Privacy statement
Privacy statement
Office:
Shape Regine Norway AS
Kirkegata 2A
3770 Kragerø
Org no 933 141 136
e-mail. post@shaperegime.no
Our warehouse:
Shape Regine Norway AS
Rådyrveien 2
3799 Helle
e-mail. post@shaperegime.no
This privacy policy describes how bad.no ("the website" or "we") collects, uses and shares your personal information when you visit or make a purchase from the website.
Collection of personal information
When you visit the Site, we collect selected information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this privacy policy, we refer to any information that can uniquely identify an individual (including the information below) as "Personal Information". See the list below for more information about what personal data we collect and why.
Device information
- Examples of personal information collected: browser version, IP address, time zone, cookies, which websites or products you view, search terms and how you interact with the website.
- The purpose of the collection: to display the website correctly to you, and to perform analysis of website usage to optimize our website.
- Sources of the collection: is collected automatically when you access our website using cookies, log files, web servers, topic tags or pixels.
- Sharing to carry out our business purpose: shared with our data processor Shopify and Google Analytics.
Order information
- Examples of personal information collected: name, billing address, delivery address, payment information (including credit card numbers and social security number when paying invoices), email address and telephone number.
- The purpose of the collection: to provide products or services to you in order to fulfill our contract, to process your payment information, arrange shipping, and provide you with invoices and/or order confirmations, communicate with you, check our orders for potential risk or fraud, and when it is in line with the preferences you have shared with us, provide you with information or advertising related to our products or services.
- Sources of the collection: shared by you.
- Sharing to carry out our business purpose: shared with our data processor Shopify (e-com), Nets Easy (PGW), Brightpearl (DOP), Eye-share (EDI), Stamped (Product reviews), ShipTheory (TA) and Posten/Bring (logistics).
Customer support information
- Examples of personal information collected: name, billing address, delivery address, payment method, email address and telephone number.
- The purpose of the collection: to provide customer support and sales follow-up.
- Sources of the collection: shared by you.
- Sharing to carry out our business purpose: shared with Gorgias (CRM) and Microsoft 365 (email).
Klarna Payment
In order to be able to offer you Klarna's payment methods, we can send your personal data in the form of contact and order details to Klarna at checkout, so that Klarna can assess whether you qualify for their payment methods and to tailor these payment methods for you. Your personal data that is transferred is processed in accordance with Klarna's own privacy statement.
Minors
The site has no age restriction, but is not aimed at children. If you are under 18, you can only shop if you have your own bank card (debit card) that can be used for that. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at the address below to request deletion.
Sharing of personal information
We share your personal information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
- We use Shopify to run our online store. You can read more about how Shopify uses your personal information here: https://www.shopify.com/legal/privacy .
- We may share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
- We use Google, Bing and Facebook to provide you with targeted advertisements or marketing communications we think may be of interest to you.
- We use Klaviyo for sending newsletters to customers who have consented to it. You can read more about how Klaviyo uses your personal data here: https://www.klaviyo.com/legal/privacy-policy .
Behavioral advertising
As described above, we use your personal information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use the website. You can read more about how Google uses your personal data here: https://policies.google.com/privacy?hl=no . You can also opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout .
- We share information about your use of the website, your purchases and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
For more information on how targeted advertising works, visit the Network Advertising Initiative's (“NAI”) training page at https://thenai.org/about-online-advertising/faq/?tab=2 .
You can opt out of targeted advertising from:
- FACEBOOK - https://www.facebook.com/settings/?tab=ads
- GOOGLE - https://www.google.com/settings/ads/anonymous
- BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads ]
In addition, you may opt out of any of these services by visiting the European Interactive Digital Advertising Alliance (EDAA) at: https://www.youronlinechoices.com/nor/ .
