Norrøna collects and uses your personal data when you visit our websites, buy our products on-line, apply for a position in our company or interact with us in other ways. Your privacy is important to us. We therefore want to make sure that you understand how we manage the personal data you entrust us with.
What is personal data?
Personal data is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Who is responsible for the processing of your personal data?
Norrøna Sport AS, Vollsveien 13h, 1366 Lysaker ("Norrøna") is responsible for the processing of your personal data (data controller). You can find our contact information here .
How do we collect your personal data?
When you buy products or services from Norrøna or interact with us in other ways, we collect three types of personal data:
(1) Information you provide us with. When you buy our products and services, register as a user of our services or apply for a position in our company, you provide us with your personal data, e.g. personal name, workplace, country of residence, phone number or e-mail address. We store this information to be able to provide you with the services and/or the products that you have ordered, to improve our services and products, and to process and evaluate your job application. We may also store your personal data when you contact us, for instance when sending an e-mail to or calling our customer support or recruitment office.
(2) Information we collect when you use our services. When you use our services or interact with us in other ways, we may for example register which services you use and how you use them, as well as calls to our service center and online log-in attempts. This enables us to improve our services, prevent fraud and to adapt our services to your needs.
(3) Information we collect from other sources. We may receive information, e.g. anonymous cookie data, from other sources. This to better understand how you use our services, your preferences and to continuously improve the services that we provide you.
What is the legal basis for our processing of data?
The EU General Data Protection Regulative requires companies, such as Norrøna, to have a valid lawful basis for collecting and processing your data. Norrøna’s basis for collecting data is four-fold:
- Norrøna has a contractual obligation to you as a customer to ensure that the product or service you have purchased is delivered to you on time and with best possible service.
- Norrøna has a legal obligation to collect data due to financial reporting and auditing regulations.
- We use your personal information to pursue a legitimate interest and your rights and freedoms do not outweigh these interests.
- If you give your explicit consent, we will also be able to process your personal data for other purposes such as giving you a more personalized customer experience through our loyalty program.
What do we use your personal data for?
Norrøna uses the personal data we collect for the following purposes:
(1) Providing our services. We use data to provide our services to all our worldwide customers, to improve our services and to perform other essential business operations. This includes conducting research and providing customer support. Examples of such uses include the following:
- Providing the products. We use data to carry out transactions with us and to provide our products and service. This could entail sending you an email to remind you about the products you have in your shopping cart.
- Customer support. Knowing you as a customer ensures that you get a relevant and personalized customer service. We use data to handle orders, complaints and to provide other customer support services.
- Business operations. We use data to develop aggregate analysis and business intelligence that enables us to operate, protect, make informed decisions and report on the performance of our business.
(2) Development of Norrøna’s products and services. Norrøna uses information about, for example product repairs and digital behaviour to develop products and services. This data will, as far as possible, be aggregated and or anonymized.
(3) Communications. We use data we collect to communicate with you.
(4) Direct marketing. Norrøna will use for example information about your purchases and interests to personalize marketing to you. Your data will be used for marketing purposes only if you have given Norrøna explicit consent to do so. This consent can be withdrawn at any time by logging into Norrøna’s web portal.
If you consent, we may also use your personal data for other purposes than those set out above.
Who do we share your personal data with?
Access to the data is, in general, restricted to the current and future companies in the Arktis Holding group (currently Norrøna Sport, Norrøna Retail and Norrøna Q). We only share your personal data with third parties if you consent or when it is necessary in order to maintain and improve our website, perform our services, fulfil our contractual obligations with you or we are required to do so pursuant to statutory laws and regulations.
Norrøna may share your personal data with a third party that is contracted to perform a specific task or an operation. This may be vendors, agents or other sub-contractors working on our behalf in order to provide us with specific services – for example companies we have hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data to provide those functions.
We have entered into Data Processor Agreements with all relevant third parties to ensure that any third-party processing is lawful.
Where do we process your personal data?
Norrøna is an international business. We share personal data with both other companies in the group (including divisions, subsidiaries or affiliated companies), as well as with external processors located both inside and outside the EEA. This is only done when it is necessary in order to fulfil the purposes stated above such as providing you with the products you have ordered from us.
Transfer of personal data to internal and external processors in the US will only take place as long as the processor complies with the EU-U.S. Privacy Shield Framework. For other processors located in the U.S. or other processors located outside the EEA, transfer will only take place when appropriate safeguards are provided by using EU standard model clauses approved by the European Commission.
Both the EU-U.S. Privacy Shield Framework and the EU standard model clauses ensure that personal data are transferred in accordance with the strict privacy requirements in the EEA.
How long do we keep your personal data?
We do not store your personal data for a longer period than what is necessary to be able to provide our services and fulfil our contractual obligations, or in other ways fulfil the purposes of the processing. In general, basic customer data including information about purchase of products and services is deleted after 10 years. Data collected in the loyalty program is deleted if you withdraw your membership from the program.
Norrøna deletes or anonymizes personal data in accordance with the EU legislation. If data is anonymized, all identifiable data is deleted.
How do we keep your personal data safe?
We have implemented appropriate technical and organisational measures in order to ensure a level of security appropriate to the risk. This ensures the integrity of your personal data and that it is kept confidential and available. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access authorization controls.
We regularly review the level of security and potential appropriate measures.
What are your rights?
Your personal data shall be accurate and kept up to date. Norrøna will take utmost care to make sure your data is updated and correct. You are entitled to request us to provide information on what data is stored about you. You may also request that your personal data shall be deleted or corrected.
You also have the right to ask for data portability. This means that you may receive personal data that you have provided to us in a structured, commonly used and machine readable format.
Furthermore, you have the right to object to or to restrict the processing of your personal data, as well as oppose person profiling and automated decisions.
Cease of processing and deletion can be denied if the processing is necessary to fulfil our contractual obligations or to comply with legal obligations and/or for the establishment, exercise or defence of legal claim.
If you do not agree on how Norrøna handles your personal data, you shall have the right to complain to the Norwegian Data Protection Authority.
What about cookies?
Norrøna reserves the right to amend this personal data policy. All substantial amendments will be notified on our website.
How do you get in touch with us?
If you would like to know more or have any questions regarding how we collect and process data, you can contact us at dataprotectionofficer(at)norrona.com.
Here are more information on our cookies policy