Privacy Policy
Who We Are
Norway Domain (“NorwayDomain”, “we”, “us”, or “our”) is the data controller responsible for the personal data collected through this website and in connection with the provision of our .no domain trustee and registration services.
Our contact details are as follows:
This Privacy Policy applies to all personal data processed by NorwayDomain in connection with the operation of this website and the provision of our domain registration and trustee services. It has been prepared in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) as incorporated into Norwegian law by the Personal Data Act (personopplysningsloven).
What Data We Collect
We collect only the minimum personal data necessary to provide our services. The categories of personal data we may process are as follows:
- 2.1Full name, as provided at the time of order or registration.
- 2.2Email address, used for order confirmation, renewal notices, and support communications.
- 2.3Telephone number, where provided voluntarily for callback requests or support purposes.
- 2.4Postal address, where provided in connection with invoicing or account administration.
- 2.5Domain name(s) registered on your behalf, including registration and renewal dates.
- 2.6Order history, invoice records, and payment confirmation references. We do not store full payment card details — these are handled exclusively by our payment processor.
- 2.7DNS configuration and nameserver settings associated with your domain.
- 2.8Support correspondence and communications exchanged between you and NorwayDomain.
- 2.9IP address and browser type, collected automatically when you visit this website.
- 2.10Pages visited, time spent on site, and referring URL, collected for analytical purposes.
- 2.11Cookie identifiers, where applicable and in accordance with Section 10 of this Policy.
How We Collect Your Data
We collect personal data through the following means:
Directly from you — when you complete an order, submit a contact or callback form, send us an email, or otherwise communicate with us voluntarily.
Automatically — when you visit our website, certain technical data is collected automatically through your browser and our web server logs. This includes IP address, device type, and pages accessed.
From Norid — in the course of administering your domain registration, we may receive or exchange certain administrative data with Norid, the Norwegian domain registry, as required for the provision of the service.
From our payment processor — following payment, we receive a transaction confirmation reference from our payment processor. We do not receive or store your full card number or payment credentials.
Why We Process Your Data
We process your personal data exclusively for the following purposes. We do not use your data for advertising, profiling, or any purpose unrelated to the provision of our services.
- 4.1To provide the domain registration and trustee service — including registering your requested .no domain with Norid, managing DNS settings, processing renewals, and maintaining your account.
- 4.2To communicate with you — including sending order confirmations, renewal reminders, responses to support enquiries, and material service notifications.
- 4.3To process payments and maintain financial records — including issuing invoices, recording transactions, and complying with Norwegian accounting law obligations.
- 4.4To comply with legal obligations — including our obligations under Norid’s rules, Norwegian law, and applicable data protection legislation.
- 4.5To respond to legal requests — in the event that NorwayDomain receives a lawful request from a regulatory authority, court, or law enforcement body, we may be required to disclose certain data in compliance with that request.
- 4.6To improve our website and services — using aggregated, anonymised technical and usage data to understand how our website is used and to enhance its performance and user experience.
Legal Basis for Processing
Under the GDPR, every instance of personal data processing must rest upon a valid legal basis. The legal bases upon which NorwayDomain relies are as follows:
| Legal basis | When we rely on it |
|---|---|
| Contract performance | Processing your name, contact details, and domain information to fulfil your order and provide the trustee service you have requested. |
| Legal obligation | Retaining financial records as required by Norwegian accounting law; complying with Norid registration requirements; responding to lawful regulatory requests. |
| Legitimate interests | Processing technical and usage data to maintain website security and improve our services, where such interests are not overridden by your rights and freedoms. |
| Consent | Where we rely on consent (for example, for optional cookies), you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal. |
Who We Share Data With
We do not sell, rent, or otherwise transfer your personal data to third parties for commercial or marketing purposes. Data is shared only in the limited circumstances described below, and only to the extent strictly necessary for the specified purpose.
- 6.1Norid — as the Norwegian domain registry, Norid receives certain administrative data in connection with domain registration, renewal, and transfer processes. This is a mandatory requirement of the service.
- 6.2Payment processor — your payment details are processed directly by our payment processor (currently Lemon Squeezy / Stripe). NorwayDomain receives only a transaction reference and does not handle or store card data.
- 6.3Email service provider — we use a third-party email service to send transactional communications such as order confirmations and renewal notices. Your email address is shared with this provider solely for this purpose.
- 6.4Legal and regulatory authorities — where required by a binding legal obligation, court order, or lawful request from a competent authority, we may disclose personal data as required by law.
- 6.5Business successors — in the event of a merger, acquisition, or sale of all or part of NorwayDomain’s business, personal data held by NorwayDomain may be transferred to the relevant successor entity, subject to equivalent data protection obligations.
International Transfers
NorwayDomain is based in Norway, which is part of the European Economic Area (EEA). Where personal data is transferred to a third party located outside the EEA — for example, to our payment processor or email service provider — we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR.
