PRIVACY POLICY
version effective from 10.05.2023
the previous version of the Privacy Policy is available here
What is a Privacy Policy?
We would like to provide you with details concerning our processing of your personal data in order to give you full knowledge and comfort in using our website.
Since we operate in the online sector, we know how important it is to protect your personal data. Therefore, we make particular efforts to protect your privacy and the information you provide us with.
We carefully select and apply appropriate technical measures, in particular programming and organisational measures, to ensure the protection of the personal data we process. Our website uses encrypted data transmission (SSL), which ensures the protection of your identity.
In our Privacy Policy, you will find all key information regarding our processing of your personal data.
Please read it, we promise it won’t take more than a few minutes.
Who is the administrator of the website: www.noremax.com?
The administrator of the website is Noremax AS with its registered office in Oslo, Waldemar Thranes, Gate 49C, 0173 Oslo, Norway, entered into the Register of Entrepreneurs maintained by the Brønnøysund Register Centre, under the registration number: 996808289 (i.e.: We).
Personal data
What legal act governs the processing of your personal data?
Your personal data are collected and processed by us in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1), commonly referred to as GDPR. In the scope not regulated by the GDPR, the processing of personal data is governed by the Personal Data Protection Act of 10 May 2018.
Who is the controller of your personal data?
The controller of your personal data is Noremax AS with its registered office in Oslo, Waldemar Thranes, Gate 49C, 0173 Oslo, Norway, entered into the Register of Entrepreneurs maintained by the Brønnøysund Register Centre, under the registration number: 996808289, e-mail: [email protected], phone.: +47 48955260.
You can contact us about your personal data using the following methods:
– e-mail: [email protected],
– traditional mail: Waldemar Thranes, Gate 49C, 0173 Oslo,
– by phone: +47 48955260.
How do we process the personal data, that you provide to us?
What personal data do we process and for what purposes?
On our website, we offer a variety of services as part of which we process different personal data on different legal grounds.
| Objective | Personal data | Legal basis for processing | Data retention time |
|---|---|---|---|
| conclusion and performance of an agreement | first name, last name, address for correspondence, e-mail address, telephone number, Taxpayer Identification Number, IP address, company name, REGON | article 6(1)(b) of the GDPR, i.e., processing in order to take action at your request, prior to conclusion of a contract, and processing necessary for the performance of a contract to which you are party | until the expiry of the limitation period for claims concerning the performance of the contract |
| creating and maintaining an account | first name, last name, e-mail address, telephone number, address for correspondence, nick, billing adress | article 6(1)(b) of the GDPR, i.e., processing in order to take action at your request, prior to conclusion of a contract, and processing necessary for the performance of a contract to which you are party | until the account is deleted |
| newsletter | e-mail address, first name, last name | Article 6(1)(a) of the GDPR, i.e. processing based on the consent given by you to the processing of your personal data | until the day you withdraw your consent to personal data processing |
| contact form | first name, last name, e-mail , phone number | article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing our legitimate interest in maintaining the continuity of communication and enabling contact with us in matters of business activity. | until you object to the processing of your personal data |
| online chat | data that you have provided during the chat conversation | Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing our legitimate interest in maintaining the continuity of communication and enabling contact with us in matters of business activity | until you object to the processing of your personal data |
| traffic analysis on the website | IP adress, browser data | Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing the Controller’s legitimate interest in analysing customer traffic on the website | until you object to the processing of your personal data |
| direct marketing of Goods and own services, including remarketing | IP adress, browser data | Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing the Controller’s legitimate interest in direct marketing of its own services, including remarketing | until you object to the processing of your personal data |
| determination, pursuit and enforcement of claims and defence against claims in proceedings conducted before courts and other state authorities | first name, last name, address, PESEL number, tax identification number (NIP), national business registry number (REGON), e-mail address, telephone number, IP number, bank account number, payment card number | article 6(1)(f) of the GDPR, i.e., processing for the purpose of pursuing our legitimate interest in establishing, pursuing, and enforcing claims and defending against claims in proceedings conducted before courts and other state authorities | until the expiry of the limitation period for claims concerning the performance of the contract |
| fulfilling legal obligations arising from legal regulations, in particular tax and accounting regulations | first name, last name, company name, PESEL number, tax identification number (NIP) or national business registry number (REGON), e-mail address, telephone number, address for correspondence, payment card number | Article 6(1)(c) of the GDPR, i.e., processing is necessary to fulfil legal obligations incumbent of the Controller, resulting from legal regulations, in particular tax and accounting regulations | until the expiry of the legal obligations imposed on the Controller which justify the processing of personal data |
Voluntary provision of personal data
Provision of the required personal data is voluntary, but it is necessary for us to provide services to you.
