Privacy Policy of Nordic Purr & Care

Effective date: 11 May 2026

1. Introduction and company information

This Privacy Policy explains how Nordic Purr & Care collects, uses, stores, shares, and protects personal data when you use our services, visit our website, contact us, or otherwise interact with us in connection with our cat-related business activities.

The data controller responsible for the processing of personal data is:

Nordic Purr & Care
Thorvald Meyers gate 35
0555 Oslo
Norway
Email: [email protected]
Phone: +47 23 45 78 19

This Privacy Policy is intended to provide information in accordance with applicable Norwegian privacy laws, including the Norwegian Personal Data Act and the General Data Protection Regulation (GDPR), as applicable in Norway.

2. Data collection and processing

We may collect and process the following categories of personal data:

• Identification and contact data: name, address, email address, telephone number, and other contact details.
• Customer and service data: information related to bookings, inquiries, purchases, service preferences, and communication history.
• Payment-related data: billing information, transaction details, and payment status. We do not store full card details unless necessary and handled by a secure payment provider.
• Website and technical data: IP address, browser type, device information, log data, cookies, and usage statistics.
• Pet-related information: details you provide about your cat(s), including name, age, health-related care instructions, feeding preferences, behavior notes, and other information necessary to provide our services.
• Communication data: messages, emails, phone call notes, feedback, and support requests.

We generally collect personal data directly from you. In some cases, we may receive data from third parties such as payment providers, booking systems, delivery partners, or publicly available sources where permitted by law.

3. Purpose of data processing

We process personal data for the following purposes:

• to provide and manage our cat-related services;
• to respond to inquiries and communicate with customers;
• to arrange bookings, deliveries, and service appointments;
• to process payments, invoices, and refunds;
• to maintain customer records and service history;
• to personalize and improve our services;
• to comply with legal obligations, including accounting and tax requirements;
• to protect our business, customers, and systems against fraud, misuse, and security incidents;
• to send service-related notices and, where permitted, marketing communications;
• to analyze website performance and improve user experience.

4. Legal basis for processing

We process personal data only where we have a lawful basis under applicable law. Depending on the context, the legal bases may include:

• Performance of a contract: where processing is necessary to provide requested services or fulfill an agreement with you;
• Compliance with legal obligations: where processing is required by Norwegian law, including bookkeeping, tax, and consumer-related obligations;
• Legitimate interests: where processing is necessary for our legitimate business interests, such as service improvement, customer support, fraud prevention, and IT security, provided these interests are not overridden by your rights and freedoms;
• Consent: where we rely on your consent, for example for certain marketing activities or optional cookies, you may withdraw consent at any time.

Where we process special categories of personal data, including any health-related information about a cat that may indirectly reveal information about an individual, we will do so only where permitted by law and with appropriate safeguards.

5. Data sharing and third parties

We may share personal data with third parties only when necessary and appropriate for the purposes described in this Policy. These third parties may include:

• Service providers: IT hosting providers, email providers, website analytics providers, customer management tools, and support platforms;
• Payment processors: companies that handle secure payment transactions;
• Accounting and legal advisors: where necessary for compliance and professional advice;
• Delivery and logistics partners: if relevant to the services requested;
• Authorities: public authorities, courts, or regulators where disclosure is required by law or necessary to protect legal rights.

We require our processors and partners to handle personal data securely and only in accordance with our instructions and applicable law.

6. Data transfer to third countries

In some cases, personal data may be transferred to or accessed from countries outside Norway and the European Economic Area (EEA). If such transfers occur, we will ensure that appropriate safeguards are in place, such as:

• an adequacy decision by the European Commission, where applicable;
• standard contractual clauses approved under applicable law;
• additional technical and organizational safeguards where necessary.

We take reasonable steps to ensure that any international transfer of personal data is protected in accordance with Norwegian and EEA data protection requirements.

7. Storage duration

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

• Customer and service records: retained for the duration of the customer relationship and for a reasonable period thereafter;
• Accounting and tax records: retained for the period required by Norwegian law;
• Communication records: retained as long as needed to handle the inquiry and for follow-up purposes;
• Marketing data: retained until you withdraw consent or object, where applicable;
• Technical logs and analytics data: retained for a limited period necessary for security, troubleshooting, and statistical purposes.

When data is no longer needed, we will delete it or anonymize it in a secure manner.

8. User rights

Subject to applicable law, you have the following rights regarding your personal data:

• Access: you may request confirmation of whether we process your personal data and obtain a copy of that data;
• Rectification: you may request correction of inaccurate or incomplete data;
• Erasure: you may request deletion of your data in certain circumstances;
• Restriction: you may request that we limit processing in certain cases;
• Data portability: you may request to receive certain data in a structured, commonly used, machine-readable format and, where technically feasible, have it transmitted to another controller;
• Objection: you may object to processing based on legitimate interests and to direct marketing at any time.

To exercise your rights, please contact us using the details provided in this Policy. We may need to verify your identity before responding. We will respond within the time limits required by applicable law.

9. Withdrawal of consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

You may withdraw consent by contacting us at [email protected]. If you withdraw consent, we may no longer be able to provide certain optional services or features.

10. Right to complain

If you believe that our processing of personal data violates applicable privacy laws, you have the right to lodge a complaint with the competent supervisory authority in Norway.

The relevant authority is the Norwegian Data Protection Authority (Datatilsynet). You may also contact us first so that we can try to resolve your concern directly.

11. Data security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include:

• access controls and role-based permissions;
• secure storage and encryption where appropriate;
• regular software updates and security monitoring;
• data minimization and limited retention practices;
• staff awareness and confidentiality obligations;
• backup and recovery procedures.

While we take reasonable steps to protect personal data, no system can be guaranteed to be completely secure.

12. Contact information

If you have questions about this Privacy Policy or our processing of personal data, or if you wish to exercise your rights, please contact:

Nordic Purr & Care
Thorvald Meyers gate 35
0555 Oslo
Norway
Email: [email protected]
Phone: +47 23 45 78 19

13. Changes to privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The updated version will be published on our website with a revised effective date.

We encourage you to review this Privacy Policy periodically to stay informed about how Nordic Purr & Care processes personal data.