Timeless Tattoo

Pilestredet 53E
0350 Oslo

post@timelesstattoo.no

+47 95 07 21 38

  • Mon – Fri: 11.00 – 18.00
  • Saturday: 11.00 – 17.00
  • Sunday: Closed

Privacy Policy

Responsible data controller

This privacy policy will explain to you how Timeless Inc AS (timelesstattoo.no) collects and processes personal information for business purposes. Timless Inc AS and its general manager is the responsible controller for this data processing.

NOTE: You may not copy this privacy policy or any of its content, ref. Copyright Act.

Our contact information:

Timeless Inc AS
Org. No.: 812 027 522
E-mail: post@timelesstattoo.no

Your rights

Please contact us if you have any questions regarding or in any way want to exercise your rights. You are entitled to a reply within 30 days. You can read more online at the Norwegian Supervisory Authority (Datatilsynet).

  • Accessing and correcting your information: You can ask for a copy of all the information we process about you and ask us to correct any incorrect information
  • Deletion or restriction: In some cases, you may ask us to remove or restrict the processing of information we have collected from you, but we can not delete information that we are required to process.
  • Object processing: if we process the information on you based on a legitimate interest, you have the right to object it.
  • Data portability: If we process your information based on consent or a contract, you can ask us to transfer the information about you to you or another data controller.
  • You can also make a complaint to the Norwegian Supervisory Authority, but we hope that you will us first so that we can try to resolve the matter accordingly.

Whom do we process personal information about?

We process personal information about:

  • Customers
  • Potential customers
  • Contacts with suppliers and partners
  • Website visitors
  • Jobseekers
  • Employees
  • Former employees

How do we collect personal information?

To provide us with any personal information is voluntary, but in order to conduct business, we do however require some information about you. We do not rent, buy or sell personal information from/to others. We do not use automated decisions or profiling in the processing of your personal information.

We process personal information when you:

  • Enter into an agreement with us on the purchase of products or services.
  • Send us an e-mail, text message or contact us via social media or any form of correspondence.
  • Sign up for our newsletter.
  • Sign up for our events, both free and paid.
  • Use our website (ref. section on cookies), and if you leave a comment or submit an inquiry via our contact forms.
  • Respond to a survey.

Categories of personal data, its purpose, and legal basis

We process personal data on the following legal basis from Article 6 no. 1 of the General Data Protection Regulation (GDPR):

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes

b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract

c) processing is necessary for compliance with a legal obligation to which the controller is subject

d) processing is necessary in order to protect the vital interests of the data subject or of another natural person

f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data

Inquiries (incl. general communication and support, customer service, etc.)

When you contact us through the website (contact form, comment field, etc.), e-mail, telephone (call or text message) or social media, we process your personal information.

Depending on where and how you contact us, this may include contact information, the IP address and other information you choose to send to us.

The purpose is to be able to respond to inquiries from you for history and to have documentation in case we receive complaints or legal claims. The legal basis is Article 6 no. 1 f) of the GDPR, which states that the legitimate interests are to respond to you, for history, and to have documentation in case of complaints or legal claims.

We review, archive and delete inquiries as needed, but no less than every other year. In order to retain any history of comments and the logic of these, comments are not systematically deleted. Inquiries that we are obliged to keep, such as documentation in connection with a complaint or a case of an appeal, are stored until the deadline for the complaint has expired (two or five years). Any data regarded as accounting material is kept for up to five years, in accordance with the rules of the Bookkeeping Act (bokføringsloven).

Purchase of products or services

When you purchase products and services from us, we process personal information such as contact information, ordering, and payment information and purchase history.

The purpose of this is to be able to deliver products and services to you after an order or purchase has been made, and to have a history of products and services sold. The legal basis lies with the GDPR and its Article 6 no. 1 b) regarding agreement or c) legal obligation. Accounting material is kept for up to five years, as mentioned.

Marketing in existing customer relationships

When you make a purchase with us and become our customer we will, as mentioned, process your personal data. If you have an existing customer relationship with us, we will able to send you content for marketing purposes via e-mail and SMS, in accordance with section 15 of the Marketing Control Act, as well as the accompanying guidance of the Consumer Authority.

The purpose is to be able to provide good customer service. The legal basis is Article 6 no. 1 f) of the GDPR, which states that the legitimate interests are to be able to offer you relevant products or services. Legality can also be based on the GDPR Article 6 no. 1 a), where you have given us your consent. You can opt-out of any e-mail or SMS marketing at any time. Information on how to unsubscribe is provided in all or any marketing-related e-mails/SMS we send. The information is stored until “the subject asks to be removed” or at the latest until 24 months after the last e-mail was opened.

Newsletter

We send out newsletters in the form of e-mails with articles, blog posts, discounts, offers and the like. The newsletters sometimes contain information about our products and services. When you subscribe to newsletters, we process personal information such as your contact details and IP address.

The purpose is to be able to inform about relevant news and offers, as well as to provide good customer service to potential and existing customers. The legal basis stems from the GDPR Article 6 no. 1 a). Subscribing to the newsletters is optional and you can unsubscribe at any time by clicking the “unsubscribe” button at the bottom of any e-mail. The information is stored until “the subject asks to be removed” or at the latest until 24 months after the last e-mail was opened.

Job searches and hiring

When applying for a job with us, we process personal information such as contact information, CVs and other information we need to evaluate your application. The legal basis stems from the GDPR Article 6 no. 1 b) and Article 9 no. 2 b) and h) if applicable, whether your application contains specific categories of personal information. The information is deleted after a person has been selected for the job unless you consent to us storing it in case you want to apply for a job at a later date.

