Nordiska Galleriet desktop logoNordiska Galleriet mobile logo

Privacy policy


What information can you find here?

In this Privacy Policy you will find information about how and why Nordiska Galleriet (”NO-GA” or ”we”), collects and processes your personal data when you visit our website (”the website”), when you order goods from our website, purchase goods in our stores, contact us or subscribe to our newsletter. You will also find information on what personal data we process, your rights vis-à-vis us and how you can exercise your rights.

Who is responsible for processing your personal data?

Nordiska Galleriet is the data controller for the personal data described in this privacy policy unless otherwise stated. In our processing of personal data, we value that you as a customer should feel safe and therefore we try in this policy to give you a clear insight into how your personal data is handled by us. If you have any questions about the information in this policy, please feel free to contact us.

Your personal data

What is personal data?

Personal data is any information that can be traced back to you and identify you as an individual. For example, it may include your name, social security number, address, telephone number, e-mail address or IP address.

What personal data is processed by Nordiska Galleriet?

Which of your personal data we process depends on which of our services you use and what information you choose to share with us. We may process the following personal data you provide to us in connection with the provision of our services:

  • Contact and delivery details, such as name, address, telephone number and e-mail address

  • Payment details, such as type of payment method

  • Personal number (only if you join 'my pages')

  • My Pages login details such as name, phone number and email address

  • Online order information, including contact details, order history, limited payment details and more

  • Device data, such as IP address and operating system

  • Information about how you use our services, such as site visit patterns

  • Feedback and reviews, such as product reviews

  • Moving images, such as camera surveillance inside or outside our stores

  • Other personal data, such as information you provide when communicating with us

In addition to the information you provide to us, we may in some cases receive personal data about you from other sources. For example, when you log in to 'my pages' via Facebook or Google, we receive profile information (name and email) from these providers. When you visit our website and 'my pages', some personal data may also be collected automatically from your mobile device or computer through the use of so-called cookies. You can read more about cookies in the section "What are coockies and hos are they used?".

How and why is your personal data processed?

In order for us to offer our products and services and otherwise conduct our business, we need to process your personal data. We process your personal data in order to:

  • Managing and delivering purchases – We process your contact and delivery details to deliver goods to you that you order on the website or buy in our stores. The processing is necessary for the performance of our obligations under our Terms and Conditions of Purchase, which you have entered into with us.

  • Completing purchases in our stores – We process payment information and other personal data to the extent necessary to complete purchases and to process your claims, returns and refunds in our stores.

  • Provide customer support and handle returns – We process contact details and other information you provide in communications with us to provide customer support. The processing is necessary for the performance of our obligations under our Terms of Purchase, which you have entered into with us. If you are not a customer of ours, the processing is based on our legitimate interest in providing information about our products and services to potential customers.

  • Give you access to 'my pages' – We process your login details, your personal identity number and information about your device to give you access to your customer profile where you can see your previous orders, place product reviews and leave ratings. The processing is based on consent and you can withdraw your consent for the processing at any time by requesting the deletion of your customer data.

  • Provide you with access to our website – We process information about your device and IP address to provide secure access to our website. The processing is based on our legitimate interest to provide a secure and functioning website to provide our services and products.

  • Request customer reviews – We process your email address and order information to request customer reviews regarding completed purchases. The processing is based on our legitimate interest to monitor customer satisfaction.

  • Develop our products and offers – We process information you provide in customer reviews, information about your device and how you use our website in order to develop and improve the online shopping experience and the website's features and content. The processing is based on your consent.

  • Marketing our products and services –We process our products and services through targeted marketing on other websites and in mobile applications through the use of cookies. The processing is based on your consent. Read more about cookies in the section "What are cookies and how are they used?"

  • Sending newsletters – We process your email address and order information to send newsletters via email about updates and offers. The processing is based on our legitimate interest to market our services to existing customers. If you are not a customer of ours, the processing will only take place if you have consented to receive newsletters. You can unsubscribe from newsletters at any time by clicking on the unsubscribe link in the email.

  • CCTV – We process your personal data through video recording from CCTV inside and/or outside our stores. The processing is based on our legitimate interest in preventing, deterring and investigating crime and increasing the safety of our visitors.

  • Bookkeeping – We process your order data for our bookkeeping purposes. The processing is based on our legal obligation to keep accounting data under the Accounting Act.

In addition to the above purposes, your personal data may be processed to comply with legal requirements or to protect our rights and property and to prevent fraud or other unlawful activity that may harm us or our customers.

How long is your personal data stored?

Your data is only stored for as long as is justified by the underlying purpose of the processing. The length of time we keep your personal data may therefore vary. As a general rule, we only store personal data relating to active customers or when there are legal requirements or other compelling reasons for storage. An active customer is one who has made a purchase with us or logged into your member account within the last 24 months. Please note that we are required by law to retain certain personal data, such as accounting information, even after you are no longer an active customer.

Who can access your personal data?

Your personal data may be transferred to or shared with selected companies that provide various types of services to Nordiska Galleriet. We use subcontractors and third-party providers to, for example, develop and provide the website and other IT solutions, deliver goods, provide secure payment methods, maintain the security of our business and keep visitors safe, and to market our services and products. In order for these suppliers to perform their work, we may need to share personal data with them.

Some of the suppliers are so-called subcontractors, which means that they process personal data on our behalf and according to our instructions. The providers are only allowed access to your personal data if the sharing of personal data is necessary for the performance of the service in question and the personal data may only be processed in accordance with our instructions, which reflect this privacy policy.