Recipients of personal data
The current list of entities to which we disclose your personal data can be found here.
Automated decision making (including profiling)
Your personal data will not be used for profiling or for automated decision making to You.
Will we transfer your personal data outside the EEA or to an international organisation?
In order to use Google tools, YouTube your personal data may be transferred to the United States where Google LLC servers are located.
Google LLC is on the list of entities participating in the “Privacy Shield” certification program* (link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) and applies the European Commission’s standard contractual clauses on data security.
In order to use the Facebook tools, your personal data may be transferred to the United States where Meta Inc. servers are located.
Meta Inc. It is included in the list of entities participating in the Privacy Shield Program (link: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active), in the field of Workplace service and advertising options and measurement tools. Meta Platforms Ireland Limited transfers data to Meta Inc. Based on the Facebook European Data Transfer Annex, which takes into account the standard new contractual clauses that came into force in 2022 More information can be found here: https://www.facebook.com/legal/terms/dataprocessing/update https://www.facebook.com/legal/EU_data_transfer_addendum/update.
Chatra may transfer and process personal data to and in the United States and any other place in the world where Chatra, its affiliates or sub-processors conduct data processing operations ensures that transfers are made in accordance with the requirements of the data protection regulations at all times.
Chatra data in accordance with EU standard contractual clauses also for personal data transferred via the Service from Europe outside Europe, directly or through further transfer, to any country or recipient not recognized by the European Commission as providing an adequate level of protection of personal data (in accordance with EU data protection law)
In order to use Mailchimp newsletter sending tools, your data may be transferred to the United States where the Rocket Science Group LLC servers are located.
Mailchimp is on the list of entities participating in the Privacy Shield Program (link: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active) and applies the model contractual clauses on data security approved by the European Commission.
In order to create statistics and content performance and protect against anti-DDoS attacks, through Cloudflare, your personal data may be transferred to the United States where CloudFlare Inc. servers are located.
CloudFlare Inc. Transfers personal data outside the EEA based on data transfer under EU standard contractual clauses, including additional measures if necessary. For more information, see the Privacy Policy at: https://www.cloudflare.com/privacypolicy/
In order to use Pinterest, your personal data may be transferred to the United States where the servers of Pinterest Inc. are located.
Pinterest Europe Ltd. transfers personal data outside the EEA only if there are adequate safeguards to protect personal data, such as standard contractual clauses.
In order to use the Twitter tools, your personal data may be transferred to the United States, where Twitter Inc. servers are located.
Twitter, Inc. Complies with the EU-US and Switzerland-US Privacy Shield principles for the collection, use, sharing and storage of personal information from the European Union, EFTA States and the United Kingdom, in accordance with the Privacy Shield principles (see https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO for more information). When providing personal data outside the European Union and EFTA countries, Twitter is based on EU standard contractual clauses.
In order to use Vimeo tools, your personal data may be transferred to the United States. Vimeo Inc. where applicable, use standard contractual clauses.
In order to use the Extreme IP Lookup application, your personal data may be transferred to the United States. Extreme IP Lookup uses standard contractual clauses in its contracts.
In order to use MailerSend, your personal data may be sent and stored in the United States. MailerSend Inc. applies standard contractual clauses.
In order to use the one.com services, your data may be transferred outside the EEA. In such cases, where processing takes place in a country outside the EEA, the standard contractual clauses of the EU Commission shall be applied.
*Please note that the Privacy Shield is no longer a law in force in the European Union and a program that sets certain standards for the protection of personal data for entities having their servers in the United States. Currently, it is a form of certification, entities inscribed in the Privacy Shield, meet certain standards of personal data protection.
How do we process your personal data, which we receive from other data controllers (e.g., Facebook)?
Our Online Shop allows you to:
- share the content of the Shop on your Facebook account,
- share the content of the Shop on your Pinterest account,
- share the content of the Shop on your Twitter account,
In such cases, we receive your personal data not directly from you, but from websites that provide these functionalities i.e.: Facebook, Twitter, and Pinterest. In order to give you full control over your data, we provide below information about how we process your personal data.
Categories of relevant personal data
We process the following categories of relevant personal data:
– identification data (i.e. personal data that you have published in your profile on Facebook, Twitter, Pinterest, first of all: name, surname, nick, e-mail address and image).
