For the complete documentation index, see /llms.txt. Markdown version of this page: /en/privacy.md.
EN / NB Contact us →
EN / NB

Consulting

Detection and Response

AI

Compliance

Application Security

Security Products

Browse

Series

Events & resources

About us

Company info

Contact

Legal

Privacy notice

FM CyberSecurity AS processes personal data about visitors, customers, candidates and event attendees. This notice explains what we collect, why, and what rights you have.

Last updated 26 May 2026.

1. Data controller

FM CyberSecurity AS, Norwegian organisation number 934 418 840.
Henrik Ibsens gate 36, 0160 Oslo, Norway.
Privacy contact: [email protected].

2. What data we process

Contact form

Name, work email, and the message you write. We do not persist form submissions in a database. The message is forwarded by email to the named contact and lives on in our Microsoft 365 mailbox from there.

Event registration

Name, work email, company, role (optional), phone (optional). We also store the fact that you consented to the processing, whether you opted in to future invitations, the timestamp of the registration, and the IP address used by Cloudflare Turnstile for spam protection.

Technical data

Standard Cloudflare server logs (IP address, user agent, timestamp). We do not use analytics cookies, tracking pixels or third-party ad services. The site also does not load scripts from Google, Meta or equivalent.

3. Purposes and lawful basis

  • Confirming and running the event you registered for. Lawful basis: contract (GDPR Art. 6(1)(b)).
  • Responding to enquiries from the contact form. Lawful basis: contract or legitimate interest (GDPR Art. 6(1)(b) or (f)).
  • Sending invitations to future FM events. Lawful basis: your consent (GDPR Art. 6(1)(a)). You tick the box yourself at registration.
  • Protecting the site from abuse, spam and automated attacks. Lawful basis: legitimate interest (GDPR Art. 6(1)(f)).

4. Recipients

We do not share attendee lists with third parties for their marketing. The following data processors have access to the extent necessary to deliver the service:

  • Cloudflare, Inc. (US and EU). Hosting, security, Workers KV storage, Turnstile bot protection. Data processing agreement in place.
  • Resend, Inc. (US). Sending confirmation and notification email. Data processing agreement in place.
  • Microsoft Ireland Operations Ltd. Microsoft 365 email and shared mailbox ([email protected]) where FM staff receive enquiries.

When an event is co-hosted with a technical partner (for example Tenable at FM Cyber Breakfast), we share the fact that we are running the event together. We do not share the attendee list with the partner unless you have consented to it.

5. Retention

  • Attendee lists in Cloudflare KV are deleted 30 days after the event.
  • Confirmation and notification emails in Resend follow Resend's default log retention (typically 30 days).
  • Marketing consents are stored until you withdraw the consent.
  • Enquiries in mailboxes are cleaned up per our internal policy, normally within 24 months.
  • Cloudflare server logs are retained for 30 days.

6. Your rights

You have the right to:

  • Request access to the data we hold about you.
  • Ask us to correct mistakes.
  • Ask us to erase the data.
  • Ask us to temporarily stop processing, or object to processing based on legitimate interest.
  • Receive a machine-readable copy of your data (data portability).
  • Withdraw consents you have given, with effect going forward.

Send requests to [email protected]. We respond within 30 days.

7. Complaints to the Norwegian Data Protection Authority

If you believe we are processing data incorrectly, you have the right to file a complaint with Datatilsynet, the Norwegian Data Protection Authority. See datatilsynet.no.

8. Changes

We may update this notice when our services or the regulations change. The latest update date appears at the top.

Questions or inquiry? [email protected] Contact us →