Personvernerklæring

1) Who we are (Controller)

Auk AS (“Auk”, “we”, “us”, “our”), Torggata 33, 0183 Oslo, Norway, is the controller of personal data collected through www.auk.com or www.auk.no and related services.
Email: hello@auk.com
For all privacy questions, please contact us at the email above.


2) What data we collect

  • Device & usage data (via our site/app): IP address, time zone, browser/device info, pages viewed, referral URLs, and identifiers set by cookies or similar technologies.

  • Order & customer data (when you buy or try to buy): name, email, phone, billing and shipping address, items ordered, order IDs, delivery status, support history.

  • Payment data: processed securely by our payment providers.

  • Marketing data: Your newsletter preferences and ad & conversion events we receive from ad platforms (e.g., page views, cart events, purchases).

  • Support data: content of messages you send us (e.g., email, contact forms) and any files you provide.


3) Why we process your data & legal bases (GDPR)

  • To sell and deliver products (manage orders, payments, shipping, customer service)
    Legal bases: Art. 6(1)(b) contract; Art. 6(1)(c) legal obligations (e.g., tax/bookkeeping).

  • Security and fraud prevention (IP checks, chargeback investigation, abuse prevention)
    Legal basis: Art. 6(1)(f) legitimate interests (we balance against your rights).

  • Email marketing via Omnisend (newsletters, product updates, campaigns)
    Legal basis: Art. 6(1)(a) consent (or “soft opt-in” for similar own products to existing customers where local law allows). You can opt out anytime.

  • Advertising with Google Ads and Meta (Facebook/Instagram)
    We use these only if you consent to marketing cookies in our banner. This may include conversion measurement and showing ads tailored to your interests.
    Legal basis: Art. 6(1)(a) consent. You can withdraw consent at any time (see Cookie banner/Settings).
    Note: For certain limited stages of data collection using Meta’s tools, we and Meta may act as joint controllers; Meta is an independent controller for use on its platforms afterwards.

  • Analytics
    We do not use Google Analytics. We may run strictly necessary technical analytics to operate the site. Any non-essential analytics would rely on your consent (if introduced later).


4) Cookies & similar technologies (ePrivacy)

We only set non-essential cookies (e.g., marketing) after you consent via our cookie banner. 

  • Strictly necessary cookies: always active (checkout, security).

  • Marketing cookies (Google Ads, Meta): only with your consent.
    For details (cookie names, providers, purposes, lifetimes).


5) Who we share data with (recipients)

  • E-commerce/hosting: Shopify (store platform).

  • Payment processors: Stripe, VIpps, Shopify Payments.

  • Shipping/logistics: Posten, Bring, DHL Helt Hjem and associated warehouses.

  • Email service: Omnisend.

  • Advertising partners: Google Ads and Meta.

  • Authorities/Legal: Where required by law or necessary to protect our rights.

We sign data processing terms with processors as required by GDPR and instruct them to process data only on our behalf.


6) International transfers

Some partners are located outside the EEA/UK (e.g., the United States). Where we transfer personal data internationally, we rely on:

  • an adequacy decision (where available), or

  • the EU’s Standard Contractual Clauses (SCCs) with supplementary measures, and/or

  • participation in the EU–US Data Privacy Framework (DPF) where applicable.


7) How long we keep data (retention)

  • Orders & customer service records: kept as long as needed for your purchase and support, and thereafter as required by accounting/tax laws (typically 5–10 years, depending on jurisdiction).

  • Email marketing data: kept until you unsubscribe or withdraw consent, or after 36 months of inactivity.

  • Cookies/marketing events: kept according to each cookie/tool’s lifetime. We delete or anonymize data when we no longer need it for the stated purposes.

 

8) Your rights (EU/EEA/UK)

You have the right to access, rectify, erase, restrict, and port your data, and to object to processing—including a right to object at any time to direct marketing and related profiling.
Where processing is based on consent, you may withdraw consent at any time (this does not affect prior lawful processing).
You also have the right to lodge a complaint with your local data protection authority (e.g., Datatilsynet in Norway).

 

9) Children

Our site is not directed to children under 13. For EU users between 13–16, parental/guardian consent may be required for processing based on consent, depending on national law.

 

We may update this Policy to reflect changes in our practices or legal requirements.