For employees/artists, we process personal data as mentioned above, in addition to information that is necessary in order to pay wages and otherwise manage the employment relationship. The legal basis for this is Article 6 no. 1 b) of the GDPR and Article 9 no. 2 b) and h) if applicable. As a general rule, employee information is deleted when the employment ends, unless due to certain reasons such s a dismissal or a dismissal dispute, which makes it necessary to contain the data for a longer time. Information related to payroll administration is kept for up to five years, in accordance with The Bookkeeping Act.

Events, both physical and digital

When you attend our free events, we process your personal information as contact information. For payment paid events, we also collect order and payment information. The purpose is to be able to offer customers and potential customers relevant courses, lectures, and workshops. The legal basis is the GDPR Article 6 no. 1 a) consent or b) agreement. The information is kept until “the subject asks to be removed” or at the latest up to 24 months after the event, or by agreement, up to five years according to the rules of the Bookkeeping Act.

Surveys

We always inform about the purpose of our surveys, and whether they are anonymous or not. We do not share the information with others or use it for any purpose other than what we have provided. In anonymous surveys, we do not collect personal information. The legal basis for non-anonymous surveys is the GDPR Article 6 no. 1 a) consent. The data collected will be kept until “the subject asks to be removed” or no later than 24 months after you responded to the survey.

Suppliers, partners and data processors

When you enter into an agreement with us either as a supplier, partner or a data processor, we process personal information such as contact information and correspondence (ref. section on inquiries). The purpose is to be able to enter into an agreement with you and the legal basis is the GDPR Article 6 no. 1 b) agreement. The information is kept for up to five years in accordance with The Bookkeeping Act.

Using the website

When using our website, we process personal information such as your IP address and other technical data, which is collected with cookies and analysis tools. The purpose is to provide you with good user experience, as well as to compile statistics to improve and develop our website and service offerings. The legal basis is Article 6 no. 1 f) of the GDPR, where the legitimate interests are to provide you with good user experience, as well as improvement of our website and service offerings. Read more in the next chapter.

Cookies and analysis tools

A “cookie” is a text file that is stored in your browser when you visit a website. Below, we describe how we use cookies and analysis tools on our website. In accordance with the Electronic Communications Act, in the so-called “cookie paragraph” 2-7b. We use the following cookies on our website:

WordPress

  • wpSGCacheBypass: for our website to load faster
  • comment_author_{HASH}: for  commentaries
  • comment_author_email_{HASH}: for commentaries
  • comment_author_url_{HASH}: for commentaries

Google Analytics

  • _ga: to differentiate unique users (2 years)
  • _gat: to limit requests
  • _gid: to differentiate unique users (24 hours)

Facebook

  • fr: for visitors to our site that are logged in to Facebook

We also use the following tools for analysis of our webpage:

  • Google analytics
  • Facebook pixel
  • Hotjar

We also use Google Tag Manager to manage all these tools collectively. We use Google Analytics to track the behavior of our website visitors, as described above. We use LinkedIn Insights and Facebook Pixel to track website usage and to target advertising on Facebook and LinkedIn respectively. We use MailChimp to send out newsletters, which also use cookies for registration forms on the website.

Turn off or delete cookies

You can turn off or delete cookies in your web browser. By visiting nettvett.no you can learn how to do this for most browsers. Once there, you can also learn more about the safe use of the internet.

Whom we share personal information with

In order to run our business, we sometimes have to share your personal information with parties such as:

  • Data Processors: providers of various services that process your personal information on our behalf. E.g.: IT and administrative services, accounting, cloud storage, web hosting, e-mailing and the like
  • Support for IT and management systems
  • Public authorities we are obliged to report to

We require that everyone we share your personal information to secure your data in accordance with good and available security measures and in accordance with the GDPR. We enter into an agreement on proper data processing with everyone who processes data on our behalf.

Transfer of personal data outside the EU/EEA

In some cases, your personal information is transferred outside the EU/EEA, for example, when we use suppliers outside the EU/EEA to handle newsletters, to process customer information, to make products and services available on our website, to enable payment, for security reasons on our website or otherwise in order to run our business safely and efficiently.

The transfer of personal data outside the EU/EEA is only permitted to countries that are approved by the European Commission or under the necessary guarantees under the GDPR. This may be the Privacy Shield for suppliers based in the US, the use of EU standard contracts or in accordance with binding rules of business. If you want to know which suppliers we use outside the EU/EEA and have access to documentation of the necessary guarantees, you can contact s by e-mail at post@timelesstattoo.no

Safety

We take data security seriously, and we will always do our utmost to safeguard your personal information in the best way possible. For example, we use strong passwords, data encryption, access control, backup, and two-factor authentication to secure our data and prevent unauthorized persons from accessing, changing, deleting or in any way affecting the data we store, including your personal information.

We only use reputable IT- and management services such as web hosting, security programs for websites and computers, virus software, email providers, backup and more. We only allow others to access and/or process your personal information in accordance with our instructions, and only where strictly necessary (e.g. by IT support).

We have established routines for handling data breaches, and in the event of non-compliance, we will send a non-conformity notification to the Norwegian Supervisory Authority within 72 hours of a detected breach. If the breach entails a high risk of privacy, we will also notify the data subjects concerned.

NOTE: You may not copy this privacy policy or any of its content, ref. Copyright Act.