Trygg E-Handel sertifisert

Updated 2019-04-04
Applies to Sapatos AS (reg. no. 985 607 842)

This privacy policy applies effective April 4, 2019 and supersedes all previous versions.

1. General

Sapatos we take care of your privacy. In this privacy policy, we inform you about how we handle your personal data in connection with you visiting our websites, registering an account via one of our websites, buying our products or services, or when you are otherwise in contact with us. In this statement you will also find information about what rights you have regarding the handling of your personal data in accordance with the GDPR.

We may make changes to our privacy statement to reflect changes in our business, on our websites or services, or applicable law. The latest version of the privacy policy can always be found here on the website.

Please contact us if you have any questions or views.

2. What is personal data, and what is processing of personal data?

Personal information is all information that can be directly or indirectly (with or without other information) linked to you, e.g. name, social security number, IP address or purchase history.

All forms of measures with personal data are personal data processing, such as collection, registration, organization, storage, processing or modification, reading, use, disclosure, dissemination or other provision of information, compilation or collation, blocking, deletion or destruction.

3. Who is responsible for the personal data we collect?

Sapatos AS (org. no. 985 607 842) and is responsible for ensuring that such processing takes place in accordance with current legislation.

4. How do we collect personal data?

In collaboration with Stripe, Klarna, Paypal, Apple Pay and Vipps, we offer sales from our online store. Sapatos does not store more information from the customer than is necessary to send out the customer's order (ie name, address, telephone and e-mail). All other information collected to complete the payment is stored by Stripe, Klarna, Paypal, Apple Pay and Vipps in their systems.

If you wish to create a customer account with Sapatos, we collect personal information such as your full name, address, e-mail address, telephone number, payment information, purchase, order and usage history, IP address and other case-related information, e.g. information that you provide when contacting our customer service.

More information about your privacy at Stripe, Klarna, Paypal, Apple Pay and Vipps can be read at:
- Stripe privacy
- Klarna privacy
- Paypal privacy
- Apple Pay privacy
- Vipps privacy

5. What personal data do we collect and why?

a) To be able to handle orders and purchases

Personal data is processed to enable the following:
Delivery of an ordered/purchased product or service
Handling of payment ( including analysis of possible payment solutions, which may include a check against payment history and obtaining credit information from credit reporting companies. of personal data processed are:

Birth number (if you choose invoice from Klarna)
Contact information (e.g. address, e-mail, telephone number)
Payment information (e.g. .eg card number, time of transaction, cardholder)
Credit information from credit reporting company
Order information
User information for My account (members only)
Your correspondence

Legal basis:
Fulfillment of purchase agreement .This collection of your personal data is required in order for us to be able to fulfill our obligations according to the purchase agreement
Storage period:

Until the purchase is completed (including delivery and payment) and for a period of 36 months thereafter with the aim of be able to handle any complaints and warranty cases.

b) To be able to manage membership and "My account"

Personal data is processed to enable the following:
Give permission to log in
Maintain correct and up-to-date information
Opportunity for you to follow your purchases and payment history
Opportunity for you to save favorites and similar facilitating measures
Management of your customer choices (e.g. your profile and your settings)
The categories of personal data processed are:

Name and contact details (e.g. name, address, e-mail, telephone number)
User name and password
Order history
Payment information
Settings regarding your profile and your person equal choice
Legal basis:

Fulfillment of agreement. The processing is necessary to create and administer your member pages in accordance with membership terms and conditions and thereby to perform our agreement with you.
Storage time:

Until you close your account. If your membership has been inactive for 36 months, we will delete your account and associated information, provided you do not owe us anything. By inactivity we mean that you have not registered a purchase.

c) To handle customer service matters

Personal data is processed to enable the following:

Communication and answering questions to customer service via telephone, e-mail or in digital channels (including social media)
Processing complaints and support cases (including technical support)
The categories of personal data that are processed are:

Name and contact details (e.g. name, address, e-mail, telephone number)
Your correspondence
Information about time of purchase, place of purchase, possible fault/complaint
Technical information about your equipment
Legal basis:

Legitimate interest. The processing is necessary to satisfy our and your legitimate interest in handling customer service matters.
Storage period:

The information is processed until the customer service case is closed and for a period of 12 months after this with the aim of being able to provide better customer service in the event of a renewed case.

d) To be able to prevent misuse of a service or to prevent, prevent and investigate breaches against the company

Personal data is processed to enable the following :

Investigate or prevent fraud or other violations of the law through, for example, in-store incident reporting.
Prevent spamming, phishing, harassment, attempted illegal logins to the user account or other actions prohibited by an enterprise's terms of use.Protect and improve the company's IT environment against attacks and interventions
The categories of personal data that are processed are:

Purchase and user-generated data (e.g. click and visit history)
Social security number
Video recordings from camera surveillance
Information about devices used by the customer and settings, e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform.
Information about how our digital services are used.
Legal basis:

Fulfillment of legal obligation (if any) alternatively justified interest. If no legal obligation exists, the processing is necessary to satisfy our legitimate interest in preventing misuse of a service or to prevent, prevent and investigate breaches against the company.
Storage period:

From the collection and in a period of 36 months thereafter.

e) To be able to carry out and manage participation in competitions and events

Personal data is processed to enable the following:

Communicate with participants who take part in a competition organized by the company
Communicate with participants before and after an event (e.g. confirmation of applications, questions or evaluations).
Identify the participant and check the participant's age
Choose winners and communicate winnings
The categories of personal data that are processed are:

