Privacy statement
Processing of personal data (privacy statement)
LA-VIE AS will process personal data in connection with our operations. We are committed to handling your personal data in a safe and secure manner. Below you will therefore find information about the personal data that is collected and how the personal data is processed, as well as your rights related to the processing of the personal data.
The controller for the personal data we process is LA-VIE AS, who can be contacted at info@la-vie.no
Processing of personal data:
We collect and use personal data for various purposes depending on who you are and how we come into contact with you. Below follows the personal data we process about you, the purpose and the legal basis for the processing, how long we process the personal data, etc.
By "personal information" is meant all information that can be linked to a natural person (the latter is referred to as "registered").
"Processing" means everything that is done with personal data, such as collection, registration, organisation, structuring, storage, adaptation or change, retrieval, consultation, use, disclosure by transfer, dissemination or all other forms of making available, compilation or combination, limitation, deletion or destruction.
Services - online shopping:
We collect and process personal data about the use of our services, such as when you shop in our online stores. The purpose, as well as the basis, for processing all personal data about you is to fulfill our agreement with you if you order and buy goods from our websites, cf. GDPR article 6 no. 1 point b). In addition, we process personal data to manage the relationship with our customers, secure and improve our services and protect our rights, etc. In these cases, the processing is done on the basis that we have a necessary legitimate interest in the said relationship, and that our interest outweighs the individual's privacy. In addition, we are required to store some information in connection with accounting, tax handling and possible warranty and return handling, Article 6 no. 1 point c). As stated below, we also process information based on your consent, in accordance with article 6 no. 1 point a).
Personal data that is collected and processed can be divided into two categories:
Information you give us.
Information we receive when you use our services.
- Information you choose to give us
If you choose to shop with us, we will collect and process the information you give us. This will be:
Your name
Your e-mail address that we use for communication related to your order/customer relationship
Your telephone number which we use for communication related to your order/customer relationship
Your address, where we will send any orders
Account number (if you have registered this) for payment of any receivables
Date of birth (optional)
This is information that you provide voluntarily, but which will be necessary to use or order from the website, and which is therefore a prerequisite for you to provide if you wish to shop with us.
We also need the information above to deliver the goods to you, as well as to contact you about conditions in connection with the order. We are also required to store this information in connection with accounting, tax handling and any warranty and return handling. This history is deleted when the purpose of the processing has ceased, see below, and is also available to you on "My page". For security reasons, we also store the IP address used to register the order.
For the information relating to your account with us, this will be stored and processed as long as your account is active or until you delete the account. If you have not made a purchase, the account will be deleted 12 months after the last activity on the account. If you have orders, the account will be deleted 5 years after the last activity on the account. A notice of deletion will be sent to the e-mail address you have provided, and if you do not respond, the account will be deleted 14 days after the notice has been sent. This is to ensure that we have order history etc. available in case of any complaints etc.
We may also process personal data relating to complaints, reclamations, including claims, or other matters relating to our services.
We use various payment providers in connection with payment in our online store. This means that we may transfer your personal data in the form of credit card numbers and contact and order details to the payment provider when the checkout is loaded, so that the payment provider can manage your purchase. For the payment itself, the payment provider is the data controller, and processes the personal data in accordance with the payment provider's own privacy statement.
If you contact customer service or communicate with us in other ways, we collect the information you provide in connection with the contact. This will be the following information:
Your name
E-mail address
Telephone number
Order number
The information you provide will be used in our internal test routines for our IT systems. These are tests we carry out to ensure that our systems work and have the degree of security they should.
- Information we receive when you use our services
When you use our websites, we collect and store log data about changes made to your customer profile (e.g. change of address, telephone number, etc.), as well as which categories and products you click on or search for. The logs are stored and deleted in the same way as for your account information, see above. This is to be able to track relevant changes, as well as learn what our customers are interested in and thus be able to improve our product range and our offers. This information is also used to make it possible to show you related products or send you related offers (if you have explicitly requested this). The information is also used to produce traffic statistics for e.g. capacity planning.
Like many other electronic services, we use cookies and similar technology ("cookies") to collect information about activity, browser and device.
Newsletter:
We send newsletters by e-mail to those who have subscribed to receive the newsletter. In order to receive the newsletter, you must wish to do so, and we then process personal data that enables us to send it out, which is your email address. The e-mail address is not used for anything other than sending out the newsletter.
We process the personal data based on your consent (GDPR Article 6 (1) a). You can withdraw your consent at any time by using the link in the newsletter or by contacting us. However, if you withdraw your consent, you will not be able to receive the newsletter.
