Privacy Policy

1. Who we are

Nordvell AS is a Norwegian company registered in Norway. We operate the website nordvell.com and sell skincare products directly to consumers. Our registered address and contact information are available on our contact page.

2. What data we collect

We collect the following personal data when you use our website or make a purchase:

• Name and contact information (email address, phone number, delivery address)
• Payment information (processed securely by our payment provider — we do not store card details)
• Order history and purchase data
• Website usage data via cookies (see Section 6)
• Communications you send to us (e.g. via our contact form or email)

3. How we use your data

We use your personal data to:

• Process and fulfil your orders
• Send order confirmations and shipping updates
• Respond to your enquiries
• Send marketing communications, if you have opted in
• Improve our website and services
• Comply with legal obligations

4. Legal basis for processing (GDPR)

We process your data on the following legal bases:

• Contract: To fulfil your order and provide our services
• Legitimate interest: To improve our services and prevent fraud
• Consent: For marketing communications and non-essential cookies
• Legal obligation: To comply with Norwegian and EU law

5. Data sharing

We do not sell your personal data. We share data only with trusted third parties who help us operate our business, including our payment processor, shipping provider, and email service. All third parties are bound by data processing agreements and may not use your data for their own purposes.

6. Cookies

We use cookies to make our website work and to understand how it is used. Essential cookies are required for the site to function. Analytics and marketing cookies are only set with your consent. You can manage your cookie preferences at any time via the cookie settings link in our footer.

7. Data retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law. Order data is retained for 5 years for accounting purposes. Marketing data is retained until you unsubscribe.

8. Your rights

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing
• Data portability
• Withdraw consent at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with Datatilsynet, the Norwegian Data Protection Authority (datatilsynet.no).