Privacy Policy
Last updated: May 2026
1. Who we are
This Privacy Policy explains how the Hunit group ("Hunit", "we", "us", "our") collects, uses, stores, and shares your personal data when you use the Hunit platform and its associated services.
The Hunit group consists of:
Hunit Ltd, registered in the United Kingdom with its principal place of business at Third Floor, 20 Old Bailey, EC4M 7AN London. Hunit Ltd is the operator of the Hunit platform globally and is the data controller for personal data collected through the platform.
Hunit AS, registered in Norway with organisation number 918 767 908 and registered address Skjellveien 3 B, 0198 Oslo. Hunit AS is the contracting and invoicing entity for Norwegian customers.
Where Hunit processes personal data on behalf of a Licensee in the context of a specific Agentic Contract, for example inspection data submitted under an Agentic Contract issued by an electrical inspection company, Hunit acts as data processor under a separate Data Processing Agreement entered into with that Licensee.
For any questions about this policy, contact us at datacompliance@hunit.com.
2. What data we collect
Account data you provide directly. When you create a user account, or your organisation creates one for you, we collect your name, email address, phone number, country, date of birth where required, and your organisational affiliation. Where required for identity verification or eSignature, we collect authentication information through providers such as BankID and other electronic ID schemes supported via Signicat.
Data generated through platform use. We collect information about how you interact with the platform, including actions taken, timestamps, role assignments (Company Manager, Author, Member, Signatory, Observer), and form submissions. Inspection reports, condition assessments, deviation records, thermography data, and other content submitted through Agentic Contracts are stored on the platform as part of the contract record.
Billing data, where applicable. Where you or your organisation is responsible for platform fees, we collect billing contact details and invoicing information. Hunit does not store payment card data; payments are handled by our payment partners.
Data from third parties. We may receive information from identity verification providers, eSignature providers, fraud detection services, and integration partners where this is necessary for platform operation or legal compliance.
3. Why we process your data and our legal basis
We process personal data only where we have a lawful basis under GDPR Article 6.
Contract performance. We process data to provide access to the platform, operate Agentic Contracts, manage user roles and permissions, and deliver the services your organisation has engaged. This is our primary basis for most platform processing.
Legal obligation. We process data to comply with regulatory reporting requirements, audit obligations, and mandatory data sharing with authorities, insurers, and certification bodies where this is required by the applicable inspection standard or national regulation.
Legitimate interests. We process data for fraud prevention, platform security, and service improvement, where these interests are not overridden by your rights.
Consent. Where we rely on consent for specific activities such as marketing communications, you may withdraw consent at any time without affecting the lawfulness of prior processing.
4. Inspection data and third-party sharing
Where the Hunit platform is used to conduct regulated inspections, including but not limited to electrical safety inspections under NEK 405, fire safety inspections, and other compliance-driven inspection types, completed and locked inspection reports may be shared automatically with third parties as required by the applicable regulatory framework or by the contract.
For NEK 405 inspections, recipients typically include:
The customer of the inspection (the property owner or duty holder).
The customer's insurer or insurance intermediary, including Finance Norway (FG).
Certification bodies such as DNV and NEMKO.
Public authorities or supervisory bodies with a statutory right to receive inspection data.
The legal basis for such sharing is legal obligation or contract performance, not consent. The specific third parties applicable to a given inspection are identified in the relevant Agentic Contract.
Inspection reports are locked and immutable upon submission. All sharing events are recorded in the contract's audit trail.
5. AI-assisted features
The Hunit platform includes AI-assisted guidance features within certain Agentic Contracts. Where AI guidance is active, user queries and relevant inspection context are processed to generate responses. AI guidance is strictly advisory and scoped to the reference standards specified in the contract. It does not constitute professional, legal, or regulatory advice. All professional conclusions remain the responsibility of the qualified user.
We disclose the use of AI-assisted features in accordance with applicable transparency requirements, including those arising under the EU AI Act as incorporated into the EEA legal framework.
AI access for a given inspection is automatically disabled when the relevant report is submitted and locked. Inspection query data is not used to train external AI models without explicit agreement.
6. Data retention
Different categories of data are retained for different periods.
Account data. Personal account data is retained for as long as your account is active and for a period of five years thereafter, unless a longer retention period is required by law.
Customer data uploaded under an Agentic Contract. Where Hunit processes data on behalf of a Licensee, the customer data is retained for the duration of the Licensee's agreement with Hunit, plus a 30-day grace period after termination during which the Licensee may export their data. After this period, the data is deleted in accordance with the Data Processing Agreement.
Inspection records. Locked inspection reports are retained for the duration required by the applicable regulatory framework. For NEK 405 inspections this is a minimum of ten years. Retention periods for other inspection types are set out in the relevant Agentic Contract.
Audit trail. Audit trail records associated with an Agentic Contract are retained for the full lifecycle of the contract and cannot be deleted, in order to preserve the legal evidentiary value of the record.
7. International data transfers
Hunit's primary platform infrastructure is hosted within the European Economic Area, in Germany.
Where personal data is transferred outside the EEA, for example to service providers located in the United Kingdom or the United States, such transfers are carried out under appropriate safeguards in accordance with GDPR Chapter V. These safeguards include Standard Contractual Clauses approved by the European Commission and, where applicable, the UK Addendum or the EU-US Data Privacy Framework. A copy of the relevant safeguards is available on request.
8. Your rights
If you are located in the EEA or the United Kingdom, you have the following rights in relation to your personal data.
You have the right to access a copy of the personal data we hold about you. We will respond to valid requests within 30 days. Access is provided free of charge.
You have the right to correct inaccurate or incomplete personal data.
You have the right to request erasure of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations. Locked inspection records and audit trail entries cannot be erased while the underlying retention obligation continues.
You have the right to object to processing carried out on the basis of legitimate interests.
You have the right to data portability where processing is based on contract or consent and carried out by automated means.
You have the right to withdraw consent at any time where processing is based on consent.
You have the right to lodge a complaint with your national data protection authority. In Norway this is Datatilsynet (datatilsynet.no). In the United Kingdom this is the Information Commissioner's Office (ico.org.uk). In Germany, complaints should be directed to the relevant Land authority.
Requests should be directed to datacompliance@hunit.com. We may request proof of identity before processing a request.
9. Cookies and tracking
The Hunit platform uses only strictly necessary cookies required for authentication, session management, and security. We do not use advertising cookies or third-party tracking cookies, and we do not sell personal data to third parties for advertising purposes.
The hunit.com marketing website may use additional analytics cookies. Where these are used, you will be presented with a cookie banner allowing you to manage your preferences.
10. Data security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, and alteration. Critical contract events are recorded on an immutable audit trail. Data is encrypted in transit and at rest. Access to customer data is role-based and logged.
No internet-based service can guarantee absolute security of transmission. We continuously monitor and update our security practices to reduce risk.
11. Changes to this policy
We may update this policy from time to time. Where changes are material, we will notify you by email at least 30 days before they take effect. The version of the policy in force at the time of your consent is recorded against your account.
12. Contact
Hunit Ltd Third Floor, 20 Old Bailey EC4M 7AN London United Kingdom
Hunit AS Skjellveien 3 B 0198 Oslo Norway Org.nr: 918 767 908
© 2026 Hunit Ltd. All rights reserved.