Privacy policy

Last updated: 16 April 2026

Data controller

The data controller for this website is:
OISG
Email: info@oisg.ai

What we collect and why

No cookies

This site does not set any cookies. No first-party cookies, no third-party cookies, no tracking cookies, no session cookies. No cookie banner is needed because there are no cookies to consent to.

No analytics

This site does not use any analytics service. No page views, sessions, or user behaviour is tracked or recorded. Server access logs may be retained by the hosting provider for operational purposes; these are not used for profiling or marketing.

Contact form

The contact form on the contact page collects: name, email address, organisation (optional), subject, and message. This data is submitted to Formspree, Inc. (USA), a third-party form processing service, and forwarded to us via email.

  • Legal basis: consent (Art. 6.1.a GDPR) — you actively choose to submit the form.
  • Purpose: to respond to your enquiry.
  • Retention: form submissions are retained by Formspree for 30 days and in our email inbox until the enquiry is resolved, then deleted.
  • Transfer outside EU: Formspree is a US-based service. The transfer is covered by the EU–US Data Privacy Framework. See Formspree's privacy policy.

External fonts

This site loads the Inter and JetBrains Mono typefaces from Google Fonts. When you visit the site, your browser connects to Google's servers (USA) to download the font files. Google may log this request (IP address, user agent) according to its own privacy policy. No cookies are set by this interaction.

  • Legal basis: legitimate interest (Art. 6.1.f GDPR) — consistent typography across the site.
  • Transfer outside EU: Google LLC complies with the EU–US Data Privacy Framework.

OISG Adequacy Test

The adequacy test runs entirely in your browser. No data entered in the test — including organisation name, assessor details, and assessment results — is transmitted to any server. The downloadable certificate is generated locally in your browser as a PNG image. No personal data is collected or processed.

Your rights

Under the GDPR (Articles 15–22), you have the right to:

  • Access — request a copy of any personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — request that we limit processing of your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — at any time, for processing based on consent.

To exercise any of these rights, contact us at info@oisg.ai. We will respond within 30 days.

Supervisory authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence.

Changes to this policy

If we change this privacy policy, we will update the "last updated" date at the top of this page. Since we do not collect email addresses for marketing, we cannot notify you of changes directly.

Contact

For questions about this privacy policy: info@oisg.ai