Privacy Policy

Privacy policy

 

The protection of your privacy is a priority.
The transmission of data on the internet may involve security holes and can not be fully protected from access by third parties. 

 

 

We treat your personal data as confidential and in accordance with the statutory data protection regulations such as the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to our company. 

 

 

General info.

 

If you contact us via e-mail or contact form, the data you provide (e-mail-address as well as name) will be used for the purpose of processing your request. We delete the data that is transferred in this context, if the storage is no longer necessary and if there are no further legal obligations such as statutory storage requirements. There is no transfer of this personal data to third parties. Legal basis is Art. 6 Para 1 lit. b. and f. GDPR.

 

Since we rely on contracted service providers for individual functions of our offers, we inform you about these third-party components and explain which data they collect and control in the section below. 

 

 

2 Rights

 

(1) With regard to the data processing to be described in more detail below, you have the right

 

  • to information (Art. 15 GDPR),

 

  • to rectification or erasure (Art. 16, 17 GDPR),

 

  • to restriction of processing (Art. 18 GDPR),

 

  • to object to the processing (Art. 18, 21 GDPR),

 

  • to data portability (Art. 20 GDPR).

 

 

(2) You also have the right to complain to the data protection supervisory authority about the processing of your personal data. 

3 Objection or revocation against the processing of your data

 

(1) If you have given your consent to the processing of your data, you can revoke them at any time. Such revocation will affect the admissibility of the processing of your personal data after you have given it to us.

 

(2) If we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if, in particular, the processing is not required to fulfill a contract with you. This is described in each case in the following description of the functions. In the event of such disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.

 

(3) Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your advertising conflict under the following contact details:

 

Maren Turmo          
Marenturmo.com
+47 91603483
Schøningsgate 34, 0236, Norway
Marenlturmo@hotmail.com

 

4 Information about the data processing

 

(1) In the case of a solely informative use of our website, i.e. if you do not provide us with information (for example, when contacting us via our contract form), we only collect the personal data your browser transmits to our servers. For technical reasons, especially to ensure a secure and stable website, these are the following data (so-called server log files): 

 

 

  • the type and version of your browser,

 

  • the operating system,

 

  • the previous that linked to our website (referrer URL),

 

  • the webpages visited on our site,

 

  • the date and time of your visit,

 

  • as well as your IP address.

 

 

We do not draw any conclusions about you. This information is needed in order to deliver the content of our website correctly, optimize the content and advertisement of our website, ensure the long-term viability of our information technology systems and website technology, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber attack. The anonymous data of the server log files are stored separately from all personal data provided by you.

 

The legal basis for the collection of these data is Art. 6 Para. 1 lit. f. GDPR. The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. 

 

(2) In addition to the aforementioned data, we use cookies on our website. Cookies are small text files stored on your hard drive and are associated with the browser you use. They only give us certain information. Cookies cannot run programs or transmit viruses to your computer. This processing makes our website more user-friendly, efficient and secure. The legal basis is Art. 6 Para. 1 lit. b. and f. GDPR.

 

(3) Our website uses transient cookies and persistent. Transient cookies are automatically deleted when you close the browser. Transient cookies include session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can also delete cookies in the security settings of your browser at any time. In addition, you can configure your browser setting according to your wishes and decline the acceptance of third-party cookies or all cookies. We point out, that as a result, you may not be able to use all features of our website.

 

If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analyzing, or improving the features of our website. 

5 Hosting

Within the framework of a processing on our behalf, a third party provider provides the services for hosting and displaying our website. All data collected as part of the use of this website will be processed on its servers. This service provider is located in a country outside the European Union, for which the European Commission has determined by decision an appropriate level of data protection.

 

6 SSL-Encryption

 

To guarantee the security of your data during transmission, we use encryption techniques such as SSL or TLS. You can recognize an encrypted connection in your browser when your browser address changes to HTTPS and the lock icon is displayed in your browser's address bar. 

7 Features and other offers of our website 

 

(1) In addition to the purely informational use of our website, we also provide you with special enterprise services. To do so, you will generally need to provide us with other personal information that we use to provide the service and for which the aforementioned data processing principles apply.

 

(2) We partly use external service providers to process your data. These external service providers have been selected carefully. They are bound to our instructions and regularly monitored.

 

(3) Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we inform you about the consequences of this circumstance in the description of the offer.

 

8 Order processing

 

(1) Our online shop uses the platform Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5 ("Shopify"). Shopify provides an e-commerce platform, which allows us to sell our goods. If you place an order in our online-shop, you agree to the storage and processing of your personal data by Shopify. The data provided during the ordering process is stored on a secure server. If you are located in the European Economic Area (EEA) or Switzerland, your data will be processed and stored in Ireland through Shopify International Ltd.. However, Shopify notes that as part of a smooth service, data can also be transferred to other regions, including the US and Canada. Shopify strictly adheres to the agreement between the EU and the USA and the agreement between Switzerland and the USA for data collection and use (EU - US Privacy Shield Framework.