Source of personal data
Your personal data comes from the website:
- Facebook, the administrator of which is Meta Platforms Ireland Limited,
- Twitter, the administrator of which is Twitter International Company,
- Pinterest, the administrator of which is Pinterest Europe Ltd.,
Purposes and legal basis for the processing of personal data
Your personal data that we have obtained will be processed for the following purposes:
| Objective | Personal data | Legal basis for processing | Data retention time |
|---|---|---|---|
| Sharing content on your Facebook profile | name, surname, image | Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing the Controller’s legitimate interest in allowing you to distribute the content of the online shop using the functionality of Facebook | until you object to the processing of your personal data |
| Sharing content on your Twitter profile | name, surname, image | Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing the Controller’s legitimate interest in allowing you to distribute the content of the online shop using the functionality of Twitter | until you object to the processing of your personal data |
| Sharing content on your Pinterestprofile | name, surname, image | Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing the Controller’s legitimate interest in allowing you to distribute the content of the online shop using the functionality of Pinterest | until you object to the processing of your personal data |
What rights do you have regarding our processing of your personal data?
Pursuant to the GDPR, you have the right to:
- request access to your personal data
- request rectification of your personal data
- request deletion of your personal data
- requests that the processing of your personal data is restricted
- object to the processing of your personal data
- requests transfer of your personal data
If you submit any of the above requests, without undue delay – and in any case within one month from receipt of the request – we will inform you of the actions taken in connection with your request.
If necessary, we can extend the one-month period by another two months due to the complexity of the request or the number of requests.
In any case, we will inform you within one month of receiving your request about any extension and give you the reasons for the delay.
Right of access to personal data (Article 15 of GDPR)
You have the right to be informed whether we are processing your personal data.
If we process your personal data, you have the right to:
- access your personal data,
- obtain information about the purposes of the processing, categories of personal data processed, recipients or categories of recipients of these data, the planned period of storage of your data or criteria for determining this period, your rights under the GDPR and about the right to lodge a complaint with the President of the Office for Personal Data Protection, about the source of these data, about automated decision making, including profiling, and about the safeguards applied in connection with the transfer of these data outside the European Union;
- receive a copy of your personal data.
If you wish to request access to your personal data, please send your request to [email protected].
Right to correct your personal data (Article 16 of GDPR)
If your personal data are incorrect, you have the right to ask us to correct your personal data immediately. You also have the right to request that we supplement your personal data.
If you wish to request correction or supplementation of your personal data, please send your request to [email protected].
The right to have your personal data deleted, i.e., the so-called “right to be forgotten” (Article 17 GDPR)
You have the right to request that your personal data be deleted when:
- your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you have withdrawn a specific consent, to the extent that your personal data were processed on the basis of your consent;
- your personal data were processed illegally;
- you have raised objections to the processing of your personal data for the purposes of direct marketing, including profiling, to the extent that the processing of personal data is connected to direct marketing;
- you have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by us or a third party.
Despite your request to delete your personal data, we may process your data further for the purpose of determining, pursuing or defending claims, of which you will be informed.
If you wish to request the deletion of your personal data, please send your request to [email protected].
Right to submit a request to restrict the processing of your personal data (Article 18 of GDPR)
You have the right to request the restriction of the processing of your personal data when:
- you are questioning the correctness of your personal data – in this case, we will limit the processing of your personal data for a period of time that allows us to check the accuracy of the data;
- the processing of your data is unlawful, and instead of deleting your personal data you request limited processing of your personal data;
- your personal data are no longer needed for the purposes of the processing, but are needed to establish, pursue or defend your claims;
- you have objected to the processing of your personal data – until it is determined whether our legitimate interests take precedence over the grounds for objection.
If you wish to request restricted processing of your personal data, please send your request to [email protected].
Right to submit an objection to the processing of your personal data (Article 21 of GDPR)
You have the right to object to the processing of your personal data at any time, including profiling, in connection with:
- processing necessary for the performance of a task carried out in the public interest or processing necessary for purposes resulting from legitimate interests pursued by the Controller or a third party;
- processing for direct marketing purposes.
If you wish to submit an objection to the processing of your personal data, please send your request to [email protected].
Right to request transfer of your personal data (Article 20 of GDPR)
You have the right to receive your personal data from us in a structured, commonly used machine-readable format and to send data to another personal data controller.
As standard, we will provide you with your personal data in CSV format. If you prefer to have your data provided to you in a different format, please indicate your preferred format in your request. As far as possible, we will try to provide your data in your preferred format.
