
Privacy policy
blaklader.no
This policy was last updated: 4th of February 2025
1. Introduction
This Privacy Policy (the “Policy”) describes how Blåkläder AS, org. no. 812806602 (“Blåkläder”, “we”, “us” or “our”), at the address Solgaard skog 110, 1599 Moss, processes your personal data when you are visiting our website www.blaklader.no (the “Website”), including when you contact our customer support through email or phone, when you apply for a job at Blåkläder through the Website and when we re-post your social media posts.
We are responsible for the processing of your personal data as described in the Policy in the capacity of data controller. If you would like to know more about our processing of your personal data, you are welcome to contact us, e.g. via the address above or via our email address: gdpr@blaklader.com.
We respect and safeguard your personal integrity. It is important to us that you feel comfortable with how we process your personal data, and we therefore ask you to read through this Policy, which we may update from time to time. If we make changes to the Policy, the new version will apply from the time it is published on our Website. At the top of the page, you can see when the Policy was last changed.
2. The scope of this Policy
This Policy covers our processing of personal data in connection with Website visits and other interactions you make with us through our Website, e.g., customer support through email or by phone, job applications through our Website and re-posting of social media posts for display on our Website. If you contact us via the web form on the Website to set-up of your company-unique Web shop through our platform services, we will process your personal data in accordance with the Privacy Policy for the Online Shop. If you subscribe for our newsletter via the web form on the Website, we will process your personal data in accordance with the Privacy Notice for Newsletter and other types of direct marketing communications, which you can find here.
This Policy includes information on, e.g., for what purposes we process your personal data, with which parties we share your personal data as well as information on your rights as a data subject.
If you want to read more about how we manage cookies on our Website, please read our Cookie Policy.
3. How we collect your personal data
The personal data we process relating to you is collected directly from you or from your social media account through the hashtag function or the tagging function on the social media platform.
4. How we process your personal data
We only process your personal data to the extent permitted in accordance with applicable data protection legislation. This means inter alia that we need to have a legal basis for the purposes for our processing your personal data, which in our context generally means one of the following legal bases:
4.1 Performance of a contract
The processing is necessary in order for us to provide you with our services or otherwise perform a contract between us (this applies if you conduct your business in a sole proprietorship), or to take steps at your request prior to entering into a contract.
4.2 Acting on behalf of others
If you are acting on behalf of someone else, e.g. in the capacity of representative of a company (which usually is the case), our processing is carried out with reference to our legitimate interest balanced against your interests or fundamental rights or freedoms, where our legitimate interest is to conclude and perform the contract with the company you represent.
4.3 Legal obligations
The processing is necessary in order to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.
4.4 Legitimate interests
The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that they are not overridden by your interests or fundamental rights or freedoms (in which case the processing would not be allowed).
4.5 Consent
The processing is carried out with your prior consent, where we inter alia are responsible for clearly informing you of what processing you consent to and your right to withdraw your consent in relation to our continued processing.
4.6 Website Functionality
What we do and why | The personal data that we process |
---|---|
We collect statistical data as well as other technical information generated when visiting our Website, to analyse the web traffic on our Website and maintain as well as improve the Website's functionality, the user experience, and in order to discover and handle errors, breaches and incidents. We use third party analytic services to produce statistics and carry out analysis which are based on aggregated data and other de-identified or anonymized data. Individuals can, however, be identified by combining the personal data processed with online identifiers. If you are logged into your account on the Website, the information generated by the use of third-party analytical services will be connected to your personal data and our analysis will in those cases no longer be based solely on de-identified or anonymized data. | IP-address Other technical information which is identified upon visiting our Website and derived from online identifiers, such as device type, browser used, browsing history Information about Website usage patterns and behavior |
Legal basis:Legitimate interest - to maintain and improve Website functionality and security Consent - for cookies and similar technologies, except those necessary for basic Website functions | |
Data sharing: IT service providers Corporate group companies Analytics providers (Google Analytics, Microsoft Clarity, Meta) Strategic business partners | |
Retention period:14 months maximum for visitor interaction data |
4.7 Marketing Analytics
What we do and why | The personal data that we process |
---|---|
We process Website visitor data for marketing purposes and targeted advertising | IP address Technical identifiers Usage patterns |
Legal basis:Legitimate interest - for marketing to potential customers Consent - for cookies and tracking technologies | |
Data sharing:Data shared with: Google Analytics and Advertising TikTok Business Products Meta Criteo | |
Retention period:14 months maximum |
4.8 Customer Support
What we do and why | The personal data that we process |
---|---|
Process and respond to customer support inquiries | Name Email address Phone number Company info (if applicable) Customer ID Query details |
