1. Data Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is: Norwegian Health AS Kyrkjevegen 45 6230 Sykkylven Norway Email: info@norwegian-health.de EU Representative (Art. 27 GDPR): Global Office GmbH Werkstraße 11 56410 Montabaur Germany
2. General Information
We operate this online shop via the e-commerce platform Shopify. The protection of your personal data is very important to us. We process personal data exclusively in accordance with the GDPR and applicable national data protection laws. This Privacy Policy informs you about which personal data we collect, how we use it, and what rights you have.
3. Definitions
Personal data means any information relating to an identified or identifiable natural person. Anonymous information that can no longer be linked to an individual does not constitute personal data.
4. Personal Data We Process
Depending on how you use our website and services, we process in particular the following categories of personal data:
a) Contact details
First and last name Billing and shipping address Telephone number Email address
b) Contract and transaction data
Ordered products Order history Payment status Returns, cancellations, and refunds
c) Payment data
Payment method Payment confirmations Transaction identifiers
(Note: Payment data is primarily processed by our payment service providers; we do not receive full credit card details.)
d) Account data (customer account)
Username Password (encrypted) Account settings
e) Communication data
Customer service inquiries Email and support communications
f) Usage and device data
IP address Browser type Device Access times Website interactions
5. Sources of Data
We collect personal data: directly from you (e.g., orders or contact inquiries) automatically (e.g., cookies and server logs) via service providers acting on our behalf
6. Purposes of Data Processing
a) Performance of a contract (Art. 6(1)(b) GDPR)
Order processing Payment processing Shipping and delivery Account management
b) Legitimate interest (Art. 6(1)(f) GDPR)
Operation, security, and optimization of the website Fraud prevention Customer service Analysis and improvement of our services
c) Consent (Art. 6(1)(a) GDPR)
Newsletter Marketing communication Optional tracking and marketing cookies
Consent can be withdrawn at any time.
7. Marketing & Communication
If you subscribe to our newsletter or receive marketing communication, your data will be processed exclusively on the basis of your consent.
You can unsubscribe at any time via the unsubscribe link or by email.
8. Disclosure of Data to Third Parties
We only disclose personal data where this is necessary and legally permitted, in particular to:
a) Shopify
Our shop is operated by Shopify Inc. Shopify acts as a processor in accordance with Art. 28 GDPR. Shopify processes data exclusively to provide and optimize the shop infrastructure. More information: https://privacy.shopify.com
b) Fulfillment & logistics
Monta Deutschland GmbH Märkische Straße 10 47809 Krefeld Germany (Storage, shipping, returns)
c) Payment service providers
Depending on the selected payment method, e.g.: PayPal Klarna Stripe Credit card providers
These providers process personal data either under their own responsibility or, depending on the processing activity, as joint controllers in accordance with Art. 26 GDPR.
d) IT & marketing service providers
Hosting Email delivery Analytics and marketing tools (only with consent)
e) Customer service / call center
Global Office GmbH Werkstraße 11 56410 Montabaur Germany (Phone and written customer support) Processing is carried out as commissioned processing in accordance with Art. 28 GDPR on the basis of a corresponding contract.
9. International Data Transfers
Personal data may be transferred to countries outside the EU/EEA, particularly in connection with Shopify.
In such cases, we rely on: Standard Contractual Clauses of the European Commission (2021/914), or Adequacy decisions of the EU
10. Cookies & Tracking
We use cookies and comparable technologies. Non-essential cookies are only set with your consent. Further details can be found in our separate Cookie Policy.
11. Storage Duration
Personal data is stored only as long as necessary for the respective purposes or as required by statutory retention periods.
12. Rights of Data Subjects
You have the following rights, subject to legal requirements: Right of access (Art. 15 GDPR) Right to rectification (Art. 16 GDPR) Right to erasure (Art. 17 GDPR) Right to restriction of processing (Art. 18 GDPR) Right to data portability (Art. 20 GDPR) Right to object (Art. 21 GDPR) Right to withdraw consent Requests can be addressed to the contact details listed above.
13. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. For the EEA, an overview can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
14. Data of Children
Our services are not directed at children under the age of 16. We do not knowingly process personal data of children.
15. Data Security
We implement technical and organizational measures to protect your data. However, complete protection against third-party access cannot be guaranteed.
16. Changes to This Privacy Policy
We reserve the right to amend this Privacy Policy to reflect legal or technical changes. The current version is always available on our website.