Øyo AS
Last updated: 2026
We are committed to protecting both our customers and their personal data. This privacy policy explains what information we collect when you visit our website, shop in our online store, or sign up for our newsletter, why we do so, and what rights you have.
We strive to make this as simple and straightforward as possible. If you have any questions about how we process personal data, you are always welcome to contact us.
The data controller for the personal data collected on oeyo.no is:
Øyo AS Org. no.: 917 516 197
Øyovegen 32, N-3580 Geilo, Norway
Tel.: +47 32 09 09 11
Email: [email protected]
2.1 Visitor Data and Website Statistics
When you visit oeyo.no, we automatically collect the following information:
IP address
Browser type (e.g., Chrome, Safari) and operating system
Geographic location (country/region, based on IP address)
Pages visited, time spent, and navigation patterns
Interactions with advertisements (clicks, views)
2.2 Purchase and Customer Data
When making a purchase in the online store, we collect:
Name and contact information
Delivery and billing address
Order details and purchase history
Payment information – This is processed directly by our payment providers (Klarna, Vipps, card payment) and is not stored by us
2.3 Newsletter and Marketing
If you sign up for our newsletter, we collect your email address and, if provided, your name. You can unsubscribe at any time via the unsubscribe link included in the emails.
2.4 Social Media
We may receive information about you when you interact with us via Facebook or Instagram, for example through ad clicks or purchases via social media platforms. This information is processed in accordance with Meta Platforms' terms and conditions.
We process personal data on the following legal bases in accordance with GDPR Article 6:
Website statistics and analysis (Google Analytics)
Legal basis: Legitimate interest
GDPR Article: Art. 6(1)(f)
Processing and fulfilling orders and deliveries
Legal basis: Performance of a contract
GDPR Article: Art. 6(1)(b)
Invoicing and accounting obligations
Legal basis: Legal obligation
GDPR Article: Art. 6(1)(c)
Newsletters and email marketing
Legal basis: Consent
GDPR Article: Art. 6(1)(a)
Ad targeting (Meta Pixel)
Legal basis: Consent
GDPR Article: Art. 6(1)(a)
Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of the processing carried out prior to its withdrawal.
We use the personal data to:
Operate, maintain, and improve the website and user experience
Process, fulfill, and send notifications regarding orders and deliveries
Handle returns, complaints, and customer service
Send newsletters and marketing communications (only with consent)
Analyze and improve social media advertising
Fulfill legal obligations, including accounting legislation
We use cookies on oeyo.no. These cookies help us analyze website usage and personalize marketing. The following types of cookies are used:
Necessary cookies: Ensure basic functionality such as the shopping cart and site navigation. These cannot be disabled.
Statistics cookies: Collect anonymized data about visits via Google Analytics 4 to provide us with insights into traffic and usage patterns.
Marketing cookies: Track behavior for ad targeting via Meta Pixel (Facebook/Instagram).
You can manage or withdraw your consent for non-necessary cookies via our cookie banner, or by changing your browser settings.
We share personal data with the following third parties who process data on our behalf. We enter into data processing agreements (DPAs) with all suppliers. We never sell your personal data.
Google LLC (Google Analytics 4)
Purpose: Website analysis and traffic measurement
Country: USA
More info: policies.google.com/privacy
Meta Platforms, Inc. (Meta Pixel)
Purpose: Ad targeting and conversion tracking
Country: USA
More info: facebook.com/privacy/policy
Centra / Rule Communication AB
Purpose: Email marketing and newsletters
Country: Sweden (EEA)
More info: rule.se
Klarna AB
Purpose: Payment processing (invoice, installment plans)
Country: Sweden (EEA)
More info: klarna.com/no
Vipps MobilePay AS
Purpose: Payment processing
Country: Norway (EEA)
More info: vipps.no
Klarna (Card Payment Provider*)
Purpose: Card payments
Country: Sweden (EEA)
More info: klarna.com/no
Posten Norge AS / Bring
Purpose: Delivery and shipping
Country: Norway (EEA)
More info: bring.no
PostNord AB
Purpose: Delivery and shipping
Country: Sweden (EEA)
More info: postnord.no
Google LLC and Meta Platforms, Inc. are located in the USA. The transfer of data to these companies is carried out on the basis of the EU-U.S. Data Privacy Framework (DPF), which the EU Commission has approved as an adequate level of protection (decision of July 10, 2023).
All other data processors are located within the EEA and are subject to EU data protection regulations.
You can read more about data processing at Google at policies.google.com/privacy and at Meta at facebook.com/privacy/policy.
We only retain personal data for as long as necessary to fulfill the specified purposes, or as required by law:
Customer data and order history
Retention period: 5 years after the last purchase (the Norwegian Accounting Act § 13)
Newsletter subscription
Retention period: Until you unsubscribe or withdraw your consent
Website statistics (Google Analytics)
Retention period: 14 months (standard GA4 setting)
Meta Pixel data
Retention period: In accordance with Meta's guidelines (typically 180 days)
Contact inquiries
Retention period: 3 years after the dialogue has ended
Under the GDPR, you have the following rights regarding your personal data:
Access (Art. 15): You can request access to the personal data we have registered about you.
Rectification (Art. 16): You can request that inaccurate or incomplete information be corrected.
Erasure (Art. 17): Under certain circumstances, you can request that we delete your data ("the right to be forgotten"). Please note that we may be required by law to retain certain information, e.g., for accounting reasons.
Restriction of processing (Art. 18): You can request that the processing of your data be restricted while a dispute is being investigated.
Data portability (Art. 20): You can request to receive your data in a structured, commonly used, and machine-readable format.
Objection (Art. 21): You can object to processing that is based on our legitimate interest.
Withdrawal of consent (Art. 7): If the processing is based on your consent, you can withdraw this consent at any time.
To exercise any of your rights, please send an inquiry to [email protected] or by post to our address. We will respond within 30 days.
If you believe that we are processing your personal data in violation of data protection regulations, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):
Datatilsynet
P.O. Box 458 Sentrum, 0105 Oslo, Norway
www.datatilsynet.no
Øyo may update this privacy policy as needed. In the event of significant changes, we will notify you via our newsletter, social media channels, or directly by email. The date of the last update is always indicated at the top of the document. We recommend that you check this page regularly.
12. Contact Us
Do you have questions about privacy or wish to exercise your rights?
Contact us:
Øyo AS Øyovegen 32, N-3580 Geilo, Norway
Tel.: +47 32 09 09 11
Email: [email protected]