Privacy Policy

Last Updated: May 2, 2025

1. Introduction

Welcome to almaZINE (www.almazine.org). almaZINE (“we,” “us,” or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains clearly and transparently how we collect, use, share, and protect your personal data when you visit our website, use our services, interact with us, or pre-order/purchase our products (like zines).

This policy is drafted in accordance with the requirements of the General Data Protection Regulation (GDPR) as incorporated into Norwegian law via the Personal Data Act (Personopplysningsloven).

2. Data Controller

almaZINE is the data controller responsible for your personal data collected through this website.

3. What Personal Data We Collect

We may collect and process the following types of personal data about you:

Identity Data: First name, last name.

Contact Data: Email address, telephone number (if provided), billing address, delivery address (if placing orders).

Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.  

Usage Data: Information about how you use our website, products, and services (e.g., pages visited, time spent).  

Communication Data: Your communication preferences and any correspondence you have with us (e.g., via contact forms, email).

Transaction Data: Details about payments (usually processed via third-party providers – we typically do not store full payment card details) and details of products/services you have purchased or pre-ordered from us.

User Content: Comments or contributions you may make on our blog or other interactive features (if applicable), which might include your name or username.

We do not intentionally collect sensitive personal data (special categories of personal data under GDPR) through this website unless directly provided by you for a specific purpose with your explicit consent, or as otherwise permitted by law.

4. How We Collect Your Data

We collect data through various methods, including:

Direct Interactions: When you fill in forms on our website (e.g., contact form, pre-order form, newsletter signup), correspond with us by email or phone, purchase products/services, or provide feedback.

Automated Technologies: As you interact with our website, we may automatically collect Technical and Usage Data using cookies and similar technologies. Please see Section 11 on Cookies.

Third Parties: We may receive technical data from analytics providers like Google Analytics and HubSpot, or data from payment service providers like Stripe.

5. Legal Basis for Processing Your Data

We will only process your personal data when the law allows us to. Most commonly, we rely on the following legal bases under GDPR / Personopplysningsloven:

Consent: Where you have given us explicit, informed, and freely given consent for a specific purpose (e.g., signing up for a newsletter, placing non-essential cookies). You can withdraw consent at any time.

Contract: Where processing is necessary for the performance of a contract with you (e.g., processing an order, providing a requested service).

Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests (e.g., improving our website, responding to inquiries, security). We ensure a balance assessment is considered.  

Legal Obligation: Where we need to comply with a legal or regulatory obligation under Norwegian or EEA law.

6. How We Use Your Data

We use your personal data for the specific, explicit, and legitimate purposes for which it was collected, including:

7. Data Sharing and Third Parties

We may need to share your personal data with trusted third parties, only when necessary for the purposes outlined above. This may include:

We ensure contracts (Data Processing Agreements where applicable) are in place with third-party processors requiring them to respect data security and process data only according to our instructions and the law. If data is transferred outside the EEA, we ensure legally required safeguards (like Standard Contractual Clauses or adequacy decisions) are implemented.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the purpose of processing. We securely delete or anonymize data when it’s no longer needed.  

9. Data Security

We implement appropriate technical and organizational measures (considering risks, technology, and costs) to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access is restricted to personnel and processors with a legitimate need-to-know basis.  

10. Your Data Protection Rights

Under GDPR / Personopplysningsloven, you have the following rights regarding your personal data:

Right to Access: Request a copy of your data.

Right to Rectification: Request correction of inaccurate data.  

Right to Erasure (‘Right to be Forgotten’): Request deletion of your data under certain conditions.

Right to Object: Object to processing based on legitimate interests or for direct marketing.

Right to Restrict Processing: Request suspension of processing under certain conditions.

Right to Data Portability: Request your data in a machine-readable format or transfer to another controller.

Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent).

To exercise these rights, please contact us at [Insert Privacy Contact Email Address]. We will respond according to legal timelines, usually within one month. We may need to verify your identity. Exercising these rights is generally free, unless requests are manifestly unfounded or excessive.

You also have the right to lodge a complaint with the Norwegian Data Protection Authority: Datatilsynet website: www.datatilsynet.no  

11. Cookies

Our website uses cookies. Some are essential for the website to function. Others (like those for analytics or marketing) are non-essential and will only be placed if you provide your explicit, informed consent via our cookie consent mechanism. You will be provided with clear information about the cookies used and their purposes. You can manage your preferences and withdraw consent easily at any time. Read more about our Cookie Policy: https://almazine.org/cookie-policy/.

12. Links to Other Websites

Our website may contain links to external sites. We are not responsible for the privacy practices of these other sites. Please read their privacy policies when you visit them.  

13. Children’s Privacy

Our website and services are not directed at children. We do not knowingly collect personal data from children under the age of 13, which is the age of consent for information society services in Norway (Personopplysningsloven § 5). If we become aware that we have collected data from a child under 13 without verifiable parental consent, we will take steps to delete that information.  

14. Changes to This Privacy Policy

We may update this Privacy Policy occasionally. Changes will be posted on this page with an updated “Last Updated” date. For significant changes, we may provide more prominent notice. Please review this policy periodically.  

15. Contact Us

For any questions about this Privacy Policy or how we handle your personal data, please contact us by email at contact@almazine.org.