Such safeguards may include reliance on an adequacy decision issued by the European Commission, Standard Contractual Clauses approved by the European Commission, or another lawful transfer mechanism recognised under applicable data protection law.
You may request further information about the safeguards applicable to any specific international transfer by contacting us at contact@norwaydomain.no.
How Long We Keep Your Data
We retain personal data only for as long as is necessary for the purposes for which it was collected, and in accordance with our legal obligations. The following retention periods apply:
| Category of data | Retention period |
|---|---|
| Account & contact details | For the duration of the active service relationship, plus 5 years following termination or cancellation. |
| Financial & invoicing records | 5 years from the end of the financial year to which the records relate, as required by Norwegian accounting law (regnskapsloven). |
| Support correspondence | 3 years from the date of the last communication, unless a longer period is required for legal or dispute resolution purposes. |
| Technical & usage data | Up to 12 months in aggregated or anonymised form for analytical purposes. Raw server logs are retained for no longer than 90 days. |
| Callback & contact form data | 6 months from receipt, unless the enquiry results in an ongoing service relationship, in which case the account retention period applies. |
Upon expiry of the applicable retention period, personal data is securely deleted or permanently anonymised. Where deletion is not technically possible (for example, where data is stored in backup archives), we ensure the data is isolated from further active processing until deletion becomes possible.
Your Rights
Under the GDPR and the Norwegian Personal Data Act, you have the following rights in relation to your personal data. We will respond to all substantiated requests within 30 days of receipt, free of charge.
| Right | What it means |
|---|---|
| Right of access | You may request a copy of the personal data we hold about you, together with information about how it is processed. |
| Right to rectification | You may request that we correct any inaccurate or incomplete personal data we hold about you without undue delay. |
| Right to erasure | You may request that we delete your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations. |
| Right to restriction | You may request that we restrict the processing of your personal data in certain circumstances, for example while a dispute is resolved. |
| Right to portability | Where processing is based on your consent or a contract, you may request that we provide your personal data in a structured, commonly used, machine-readable format. |
| Right to object | You may object to processing based on legitimate interests. We will cease such processing unless we can demonstrate compelling legitimate grounds that override your interests. |
| Right to withdraw consent | Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal. |
To exercise any of the above rights, please contact us at contact@norwaydomain.no. We may request verification of your identity before processing a request. If you are dissatisfied with our response, you have the right to lodge a complaint with Datatilsynet, the Norwegian Data Protection Authority, at www.datatilsynet.no.
Cookies & Tracking
This website may use cookies and similar tracking technologies. A cookie is a small text file placed on your device by a web server when you visit a website. Cookies enable the website to recognise your device on subsequent visits and to store certain preferences or session information.
- 10.1Strictly necessary cookies — these are required for the basic functioning of the website, such as maintaining session state during checkout. They cannot be disabled without impairing the site’s functionality.
- 10.2Analytical cookies — where enabled, these collect anonymised information about how visitors use the website, such as pages visited and time spent on site. This data is used solely to improve website performance.
- 10.3Third-party cookies — certain third-party services integrated into this website (such as payment processors) may place their own cookies on your device. These are governed by the respective third party’s own privacy and cookie policies.
You may control cookie preferences through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of this website. We do not use cookies for advertising, retargeting, or behavioural tracking purposes.
Security
NorwayDomain implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures are reviewed and updated periodically in light of evolving threats and best practices.
Specific measures in place include encrypted transmission of data via HTTPS, restricted access to personal data on a need-to-know basis, secure handling of account credentials, and prompt response procedures in the event of a suspected data breach.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, NorwayDomain will notify the relevant supervisory authority (Datatilsynet) within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where required by law.
While we take all reasonable precautions, no method of electronic transmission or storage is entirely secure. We therefore cannot guarantee absolute security of data transmitted over the internet.
Children’s Privacy
Our services are not directed at, and are not intended for use by, individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe that we have inadvertently collected personal data from a person under 18, please contact us immediately at contact@norwaydomain.no and we will take prompt steps to delete such data.
Changes to This Policy
NorwayDomain reserves the right to update or amend this Privacy Policy at any time. Changes may be required in response to developments in applicable law, changes in our data processing activities, or updates to Norid’s requirements.
Where changes are material, we will notify existing clients by email to their registered address at least 14 days before the revised Policy takes effect. The updated Policy will be published on this page with a revised effective date. We encourage you to review this page periodically to remain informed of how we process your personal data.
Continued use of our services following the effective date of any update constitutes your acknowledgement of the revised Policy.
Contact & Complaints
For any questions, concerns, or requests relating to this Privacy Policy or to the processing of your personal data, please contact us:
If you are not satisfied with our response to your request or complaint, you have the right to escalate your concern to Datatilsynet, the Norwegian Data Protection Authority:
Effective 1 January 2026. Governed by Norwegian law and the GDPR.
Questions about this policy? Contact us — we reply within one business day.