This notice explains how Aurora Husky AS (“we”, “us”, “our”) processes personal data when you use the AI chatbot on www.aurorahusky.com. We are committed to protecting your privacy and to complying with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven).
1. Who is responsible (data controller)
Aurora Husky AS, org. no. 934 782 143, Fjellvåkveien 7, 9325 Bardufoss, is the data controller for personal data processed through the chatbot. For privacy questions or to exercise your rights, contact us at booking@aurorahusky.com.
2. What data we collect
The chatbot processes only what it needs in order to answer you:
- The content of the messages you type into the chat.
- A randomly generated session identifier, used to keep a single conversation together. It is not linked to your name or account and is not used to track you across other websites.
You do not need to log in or create an account to use the chatbot. We do not intentionally collect special categories of data such as health, religion, or political opinions. If you choose to include personal details in your messages (for example your name, email, or phone number), those details are processed as part of the conversation content described above.
3. Why we process your data and our legal basis
We process chat data to respond to your questions and provide the chatbot service, and to maintain, secure, and improve the quality of that service. Our legal basis is our legitimate interest under GDPR Article 6(1)(f) in offering a functional customer-service tool and keeping it secure. Where your message is a step toward entering into a contract with us, for example requesting a quote, the legal basis may also be Article 6(1)(b) (steps prior to a contract).
4. The AI model and transfers outside the EU/EEA
To generate replies, your messages are sent to third-party providers that operate the underlying AI language models. These providers process data on servers located in the United States, which means your chat messages are transferred outside the EU/EEA.
We safeguard these transfers using the European Commission’s Standard Contractual Clauses together with appropriate technical and organisational measures. Because this content is processed in the United States, please avoid entering sensitive personal data or confidential information into the chat.
5. Who has access to your data (recipients)
Your data is shared only with providers that process it on our behalf to deliver the chatbot service, each bound by a data processing agreement. We do not sell your personal data. The categories of recipients are:
- our technical provider that develops and operates the chatbot on our behalf (in the EU/EEA);
- cloud hosting and database storage providers (in the EU/EEA);
- AI language model providers (in the United States, see section 4).
For more information about who processes your data, or for a copy of the transfer safeguard (Standard Contractual Clauses), contact us at booking@aurorahusky.com.
6. How long we keep your data
Chat logs are automatically deleted after 30 days. The session identifier is not retained beyond this period. We keep data no longer than necessary for the purposes described above, unless a longer period is required by law.
7. Where your data is stored
Conversation data is stored within the EU/EEA. AI processing of your messages takes place in the United States, as described in section 4.
8. Your rights
Under the GDPR you have the right to access your data, to have inaccurate data corrected, to have your data erased, to restrict or object to processing, and to data portability. Where processing is based on consent, you may withdraw that consent at any time. To exercise any of these rights, contact us at booking@aurorahusky.com.
Because chat logs are deleted after 30 days and the session identifier is not tied to your identity, we may be unable to locate a specific past conversation unless you can identify it for us.
You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet, www.datatilsynet.no) or your local supervisory authority.
9. Automated decision-making
The chatbot answers questions and provides information. It does not make automated decisions that produce legal effects concerning you, or that similarly significantly affect you, within the meaning of GDPR Article 22.
10. Security
We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and hosting on reputable, security-certified infrastructure.
11. Children
The chatbot is intended for general business inquiries and is not directed at children. We ask that children do not submit personal data through the chat without the involvement of a parent or guardian.
12. Changes to this notice
We may update this notice from time to time. The current version and its effective date are shown below, and any material changes will be reflected on this page.
Effective date: 27. May 2026