Affiliate advertising
Bad.no uses the performance-based marketing service of Daisycon. Performance-based marketing is a fair form of advertising because the advertiser only compensates for actual and measurable results. In order to compensate for this measurable result, a match must be made between the publisher/site that redirected the visitor and the transaction generated as a result.
To use this service, we provide anonymous transaction data to Daisycon. This data applies; product descriptions, sales value and demographic and geographic features. These cannot be traced to a person and are only used for statistical purposes and shared with Daisycon. In addition to the anonymous transaction data, we provide the following data that falls under GDPR; 1) pseudonymised transaction IDs. These transaction IDs are not shared with third parties and are only used by us for validation purposes. 2) Through the technical process, your IP address is also passed on to Daisycon. This address is only stored anonymously in the Daisycon system. 3) The (hashed) email address and/or pseudonymized account ID. This data is not stored by Daisycon, but is immediately converted into anonymous hashes. This data is not shared with third parties. This data is only used in the process of assigning transactions.
For the above service, our partner Daisycon stores data and associated cookies and matching processes are used. The use of associated cookies, matching data and data storage does not endanger the privacy of the visitor to this website. See Daisycons privacy statement on this.
No consumer profiles (behavioural user profiles) are created via Daisycon's services. When it comes to data processing within the GDPR, we base ourselves on the basis of processing justified legitimate interest. However, we must inform our visitors about its use. A processing agreement has been entered into with Daisycon for the storage and processing of this transaction data.
Use of personal information
We use your personal information to provide our services to you, which include: offering products for sale, processing payments, shipping and fulfilling your order, and keeping you updated on new products, services and offers.
Legal basis
In accordance with the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following legal grounds:
- Your consent;
- The performance of the contract between you and the Website;
- Compliance with our legal obligations;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
Storage
When you place an order through the Website, we will retain your personal information for our records unless and until you ask us to delete this information. For more information about your right to erasure, see the "Your rights" section below.
Automatic decision making
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when this decision has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our data processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary rejection of IP addresses associated with repeated failed transactions. This rejection list lasts for a few hours.
- Temporary rejection list of credit cards linked to rejected IP addresses. This rejection list lasts for a few days.
Your rights
GDPR
If you are resident in the EEA area, you have the right to access the personal information we have about you, to transfer it to a new service, and to request that your personal information be corrected, updated or deleted. If you wish to exercise these rights, please contact us via the contact details below.
Your personal information will first be processed in Ireland and then transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers are GDPR compliant, see Shopify's GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR .
Information cookies
A cookie is a small text file that is downloaded to your computer or device when you visit our website. We use a number of different cookies, including functional, performance, advertising and social media or content cookies. Cookies improve your user experience by allowing the website to remember your actions and preferences (such as login, shopping cart and site selection). This means that you do not need to re-enter this information every time you return to the site or browse from one page to another. Cookies also provide information about how people use the website, for example whether it is their first visit or whether they are frequent visitors.
We use the following cookies to optimize your experience on our website and to provide our services.
