Privacy policy

Privacy Policy

1. Who is responsible for data processing?

Scentsation.no (hereinafter "we") is the data controller of your personal information. Contact us at scentsation.no@gmail.com. We do not have a Data Protection Officer (DPO) as we do not conduct large-scale processing.

2. What information do we collect?

  • Customer & delivery data: name, address, email, phone number.
  • Payment data: transaction IDs (no card details).
  • Service usage: IP address, cookies, browser data.
  • Conversations/inquiries: emails and messages related to customer service.

We only use necessary data and avoid collecting sensitive information.

3. Why and on what legal basis?

  • Contract compliance: to process purchases and deliveries (GDPR Art. 6(1)(b)).
  • Consent: for marketing, newsletters, or analysis (GDPR Art. 6(1)(a)).
  • Legitimate interest: to prevent fraud and improve services (GDPR Art. 6(1)(f)).
  • Retention obligations: to comply with accounting and record-keeping duties.

4. Cookies and tracking tools

We only use essential cookies without consent for functionality. For analytics or marketing, active consent is required under the E‑com Act (from January 1, 2025). You will see a banner allowing you to accept or decline, and can change your preferences later.

5. Who do we share data with?

  • Posten: for delivery (data processing agreements in place).
  • Payment providers: see analysis IDs but not card data.
  • Marketing tools: only with your consent.
  • No data transfers outside EEA without adequate safeguards like EU Standard Contractual Clauses.

6. How long do we store your data?

  • Order data: up to 5 years (accounting requirements).
  • Customer correspondence/support: up to 2 years after last contact.
  • Cookies: stored based on your consent and the provider’s terms.

7. Your privacy rights

You have the right to:

  • Access the information we hold about you.
  • Correct or delete data.
  • Restrict processing of your data.
  • Request data portability.
  • Within the contract—withdraw consent or object to direct marketing.
  • Lodge a complaint to the Norwegian Data Protection Authority (Datatilsynet), address: Trelastgata 3, 0191 Oslo.

8. Data breaches

In case of a serious breach, we report to Datatilsynet within 72 hours and notify affected individuals about the risk, in accordance with GDPR Articles 33–34.

9. Security measures

We use technical and organizational measures—encryption, password protection, and access controls—to protect data.

10. Changes

We may update this privacy policy. For significant changes, you will be informed via banner or email. The revision date will be displayed at the top.

11. Contact

Scentsation.no
Email: scentsation.no@gmail.com