You can also request that we send your personal data directly to another controller (if technically possible).
If you wish to request a transfer of your personal data, please send your request to [email protected].
Can you revoke your consent to personal data processing?
You may revoke your consent to the processing of your personal data at any time.
Withdrawal of consent to personal data processing does not affect the legitimacy of the processing carried out by us on the basis of your consent before it was withdrawn.
If you wish to withdraw consent to the processing of your personal data, please send your request to [email protected].
Complaint to the supervisory authority
If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or where the alleged infringement was committed.
In Poland, the supervisory authority within the definition of the GDPR is the President of the Office for the Protection of Personal Data, who replaced the GIODO on 25 May 2018.
You can find more information here.
COOKIES
General information
While browsing the web pages of the Online Shop, HTTP cookies are used, hereinafter referred to as cookies, in other words, small text data files, saved on your end device while using the Online Shop. Their use is aimed at facilitating the operation of our Online Shop website.
These files allow us to identify the software you are using and tailor our Online Shop to your needs.
Cookies usually contain the name of the domain from which they come, the duration of their storage on the device and the values assigned to them.
Safety
Cookies we use are safe for your devices. Therefore, no viruses and no unwanted or malicious software can affect your devices via cookies.
Types of cookies
We use two types of cookies:
- Session cookies: stored and kept on your device until the web browser is closed. Saved information is then permanently deleted from the memory of your device.
This mechanism does not allow the acquisition of any personal data or confidential information from your device.
Persistent cookies: stored and kept on your device until deleted. Closing the web browser or switching off the device does not cause them to be removed from your device. This mechanism does not allow the acquisition of any personal data or confidential information from your device.
Aims
We also use the cookies of external entities for the following purposes:
- Online Shop configuration;
- to promote the Online Shop with social media Facebook, whose administrator is Meta Platforms Ireland Limited. The Facebook Privacy Policy is available at the following link: https://pl-pl.facebook.com/privacy/explanation;
- creating statistics that help to understand how the users of the Online Store use the websites, which allows them to improve their structure and content through Google Analytics analytical tools, the administrator of which is Google Ireland Ltd. Based in Ireland, the Google Privacy Policy is available at the following link: https://policies.google.com/privacy?fg=1;
- determining the Client’s profile to display tailored materials in advertising networks, using the Google Ads advertising web tool, which is managed by Google Ireland Ltd. Based in Ireland, the Google Privacy Policy is available at the following link: https://policies.google.com/privacy?fg=1;
- to collect information about your behaviour using Facebook Pixel, which is administered by Meta Platforms Ireland Limited, based in Ireland, Facebook’s Privacy Policy is available at the following link: https://www.facebook.com/help/cookies/;
- to promote the Online Shop with social media Twitter, whose administrator is Twitter International Company. The Twitter Privacy Policy is available at the following link: https://twitter.com/en/privacy
- to promote the Online Shop with social media Pinterest, whose administrator is Pinterest Europe Ltd. Based in Ireland, Pinterest’s Privacy Policy is available at the following link: https://policy.pinterest.com/pl/privacy-policy;
- communication in the context of a chat on the website using the application provided by Roger Wilco, LLC. The Chatra Privacy Policy is available at the following link: https://chatra.com/gdpr/;
- to provide map functionality on the Website using Google Maps API tools, the controller of which is Google LLC, based in the USA, Google’s Privacy Policy is available at the following link: https://policies.google.com/privacy/;
- to provide you with the possibility of using courses and training, we use Vimeo cookies, whose administrator is Vimeo Inc. The Vimeo Privacy Policy is available at the following link: https://vimeo.com/privacy;
- to promote the Online Shop with social media YouTube.com website, the administrator of which is Google Ireland Ltd. With its registered office in Ireland, the Privacy Policy is available at the following link: https://policies.google.com/privacy?hl=pl&gl=pl.
To be familiar with the rules for the use of cookies, we recommend that you read the privacy policies of the companies mentioned above.
Cookies may be used by advertising networks, especially Google, to display ads tailored to your preferences. To do so, information may be saved on your Internet behaviour or your activities on the website.
To browse and edit information on your preferences, collected by the advertising network of Google, you may use the tool available at this address: https://www.google.com/ads/preferences/.
You may change the cookie settings by yourself at any moment in the options of the web browser or service, to specify conditions for storing such files and granting access to your device via them. You may change these settings to block the automatic handling of cookies in the options of your web browser or to be informed every time they are stored on your device. Detailed information on the options and methods for handling cookies is available in the settings of your software (web browser).