Legal basis:Legitimate interest - to handle customer support requests Contract performance (where applicable) | |
Retention period:Duration of query resolution and contract period (if applicable) |
4.9 Blåkläder Matchmaker
What we do and why | The personal data that we process |
---|---|
Provide personalized product recommendations | Name Email address Customer ID Preferences |
Legal basis:Legitimate interest - to provide personalized service and marketing | |
Retention period:24 months maximum |
4.10 Website Forms
What we do and why | The personal data that we process |
---|---|
Process form submissions and communications | Name Email address Phone number Message content |
Legal basis:Legitimate interest - to communicate with users | |
Retention period:24 months maximum |
4.11 Job Applications
What we do and why | The personal data that we process |
---|---|
Process job applications and recruitment | Name and title Age/birth date Contact information Qualifications Education Work experience References CV/resume Photo Other provided information |
Legal basis:Legitimate interest - for recruitment purposes Legal obligation - documentation requirements | |
Retention period:Duration of recruitment process plus 24 months with consent |
4.12 Social Media Posts
What we do and why | The personal data that we process |
---|---|
Re-post and display user-generated content | Images Social media profile name Post captions |
Legal basis:Legitimate interest - for marketing purposes Consent - for content reuse | |
Retention period:Duration of consent or agreement, or 44 days maximum if unused |
5. Security measures
We have taken measures to ensure that your personal data is handled in a safe way. For example, access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities.
6. Where we process your personal data
We strive to always process your personal data within the EU or EEA. However, if we transfer your personal data, in accordance with what is stipulated in the tables above, to service providers who, either themselves or by their sub-contractors, are located or have business activities in a country outside the EU or EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g. by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.
You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
You may access the European Commission’s standard contractual clauses at https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914
You are welcome to contact us for more information about the transfers of your personal data outside the EU/EEA.
7. Your rights
You have rights in relation to us and our processing of your personal data. Below, you will find information about your rights and how you can exercise them.
Please note that your rights apply to the extent that follows from applicable data protection legislation and that there may be exceptions to the rights where applicable. We also ask you to note that we may need more information from you in order to e.g. confirm your identity before proceeding with your request to exercise your rights.
To exercise your rights or request information about them we ask that you contact us, which is most easily done via email: gdpr@blaklader.com.
7.1 Right of access
You have the right to obtain a confirmation as to whether we process your personal data. If that is the case, you also have the right to receive copies of the personal data concerning you that we process as well as additional information about the processing, such as for what purposes the processing occurs, relevant categories of personal data and the recipients of such personal data.
7.2 Right to rectification
You have the right to, without undue delay, have incorrect personal data about you rectified. You may also have the right to have incomplete personal data completed.
7.3 Right to erasure
You have the right to obtain that we erase your personal data without undue delay in the following circumstances:
- The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- Our processing is based on your consent and you withdraw your consent to the relevant processing;
- You object to processing that we carry out based on a legitimate interest, and your objection overrides our or another party's legitimate interest of the processing;
- The processed personal data is unlawfully processed;
- The processed personal data has to be erased for our compliance with one or more legal obligations.
7.4 Right to restriction
You have the right to request that we restrict the processing of your personal data in the following circumstances:
- You contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;
- The processing is unlawful and you oppose erasure of the personal data and request restriction instead;
- The personal data is no longer needed for the purposes of the processing, but is necessary to you for the establishment, exercise or defense of legal claims;
- You have objected to the processing of the personal data which we carry out based on a legitimate interest, pending the verification whether your objection overrides our or another party's legitimate interest to continue with the processing.
7.5 Right to object
You have a right to object to our processing of your personal data when it is based on our or another party’s legitimate interest. If you object, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms in order to be allowed to continue with our processing.
7.6 Right to data portability
If our processing of your personal data is based on the performance of a contract with you or your consent, you have the right to receive the personal data you have provided us relating to you in an electronic format. You also have the right to have the personal data transferred from us directly to another data controller, where technically feasible.
7.7 Right to withdraw consent
If our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. A withdrawal of your consent does not affect the lawfulness of the processing that took place based on the consent before your withdrawal.
8. Complaints with the supervisory authority
In Norway, the Norwegian Data Protection Authority (“Datatilsynet”) is the authority responsible for supervising the application of current data protection legislation. If you believe that we process your personal data in a wrongful manner, we encourage you to contact us so that we can review your concerns. However, you may file a complaint with the Norwegian Data Protection Authority at any time.