to provide functionality and\/or produce compliant operational logs.<\/p>\n<\/li>\n<\/ul>\n User-generated logs<\/b><\/p>\n<\/li>\n<\/ol>\n Logs created by users in the App, which may include operational details, timestamps, events, and other information entered by the user.<\/p>\n<\/li>\n<\/ul>\n We do not<\/b> intentionally collect special category data (such as health data) through the App.<\/p>\n We use the data above for the following purposes:<\/p>\n To provide the Service<\/b> (create accounts, authenticate users, enable logging features, and ensure the Service works correctly).<\/p>\n<\/li>\n To generate and store operational documentation and logs<\/b> connected to drone operations (including location-based operational logging where relevant).<\/p>\n<\/li>\n To comply with aviation-related legal and regulatory obligations<\/b> that require operational record keeping and log retention for a minimum period (see Section 7).<\/p>\n<\/li>\n To maintain security and integrity<\/b> of the Service (e.g., prevent unauthorised access, investigate security incidents, and ensure traceability of logs).<\/p>\n<\/li>\n<\/ul>\n All processing of personal data must have a lawful basis.\u00a0 <\/p>\n Depending on how you use the App, we typically rely on one or more of the following legal bases:<\/p>\n Performance of a contract (GDPR Art. 6(1)(b))<\/b><\/p>\n When processing is necessary to deliver the Service you requested (e.g., account access and providing logging functionality).<\/p>\n<\/li>\n Legal obligation (GDPR Art. 6(1)(c))<\/b><\/p>\n When processing and retention are necessary to comply with applicable aviation\/drone operator record\u2011keeping requirements (see Section 7).<\/p>\n<\/li>\n Consent (GDPR Art. 6(1)(a)) - where applicable<\/b><\/p>\n In particular, your device operating system<\/b> may require you to grant location permission. You can withdraw this permission in your device settings. Note that withdrawing permission may limit or prevent the App from performing location-based operational logging.<\/p>\n<\/li>\n<\/ul>\n Where the Service is used to support UAS operations in the specific category<\/b>, EU UAS rules require operators to have procedures ensuring compliance with GDPR and to perform a data protection impact assessment (DPIA) when required by the data protection authority under GDPR Article 35.\u00a0 <\/p>\n Email \/ user identifier<\/b> is required to create and manage an account.<\/p>\n<\/li>\n Device ID<\/b> is required to maintain secure and reliable operation of the Service.<\/p>\n<\/li>\n Location and operational logs<\/b> is required to use the Service for drone operational logging and compliance purposes. If you do not provide location data (or disable location permissions), the Service will not function, as you are unable to create compliant operational logs.<\/p>\n<\/li>\n<\/ul>\n We follow the GDPR principle of storage limitation: we keep personal data only as long as needed for the purposes described above, and as required by law.<\/p>\n Operational logs (including location data recorded as part of the log) are retained for at least 3 years<\/b> where required for drone operator record keeping.<\/p>\n This retention aligns with EU UAS rules for operations in the specific category<\/b>, where the UAS operator must keep and maintain up\u2011to\u2011date records including:<\/p>\n maintenance activities<\/b> for a minimum of 3 years<\/b>, and<\/p>\n<\/li>\n information on UAS operations<\/b> (including unusual technical\/operational occurrences and other required data) for a minimum of 3 years<\/b>.\u00a0 <\/p>\n<\/li>\n<\/ul>\n Norwegian Civil Aviation Authority (Luftfartstilsynet) guidance materials used for predefined risk assessments (PDRA) also explicitly reflect a minimum 3\u2011year<\/b> storage expectation for flight logs and incident reports<\/b>.\u00a0 <\/p>\n After the minimum retention period:<\/p>\n we will delete<\/b> the data or anonymise<\/b> it, unless continued storage is necessary (for example, due to an ongoing matter, audit, dispute, or other legal requirement).<\/p>\n<\/li>\n<\/ul>\n Drone regulations and operator requirements commonly involve maintaining operational logs (e.g., flight time records with key details).\u00a0 <\/p>\n For specific-category documentation, Luftfartstilsynet checklists also expect operators to describe how and how long logs and documents are stored<\/b>, referring to UAS.SPEC.050 record\u2011keeping requirements.\u00a0 <\/p>\n We do not sell, rent, or share your personal data with third\u2011party companies for their own use.<\/b><\/p>\n We may disclose personal data only in limited situations, such as:<\/p>\n To public authorities<\/b> (e.g., aviation authorities, courts, police, or other competent authorities) where we are legally required to do so, or where disclosure is necessary for regulatory oversight and compliance.<\/p>\n<\/li>\n [Optional-include only if true]<\/b> To carefully selected service providers (data processors) who process data on our behalf strictly under contract and only to operate the Service (e.g., hosting). If you use any, list them here: [processor name + purpose + location]<\/b>.