Privacy policy

PRIVACY POLICY (PERSONVERNERKLÆRING)
Last updated: April 12, 2026

1. Data Controller and Legal Basis

FjordBites is the data controller for personal data processed through this online store and related services.

Processing is carried out in accordance with applicable data protection laws, including:
– Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
– Norwegian Personal Data Act (LOV-2018-06-15-38)
– ePrivacy Directive (2002/58/EC), where applicable
– Other applicable national and international data protection laws

By using the services, the user confirms that they have read and understood this Privacy Policy.

2. Purpose of Processing

Personal data is processed for the following lawful purposes:
a) Performance of a contract (GDPR Article 6(1)(b))
b) Compliance with legal obligations (Article 6(1)(c))
c) Legitimate interests (Article 6(1)(f))
d) Consent, where required (Article 6(1)(a))

Purposes include:
– Delivery of goods and services
– Payment processing and logistics
– Customer service and communication
– Security, fraud prevention, and risk management
– Marketing and personalization (where consent is given)

3. Categories of Personal Data

FjordBites may process the following categories:
– Identification and contact data
– Payment and transaction data
– Account information and preferences
– Technical information (IP address, device, browser)
– Behavioral data (use of the website)
– Communication data

Processing is limited to what is necessary, in accordance with the data minimization principle (GDPR Article 5(1)(c)).

4. Sources of Data

Personal data is collected from:
a) The user directly
b) Automatically via cookies and similar technologies
c) Service providers (e.g., payment and logistics partners)
d) Third parties and partners

5. Disclosure of Personal Data

Personal data may be shared with:
– Shopify Inc. as the technical platform provider
– Payment providers and financial institutions
– Logistics and shipping companies
– IT and analytics service providers
– Public authorities where required by law

All disclosures are made in accordance with GDPR Articles 6 and 28, and only where a valid legal basis exists.

6. International Data Transfers

Personal data may be transferred to countries outside the EEA.

Such transfers are carried out in accordance with:
– GDPR Chapter V
– Standard Contractual Clauses (SCCs) adopted by the European Commission
– Adequacy decisions under Article 45

By using the services, the user acknowledges that such transfers may occur.

7. Data Retention and Deletion

Personal data is stored only as long as necessary for the purpose, or to comply with:
– Legal obligations (e.g., accounting laws)
– Contractual obligations
– Dispute resolution and legal claims

Thereafter, data is deleted or anonymized in accordance with GDPR Article 5(1)(e).

8. Security

FjordBites implements technical and organizational measures in accordance with GDPR Article 32, including:
– Encryption and access control
– Secure payment solutions
– Monitoring of unauthorized access

However, absolute data security cannot be guaranteed.

9. User Rights

Users have the following rights under GDPR Chapter III:

– Right of access (Article 15)
– Right to rectification (Article 16)
– Right to erasure (Article 17)
– Right to restriction of processing (Article 18)
– Right to data portability (Article 20)
– Right to object (Article 21)

Where processing is based on consent, it may be withdrawn at any time.

10. Automated Decision-Making and Profiling

FjordBites may use automated systems for analysis and personalization.
This is carried out in accordance with GDPR Article 22 and does not adversely affect user rights.

11. Cookies

The services use cookies in accordance with the ePrivacy framework.
Users may manage or withdraw consent via browser settings or the cookie banner.

12. Children’s Privacy

The services are not intended for individuals below the legal age of majority.
FjordBites does not knowingly collect personal data from children in violation of applicable law.

13. Limitation of Liability

FjordBites is not responsible for:
– Third-party data processing
– Loss resulting from unauthorized access beyond our control
– Information shared by users on external platforms

14. Changes to This Policy

FjordBites reserves the right to update this policy to reflect:
– Legal requirements
– Technological changes
– Business needs

The updated version will be published on the website and becomes effective immediately.

15. Complaints and Supervisory Authority

Users have the right to lodge a complaint with a relevant supervisory authority, including:
– The Norwegian Data Protection Authority (Datatilsynet)

or the equivalent authority within the EEA.