The personal data is processed as long as you wish to receive the newsletter and have not terminated the subscription or indicated in other ways that you do not want the newsletter.
Use of websites:
In order to obtain information about the use of our websites, we use cookies. You can read more about cookies and which cookies we use below.
We use the information collected to improve the customer experience on websites and services, as well as to offer functionality in the services. We also use the information to provide visitors with recommendations and service adaptations that are most relevant to you. This will both be given on the basis of the visitor's behaviour, e.g. on the basis of services that have been used, links that have been clicked on, or information that has been read, and on the basis of the behavior of other users with similar usage patterns.
The personal information is also used to improve our websites, and to prepare statistics and understand the use of the pages. As far as is practically possible, we try to do this with anonymous information, without us knowing that the information is linked specifically to the individual visitor.
We process personal data above on the basis of our necessary legitimate interest (GDPR article 6 (1) f), possibly your consent, to adapt the website to our users and that this interest outweighs the individual's privacy. However, we safeguard the privacy of visitors to the website by only using the information for statistics. In these statistics, it is not possible to identify individuals. The information will be kept as long as it is necessary for the purposes mentioned above.
Storage and storage (deletion) of personal data
We keep personal data for as long as is necessary for the purpose for which the personal data was collected, and delete the data in line with requirements in the regulations. How long we process the individual types of information we process is included above where the individual treatments are mentioned.
Instead of deleting the personal data, it may in some cases be relevant to anonymise the personal data. Anonymization means that all identifying or potentially identifying characteristics are removed from data sets that are taken care of.
This means, for example, that personal data that we process on the basis of your consent will be deleted if you withdraw your consent. Personal data we process to fulfill an agreement with you is deleted when the agreement has been fulfilled and all obligations arising from the contractual relationship have been fulfilled, such as e.g. statutory obligations related to accounting, follow-up of the customer relationship related to complaints, etc. Personal data we process as a result of a legal obligation will be deleted as soon as we are no longer obliged to keep the data.
Transfer or disclosure of personal data to others:
We do not pass on personal data to others in cases other than those mentioned in this declaration and unless there is a legal basis for such disclosure. Examples of such a basis would typically be an agreement with or consent from the data subject or a legal basis that requires us to release the information. The latter applies to public activities such as tax collection (if necessary), accountant/auditor, as well as others that we need in our business as a bank connection.
We use data processors to collect, store or otherwise process personal data on our behalf. In such cases, we have entered into agreements to safeguard your rights and security for your personal data at all stages of the processing. See more below.
If it is required by law or there is a suspicion that an offense has been committed in connection with the use of our services, personal data we have stored about you may be handed over to public authorities.
If personal data may be subject to transfer to another organization in connection with a merger, financing, reorganization or dissolution transaction of all or part of us, we will only do this if the parties involved have entered into an agreement where the collection, use and sharing of the personal data is limited to the purposes relating to the transaction, including a provision on whether the transaction should proceed or not, and the personal data shall only be used by the parties involved to carry out and complete the transaction. If another company buys us or our business or assets, that company will have access to the personal data collected by us, and will assume the rights and obligations relating to your personal data as described in this privacy policy.
Transfer of personal data to recipients in countries outside the EEA:
It is a goal for us that all processing of personal data must be carried out within the EEA, but it may be that we use suppliers or process personal data outside the EEA. In such cases, transfer and processing outside the EEA will take place in a country approved by the European Commission or in accordance with a valid legal basis for the transfer of personal data according to GDPR chapter V. If transfer does not take place to a country approved by the European Commission, transfer will only take place in accordance with the guarantees set out in GDPR article 46 (2). You can find out which basis is used for transfer if you contact us.
Links to third parties/other websites:
There may be links to other websites or third parties that offer products or services, and other places that are not under our control. These links are provided only as an opportunity for users to obtain more information. Websites that are not part of ours, i.e. that are not under our domains, will process personal data as the data controller itself and will be able to have separate and independent privacy guidelines. We have no responsibility for the content and activities of these websites.
Security of the processing:
We place a high priority on the security of personal data in our business and will implement all required technical and organizational measures to secure your personal data. All processing will be encrypted if possible, and not available to anyone other than those who need personal data for their tasks.
We handle information so that it is correct, accessible and handled according to the degree of sensitivity of the information. We also use a number of security technologies and information security procedures to protect your personal data from unauthorized access, use or disclosure. Where necessary, risk assessments are carried out.
We have entered into data processing agreements with all our suppliers who process personal data, where they undertake the same level of security as we have for our processing of personal data.
We limit access to your personal data to the staff or third parties who will process the data on our behalf. These parties are subject to strict confidentiality requirements and we can impose sanctions or terminate the agreement if these requirements are not complied with.
