top of page

Privacy Policy

Hunit Ltd Last updated: April 2026

1. Who we are

This Privacy Policy explains how Hunit Ltd ("Hunit", "we", "us", "our") collects, uses, stores, and shares your personal data when you use the Hunit platform and its associated services.

Hunit Ltd is registered in the United Kingdom with its principal place of business at Third Floor, 20 Old Bailey, EC4M 7AN London. Hunit acts as data controller for personal data collected through the platform. Where Hunit processes personal data on behalf of parties to an Agentic Contract, Hunit acts as data processor under a separate Data Processing Agreement.

For any questions about this policy, contact us at datacompliance@hunit.com.

2. What data we collect

Data you provide directly: When you create an account or use the platform, we collect your name, email address, phone number, and organisational affiliation. Where required for identity verification, we may collect authentication information such as a government-issued identifier. Payment information is collected where you are responsible for platform fees.

Data generated through platform use: We collect information about how you interact with the platform, including actions taken, timestamps, role assignments, and form submissions. Inspection reports, condition assessments, deviation records, thermography data, and other content submitted through Agentic Contracts are stored on the platform as part of the contract record.

Data from third parties: We may receive information from identity verification providers, fraud detection services, and integration partners where this is necessary for platform operation or legal compliance.

3. Why we process your data and our legal basis

We process personal data only where we have a lawful basis to do so under GDPR Article 6.

We process data to perform our contract with you – specifically to provide access to the platform, operate Agentic Contracts, manage user roles and permissions, and deliver the services you or your organisation have engaged. This is our primary legal basis for most processing activities.

We process data to comply with legal obligations, including regulatory reporting requirements, audit obligations, and mandatory data sharing with authorities, insurers, and certification bodies where this is required by the applicable inspection standard or national regulation.

We process data on the basis of legitimate interests where we conduct fraud prevention, platform security, and service improvement activities, provided these interests are not overridden by your rights.

Where we rely on consent for specific processing activities, such as marketing communications, you may withdraw consent at any time without affecting the lawfulness of prior processing.

4. Inspection data and third-party sharing

Where the Hunit platform is used to conduct regulated inspections – including but not limited to electrical safety inspections under NEK 405, fire safety inspections, and other compliance-driven inspection types – completed and locked inspection reports may be shared automatically with relevant third parties as required by the applicable regulatory framework. These third parties may include insurers and insurance intermediaries such as Finance Norway (FG), certification bodies such as DNV and NEMKO, and public authorities or supervisory bodies with a statutory right to receive inspection data.

Such sharing is carried out on the legal basis of legal obligation or the performance of a contract, not consent. The specific third parties applicable to a given inspection are identified in the Agentic Contract itself.

Inspection reports are locked and immutable upon submission. All sharing events are recorded in the contract's audit trail.

5. AI-assisted features

The Hunit platform includes AI-assisted guidance features within certain Agentic Contracts. Where AI guidance is active, queries submitted by users and relevant inspection context are processed to generate responses. AI guidance is strictly advisory and scoped to the reference standards specified in the contract. It does not constitute professional, legal, or regulatory advice.

In accordance with applicable AI transparency requirements, including those arising under the EU AI Act as incorporated into the EEA legal framework, we disclose that AI-assisted features are in use and that all professional conclusions remain the responsibility of the qualified user.

AI access for a given inspection is automatically disabled when the relevant report is submitted and locked. No inspection query data is used to train external AI models without explicit agreement.

6. Data retention

Personal account data is retained for as long as your account is active and for a period of five years thereafter, unless a longer retention period is required by law.

Inspection reports and associated contract records are retained for the duration required by the applicable regulatory framework. For NEK 405 inspections this is a minimum of ten years. Retention periods for other inspection types are set out in the relevant Agentic Contract.

Audit trail records are retained for the full lifecycle of the Agentic Contract and cannot be deleted.

7. International data transfers

Hunit may transfer personal data outside the European Economic Area where necessary for platform operation, including to service providers located in the United Kingdom and the United States. All such transfers are carried out under appropriate safeguards in accordance with GDPR Chapter V, including Standard Contractual Clauses approved by the European Commission where applicable. A copy of the relevant safeguards is available on request.

8. Your rights

If you are located in the EEA or the United Kingdom, you have the following rights in relation to your personal data:

You have the right to access a copy of the personal data we hold about you. We will respond to valid requests within 30 days. Access is provided free of charge.

You have the right to correct inaccurate or incomplete personal data.

You have the right to request erasure of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.

You have the right to object to processing carried out on the basis of legitimate interests.

You have the right to data portability where processing is based on contract or consent and carried out by automated means.

You have the right to withdraw consent at any time where processing is based on consent.

You have the right to lodge a complaint with your national data protection authority. In Norway this is Datatilsynet (datatilsynet.no). In the United Kingdom this is the ICO (ico.org.uk).

Requests should be directed to datacompliance@hunit.com. We may request proof of identity before processing a request.

9. Cookies and tracking

We use cookies and similar technologies to operate the platform and improve the user experience. You can manage cookie preferences through your browser settings. We do not sell personal data to third parties for advertising purposes.

10. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, and alteration. Critical contract events are recorded on an immutable audit trail. However, no internet-based service can guarantee absolute security of transmission.

11. Changes to this policy

We may update this policy from time to time. Where changes are material, we will notify you by email at least 30 days before they take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

12. Contact

Hunit Ltd Third Floor, 20 Old Bailey EC4M 7AN London United Kingdom datacompliance@hunit.com hunit.com

© 2026 Hunit Ltd. All rights reserved.

bottom of page