Privacy Policy - GDPR

This privacy policy applies to the services offered by Brynje of Norway AS, including in our physical store and through our webshop at www.brynje.no. The policy aims to describe what type of personal data Brynje of Norway AS obtains from customers and website users, for what purpose, how long we keep the data, who it is shared with and how it is processed. It also sets out the measures we take to safeguard data collected when online purchases are made and our services are used.

We value the right to privacy and are committed to safeguarding your personal data. All personal data is collected and processed in accordance with applicable legislation, including Personopplysningsloven and Personopplysningsforskriften, Norway’s implementation of the EU General Data Protection Regulation (GDPR).

Personal data is information that relates to or can be related to an individual, who can be directly or indirectly identified via that information. According to GDPR, our website users and customers are considered data subjects and have the following rights:

The right to be informed about any personal data we collect, how it is being used, how long it will be kept and if it will be shared with third parties.
The right to request access to your personal data at any time.
In the event that the personal data we hold about you is inaccurate or incomplete, you have the right to request that it be rectified or updated.
The right to request that your data be erased (‘the right to be forgotten’).
The right to request that we limit the way in which we use your personal data.
The right to have your personal data transferred to you securely, without its usability being affected (i.e., uncorrupted and legible).
The right to object to your personal data being processed at any time.
The right not to be subject to a decision solely based on automated processing, including profiling.

Exercising Your Rights Relating To Your Personal Data

Accessing your data: Registered account holders can find their personal data stored in on our website under the heading My Page, when logged in. To request access to your personal data, please contact us via email. Similarly, to request that your personal data be erased, rectified, updated, or if you object to the processing of your personal data, or would like to limit the way in which we use it, please email kundeservice@brynje.no.

Our Web Editor holds operational responsibility for compliant processing of your personal data under the applicable legislation. Brynje of Norway AS is the data controller, meaning that we determine why and how personal data is collected.

All collection and processing of personal data is based on consent by the data subject. Visitors to our website www.brynje.no can opt in or out of digital services provided, such as receiving newsletters.

Our website and e-commerce provider, Gurusoft AS, is responsible for the ongoing technical development and maintenance of www.brynje.no. As such, they are a data processor. Any data obtained in connection with the operation of the website is stored on separate servers operated by Gurusoft AS and is only accessible to them. A separate data processing agreement between the customer (Brynje of Norway) and Gurusoft AS regulates what information Gurusoft AS has access to and how it is processed.

Data Protection and Cookie Usage

When visiting our website, your browser will download cookies. These are small text files that are exchanged between your browser and our site, in order to improve your web browsing and shopping experience. You are given the option to accept or reject the download of cookies when visiting our website.

Cookies used on our website

Gurusoft AS provides the e-commerce platform and cloud service Gurusoft Ecommerce, for our website, and is responsible for its technical development, operation, and maintenance. Gurusoft uses the following two cookies on the website:

JSESSIONID; This cookie has a reference ID for a session file on the web server. The session file contains non-personal data. It is necessary for anonymous webshop users to have their own shopping cart, favourites, etc. The session file is automatically deleted after the user has closed their browser or is inactive, and thus the data is not permanently stored. Only system administrators have access to these session files.
listView; This is a cookie that enables the system to remember whether the user prefers a list or grid view. It does not collect personal data.

In addition, we have chosen to include the following cookies on our website:

Google Analytics: We use Google Analytics on our website in order to better understand how visitors use the site. Google Analytics enables us to see how long visitors stay on the site, what pages they visit, demographic information, interests, geographic location, user behaviour and technology. We primarily use Google Analytics for the purpose of reviewing the number of visits to our site, and rarely make use of the additional above-mentioned data obtained through this cookie. The data is stored for 14 months before being automatically deleted.
Facebook pixel: We use Facebook pixel on our website. Facebook Pixel is an analytical tool that measures how effective our Facebook advertising is. It enables us to measure conversions, build our audience, and optimise our ad campaigns on Facebook. We use Facebook pixel to understand what actions our visitors perform after they've clicked on an ad, and allows us to reach the most relevant audience. By learning from the behaviour of our website users, we can streamline the communication and messaging in our Facebook campaigns.

Security Certificate (SSL)

It is safe to visit our website. We apply a security certificate to confirm the site's identity and ensure that all communications are encrypted. We use a recognised security certificate from Norwegian market leader Commfides. The purpose of encryption is to ensure secure data communication between the server (our site) and the client (your web browser). This includes a digital certificate that proves that the site and its sender are genuine.

Personal Data Held On Registered Webshop Account Holders

Contact information such as name, address, e-mail address and telephone numbers
Purchase transactions / orders with delivery information, chosen shipping and payment method (excluding payment information such as credit card info)
E-mail communication such as order confirmations, offers, and system messages
Other information such as usernames, passwords, language preferences, shopping cart, shopping lists and favourites
Passwords are stored one-way encrypted
As a cloud service provider, Gurusoft AS collects and uses traffic information, such as browser type and IP address, and stores it for a limited period of time. These data logs are not extracted and used in other contexts. The purpose of the storage is:
- To detect and prevent security threats
- To provide stable and fast cloud services
- To be able to investigate and track any fraudulent or malicious actions against the cloud service

Personal data transferred to our Enterprise Resource Planning (ERP) system (Visma Business)

We now transfer the following personal data from our website to our ERP system:

Contact information such as name, addresses, e-mail address and telephone number
Purchase transactions / orders with delivery information, chosen shipping and payment method (excluding payment information such as credit card info)

Personal Data Shared With the Consignor (shipper)

We share your name, address, phone number and email address for the purpose of delivery-related communication.

Changes to this Policy

Brynje Of Norway AS may change this privacy policy if:

The way we process personal data changes
We consider it necessary due to changes in laws or regulations

Brynje Of Norway AS will make any changes visible and explicit within this policy text. We recommend that you read through our privacy policy regularly when visiting our website/webshop.

Please contact us here if you have any questions