RDI Information Systems AS

Privacy Policy for RDI Information Systems AS (RDIIS)

March 21, 2026

1. Introduction

RDIIS is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our websites, systems, and software solutions.

RDIIS develops and delivers software and digital services to business customers. The processing of personal data is carried out in accordance with the Norwegian Personal Data Act and the EU General Data Protection Regulation (GDPR).

2. Data Controller

RDI Information Systems AS operates in tight affiliation with its international corporate counterpart, RDI Information Systems Limited (UK). For specific applications or services published internationally (e.g., via the Google Play Store), RDI Information Systems Limited acts as the publishing entity, while data processing and strict privacy controllership remain securely unified within this corporate group.

Data Controller: Barry Mark Scott

Company: RDI Information Systems AS

Organization Number: 936 094 317

Address: Nordlysveien 2822, 9143 Skibotn

Email: post@rdiis.no

Phone: +47 888 05 1

3. Personal Data We Process

Depending on your relationship with us, we may process the following categories of personal data:

  • Name
  • Email address
  • Phone number
  • Company name and role/title
  • User ID and authentication information
  • IP address and technical logs
  • Usage data from our systems (e.g. timestamps, features used, error messages)

RDIIS processes only personal data that is necessary for the stated purposes.

3.1 Specific Application Data Handling

Because RDIIS provides a diverse portfolio of applications, data processing varies strictly by the software you are using:

  • Offline Health Applications (e.g., Heart Health Tracker):
    These applications are engineered for absolute privacy. All health, biometric, and input data is stored 100% locally in an encrypted on-device database. RDIIS does not transmit, collect, sync, or share this data with our servers or any third-party analytics providers. Deleting the application from your device will permanently destroy the collected data. Any future features allowing data export or import will strictly execute locally on your device without server interception.
  • Logistics and Telemetry Applications:
    Certain enterprise and tracking applications require persistent location mapping to function. These applications will request explicit user permission to access foreground and background location data. When authorized, this location telemetry is securely transmitted and stored on RDIIS servers strictly for the purpose of fleet coordination, safety logging, and operational logistics.

4. Purposes of Processing

Personal data is processed for the following purposes:

  • Delivery and operation of software and services
  • User administration and authentication
  • Customer support and troubleshooting
  • Improvement and development of our solutions
  • Performance of contracts
  • Compliance with legal obligations
  • Security, logging, and prevention of misuse

5. Legal Basis for Processing

Personal data is processed on one or more of the following legal bases:

  • Performance of a contract (GDPR Article 6(1)(b))
  • Compliance with a legal obligation (GDPR Article 6(1)(c))
  • Legitimate interests (GDPR Article 6(1)(f))
  • Consent, where required (GDPR Article 6(1)(a))

6. Data Processors and Third Parties

RDIIS may use data processors for IT operations, cloud services, analytics, or customer support (excluding offline health applications). All data processors are subject to data processing agreements and may only process personal data in accordance with RDIIS’ instructions.

Personal data is not shared with third parties except where necessary to provide the services or where required by law.

7. Transfers Outside the EU/EEA

If personal data is transferred to countries outside the EU/EEA, RDIIS ensures that such transfers are carried out in compliance with GDPR, for example by using the European Commission’s Standard Contractual Clauses.

8. Data Retention and Deletion

Personal data is stored for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. When personal data is no longer necessary, it will be deleted or anonymised.

Users may request immediate deletion of their account and associated telemetry data from within our mobile applications or by contacting us directly. Upon an account deletion request, all associated personal and health data is permanently purged from our active databases within 30 days.

9. Information Security

RDIIS implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or misuse. This includes access control, logging, and security procedures.

10. Your Rights

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request deletion of personal data (where applicable)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

Requests may be submitted using the contact details provided in Section 2.

11. Complaints

If you believe that our processing of personal data does not comply with applicable data protection laws, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

12. Changes to This Privacy Policy

RDIIS may update this Privacy Policy from time to time. The most recent version will always be available on our website.