Skip to Content
Welcome to Smartfish - Try for free

Privacy Policy

Last updated: November 25th, 2025
INTRO1. WHO DO WE PROCESS PERSONAL DATA ABOUT?2. HOW DO WE COLLECT YOUR PERSONAL DATA?3. PURPOSES, CATEGORIES OF PERSONAL DATA AND LEGAL BASIS4. WHO DO WE SHARE INFORMATION WITH?5. TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA6. HOW CAN A CUSTOMER ACCESS AND CORRECT THEIR PERSONAL DATA?7. HOW LONG IS PERSONAL DATA STORED – AND HOW CAN A USER DELETE IT?8. SECURITY OF PROCESSING9. YOUR RIGHTS10. CHANGES TO THIS PRIVACY POLICY11. CUSTOMER SERVICE AND CONTACT

INTRO

This is the privacy policy of Smartfish Sports Nutrition AS (“Smartfish”), org. no. 934 838 890, a Norwegian company with address Mustads vei 1 A, 0283 Oslo. In this policy, we describe what types of personal data we process about you, how we obtain access to this data, and what we use the data for.

Smartfish is the data controller for the processing activities described in this policy, and you may contact us with any questions related to our processing of your personal data at:

hi@smartfishsports.com.

We only collect and use your personal data in accordance with applicable law, as set out in the Personal Data Act and the EU General Data Protection Regulation No. 2016/679 (GDPR), as implemented in Norwegian law. When we use terms such as “personal data”, “processing”, “data controller” and “data processing”, these have the same meaning as defined in the Norwegian Personal Data Act.

1. WHO DO WE PROCESS PERSONAL DATA ABOUT?

This privacy policy applies to our processing of personal data relating to the following categories of individuals:

  • Private individuals who use our products.
  • Visitors to our websites.

2. HOW DO WE COLLECT YOUR PERSONAL DATA?

2.1 Data you provide directly to us

When you are a customer of Smartfish, it will sometimes be necessary for us to process your personal data. This applies when you purchase products from us or when you visit our websites.

2.2 Data we receive from third parties

Design Odoo templates easily with clean HTML and Bootstrap CSS. These templates offer a responsive, mobile-first design, making them simple to customize and perfect for any web project, from corporate sites to personal blogs.

We may receive information from the following third parties:

  • Payment providers (e.g. Stripe/Nets): transaction status, payment confirmation, tokenised payment reference.
  • Logistics and delivery partners: delivery status and tracking information.
  • Analytics and advertising platforms (e.g. Google, Meta, TikTok): aggregated and pseudonymised user behaviour related to ads and the website.
  • Email and marketing tools (e.g. Klaviyo, Odoo): information about opens, clicks, and consent status.

This information is only used for purposes necessary to deliver the service, improve our products and communication, or fulfil legal obligations.


2.3 Data from cookies

Our websites use cookies to gain insights into user interactions on our website. A cookie is a small file that is stored on your computer when you visit websites.

We use cookies for the following purposes:

  • Necessary cookies that are stored until you close the browser window and are used to improve your user experience.
  • Marketing cookies that, with your consent, store and analyse how you use our website and your activity across various websites in order to show ads that are relevant and interesting to you.

In this context, we will use the following information about you:

  • Device information: IP address, internet service provider, browser and operating system.
  • Usage information: pages visited on the website, and date/time of the visit.

For detailed information, see our Cookie Policy. You can withdraw or change your consent at any time by clicking “cookies” at the bottom of our website and selecting “withdraw consent” or “change consent”.

3. PURPOSES, CATEGORIES OF PERSONAL DATA AND LEGAL BASIS

3.1 General

Below is an overview of the purposes for which Smartfish processes personal data, the types of personal data processed and the legal basis for the processing.


3.2 Purchase of Smartfish products

 If you purchase products from us, we will process the following information about you:

  • Contact details: first and last name, email address, phone number, delivery and billing address.
  • Purchase information: account and card details, orders, payment status, and transaction history.

Your information is processed in order to handle orders and deliver products to you in order to fulfil the purchase agreement entered into with you, cf. GDPR Article 6(1)(b).


3.3 Creating a user account

If you create a user account with Smartfish, we will process the following information about you:

  • Contact details: first and last name, email address, phone number, delivery and billing address.
  • Purchase information: orders, payment status and transaction history.

This processing is based on a legitimate interest assessment and is carried out to ensure smooth and efficient registration of you as a customer, cf. GDPR Article 6(1)(f).


3.4 Customer service and support

In order to provide customer service and support, we will process the following information about you:

  • Contact details: first and last name, email address, phone number, delivery and billing address.
  • Purchase information: orders, payment status and transaction history.
  • Unstructured data: the content of your message to us.

This processing is based on a legitimate interest assessment and is carried out to provide you with good customer service and support for your purchases, cf. GDPR Article 6(1)(f).


3.5 Sales and marketing

Smartfish carries out various sales and marketing activities that may involve the processing of your personal data.

Direct marketing related to your existing customer relationship

Smartfish aims to ensure that our customers receive up-to-date and useful information about updates and other matters we believe are relevant for benefiting from our products. From time to time, we will therefore send newsletters and other relevant information to our customers. These communications may contain information about products and offers that are relevant to you.

This type of marketing is automated and sent without prior consent to existing customers. The communication will be sent to the contact address you provided in connection with the purchase of our products. This marketing is based on an existing customer relationship and is carried out on the basis of a legitimate interest, cf. GDPR Article 6(1)(f).