Some of the providers are independent service providers who have an independent data protection responsibility for the personal data they process to provide the service in question. For example, we use the payment service provider Klarna on our website to offer secure payment methods. Klarna is independently responsible for the processing of personal data in connection with payment in accordance with the Klarna Privacy Policy. We also use independent shipping companies such as DHL, which are responsible for the processing of personal data during delivery in accordance with their respective privacy policies. In our business, we use payment solutions from payment service providers who are independently responsible for the processing of your personal data in connection with payment.

In connection with the acquisition or divestment of all or part of Nordiska Galleriet's business, your personal data would be shared or transferred to the acquiring or merged entity. In such cases, your personal data will continue to be processed in accordance with this Privacy Policy.

We may also provide necessary information to public authorities, to protect legal interests and obligations or if you have consented to it.

How do we protect your personal data?

We take a number of security measures to protect your personal data from unauthorised access, unauthorised processing and from accidental loss, destruction or damage. Our security measures include, for example, restricting access to your personal data, meaning that access is limited only to staff who need access to the data in order to perform their duties.

Furthermore, your personal data is protected against unauthorised processing by being processed only for the purposes set out in this Privacy Policy and only by persons or subcontractors who have a contract with us.

Furthermore, we apply a number of technical security measures to protect your personal data against loss, destruction and accidental damage by, among other things, storing backup copies on back-up systems, pseudonymisation and regular security tests.

Where do we process your data?

Your personal data may be processed in a country outside the European Economic Area (EEA). For example, we use IT service providers located in countries outside the EEA. When transferring personal data to a country outside the EEA, we take appropriate legal, technical and organisational security measures to ensure that the personal data is processed according to an equivalent level of protection as within the EEA. Such measures include, inter alia, the inclusion of the European Commission's model clauses together with additional safeguards in the event that the recipient country's data protection regime has not been recognised as ensuring an adequate level of protection for personal data processing.


What are cookies and how are they used?

Cookies are small data files that are stored in your browser (such as Safari and Google Chrome) when you visit different websites. Cookies store device information and information about your use of a specific website. When you visit the same website again, it sends back a copy of the files. Cookies allow websites to remember language choices and login modes or to adapt to what you have done in the past, for example cookies can "remember" products you have looked at previously in an e-commerce store or added to your shopping basket.

We use cookies on our website for the following purposes:

  • Functionality – to allow you to place items in the shopping basket and log in to 'my pages' and to avoid having to enter language and other settings or log in again for each visit

  • Security – to distinguish you from other users and maintain a secure connection

  • Analytics – to provide us with statistics on the number of visitors and click patterns on the site

  • Marketing – to send individualised advertising based on previous searches and visitor patterns on our site and other sites and to create target groups for targeted marketing

Some cookies are necessary for the secure operation of the website and these cookies are automatically installed on your device, based on our legitimate interest in providing a secure website to offer our products and services. Other cookies, such as those used for marketing and analytics, are only stored if you consent to them through our cookie banner on the website. You can withdraw your consent at any time by clicking on the "Cookie Settings" link at the bottom of the website.

Marketing cookies are placed by providers such as Google, Facebook and Instagram and may be used to display targeted marketing on other websites and social media advertising sites. We also use Facebook services to create customer profiles of potential customers based on factors such as age, gender and location. We also use services from Google to analyse how the website is used, for example by creating aggregated data about which sections and products our users click on on our website.

Cookies are stored on your device until their expiry date has passed and they are automatically cleared or until you clear the cookies on your device. Most of the cookies we use on our website are cleared when you leave our site or after 30 days.

Your rights

You are in control of your personal data and therefore always have the following rights in relation to the personal data we process:

  • Right of access (extract from the register) – a right to access information about what personal data we process about you

  • Right to rectification – a right to have inaccurate personal data about you corrected

  • Right to erasure – a right to have your personal data erased

  • Right to object – a right to object to the processing of your personal data on the basis of our legitimate interests (balancing of interests)

  • Right to restricted processing – a right to have the processing of your personal data restricted until inaccurate data has been rectified or other objections have been resolved

  • Right to information about data collection – a right to obtain information about the sources used to collect your personal data (where the information is not provided by you)

  • Right to data portability – a right to request the transfer of personal data from one controller to another. This right is limited to data that you have provided to us yourself.

There may be additional requirements or regulations that extend your rights. There are also requirements or provisions that limit your rights. For example, there may be legal obligations that prevent us from disclosing or moving parts of your data, or from blocking or erasing your data.

To exercise any of your rights, please contact us using the contact form.

Contact and communication

Who can you contact if you have questions about the processing of your data?

For questions about our processing of your personal data, you can always contact our service team.

If you believe that your personal data has been processed incorrectly by us, please contact us using the contact details provided above. You also have the right to contact and lodge a complaint with the Data Protection Authority (, which is the supervisory authority responsible for data protection issues.

How will you be informed if this policy is changed or updated?

We may update this Privacy Policy when new services and features are launched or when new legal requirements are introduced. You can always find the latest version of our Privacy Policy on our website If we make material changes to this Privacy Policy that affect your rights, you will be notified of the change by an information notice on our website or by email before the change occurs.

Company information

Aktiebolaget Nordiska Galleriet
Nybrogatan 11
114 39 Stockholm
Organization number 556032-3189