 

This data is stored and processed for the purpose of supporting and processing your orders, your authentication, the processing of payment transactions and the improvement of Shopify's services. For more information on Shopify's terms of use and privacy, please visit http://www.shopify.com/legal/privacy or https://beta.help.shopify.com/pdf/gdpr-whitepaper.pdf. Legal basis is Art. 6 Para 1 lit. b and f. GDPR.

 

(2) The data you submit when ordering goods, will have to be processed to fulfill your order. Please note that orders cannot be processed without providing this data. The legal basis for this processing is Art. 6 Para. 1 lit. b. GDPR. After your order has been completed, your personal data will be deleted according to applicable legal regulations such as tax and commercial law. 

 

(3) By using our online shop, you also agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (for more information please see section § 4; a session cookie is a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your local currency. Legal basis is Art. 6 Para 1 lit. b and f. GDPR. 

 

(4) With the purpose of processing your order, we will first share your data with the shipping company responsible for delivery to the extent required to deliver your order and second with the payment service provider to the extent required to process your payment.

 

(5) If you wish to order goods in our online shop, it is necessary for the conclusion of the contract that you provide us with your personal data that we need for the processing of your order. Required entries are marked separately. We process the data provided by you to process your order. To complete the processe, we can also pass on your payment data to our house bank. The legal basis for this is Art. 6 Para 1 lit. b GDPR. We may also process the information to inform you about other interesting products from our portfolio or to send you an e-mail with technical information. Due to commercial and tax regulations, we are obliged to store your address, payment data and order data for a period of ten years. 

 

(5) In order to prevent unauthorized access by third parties to your personal data, in particular to financial data, the order process is encrypted using TLS technology.

 

9 Payment Service Provider

 

(1) At present, we use the external payment services PayPal and Stripe, which allow purchases on account or flexible installment payments. The payment service providers also offer other services, such as buyer protection and identity or creditworthiness checks. Legal basis is Art. 6 Para 1 lit. b and f. GDPR.

 

(2) Operating companies are

 

  1. PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg 

 

Payments are processed via PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards in case a user does not have a PayPal account. A PayPal account is managed via an e-mail address, that there are no classic account numbers. PayPal permits online payments to third parties and makes it possible to receive payments. PayPal also accepts trustee functions and offers buyer protection services.

 

  1. Stripe, 510 Townsend Street, San Francisco, CA 94103, USA 

 

(3) If you select one of the two payment service providers during the ordering process in our online shop as a payment option, your data will be automatically transmitted to the service provider. By selecting this payment option, you agree to the transfer of personal data required for payment processing.

 

Personal data processed by PayPal and Stripe include inventory data, such as your name, address, e-mail address, IP-address or bank details as well as other data necessary for payment processing. This information is required to complete the transactions and to perform an identification check. The data entered will only be processed and stored by PayPal and Stripe. We do not receive any information related to your account or credit card. The data may be transmitted to credit reporting agencies. The payment service providers may also collect and use data and information on your previous payment behavior as well as probability-values for your behavior in the future in order to decide on the reasoning, implementation or termination of a contractual relationship. The calculation of scoring is carried out on the basis of scientifically-recognized mathematical-statistical methods. 

 

(4) For the payment transactions only the terms and conditions and the privacy policy of PayPal and Stripe apply. For more information, please visit:

 

  1. PayPal: https://www.paypal.com/at/webapps/mpp/ua/privacy-full?locale.x=en_AT

 

  1. Stripe: https://stripe.com/privacy-center/legal

 

You have the possibility to revoke your consent for the handling of personal data at any time from PayPal and Stripe. A revocation will not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.

 

11 Social Media 

 

(1) We have integrated components of the service Instagram on our website. Instagram is a service, which allows us to share photos and videos. The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, United States.

 

(2) The services are integrated by a Instagram-button on our Website. We do not use any plugins. By integrating buttons, linked graphics prevent Instagram from automatically establishing a connection to the Instagram server when you visit our website. Only if you click on the linked graphic, you will be forwarded to the service of Instagram. In this case information about the use of our website will be recorded by Instagram. This information may include your IP address, the date and time you visited our site, as well as the pages you viewed.

 

(3) If you are logged in to your Instagram account while clicking on the linked graphic, Instagram matches this information with your personal Instagram account and stores the personal data. To prevent this, you must either log out of your Instagram account before clicking the linked graphic or make the appropriate settings in your Instagram account.