Routines have been established for handling breaches of information security and routines (breach of privacy), and if there is a breach that entails a risk to the privacy of the personal data concerned, we will send a notice of deviation to the Norwegian Data Protection Authority as quickly as possible and at the latest within 72 hours of the breach discovered. If the breach entails a high probability for the privacy of those affected by the breach, we will also notify them.
Your rights when we process personal data about you:
Below are your rights as a registered user. To exercise your rights, you must contact us, see contact information above.
We will respond to your inquiry to us as soon as possible, and at the latest within 30 days. If it takes longer than 30 days, you will be notified. We will ask you to confirm your identity or provide additional information before we allow you to exercise your rights with us. We do this to be sure that we only give access to your personal data to you - and not to someone pretending to be you.
Control over your information:
You have the right to obtain information about and insight into the personal data we process about you. Through this declaration, we inform you about our processing of personal data. You can also contact us if you want more information.
In order for you to have control over your personal data, you will have access to the following tools:
Access to personal data (access) and updates. You will have access to the essentials of personal data that is processed about you by creating a user on the website, and you can then also update/correct the information. You can access information that is not available on "my page" by creating a customer case via "my page" on our website. Our customer service will then make available your information stored on your profile and you will receive a confirmation by e-mail when the information will be available to you. You will then be able to retrieve these by logging in to "my page".
Withdrawal of consent. If you later change your mind about our ongoing ability to collect information from sources that you have already agreed to, you can simply revoke your consent by changing the settings on "my page". If you do this, certain services will naturally lose functionality. Alternatively, you can contact customer service.
Deletion of account. If for some reason you wish to delete your user account, this can be done by logging into your customer profile via "my page".
Change and deletion:
You can also ask us to correct incorrect information we have about you through "my page", review or ask us to delete personal data. We will as far as possible accommodate a request to delete personal data, but we cannot do this if we still need the data.
Right to restrict or object to processing:
You have the right to have the processing limited in certain cases, see GDPR article 33, such as:
- a) You dispute the correctness of the personal data, for a period that enables us to check the correctness of the personal data.
- b) The processing is illegal, and you object to the deletion of the personal data and instead request that the use of the personal data be restricted.
- c) We no longer need the personal data for the purpose of the processing, but you need it to establish, enforce or defend legal claims.
- d) You have objected to processing according to GDPR article 21 no. 1 pending the check of whether our legitimate interests take precedence over your privacy.
The right to data portability:
For information which you have provided to us and which is necessary to carry out an agreement with us, and which is processed automatically (i.e. not manually by us), you can request to have the personal data about you handed over or transferred to another supplier in a structured, commonly used and machine-readable format (data portability).
Automated processing, including profiling:
There will be no automated processing, including profiling, based on your personal data that has legal effects or that significantly affects those to whom the personal data applies. See GDPR article 22 no. 1 and 4.
Use of data processors:
We do not sell your personal information to third parties, nor do we exchange or forward such information with third parties. A third party only gets access to the information if this is necessary to perform certain services for us, so that we can deliver our services to you. Relevant information that is necessary to carry out the transaction is shared with the payment partner and carrier.
Data processors are other companies that we use to process the personal data. Strict agreements are entered into to safeguard information security in such cases.
Complaints:
Of course, feel free to contact us if you have questions or concerns about how we process your personal data! If you believe that our processing of personal data violates these rules or privacy legislation, including the Personal Data Act or the Personal Data Protection Regulation (GDPR), you can also complain to the Norwegian Data Protection Authority. You can find information on how to contact the Norwegian Data Protection Authority on the Norwegian Data Protection Authority's website: www.datatilsynet.no.
We use the Norwegian Data Protection Authority as the leading supervisory authority for cross-border processing according to Article 56 GDPR.
Changes:
We may have to change the information about the processing of personal data from time to time, e.g. as a result of changes to the websites or our services, or if there are changes to the regulations on the processing of personal data. If this information changes, we will notify you if we have your contact details. Otherwise, updated information will always be readily available on our website.
Cookies:
This website uses cookies. We use cookies to personalize content and advertisements, to deliver social media features and to analyze our traffic. We also share information about how you use our website with our social media, advertising and analytics partners, who may combine it with other information you have made available to them or that they have collected through your use of their services.
Cookies are small text files that can be used by websites to make a user's experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.
This website uses different types of cookies. Some cookies are set by third-party services that appear on our pages.
You can change or revoke your consent via the Cookie Statement on our website.
Read our privacy policy to learn more about who we are, how you can reach us and how we process personal data.