Privacy Policy

Data Controller

Savora AS, registered in Norway and based in Oslo, is the data controller for personal information collected through savora.no and our newsletter. This policy is issued in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the Norwegian Personal Data Act (personopplysningsloven). For any matter relating to your personal data, contact us at info@savora.no.

Categories of Personal Data Collected

When you place an order, we collect your name, shipping and billing address, email address, telephone number, and the contents and value of the order. Payment is processed by our payment service provider; Savora does not collect or store full card numbers. When you subscribe to our newsletter, we collect your email address, the date of subscription and, where applicable, basic engagement data such as whether recent messages were opened. When you visit the website, we record limited technical information including IP address, browser type, and the pages requested, for the purposes of security and site operation.

Purposes of Processing

Personal data is processed solely for the purposes for which it was collected: performing the contract of sale, fulfilling and shipping orders, providing customer service, sending the newsletter where you have subscribed, complying with our legal obligations, and ensuring the security and integrity of the website. Savora does not sell or rent personal data to third parties, does not share personal data for the marketing purposes of others, and does not use personal data for automated decision-making or profiling.

Legal Basis for Processing

Processing of order data is carried out on the basis of the performance of a contract to which you are a party (Article 6(1)(b) GDPR). Processing of newsletter data is carried out on the basis of your consent (Article 6(1)(a) GDPR), which may be withdrawn at any time. Retention of accounting records is carried out to comply with a legal obligation under the Norwegian Bookkeeping Act (Article 6(1)(c) GDPR). Processing for the security of the website is carried out on the basis of our legitimate interest in preventing fraud and abuse (Article 6(1)(f) GDPR), balanced against the rights and freedoms of data subjects.

Recipients and Transfers

Personal data may be disclosed to processors acting on Savora's behalf and under written agreements that comply with Article 28 GDPR, including our payment service provider, our shipping carriers (including Posten Norge AS for Norwegian deliveries and international carriers for cross-border shipments), our newsletter platform, and our hosting provider. Personal data is not sold or shared for the marketing purposes of any third party. Where personal data is transferred outside the European Economic Area, transfers take place under appropriate safeguards within the meaning of Chapter V GDPR, including Standard Contractual Clauses adopted by the European Commission.

Retention Periods

Order and transaction records are retained for five years following the end of the accounting year in which the transaction took place, in accordance with the Norwegian Bookkeeping Act. Customer service correspondence is retained for two years from the date of last contact. Newsletter subscription data is retained until you unsubscribe or otherwise withdraw consent. Aggregated and anonymised technical logs are retained for no longer than fourteen months. Personal data is deleted or anonymised once the applicable retention period has expired.

Rights of the Data Subject

You have the right to request access to, and a copy of, the personal data we hold about you; to obtain rectification of inaccurate data; to obtain erasure of your data where one of the grounds in Article 17 GDPR applies; to obtain restriction of processing under Article 18 GDPR; to object to processing carried out on the basis of legitimate interest; to receive your data in a structured, commonly used and machine-readable format and to transmit it to another controller; and to withdraw any consent previously given, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. Requests may be addressed to info@savora.no and will be answered within thirty days. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet), Postboks 458 Sentrum, 0105 Oslo, Norway.

Cookies and Local Storage

The website uses strictly necessary cookies and local storage in order to operate essential functions such as the shopping bag and the secure checkout session. These are not subject to consent under section 2-7b of the Norwegian Electronic Communications Act. Any non-essential cookies, including for analytics or measurement, will be set only on the basis of your prior consent, which may be withdrawn at any time through your browser settings.

Security

Savora implements appropriate technical and organisational measures designed to ensure a level of security appropriate to the risk presented by processing, in accordance with Article 32 GDPR, including encryption in transit, restricted administrative access, and contractual obligations on processors. In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, Savora will notify the supervisory authority and, where required, affected data subjects, in accordance with Articles 33 and 34 GDPR.

Contact and Amendments

For any question concerning this policy or the processing of your personal data, please contact Savora AS, Oslo, Norway, at info@savora.no. Savora may amend this policy from time to time to reflect changes in its operations or in applicable law. The version published on this page is the version in force.