Privacy policy
Last updated: June 2026
This Privacy Policy describes how Norrviva AB ("Norrviva," "we," "us," or "our") collects, uses, and discloses your personal information when you visit or use norrviva.com, make a purchase, or otherwise communicate with us (together, the "Services"). "You" means anyone whose information we collect under this policy, whether a customer, a site visitor, or another individual.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time, to reflect changes in our practices or for operational, legal, or regulatory reasons. We post the revised version on the Site, update the "Last updated" date, and take any further steps the law requires.
How we collect and use your personal information
To provide the Services, we collect personal information about you from several sources, set out below. What we collect varies with how you interact with us. Beyond the specific uses below, we may use your information to communicate with you, to provide and improve the Services, to comply with legal obligations, to enforce our terms, and to protect the Services and the rights of our users and others.
Information you give us directly
- Contact details such as your name, address, and the contact information you provide.
- Order information such as your name, billing and shipping address, payment confirmation, and the contact details needed to fulfil your order.
- Account information such as your username, password, and information used for account security.
- Customer support information you include when you contact us.
Some features need certain information to work. You can choose not to provide it, but then those features may not be available to you.
Information we collect about your use
We may automatically collect information about how you interact with the Services ("Usage Data") using cookies, pixels, and similar technologies ("Cookies"). Usage Data can include device and browser information, your network connection, your IP address, and how you interact with the Services.
Information from third parties
We may receive information about you from third parties, including vendors and service providers acting on our behalf, such as companies that support our Site (for example, Shopify) and our payment processors, who collect payment details to process your orders. Anything we receive from third parties is handled under this policy. See also Third-party websites and links below.
How we use it
- Providing products and services: to perform our contract with you, including processing payments, fulfilling and shipping orders, handling returns and exchanges, and managing your account.
- Marketing and advertising: to send you communications and show you relevant advertising, where permitted. If you are in the EEA, the legal basis is our legitimate interest in marketing our products (Art. 6(1)(f) GDPR), or your consent where required.
- Security and fraud prevention: to detect and act on possibly fraudulent or illegal activity, and to keep the Services secure (legitimate interest, Art. 6(1)(f) GDPR).
- Communicating with you and improving the Services: to support you and improve the Services (legitimate interest, Art. 6(1)(f) GDPR).
Cookies
Like most sites, we use Cookies. For the Cookies tied to running our store on Shopify, see shopify.com/legal/cookies. We use Cookies to run and improve the Site and Services, to remember your preferences, and to understand how the Services are used. We may let third parties use Cookies on the Site to tailor services and advertising.
Most browsers accept Cookies by default. You can set yours to remove or reject them. Blocking Cookies can affect your experience and may stop some features from working.
How we disclose personal information
In certain cases we disclose your personal information to third parties, subject to this policy:
- With vendors and service providers who work on our behalf (IT, payment processing, analytics, customer support, cloud storage, fulfilment, and shipping).
- With business and marketing partners, who use your information under their own privacy notices.
- When you direct or consent to it, such as sharing needed to ship your order or through social or login integrations.
- With our affiliates, in our legitimate interest in running the business.
- In connection with a business transaction (such as a merger or insolvency), to comply with legal obligations, to enforce our terms, and to protect the Services and the rights of our users and others.
We do not use or disclose sensitive personal information for the purpose of inferring characteristics about you.
Third-party websites and links
The Site may link to sites or platforms operated by others. If you follow a link to a site we don't control, review its privacy and security terms. We aren't responsible for the privacy, security, or content of those sites.
Children's data
The Services aren't intended for children, and we don't knowingly collect personal information from children. If you are a parent or guardian and believe your child has given us their information, contact us using the details below and we will delete it. We don't knowingly "sell" or "share" the personal information of anyone under 16.
Security and retention
No security measures are perfect, and information sent to us may not be secure in transit, so please don't use insecure channels for sensitive information. How long we keep your information depends on why we hold it: to maintain your account, to provide the Services, to meet legal obligations, and to resolve disputes or enforce our agreements.
Your rights
Depending on where you live, you may have some or all of these rights over your personal information. They aren't absolute and may apply only in certain cases.
- Access / Know: request access to the personal information we hold about you, and how we use and share it.
- Delete: request that we delete personal information we hold about you.
- Correct: request that we correct inaccurate information.
- Portability: request a copy of your information, or that we transfer it to a third party, in certain cases.
- Restriction of processing: ask us to stop or restrict our processing.
- Withdraw consent: where we rely on consent, withdraw it.
- Appeal: appeal our decision if we decline a request.
- Manage communications: opt out of marketing messages at any time using the unsubscribe link; we may still send non-promotional messages about your account or orders.
To exercise any of these, use the contact details below. We won't discriminate against you for exercising them. We may need to verify your identity first, and you may use an authorised agent where the law allows, with proof of authorisation.
Complaints
If you have a complaint about how we handle your personal information, contact us using the details below. If you aren't satisfied with our response, you may have the right to lodge a complaint with your local data protection authority. In Sweden, that is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY). For the EEA, the list of authorities is here.
International users
We may transfer, store, and process your personal information outside the country you live in, including by staff and service providers in other countries. Where we transfer personal information out of Europe, we rely on recognised transfer mechanisms such as the European Commission's Standard Contractual Clauses, unless the destination country offers an adequate level of protection.
Contact
For any question about our privacy practices or this Privacy Policy, or to exercise your rights, reach us through the contact form or live chat on our site, or write to us at: Norrviva AB, Essingetorget 42, 112 66 Stockholm, Sweden.
For the purpose of applicable data protection law, and unless stated otherwise, Norrviva AB is the controller of your personal information.