Isdalen AS

Privacy Policy

Last updated: June 25, 2026

This Privacy Policy explains how Isdalen AS (“we,” “us”) processes personal data when you visit our website, contact us, or use our services. This policy has been updated in accordance with applicable regulations, including the GDPR, the Personal Data Act, new cookie rules in the Electronic Communications Act (effective January 1, 2025), and the EU Data Act (effective September 2025).

In brief

  • We only process data necessary for communication, operation, security, and improvement of the website.
  • Analytics and other non-essential cookies are only set if you actively consent—in accordance with the new cookie regulations taking effect in 2025.
  • We do not sell personal information and only share data with necessary data processors.
  • You can withdraw consent and request access, rectification, or deletion at any time.

1. Data Controller

Isdalen AS
Hovfaret 17, 0275 Oslo
Organization No.: 855 724 472 VAT
Phone: +47 22 73 08 77
Email: post@isdalen.no

2. What personal data we process

Depending on how you use the website and contact us, we may process:

  • Contact information (name, email, phone) when you fill out a form or send us an email.
  • Company Information (company name, address, organization number) for B2B inquiries and collaborations.
  • Communication Content (the messages you send us, and our dialogue with you).
  • Technical information (IP address, browser type, device, time, page views) related to operations, security, and statistics.

Note: Any orders or purchases may be made through a separate ordering platform with its own terms and conditions and privacy policy.

3. Purpose – why we process data

  • To respond to inquiries and maintain dialogue with customers and partners
  • To manage customer relationships, deliveries, agreements, and requests (B2B)
  • To operate, secure, and troubleshoot the website
  • Website statistics and improvements — based solely on consent where required
  • Comply with legal obligations (e.g., accounting and documentation, where applicable)

4. Legal Basis for Processing (GDPR Art. 6)

  • Consent (Art. 6(1)(a)) — for analytical and non-essential cookies, and when you voluntarily provide us with information. Consent may be withdrawn at any time without affecting the lawfulness of processing that took place prior to the withdrawal.
  • Agreement (Art. 6(1)(b)) — when processing is necessary to follow up on a request or agreement.
  • Legitimate interest (Art. 6(1)(f)) — for the operation, security, and improvement of the website, provided that this does not override your rights.
  • Legal obligation (Art. 6(1)(c)) — where storage or processing is required by law.

5. Cookies

We use cookies to ensure that the website functions properly and to improve the user experience. Starting January 1, 2025, new and stricter rules regarding cookies will take effect under the Norwegian Electronic Communications Act. This means that:

  • Non-essential cookies require active and voluntary consent—pre-checked boxes are not permitted.
  • It should be just as easy to reject cookies as it is to accept them.
  • Consent must be renewed regularly and may be withdrawn at any time.

The Norwegian Data Protection Authority and Nkom oversee compliance with the cookie rules and may issue orders and impose fines in the event of violations.

Cookie Categories

Category Purpose Basis
Essential Ensure the website works properly—basic features, security, and platform features. Legitimate Interest / Necessary for the Service
Analytics Helps us understand usage and improve content and structure (e.g., Google Analytics). Consent
Functional Remembers your choices and settings for a better user experience. Consent (where required)
Marketing Used for advertising and tracking across websites — only if enabled. Consent

How to Manage Cookies

  • Use the cookie settings on the website to give or withdraw your consent at any time.
  • You can also delete or block cookies in your browser. Note that some functionalities may cease to work.

6. Sharing and Data Processors

We do not sell personal information. We may share necessary information with vendors who process data on our behalf (“data processors”) in order to provide and operate the website.

  • Squarespace — Website Platform and Hosting
  • Google Analytics — traffic and usage analysis (only with consent)

We have data processing agreements in place where required, and we limit data sharing to what is strictly necessary.

7. Transfer to Countries Outside the EU/EEA

Some of our suppliers (e.g., Google and Squarespace) may process data in the United States or other countries outside the EU/EEA. For such transfers, lawful bases for transfer are used—primarily the EU’s Standard Contractual Clauses (SCCs).

Note: The use of U.S. cloud service providers is an evolving area. Practices regarding the transfer of personal data to the United States may change as a result of changes in U.S. surveillance legislation and new rulings by the European Court of Justice. We are monitoring these developments and will update our procedures as needed.

8. EU Data Act (effective as of September 2025)

The EU Data Act regulates the sharing of data generated by products and services. For Isdalen, as a B2B company, this may eventually affect requirements for data sharing with partners and suppliers. We are monitoring developments and adapting to the requirements that are relevant to our business.

9. Artificial Intelligence (AI Act)

The EU’s AI Act entered into force in 2024 and will be implemented into Norwegian law through a new AI Act, which is expected to take effect in late summer 2026. If we use AI tools that process personal data, we will ensure that such use complies with applicable regulations and disclose this in our privacy policy.

10. Storage and Deletion

  • Inquiries are typically stored as long as necessary for follow-up and documentation.
  • Technical logs are stored for a limited time for security and troubleshooting.
  • Analysis data is stored according to the configuration in the analysis tool and is used primarily in aggregated and statistical form.

We delete or anonymize data once the purpose has been fulfilled, unless we are legally obliged to retain them for a longer period.

11. Your Rights

  • Access to Information We Process About You
  • Correction of Errors or Incomplete Information
  • Deletion (“the right to be forgotten”) where we are not required by law to retain the data
  • Restriction of Processing
  • Object to Processing Based on Legitimate Interest
  • Withdraw consent at any time, without this affecting the lawfulness of previous processing
  • Data Portability where Applicable
  • Complaint to the Data Protection Authority

12. Contact

Questions regarding privacy or requests for access and deletion should be sent to:

Email: post@isdalen.no
Address: Hovfaret 17, 0275 Oslo

13. Changes

We update this privacy policy as needed—for example, in response to changes in regulations or in how we process data. The updated version is published on this page with a new date. We recommend that you review the policy regularly.