 

(4) Further information and the applicable data protection provisions of Instagram may be retrieved under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

 

  1. Name and contact details of the controller

 

The responsible controller is:

Maren Turmo
Marenturmo.com
+47 91603483
Schøningsgate 34, 0236, Norway
Marenlturmo@hotmail.com

 

  1. Purpose of and legal basis for precessing

 

We process personal data that we obtain from you in the context of our business relationship. We also process, insofar as necessary to provide our service, personal data that we obtain from publicly accessible sources (e.g. debt registers, commercial and association registers, press, internet) or that is legitimately transferred to us by other third parties (e.g. credit agencies). 

 

Relevant data is personal information (e.g. name, address and other contact details, date and place of birth and nationality), identification data and authentication data (e.g. passport data). Furthermore this can also be order data (e.g. payment orders); data from the fulfillment of our contractual obligations (e.g. sales data in payment transactions); information about your financial situation (e.g. creditworthiness data); marketing and sales data, including advertising data; documentation data (e.g. consultation protocol) and other data similar to the categories mentioned. 

 

In the context of our business relationship, you must provide all personal data that is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations or that we are legally obliged to collect. Without this data, we are, in principle, not in a position to close or execute a contract with you. So if you do not provide us with the necessary information, we cannot enter into or continue the business relationship you desire.

 

We solely process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Personal Data Act of Sweden („Ny Dataskyddslag“). 

  1. For the fulfilment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
    The processing of personal data (as defined by Art. 4 No. 2 GDPR) takes place within the context of the completion of our contracts with you, or the carrying out of pre-contractual measures that occur as part of a request.

 

  1. For compliance with a legal obligation (Art. 6 para 1 lit c GDPR)
    The processing of personal data may be necessary owing to a diversity of legal obligations.

 

  1. On the basis of your consent (Art. 6 para 1 lit. a GDPR)
    As long as you have granted us consent to process your personal data for certain purposes, this processing is legal on the basis of your consent. You may withdraw your given consent at any time with effect for the future. This shall have no effect upon the legality of the data processed prior to this withdrawal. 

 

  1. Within the scope of the balancing of legitimate interests (Art. 6 para. 1 lit. f GDPR)
    Where necessary, we will process your data beyond the actual fulfilment of the contract for the protection of the legitimate interests of our business or third parties. Examples in this regard include:
    - the assertion of legal claims and their defence during litigation;
    - the guaranteeing of the IT security and operation of our business;
    - crime prevention and solution;

 

  1. Recipient or categories of recipients of the personal data

 

Within our company, every unit that requires your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents appointed by us can also receive access to data for the purposes given, if they maintain confidentiality. These are companies in the categories of IT-services, logistics and payment. The basis for this is a order data processing agreement.

 

With regard to transferring data to recipients outside our business (third parties), we may pass on information about you only if legal provisions demand it or if you have given your consent. Under these requirements, recipients of personal data can be for example:

 

- public entities and institutions upon providing a legal or official obligation
- other companies to which we transfer your personal data in order to carry out a business relationship with you

 

Other recipients of data can be any units for which you have given us your consent to transfer data 

 

  1. Transmission of personal data to a third country

 

Your data is transmitted by means of a web-based application on the Internet. The confidentiality, integrity, authenticity and availability of the personal data can, as such, not be guaranteed. Your data can also be retrieved by means of the web-based application in third countries that do not observe any data protection regulations comparable with those of the European Union.

 

If it is necessary for the purpose of carrying your orders (e.g. payment orders) or if you have granted us your consent, we also transfer data to units in states outside the EU.

 

  1. Storage period of the personal data

 

After your data has been collected by us, we will process and store your personal data as long as it is necessary in order to fulfill our contractual and statutory obligations.

 

If personal data is no longer required in order to fulfill contractual or statutory obligations, it is deleted, unless a further processing is required. Purposes can be the fulfilling of obligations to preserve records according to commercial and tax law.

  1. Your rights

 

Pursuant to the European General Data Protection Regulation (GDPR), you have the right

 

  1. to access according to Art. 15 GDPR;
    to rectification according to Art. 16 GDPR;
    c. to erase according to Art. 17 GDPR;
    d. to data portability according to Art. 20 GDPR;
    e. to restrict processing according to Art. 18 GDPR;
    f.  to object according to Art. 21 GDPR.

 

Furthermore there is also a right to lodge a complaint with an appropriate data privacy regulatory authority (Art. 77 GDPR). 

 

To exercise your rights, please contact us via the contact details given in the imprint. 

 

If you have consented to the processing of your data by us you may withdraw this consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of any data processing for which consent was given and which was carried out prior to the withdrawal of said consent.