Datenschutzerklärung | Norwegian Health DSGVO

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is: Norwegian Health AS Kyrkjevegen 45 6230 Sykkylven Norway Email: info@norwegian-health.de EU Representative (Art. 27 GDPR): Global Office GmbH Werkstraße 11 56410 Montabaur Germany

2. General Information

We operate this online shop via the e-commerce platform Shopify. The protection of your personal data is very important to us. We process personal data exclusively in accordance with the GDPR and applicable national data protection laws. This Privacy Policy informs you about which personal data we collect, how we use it, and what rights you have.

3. Definitions

Personal data means any information relating to an identified or identifiable natural person. Anonymous information that can no longer be linked to an individual does not constitute personal data.

4. Personal Data We Process

Depending on how you use our website and services, we process in particular the following categories of personal data:

a) Contact details

First and last name Billing and shipping address Telephone number Email address

b) Contract and transaction data

Ordered products Order history Payment status Returns, cancellations, and refunds

c) Payment data

Payment method Payment confirmations Transaction identifiers

(Note: Payment data is primarily processed by our payment service providers; we do not receive full credit card details.)

d) Account data (customer account)

Username Password (encrypted) Account settings

e) Communication data

Customer service inquiries Email and support communications

f) Usage and device data

IP address Browser type Device Access times Website interactions

5. Sources of Data

We collect personal data: directly from you (e.g., orders or contact inquiries) automatically (e.g., cookies and server logs) via service providers acting on our behalf

6. Purposes of Data Processing

a) Performance of a contract (Art. 6(1)(b) GDPR)

Order processing Payment processing Shipping and delivery Account management

b) Legitimate interest (Art. 6(1)(f) GDPR)

Operation, security, and optimization of the website Fraud prevention Customer service Analysis and improvement of our services

c) Consent (Art. 6(1)(a) GDPR)

Newsletter Marketing communication Optional tracking and marketing cookies

Consent can be withdrawn at any time.

7. Marketing & Communication

If you subscribe to our newsletter or receive marketing communication, your data will be processed exclusively on the basis of your consent.

You can unsubscribe at any time via the unsubscribe link or by email.

8. Disclosure of Data to Third Parties

We only disclose personal data where this is necessary and legally permitted, in particular to:

a) Shopify

Our shop is operated by Shopify Inc. Shopify acts as a processor in accordance with Art. 28 GDPR. Shopify processes data exclusively to provide and optimize the shop infrastructure. More information: https://privacy.shopify.com

b) Fulfillment & logistics

Monta Deutschland GmbH Märkische Straße 10 47809 Krefeld Germany (Storage, shipping, returns)

c) Payment service providers

Depending on the selected payment method, e.g.: PayPal Klarna Stripe Credit card providers

These providers process personal data either under their own responsibility or, depending on the processing activity, as joint controllers in accordance with Art. 26 GDPR.

d) IT & marketing service providers

Hosting Email delivery Analytics and marketing tools (only with consent)

e) Customer service / call center

Global Office GmbH Werkstraße 11 56410 Montabaur Germany (Phone and written customer support) Processing is carried out as commissioned processing in accordance with Art. 28 GDPR on the basis of a corresponding contract.

9. International Data Transfers

Personal data may be transferred to countries outside the EU/EEA, particularly in connection with Shopify.

In such cases, we rely on: Standard Contractual Clauses of the European Commission (2021/914), or Adequacy decisions of the EU

10. Cookies & Tracking

We use cookies and comparable technologies. Non-essential cookies are only set with your consent. Further details can be found in our separate Cookie Policy.

11. Storage Duration

Personal data is stored only as long as necessary for the respective purposes or as required by statutory retention periods.

12. Rights of Data Subjects

You have the following rights, subject to legal requirements: Right of access (Art. 15 GDPR) Right to rectification (Art. 16 GDPR) Right to erasure (Art. 17 GDPR) Right to restriction of processing (Art. 18 GDPR) Right to data portability (Art. 20 GDPR) Right to object (Art. 21 GDPR) Right to withdraw consent Requests can be addressed to the contact details listed above.

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. For the EEA, an overview can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

14. Data of Children

Our services are not directed at children under the age of 16. We do not knowingly process personal data of children.

15. Data Security

We implement technical and organizational measures to protect your data. However, complete protection against third-party access cannot be guaranteed.

16. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to reflect legal or technical changes. The current version is always available on our website.