Privacy Policy
1. Data Controller
Arctic Royal AS (org.nr. 937800584), Dalenveien 29A, 3031 Drammen, Norge, is the data controller responsible for the personal data we collect through this website. For questions regarding your personal data, contact us via our contact form.
2. What Data We Collect
When you use our website or place an order, we may collect the following personal data:
- Name, email address, phone number and delivery address
- Payment information (processed securely by our payment providers — we do not store card details)
- Order history and purchase behaviour
- IP address, browser type and device data via cookies and analytics tools
3. Legal Basis for Processing
We process your personal data on the following legal grounds under the GDPR:
- Contract (Art. 6(1)(b) GDPR) — to fulfil your order and manage your customer relationship.
- Legal obligation (Art. 6(1)(c) GDPR) — to comply with Norwegian accounting law (Bokføringsloven), which requires us to retain transaction records for five years.
- Legitimate interest (Art. 6(1)(f) GDPR) — for fraud prevention and website analytics.
- Consent (Art. 6(1)(a) GDPR) — for marketing communications. You can withdraw consent at any time.
4. How We Use Your Data
- Processing and delivering your orders
- Sending order confirmations and shipping updates
- Handling returns, complaints and customer service enquiries
- Sending marketing communications (with your consent)
- Improving our website and services
- Complying with legal obligations
5. Sharing Your Data
We share your personal data only where necessary:
- Shopify Inc. — our e-commerce platform and data processor. Shopify is certified under applicable data protection frameworks.
- Payment providers — Klarna, Vipps and other providers process payment data under their own privacy policies.
- Shipping carriers — your name and delivery address are shared with the carrier to fulfil your order.
- Analytics providers — anonymised usage data may be shared with analytics tools to improve our services.
We do not sell your personal data to third parties.
6. Transfer Outside the EEA
Shopify Inc. is headquartered in Canada, which the European Commission has determined provides an adequate level of data protection. Any other transfers outside the EEA are made with appropriate safeguards, such as Standard Contractual Clauses.
7. Data Retention
- Order and transaction data — retained for five years in accordance with the Norwegian Bookkeeping Act (Bokføringsloven).
- Customer account data — retained for as long as your account is active, or until you request deletion.
- Marketing data — retained until you withdraw consent.
- Analytics data — retained per the applicable provider's policy.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15) — request a copy of the data we hold about you.
- Right to rectification (Art. 16) — request correction of inaccurate data.
- Right to erasure (Art. 17) — request deletion of your data, subject to legal retention obligations.
- Right to restriction (Art. 18) — request that we limit how we process your data.
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interest or for direct marketing.
- Right to withdraw consent (Art. 7(3)) — withdraw consent for marketing at any time, without affecting the lawfulness of prior processing.
To exercise your rights, contact us via our contact form. We will respond within 30 days.
9. Cookies
Our website uses cookies to ensure functionality, analyse traffic and personalise content. You may adjust cookie preferences in your browser settings. Disabling certain cookies may affect the functionality of the website.
10. Complaints
If you believe we are processing your personal data in violation of applicable law, you have the right to lodge a complaint with the Norwegian Data Protection Authority:
Datatilsynet
Postboks 458 Sentrum, 0105 Oslo
datatilsynet.no