Cookies necessary for the operation of the store
| Name | Function |
|---|---|
| _ab | Used in connection with access to admin. |
| _secure_session_id | Used in connection with navigation through an online store. |
| cart | Used in connection with the shopping cart. |
| cart_sig | Used in connection with the cash register. |
| cart_ts | Used in connection with the cash register. |
| checkout_token | Used in connection with check-out. |
| secret | Used in connection with the cash register. |
| secure_customer_sig | Used in connection with customer login. |
| storefront_digest | Used in connection with customer login. |
| _shopify_u | Used to facilitate updating customer account information. |
| returngo_customer_id | Used in connection with access to the return portal and does not track the user. |
| cookie test | This cookie is used to determine whether the visitor has accepted the cookie consent box. |
| CookieConsent | Stores the user's cookie consent state for the current domain. |
Reporting and Analysis
| Name | Function |
|---|---|
| _tracking_consent | Tracking settings. |
| _landing_page | Track landing pages. |
| _orig_referrer | Track landing pages. |
| _p | Shopify Analytics. |
| _shopify_fs | Shopify Analytics. |
| _shopify_s | Shopify Analytics. |
| _shopify_sa_p | Shopify analytics related to marketing and referrals. |
| _shopify_sa_t | Shopify analytics related to marketing and referrals. |
| _shopify_y | Shopify Analytics. |
| _y | Shopify Analytics. |
| _clad_id | Klaviyo temporary, automatically generated ID to track and identify visitors. |
| _go | Google Analytics is used to distinguish users. |
| _gid | Google Analytics is used to distinguish users. |
| _gat | Google Analytics is used to limit the frequency of requests. |
| AMP_TOKEN | Google Analytics contains a token that can be used to retrieve a client ID from AMP. |
| _ga_'container-id' | Google Analytics 4 is used to persist session state. |
| _gac_'property-id' | Google Analytics contains campaign-related information for the user. |
| _gac_gb_'container-id' | Google Analytics 4 contains campaign-related information. |
| _uetsid | Microsoft is used by Bing Ads for tracking. |
| MUIDB, MUID | Microsoft is used by Bing Ads to anonymously identify user sessions and measure ad campaigns. |
| PHPSESSID | Daisycon guarantees uniqueness to the visitor and transaction goals are generated. |
| DCI, PDC | Daisycon guarantees uniqueness to the visitor and transaction goals are generated. |
| ci_program_ID, ca_program_ID, si_program_ID | Daisycon guarantees uniqueness to the visitor and transaction goals are generated. |
| _cfduid | Daisycon is used to identify secure web traffic with Cloudflare. |
| smc_r, _spv, _tag, _uid, _sesn, _session, _dyn_string, _v4_number, _last_ov, -dv2, _loc_number, _not, _goal | A collection of 13 different cookies used by Intent.ly for functions on the website. |
| fevents.js | The Facebook Pixel is placed by Facebook and makes it possible to measure, optimize and build target groups for advertising campaigns displayed on Facebook. |
| IsContextID | Limespot authentication information for the current browser session. Expires immediately. |
| IsSema-* | Limespot semaphore cookies. Written values are removed immediately. Expires immediately. |
| IsUserID | Limespot identifier assigned to the user. |
| IsEncUserID | Limespot encrypted version of user ID. |
| IsAuthParams | Limespot parameters used to authenticate a session to obtain rendering settings. |
| IsAuthResult | Limespot results of a session authentication that includes rendering settings. |
| IsContext | Limespot information about the current session. (eg: currency code, e-commerce provider, etc.) |
| IsContextExpires | Limespot the session context expiration date. Set to 2 hours after last visit. |
| IsRecentViews | Limespot recently displayed items by the user. |
| IsActivities | Limespot user activity queue. |
The length of time a cookie remains on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. Session cookies last until you stop browsing, and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please note that removing or blocking cookies may have a negative impact on your user experience and that parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through the browser controls, which are often found in your browser's "Tools" or "Settings" menu. For more information on how to change your browser settings or how to block, manage or filter cookies, you can find in your browser's help file or through websites such as https://aboutcookies.org .
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt out of certain types of use of your information by these parties, please follow the instructions in the "Behavioral Advertising" section above.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to "Do Not Track" signals, we do not change our data collection and usage practices when we detect such a signal from your browser.
Changes
We may update this privacy policy from time to time to reflect, for example, changes in our practices or for other operational, legal or regulatory reasons.
Contact
For more information about our privacy practices, if you have any questions, or if you would like to make a complaint, please contact us by email at webshop@shaperegime.no or by post using the details below:
If you are not satisfied with our response to your complaint, you have the right to submit a complaint to the Norwegian Data Protection Authority. You can contact the Norwegian Data Protection Authority here: https://www.datatilsynet.no
Last updated:
Version 1.0 revised November 2021, updated August 2023.
Annual inspection OK January 2023.