Privacy Policy

© North Atlantic 2025

North Atlantic’s Privacy Policy

This privacy policy applies to North Atlantic Ltd (“North Atlantic”), a Finnish limited company (Business ID: 3526656-2) headquartered in Salo, Finland. It governs all digital and offline interactions across the entire North Atlantic organisation, including its subsidiaries (such as North Atlantic UK Ltd), affiliated brands, owned domains, services, and AI products.

Your AI Partner

Whether just starting your journey or looking to refine your existing processes, we offer expertise in AI-driven automation, compliance and scalability to help you stay ahead in an ever-evolving market.

Secure Solutions

GDPR-compliant AI solutions that prioritise security and transparency. From strategy to deployment, we deliver cutting-edge technology that’s built to last, scale and lead responsibly.

1. Scope of This Policy

This privacy policy applies to:

  • Our websites (e.g., northatlantic.fi, norai.fi, ragbot.eu, voicd.eu, northatlantic.uk and related domains)

  • Our AI solutions and digital tools (e.g., NORAI RAG Bot, NORAI Voicd)

  • Web forms, landing pages, and customer onboarding flows

  • Our newsletter subscriptions and email communications

  • Our training courses, surveys, beta programs, and customer feedback tools

  • Direct B2B sales interactions

  • Social media and messaging platforms operated in an official capacity

2. Our Commitment to Data Protection

North Atlantic is committed to full compliance with the General Data Protection Regulation (GDPR) and relevant national and European laws, including the EU AI Act. We prioritise user privacy and data sovereignty by:

  • Running proprietary language models on local infrastructure

  • Avoiding use of third-party APIs for core services

  • Ensuring data never leaves our control without explicit legal basis or user consent

  • Hosting operations within Europe using GDPR-compliant providers

  • Not profiling users or training AI on client data unless agreed in writing

We also utilise limited anonymised data collection tools (e.g., Google Analytics), which may process data in the United States. These tools do not collect personally identifiable information and are used strictly for internal operational metrics.

3. What Information We Collect

We collect two categories of data:

A. Non-personally identifiable information (automatically collected)

  • Browser type and version

  • Operating system

  • Referrer URLs

  • Time and date of visit

  • Pages visited

  • Aggregate usage statistics (for internal optimisation)

B. Personally identifiable information (only when provided by the user)

  • Name, company, role, and email address (e.g., during demo bookings or form submissions)

  • Project details (if shared via contact forms or onboarding processes)

  • Communication records (e.g., email, call notes, submitted support tickets)

  • Training or course enrolment activity

We do not use cookies for advertising or third-party tracking. Essential cookies may be used for login and session management.

4. Purpose and Use of Data

Your data may be used to:

  • Respond to your enquiries or support requests

  • Provide access to services, demos, or training content

  • Improve the functionality, relevance, and performance of our systems

  • Maintain internal records (e.g., client interaction logs, system diagnostics)

  • Meet legal obligations

We do not sell or rent your data. We do not transfer your personal data outside of Europe unless specifically required for service delivery and governed by strong data protection agreements.

5. Legal Grounds for Processing

We process personal data on one or more of the following legal bases:

  • Your explicit consent (e.g., newsletter signup)

  • Legitimate interest (e.g., responding to inbound business enquiries)

  • Legal compliance

  • Contractual necessity (e.g., fulfilling a signed service agreement)

6. Data Storage and Retention

Data is stored securely on our private infrastructure or in trusted European data centres. We retain data only for as long as necessary to fulfil the original purpose, comply with legal obligations, or manage contracts.

You may request deletion of your data at any time, unless restricted by law.

7. Your Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate or incomplete data

  • Request deletion of your data

  • Withdraw consent at any time

  • Object to processing based on legitimate interests

  • Lodge a complaint with your local supervisory authority

All requests can be submitted by emailing: info@northatIantic.fi

8. Third Parties and Processors

We only share data with third parties when essential for:

  • Internal operations (e.g., secure cloud hosting, analytics, or CRM systems)

  • Email delivery, transactional notifications, or appointment scheduling

  • Regulatory or legal compliance

Any such partners are contractually bound to strict confidentiality, GDPR compliance, and may not repurpose your data.

We do not use any US-based AI APIs (such as OpenAI, Anthropic, or Google AI) for customer data processing.

9. Third-Party Tools and Integrations

Our website and services may contain links to third-party websites or tools. North Atlantic is not responsible for the privacy policies or practices of these third parties. We recommend reviewing their privacy statements separately.

10. Updates and Changes

We reserve the right to make changes to this privacy policy. We may update this policy, for example, as our business, legal obligations, or technology evolves. It is recommended that you review this privacy policy regularly to be aware of any changes.

Scroll to Top