Personalised marketing

If you have given your consent, we will use your history with us to tailor relevant content to you across communication channels. In this context, we may share relevant personal data with our partners such as Google, Meta and TikTok in order to provide you with the best possible experience.

This type of marketing is based on consent, cf. GDPR Article 6(1)(a).


3.6 Development and optimization of products and services

To improve our products and services, we may process user reviews or use and analyse data created by users of our products.

This processing is based on a legitimate interest assessment, as we believe that this processing contributes to efficient business operations and the best possible conditions and services for our customers, cf. GDPR Article 6(1)(f).


3.7 Legal obligations

In some cases, we are required to process personal data in order to fulfil obligations laid down in law or regulations. This includes, for example, obligations under accounting and tax legislation and anti-money laundering legislation. This type of processing is based on GDPR Article 6(1)(c).

4. WHO DO WE SHARE INFORMATION WITH?

Our IT service providers may have access to personal data if such data is stored with them under contract with us.

Our e-commerce provider Odoo acts as a data processor and processes contact and purchase information in connection with the operation of our online store and order management.

Our payment solution providers, including Stripe, Klarna, Vipps and other credit card companies, process contact and purchase information to complete payment transactions and secure payments, as well as for the creation and sending of invoices/collection claims.

Our delivery partners handle the delivery of goods and process contact details and delivery addresses to ensure correct delivery of ordered products.

Our providers assisting with accounting and audit services process purchase information and contact details in accordance with statutory requirements as mentioned in section 3.7.

Our cookie service providers may gain access to personal data when you visit our websites.

Other relevant third parties may gain access to personal data in connection with the sale, merger or transfer of Smartfish to another party. In such cases, your data will continue to be processed in accordance with this policy.

The above-mentioned parties act under a valid data processing agreement and on our instructions. We do not disclose personal data in other ways or in other circumstances than those described in this privacy policy, unless you explicitly request or consent to this. In some cases, however, Smartfish reserves the right to disclose information about registered users to public authorities if required by law.

5. TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA

As a general rule, your personal data is processed and stored within the EU/EEA. In some cases, it may nevertheless be necessary to process your data outside the EU/EEA. In such cases, we will ensure that there is either a decision from the European Commission stating that the relevant country guarantees an adequate level of protection, or that appropriate safeguards are in place to ensure that your GDPR rights are protected. Examples of such appropriate safeguards include that the data transfer is subject to the European Commission’s standard contractual clauses or that the relevant third party adheres to approved codes of conduct.

If you would like more information about the safeguards we have implemented, you can contact us using the contact details provided at the beginning of this policy.

6. HOW CAN A CUSTOMER ACCESS AND CORRECT THEIR PERSONAL DATA?

Each customer is responsible for ensuring that the information registered with us is valid and correct.

Customers who have an account can review and update their own profile. On the same page, it is possible to add and delete non-mandatory information.

If a customer requests access to personal data registered in their name, this will be logged by Smartfish. You can contact Smartfish at any time for information about logged data or other matters relating to personal data. Please see the contact details at the end of this document.

7. HOW LONG IS PERSONAL DATA STORED – AND HOW CAN A USER DELETE IT?

Data is stored in accordance with legal requirements, and Smartfish will delete information when it is no longer necessary. Smartfish Sports Nutrition applies the following retention periods:

  • The Norwegian Accounting Act requires us to retain transaction data for five years.
  • The Norwegian Limitation Act requires us to retain personal data (e.g. consumption and settlement data) for three years.
  • Payment information is stored securely by our payment provider and is retained only as long as necessary to administer active subscriptions and fulfil legal obligations.
  • User information is deleted when you deactivate/delete your account or after 24 months of inactivity.
  • Data related to support and customer service enquiries is stored only as long as necessary to handle the matter and document the customer relationship. Such data is typically deleted within 24 months after the case is closed.
  • Data collected based on your consent is deleted when consent is withdrawn.
  • Other data is deleted when it is no longer necessary for the purpose of processing.

8. SECURITY OF PROCESSING

All processing of personal data is secured through necessary technical and organisational measures.

We handle personal data in a way that ensures it is accurate, available and processed according to its sensitivity. We also use a range of security technologies and information security procedures to protect personal data from unauthorised access, use or disclosure.

We have entered into data processing agreements with all suppliers who process personal data on behalf of Smartfish. These suppliers are obliged to act only in accordance with Smartfish’s documented instructions and may not use the data for their own purposes.

Access to personal data is restricted to the personnel or third parties who process the data on our behalf. These parties are bound by confidentiality obligations.

9. YOUR RIGHTS

Under data protection law, you have the right to:

  • Request access to the personal data we process about you.
  • Request that personal data about you be deleted or corrected.
  • Withdraw your consent where processing is based on consent (e.g. you can unsubscribe from marketing materials in your user profile).
  • Receive personal data you have provided to Smartfish and transfer this to another controller (data portability).
  • Submit a complaint to the relevant supervisory authority in your country of residence, workplace, or where an alleged infringement of data protection law has taken place (in Norway: Datatilsynet).

10. CHANGES TO THIS PRIVACY POLICY

We may make minor changes to this privacy policy. The most recent version will always be available on our website. In the case of material changes, we will notify you.

11. CUSTOMER SERVICE AND CONTACT

If there are any issues, we're here to help!

+47 23 50 72 21 / hi@smartfishsports.com