Privacy Policy

Privacy Policy

Last updated: 2026

This Privacy Policy explains how NorwayStories ENK (“we”, “our”, “us”) collects, uses, stores, and protects personal data when you access or use our website https://norwaystories.org and related domains, including norwaystories.com and other connected platforms and services.

We are committed to handling personal data responsibly, transparently, and in full compliance with the General Data Protection Regulation (GDPR) and applicable Norwegian and European Union laws.

1. Personal Data We Collect

We collect only the data necessary to provide and improve our services.

1.1 Information You Provide Voluntarily

This may include:

  • Name and surname
  • Email address
  • Billing address
  • Account login details (if you create an account)
  • Submitted content (comments, messages, support requests)

Payment information is processed securely by third-party payment providers.
We never store full payment card numbers on our servers.

1.2 Data Collected Automatically

When you visit our website, we may automatically collect:

  • IP address
  • Browser type and device information
  • Pages visited and interaction data
  • Date, time, and duration of visits
  • Referring website or link
  • Cookies and similar tracking technologies

This data helps us ensure security, analyse performance, and improve user experience.

1.3 Payment Data

All payments are processed by trusted third-party providers:

  • Stripe
  • Airwallex
  • Razorpay

These providers collect and process payment details on their own encrypted systems.
NorwayStories ENK does not receive or store credit card details.

2. Why We Collect Your Data

We process personal data for the following purposes:

2.1 Service Delivery

  • Providing access to free and premium content
  • Processing payments and subscriptions
  • Managing user accounts

2.2 Communication

  • Sending receipts, confirmations, and service-related notifications
  • Responding to enquiries and support requests

2.3 Platform Improvement & Security

  • Website analytics (e.g. Google Analytics, Matomo)
  • Content performance analysis
  • Fraud detection and platform security

2.4 Legal Compliance

  • Accounting and tax obligations
  • Digital transaction documentation
  • GDPR compliance

3. Cookies & Tracking Technologies

We use cookies to:

  • Enable login and authentication
  • Improve website functionality and performance
  • Ensure secure payment processes
  • Personalise content by region
  • Analyse traffic and usage patterns

By using our website, you consent to the use of cookies in accordance with this policy.
You may disable cookies in your browser settings; however, some features may not function properly.

A detailed list of cookies is available in our Cookies Policy.

4. Data Storage & Security

We use GDPR-compliant infrastructure and security measures, including:

  • Kinsta hosting (EU servers)
  • Cloudflare security and CDN
  • Encrypted backups
  • Restricted access controls
  • Security monitoring tools (e.g. Wordfence)

Personal data is stored only for as long as necessary to fulfil its purpose or comply with legal requirements.

5. Data Retention

We retain data for the following periods:

Cookies: From 1 day up to 1 year, depending on type and purpose

User account data: Until the account is deleted by the user

Subscription & payment records: 5–10 years (accounting and tax laws)

Support communications: Up to 24 months

Analytics data: 14–38 months (depending on provider settings)

6. Data Sharing & Third Parties

We only share data with trusted service providers necessary to operate our platform:

Payment Processing

  • Stripe
  • Razorpay
  • Airwallex

Analytics & Infrastructure

  • Google Analytics
  • Kinsta (server logs)
  • Cloudflare

Email Services

  • MailerLite or SendGrid (if used in the future)

Legal Obligations

  • Authorities, only when required by law

We do not sell, rent, or trade personal data to third parties.

7. International Data Transfers

Our primary servers are located in the European Union (Helsinki data centre).
Some partners (e.g. Stripe) may process data outside the EU.

In such cases, we ensure that GDPR-approved safeguards, including Standard Contractual Clauses (SCCs), are in place.

8. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Receive a copy of your data (data portability)
  • Withdraw consent at any time

To exercise your rights, contact us at:
kontakt@norwaystories.org

9. Children’s Privacy

Our services are not intended for individuals under the age of 16.
We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy to reflect:

  • Legal or regulatory changes
  • New features or services
  • Platform improvements

Any updates will be published on this page with a revised “Last updated” date.

11. Contact Information

If you have questions or concerns about this Privacy Policy or data processing, please contact:

kontakt@norwaystories.org
NorwayStories ENK
Ålesund, Norway