<\/p>\n<\/li>\n<\/ul>\n We aim to store and process personal data within the EEA (including Norway)<\/b>.<\/p>\n If, in the future, personal data is transferred outside the EEA, we will ensure an appropriate transfer mechanism is in place (e.g., EU Standard Contractual Clauses), and we will update this Privacy Policy accordingly.<\/p>\n We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, loss, or misuse. Measures may include access controls, encryption in transit and\/or at rest, logging and monitoring, and role-based access where relevant.<\/p>\n No system can be guaranteed 100% secure, but we work continuously to protect your data.<\/p>\n You have rights under GDPR and Norwegian law, including:<\/p>\n Right of access (innsyn)<\/b> to your personal data<\/p>\n<\/li>\n Right to rectification (retting)<\/b><\/p>\n<\/li>\n Right to erasure (sletting)<\/b> (with exceptions, including where retention is required by law)<\/p>\n<\/li>\n Right to restriction of processing (begrensning)<\/b><\/p>\n<\/li>\n Right to object<\/b> in certain cases<\/p>\n<\/li>\n Right to data portability<\/b> where applicable<\/p>\n<\/li>\n Right to withdraw consent<\/b> where processing is based on consent<\/p>\n<\/li>\n<\/ul>\n As a main rule, you are entitled to receive a response within one month<\/b> after contacting us about your rights.\u00a0 <\/p>\n Please note: if we must retain certain logs for legal\/regulatory reasons, we may not be able to delete those records immediately upon request; instead, we will restrict use where possible while meeting our obligations.<\/p>\n If you believe we process your personal data unlawfully, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet<\/b>).\u00a0 <\/p>\n The Service is not intended for children. If we rely on consent as a legal basis in relation to information society services offered directly to children, Norwegian law sets the age of consent at 13 years<\/b>.\u00a0 <\/p>\n If you believe a child has provided us personal data, please contact us so we can take appropriate steps.<\/p>\n We may update this Privacy Policy from time to time. The \"Last updated\" date at the top shows when changes were last made. If changes are material, we will provide appropriate notice within the Service or by other reasonable means.<\/p>\n For questions about privacy or to exercise your rights, contact:<\/p>\n Email:<\/b> [privacy@yourdomain.no]<\/p>\n Address:<\/b> [Company address]<\/p>\n Fill in your company identity<\/b>, contact details, and whether you have a DPO<\/b>.<\/p>\n<\/li>\n Confirm where data is hosted (EEA-only vs outside EEA) and update Sections 8-9<\/b> accordingly.<\/p>\n<\/li>\n Confirm whether location is collected only while using<\/b> the app or also in the background<\/b>, and state that explicitly in Section 3<\/b>.<\/p>\n<\/li>\n If you use any analytics, crash reporting, push notifications, or cloud providers, you must list them as processors\/recipients<\/b> and describe them.<\/p>\n<\/li>\n<\/ul>\n If you want, paste your compa<\/b><\/p>\n\n","_et_gb_content_width":"1200","footnotes":""},"class_list":["post-13474","page","type-page","status-publish","hentry"],"yoast_head":"\n1. Who we are (Data Controller)<\/b><\/h2>\n
Address:<\/b> Bleiksveien 46, 8480, Andenes<\/p>\n2. Scope<\/b><\/h2>\n
3. Personal data we collect<\/b><\/h2>\n
\n
\n
\n
\n
\n
\n
\n
\n
4. Why we process your personal data<\/b><\/h2>\n
\n
5. Legal bases for processing (GDPR Article 6)<\/b><\/h2>\n
\n
Drone operations and GDPR compliance \/ DPIA<\/b><\/h3>\n
6. Is providing data mandatory?<\/b><\/h2>\n
\n
7. Retention and log storage (including drone operator requirements)<\/b><\/h2>\n
7.1 Operational logs and related records<\/b><\/h3>\n
\n
7.2 What happens after 5 years?<\/b><\/h3>\n
\n
\n
7.3 Log keeping requirement (Norwegian drone rules \/ logging practice)<\/b><\/h3>\n
8. Sharing and disclosure<\/b><\/h2>\n
\n
9. International transfers<\/b><\/h2>\n
10. Security<\/b><\/h2>\n
11. Your rights<\/b><\/h2>\n
\n
12. Complaints (Datatilsynet)<\/b><\/h2>\n
13. Children<\/b><\/h2>\n
14. Changes to this Privacy Policy<\/b><\/h2>\n
15. Contact<\/b><\/h2>\n
Privacy Policy for Tiepoint P.O.R.T.A.L<\/b><\/h1>\n
1. Who we are (Data Controller)<\/b><\/h2>\n
\n\n2. Scope<\/b><\/h2>\n
3. Personal data we collect<\/b><\/h2>\n
\n
\n
\n
\n
\n
\n
\n
\n
4. Why we process your personal data<\/b><\/h2>\n
\n
5. Legal bases for processing (GDPR Article 6)<\/b><\/h2>\n
\n
Drone operations and GDPR compliance \/ DPIA<\/b><\/h3>\n
6. Is providing data mandatory?<\/b><\/h2>\n
\n
7. Retention and log storage (including drone operator requirements)<\/b><\/h2>\n
7.1 Operational logs and related records: minimum 3 years<\/b><\/h3>\n
\n
7.2 What happens after 3 years?<\/b><\/h3>\n
\n
7.3 Log keeping requirement (Norwegian drone rules \/ logging practice)<\/b><\/h3>\n
8. Sharing and disclosure<\/b><\/h2>\n
\n
9. International transfers<\/b><\/h2>\n
10. Security<\/b><\/h2>\n
11. Your rights<\/b><\/h2>\n
\n
12. Complaints (Datatilsynet)<\/b><\/h2>\n
13. Children<\/b><\/h2>\n
14. Changes to this Privacy Policy<\/b><\/h2>\n
15. Contact<\/b><\/h2>\n
\nNotes on customising this for your App Store \/ production use (quick checklist)<\/b><\/h2>\n
\n