This Privacy Policy explains how Broken Bones AS (“Broken Oslo”, “we”, “us”, “our”) collects, uses, and protects your personal information when you visit or make a purchase from brokenoslo.com (the “Site”).

We respect your privacy and are committed to handling your data responsibly, transparently, and in compliance with applicable privacy laws — including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and relevant US and Canadian privacy legislation.

1. Personal Information We Collect

When you visit the Site, we collect certain information about you and your device:

a) Device Information

When you browse the Site, we automatically collect:

• Information about your web browser, IP address, time zone, and device type.
• Data on the pages you visit, products you view, referring websites, and how you interact with the Site.

This information helps us understand how visitors use our website and improve the experience.

We collect Device Information using technologies such as:

• Cookies: small files stored on your device (you
  can disable cookies in your browser).
• Log files: record actions on the Site (e.g. IP
  address, browser type, referring pages).
• Pixels / tags / web beacons: measure usage and marketing effectiveness.

b) Order Information

When you make or attempt to make a purchase, we collect:

• Name, billing address, shipping address, email
  address, and phone number.
• Payment details (securely processed by our
  payment provider).
• Order history and communication records related
  to your purchase.

c) Marketing Information

If you sign up for our newsletter, SMS updates, or marketing campaigns, we collect your contact information and communication preferences. We use trusted partners such as Shopify, SMSBump, and email marketing providers to send updates, promotions, and abandoned cart reminders (only with your consent). You can unsubscribe at any time.

2. How We Use Your Information

We use the personal information we collect to:

• Process and deliver your orders, including
  payment verification and shipping.
• Communicate with you about your purchase,
  delivery status, or account.
• Detect and prevent potential fraud or misuse of
  our services.
• Improve and optimize our Site’s performance and
  user experience.
• Provide marketing or product updates, in line with your consent preferences.

3. Sharing Your Information

We share your data only with trusted service providers who help us operate our business:

• Shopify – for website hosting and order
  processing.
• Payment processors – such as Shopify Payments, Klarna, Stripe, or PayPal.
• Shipping partners – DHL, UPS, and other
  logistics providers that handle delivery from our automated warehouse outside
  Oslo.
• Marketing and analytics tools – such as Meta (Facebook/Instagram), Google Analytics, and Klaviyo, to understand performance and improve campaigns.

Each partner only receives the data necessary to perform their service and is contractually required to handle it securely and lawfully. We do not sell, rent, or trade your personal data to third parties.

4. Cookies

Cookies help us remember your preferences, personalize your shopping experience, and analyze site performance. You can control or
delete cookies at any time via your browser settings. For more information,
visit www.allaboutcookies.org

By continuing to use our Site, you consent to our use of cookies as described in this policy.

5. Data Retention

We keep your personal information only as long as necessary to fulfill the purposes described in this policy:

• Order records are retained for accounting and
  legal compliance (typically 5 years under Norwegian law).
• Marketing data is retained until you unsubscribe
  or request deletion.
• Analytics data is stored in aggregated,
  anonymized form whenever possible.

6. Your Rights (EEA, UK & Canada)

 You have the right to:

• Access the personal data we hold about you.
• Correct any inaccurate or incomplete
  information.
• Request deletion of your data (“right to be
  forgotten”).
• Withdraw consent for marketing communications.
• Object or restrict processing under certain
  conditions.
• Request data portability (to transfer your data
  to another provider).
• To exercise these rights, contact us at
  support@brokenoslo.com

We will respond within 30 days as required by law.

7. Data Security

All orders and payments are processed securely via encrypted connections (SSL). We implement strict technical and organizational measures to protect your data from unauthorized access, loss, or misuse.

 8. International Data Transfers

All data is processed primarily within the EEA. When data is transferred outside the EEA (for example, to service providers in the UK, US, or Canada), we ensure it is protected under appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

9. Changes to This Policy

We may update this Privacy Policy occasionally to reflect operational, legal, or regulatory changes. Any updates will be posted on this page with the date of the last revision. Last updated: October 2025

10. Contact Us

If you have questions or concerns about this Privacy Policy, or if you would like to exercise your data rights, please contact us at: support@brokenoslo.com

 Broken Bones AS / Broken Oslo

• Org. no: 928 654 273
• Address: Drammensveien 49, 0271 Oslo, Norway