Contact information (e.g. address, e-mail, telephone number)
Information provided in competition entries
Information provided in event evaluationsLegal basis:

Legitimate interest. The processing is necessary to satisfy our and your legitimate interest in handling your participation in competitions and/or events.
Storage period:

From collection and for a period of 36 months thereafter.
f) To be able to market products and services

Personal data is processed to enable the following:

Show relevant product recommendations, make suggestions for shopping lists, remind about forgotten/abandoned digital shopping baskets, save shopping lists to simplify future purchases or similar measures that simplify your buying experience.
Send direct marketing via email, SMS, social media or other similar electronic channels for communication as well as via post, including offers from partners to existing customers.
Carry out campaigns or send offers and invitations to events
The categories of personal data processed are:

Contact details (e.g. address, e-mail, telephone number)
Information about completed purchases
Purchase and user-generated data (e.g. click and visit history)
Legal basis:

Fulfillment of agreement for customers with My Account
Interest balance for newsletter recipients and website visitors
Storage time:

For fulfillment of agreement: Until you close your account.
For balancing of interests: From the collection and for a period of 36 months thereafter.

6. How long do we store information about you?

Your personal data is only stored for as long as is required to fulfill the purposes of the processing, or for as long as we are required to store it by law. See more about the specific storage times under respective purposes in point 5 of this privacy statement.

7. Do we share personal data?

We only share your personal data when this is a legal requirement or otherwise when it is permitted by law. In certain cases, we may use data processors who help us with marketing or to process agreements and orders, e.g. forwarding and logistics companies, banking and credit card companies or suppliers within marketing. In such cases, we have entered into an agreement for the data processor which ensures that there are security measures in place to protect your information. When we share your information, it will be used for the same purpose for which we initially collected it.

We minimize the transfer of personal data to countries outside the EU/EEA. In cases where this happens, e.g. in the case of system-related support and maintenance, this takes place according to particularly high requirements and agreements.

We also share your personal data with certain companies that are independent data controllers, e.g. authorities or companies that offer independent payment solutions or general goods transport. These companies themselves control how the information is to be processed in accordance with their privacy statements.

8. Can children use our services?

Our websites and services are not directed at minors.We do not knowingly collect information, including personal data, from children or other persons who do not have a legal right to use our websites and services. If we learn that we have collected personal data from a child under the age of majority, we will delete it, unless the law require us to store them. Contact us at if you believe we have collected information about a minor in error.

9. How is your personal data protected?

We implement the necessary legal, technical and organizational security measures to protect your personal data from being manipulated, lost or destroyed or from unauthorized access. Our security routines are updated as the technology develops and improves.

10. Social Media

At the moment you can follow us via various social media, including Facebook and Instagram. On these accounts, we are only responsible for any personal data that we ourselves publish or can influence the publication of.

11. How do we use cookies?

On Sapatos's website cookies are used, which are small text files that are stored on the visitor's computer and which can be used to track the activity of the visitor on the page. Sapatos uses cookies to improve the user experience for the visitor and adapt the page according to wishes, choices and interests. Information cookies ensure that the visitor is logged in to the page and does not have to log in on each new page opened on the website.

There are two main types of information cookies:

  • A permanent cookie remains on the visitor's computer for a specific time.
  • A session cookie is temporarily stored in the computer's memory during the time a visitor is on a website. Session cookies disappear when you close your browser.

Permanent cookies are used to save any personal settings at Sapatos so that you do not have to repeat certain choices every time you visit the page. Session cookies are used, among other things, to be able to record statistics on the use of the page.

How to remove cookies:

If you no longer wish to use cookies, you can turn off cookies in the settings of your browser. You can also set your browser to ask you every time Sapatos's website tries to place a cookie on your computer, or delete previous cookies that you no longer want to be displayed.

How to remove cookies may vary depending on which browser you use. If you use a PC, cookies can be removed using the shortcut command [CTRL]+[SHIFT]+[Delete].

If you use a Mac, click on the link for the browser you use:
Internet Explorer
Mozilla Firefox
Google Chrome
Flash cookies

Please note that if you choose not to use cookies, the functionality of certain parts of the website is limited. For example, you cannot make a purchase.

12. What rights do you have?

In accordance with the GDPR, you have certain rights regarding the processing of your personal data. Access to your personal data (so-called register extract)
You have the right to demand access to your information via a register extract. As it is important that we do not disclose your personal data to anyone else, a request for a register extract must be made in writing and signed by you.

Correction of personal data
You always have the right to demand that your personal data be corrected .You yourself have the opportunity to log in to "My account" and correct incorrect information, alternatively contact our customer service obligation to store the personal data in accordance with applicable laws and regulations.

Restriction of processing
You have the right to object at any time to the processing of your personal data which is based on a balancing of interests. You also have the right to object to your personal data being processed for
marketing purposes. This means that you have the right to say no to newsletters and other marketing mailings from us. If you object to marketing, your personal data will no longer be processed for such purposes.

Data portability
You have the right to demand that personal data be moved from us to another company, authority or organisation. This right is limited to information that you yourself have provided to us.

13. What is the easiest way to contact us with questions about privacy?

If you have questions related to data and privacy protection or believe that we have handled your personal data incorrectly, you can always contact us via our customer service at or +47 64 00 75 00.

14. Complaint to supervisory authority

Anyone who believes that incorrect handling of personal data is occurring can lodge a complaint with the Danish Data Protection Authority, which is responsible for supervision according to the current data protection legislation.