Privacy is the right to determine how your personal data is used. Personal information is information and assessments that can be linked to an individual.
Privacy is important in all Culture Intelligence deliveries, and we are committed to protecting the integrity, availability and confidentiality of personal data.
This privacy statement provides information about the personal data we collect, how it is collected and protected, and the rights available to individuals whose personal data is registered with us.
Culture Intelligence delivers a software (SaaS) solution to map organisational cultures. The mapping takes place by sending an email with a link to a survey, to which the recipient responds. The following personal data is typically collected: name, email, employer's name, age range, gender, position in company and nationality.
Value priorities are also gathered through the survey process. The purpose of a culture survey is to measure the actual culture in an organisation by aggregating responses from its members. Personal data is processed anonymously and cannot be shared across the organisation without explicit consent. An organisation can also define a desired culture, and by doing so, use the platform to identify gaps between actual and desired culture. With knowledge of such gaps, organisations can work actively to develop their culture.
All details about how personal data is handled in the relationship between Culture Intelligence (Data Processor) and the data controller are defined in a separate data processor agreement. Detailed information about how data is stored, secured, and erased is available in that agreement. A list of sub-processors used in connection with this software is listed in the data processor agreement, which is based on a standard template from the Norwegian Data Protection Authority. The Culture Intelligence standard data processing agreement is available here.
Culture Intelligence uses artificial intelligence to assist in the analysis and presentation of culture data within the platform. This includes AI-assisted interpretation of survey results, generation of insights and recommendations, and conversational AI tools available within individual and team reports.
AI processing is applied to aggregated and anonymised culture data where possible. Where AI tools interact with data that can be linked to an individual — such as individual report scores or personal value profiles — this is carried out in accordance with GDPR requirements for automated processing. Users are always presented with human-readable context alongside any AI-generated insight, and no automated decision-making with legal or similarly significant effect is carried out without human oversight.
The legal basis for AI-assisted processing is GDPR Article 6(1)(b) — processing necessary for the performance of a contract — and where applicable, GDPR Article 6(1)(a) — consent. Users retain the right to request human review of any AI-assisted output.
Culture Intelligence handles personal data about customers and suppliers, in addition to any third parties necessary for the fulfilment of contractual obligations. Contact information processed includes name, email address, telephone number and job title. The legal basis for such processing is GDPR Article 6(1)(b). Personal information is stored in a separate database and deleted five years after the end of the customer relationship.
Culture Intelligence may use sub-processors. As a result of our services, we act as a data processor for many customers and base ourselves on general permission to use sub-processors, in accordance with GDPR Article 28, as agreed with customers in our data processor agreement.
When using sub-processors, we ensure they are subject to the same obligations with respect to the protection and use of personal data as Culture Intelligence. Sub-processors must be able to document good internal routines for privacy and information security through relevant certifications or independent audit reports.
An overview of sub-data processors currently used by Culture Intelligence is shown below. The sub-processors utilised depend on which services are provided and will vary from customer to customer.
| Name | Type of treatment | Data centre location | Website |
|---|---|---|---|
| HubSpot | Storage of customer data (CRM) | EU (Germany) | hubspot.com |
| Microsoft Azure | Platform hosting and data storage | EU (Norway East) | microsoft.com/azure |
| Office 365 | Customer data, general documents and email | EU/EEA | microsoft.com |
| Tripletex | Accounting | Norway | tripletex.no |
Culture Intelligence manages personal data for marketing purposes. Such information is not shared with other businesses.
It is possible to voluntarily subscribe to newsletters, seminar invitations and subject material from Culture Intelligence. Where there is no existing customer relationship, subscribing constitutes agreement to regularly receive emails with the chosen newsletters. The legal basis for this processing is GDPR Article 6(1)(a). Consent can be withdrawn at any time, after which contact information will be deleted from the relevant mailing list.
Where there is an existing customer relationship, Culture Intelligence has a legitimate interest in marketing to its customers. The legal basis for this processing is GDPR Article 6(1)(f). Individuals can request removal from the email list at any time.
To send newsletters to the right person, it is necessary to register name, email address, company name and job title. When registering for a seminar, a telephone number may also be requested. This information is stored in a separate database and will not be passed on to others.
When using the contact form on cultureintelligence.io, name and email address are required. This information is stored in the website's database and will not be passed on to others outside Culture Intelligence. Information is continuously reviewed and deleted in line with our data retention policy.
On the Culture Intelligence website, information about visitors is logged using Google Analytics and Google Tag Manager. This information is gathered to better understand how users interact with the website so that it can be optimised accordingly.
Like most websites, information is stored in a cookie in the browser. Most browsers are set to accept cookies. Stored cookies can be deleted by following the instructions for deletion in the relevant browser. Please note that restricting cookies may affect the functionality of the website.
The visitor's IP address is not normally stored, with the following exceptions: application errors where an error log and IP address are created to investigate the issue; if system user log and tracking are activated; and actions and IP addresses of back-end users such as web editors and administrators.
Culture Intelligence partners with Microsoft Clarity and Microsoft Advertising to capture how users interact with the website through behavioural metrics, heatmaps, and session replay, in order to improve and market products and services. Website usage data is captured using first and third-party cookies and other tracking technologies. For more information about how Microsoft collects and uses data, visit the Microsoft Privacy Statement.
Cookies on the website are from Google Analytics (first-party cookie), set to be deleted automatically after 24 months if the site is not revisited. It is possible to opt out of all registration in Google Analytics by installing an add-on in the browser: Google Analytics Opt-out Browser Add-on.
In combination with Google Analytics, Google Tag Manager is used to distribute code snippets on the website, which sets a cookie to retain information about the current session.
The website is not designed for or aimed at children under the age of 13, and Culture Intelligence will never knowingly collect or maintain information about children under the age of 13.
When registering for vacancies or submitting a CV, application or other relevant documents, personal data is collected. Personal data processed in connection with recruitment includes personnel, job and educational details. In some cases, an electronic cultural analysis of relevant candidates is carried out, and Culture Intelligence manages the results related to those assessments. Personal information is obtained directly from job applicants.
Where Culture Intelligence uses a supplier of recruitment services, the processing will be bound by a data processing agreement. Information will not be used for purposes other than those related to the job application.
Personal information about applicants is deleted one year after the application was submitted, unless the person is employed or consents to their information being stored longer. Job applicants can request deletion of their information at any time.
Personal data is not transferred to countries outside the EU/EEA without written approval from the controller. When transferring to a third country, an appropriate transfer mechanism must be in place, such as the standard contractual clauses issued by the Norwegian Data Protection Authority.
Culture Intelligence does not disclose personal data to others unless required by law.
Under GDPR, individuals have the right to access, correct, or delete their personal data held by Culture Intelligence, as well as the right to restrict or object to processing, and the right to data portability. To exercise any of these rights, contact post@cultureintelligence.io. Complaints may also be filed with the Norwegian Data Protection Authority (Datatilsynet) at postkasse@datatilsynet.no or +47 22 39 69 00.
Version 6.0, 18 March 2026
.svg){kind=small}