Skip to main content

GDPR Compliance

Last Updated: April 2026

1. GDPR Overview

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy. Bryntechnologi is committed to complying with GDPR requirements for all visitors from the European Economic Area (EEA).

2. Data Controller

Bryntechnologi acts as the data controller for personal data collected through brynsites.com and its directly operated services. For specific products in our catalogue, the respective product entity may act as the data controller for data collected through that specific product.

3. Legal Basis for Processing

We process personal data based on the following legal grounds under GDPR:

  • Legitimate Interest: To provide, maintain, and improve our services
  • Consent: When you explicitly consent to specific processing activities
  • Contractual Necessity: When necessary to fulfill a service agreement
  • Legal Obligation: When required by applicable law

4. Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

4.1 Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

4.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

4.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data, subject to certain legal exceptions such as legal obligations or legitimate business interests.

4.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances.

4.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transfer it to another data controller.

4.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interest or for direct marketing purposes.

4.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before your withdrawal.

5. Exercising Your Rights

To exercise any of these rights, please contact us through the contact form on our website. We will respond to your request within one month, extendable by an additional two months for complex requests.

6. Data Transfers Outside EEA

We may transfer your personal data to countries outside the EEA. When we do so, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions from the European Commission for countries recognized as providing adequate data protection
  • Other appropriate legal mechanisms under GDPR

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Retention periods vary based on the type of data and the purpose of processing.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security reviews.

9. Cookies and Tracking

Our use of cookies and tracking technologies is described in our Cookie Policy. Under GDPR, we require your consent for non-essential cookies. You can manage your cookie preferences through your browser settings.

10. Children's Data

We do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected such data without parental consent, we will take steps to delete it.

11. Right to Lodge a Complaint

If you believe our processing of your personal data infringes GDPR requirements, you have the right to lodge a complaint with a supervisory authority in the EEA member state where you reside or work, or where an alleged infringement occurred.

12. Changes to This Policy

We may update this GDPR Compliance page to reflect changes in our practices or applicable laws. We will notify users of material changes by posting the updated information on this page.

13. Cross-Entity Notice

This GDPR Compliance page applies to brynsites.com and Bryntechnologi's direct operations. Individual products and services in our catalogue may have their own GDPR compliance documentation which should be consulted directly on those respective websites. Each product entity maintains its own data controller responsibilities for data collected through its specific service.