Privacy Policy

Last updated:

1. Introduction

Exchangellhedgef ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website exchangellhedgef.world and use our services.

We comply with the EU General Data Protection Regulation (GDPR), the Norwegian Personal Data Act (personopplysningsloven), and other applicable data protection laws in Norway and the European Economic Area (EEA). Where this policy refers to GDPR, it includes equivalent rights and obligations under Norwegian law.

Using our website does not require you to accept non-essential cookies or marketing; those choices are managed separately via our Cookie Policy and cookie banner. Providing personal data through forms or orders is voluntary where not required by law or contract.

2. Data Controller Information

The data controller responsible for your personal data is:

Exchangellhedgef
Rindhovdavegen 21
2683 Tessanden
Norway
Email: reach@exchangellhedgef.world

If we are required to register a Norwegian organization number (organisasjonsnummer) or VAT number, it will be stated on order confirmations, invoices, or upon request for business customers.

3. Information We Collect

3.1 Personal Data You Provide

We collect personal information that you voluntarily provide to us when you:

  • Place an order through our website
  • Contact us via email or contact forms on our website

This information may include:

  • Full name
  • Email address
  • Phone number (optional)
  • Shipping and billing address
  • Payment information
  • Any messages or communications you send to us

3.2 Automatically Collected Data

When you visit our website, we may automatically collect certain information, including:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on pages
  • Referring website
  • Date and time of access

4. Purposes of Data Processing

We process your personal data for the following purposes:

  • Order Processing: To process and fulfill your orders, including shipping and payment processing
  • Customer Service: To respond to your inquiries, requests, and provide support
  • Communication: To send order confirmations, shipping updates, and important notices
  • Marketing: To send promotional materials only if you have given a separate, affirmative opt-in where required by law (you can unsubscribe at any time)
  • Website Improvement: To analyze website usage and improve our services
  • Legal Compliance: To comply with legal obligations and protect our rights

Electronic direct marketing (for example email newsletters) to individuals is sent only where we have a valid legal basis, such as your prior consent or an existing customer relationship where permitted under the Norwegian Marketing Control Act and ePrivacy rules.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill our contractual obligations to you (e.g., order processing)
  • Consent: Where you have given explicit consent for specific purposes (e.g., marketing communications)
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights
  • Legal Obligation: Where processing is necessary to comply with legal requirements

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Order Data: Retained for 7 years for accounting and tax purposes
  • Customer Service Records: Retained for 3 years after last interaction
  • Marketing Data: Retained until you withdraw consent or unsubscribe
  • Website Analytics: Retained for up to 26 months

After the retention period, your data will be securely deleted or anonymized.

7. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

  • Payment Processors: To process secure payments
  • Shipping Partners: To deliver your orders
  • Service Providers: Third-party services that help us operate our business (hosting, analytics, email services)
  • Legal Authorities: When required by law or to protect our legal rights

We ensure all third parties process your data in accordance with GDPR requirements through appropriate data processing agreements.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequate data protection laws
  • Other legally approved transfer mechanisms

9. Your Rights Under GDPR and Norwegian Law

As a data subject in the EEA/Norway, you have the following rights (including under the Norwegian Personal Data Act):

  • Right of Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data under certain conditions
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format, where technically feasible
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of processing before withdrawal)

We do not use solely automated decision-making, including profiling, that produces legal or similarly significant effects concerning you.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request without undue delay and in any event within one month, unless a longer period is permitted by law (in which case we will inform you).

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for data transmission
  • Secure servers and databases
  • Regular security assessments
  • Access controls and authentication
  • Employee training on data protection

11. Children's Privacy

Our website and services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be indicated by an updated "Last Updated" date. We encourage you to review this policy periodically.

13. Complaints and Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. In Norway, the supervisory authority is:

Datatilsynet (Norwegian Data Protection Authority)
Website: https://www.datatilsynet.no
Postal address: Postboks 458 Sentrum, 0105 Oslo, Norway
Visiting address: Tollbugata 3, 0152 Oslo, Norway

If you live in another EEA country, you may also contact your local supervisory authority.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Exchangellhedgef
Rindhovdavegen 21
2683 Tessanden
Norway
Email: reach@exchangellhedgef.world