Privacy Policy
Effective Date: April 1, 2026 | Last Updated: April 1, 2026
Our Commitment to Privacy
NordicCreast ("we," "us," "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our website and services.
We comply with the General Data Protection Regulation (GDPR), the European Privacy Directive, and the Norwegian Personal Data Act (Personvernloven). If you have questions about our privacy practices, please contact us at contact@nordiccreast.com.
1. Information We Collect
1.1 Contact Form Information
When you submit our contact form, we collect: name, email address, subject line, and message content. This information is used solely to respond to your inquiry and provide our concierge services.
1.2 Automatically Collected Information
When you visit our website, we automatically collect:
- IP address and device identifiers
- Browser type, operating system, and referrer URL
- Pages visited, time spent, and interaction patterns
- Geographic location (approximate, from IP)
1.3 Cookies and Tracking Technologies
We use cookies to enhance your experience and understand website usage. Specifically:
- Affiliate Tracking Cookie: When you click affiliate links, we set a 30-day cookie to track the referral source. This helps us understand which partners drive engagement.
- Analytics: Vercel Analytics collects usage data to improve site performance and user experience.
- Essential Cookies: Required for basic website functionality.
2. How We Use Your Information
We use collected information for:
- Responding to your inquiries and providing concierge services
- Sending you confirmation emails and service updates
- Improving website functionality and user experience
- Analyzing website traffic and usage patterns
- Compliance with legal obligations
- Fraud prevention and security
- Affiliate partner engagement tracking (with cookie consent where required)
3. Legal Basis for Processing (GDPR)
Under the GDPR, we process personal data based on:
- Contractual Necessity: Processing contact information to fulfill your service requests
- Legitimate Interests: Improving our services, website analytics, and fraud prevention
- Consent: Storing affiliate tracking cookies (where required by local law)
- Legal Compliance: Meeting regulatory and legal requirements
4. Data Retention
Contact Form Data
We retain contact submissions for up to 2 years to maintain service records and respond to inquiries.
Affiliate Cookies
Affiliate tracking cookies expire after 30 days.
Analytics Data
Website analytics data is aggregated and anonymized. We do not retain individual user tracking data beyond 90 days.
5. Data Sharing and Transfers
We do not sell, rent, or lease your personal data. We may share information with:
- Service Providers: Email delivery (Resend), error tracking (Sentry), and analytics (Vercel Analytics) — all bound by strict data processing agreements.
- Legal Obligations: When required by law enforcement or regulatory authorities.
- Business Transfers: In the event of merger, acquisition, or sale of assets, user data may be transferred as part of due diligence.
6. Your Data Rights (GDPR & Norwegian Law)
Under GDPR and the Norwegian Personal Data Act, you have the right to:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Correct inaccurate or incomplete personal data.
Right to Erasure ("Right to Be Forgotten")
Request deletion of your personal data, subject to legal obligations.
Right to Restrict Processing
Request that we limit how we use your data.
Right to Data Portability
Request your data in a structured, portable format.
Right to Object
Object to certain types of data processing, including marketing.
Right to Lodge a Complaint
Contact the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no
7. Data Security
We implement industry-standard security measures:
- HTTPS encryption for all data in transit
- Secure headers including Content-Security-Policy and X-Frame-Options
- Regular security monitoring via Sentry error tracking
- Rate limiting on sensitive endpoints (contact form)
- Restricted cookie attributes (HttpOnly, Secure, SameSite)
8. Third-Party Services
Resend (Email Service)
We use Resend to send confirmation emails. Your email address is processed only to deliver service communications. See Resend's Privacy Policy
Sentry (Error Tracking)
We use Sentry to monitor errors and system health. Sentry may process aggregated, anonymized data. See Sentry's Security & Privacy
Vercel Analytics
We use Vercel Analytics to measure website performance and user engagement. See Vercel's Analytics Documentation
9. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or prominent notice on our website. Your continued use of our services constitutes acceptance of the updated policy.
11. Data Controller & Contact Information
Data Controller: NordicCreast Luxury Advisory
Location: Oslo, Norway
For data subject requests, privacy inquiries, or to exercise your rights, contact us at:
Email: contact@nordiccreast.com
Phone: +47 23 45 67 890
Norwegian Data Protection Authority (Datatilsynet):
www.datatilsynet.no