Privacy policy

Shur Shur

Company Privacy Policy


Company: Private entrepreneur Savchuk Anna Vasylivna

Approved by: Savchuk Anna Vasylivna

Effective date:


Private entrepreneur Savchuk Anna Vasylivna (“Company”, “we”, “us” and “our”) is created this Company Privacy Policy (“Policy”) for Company’s employees and contractors (“You”) to describe how we process personal data of our Data Subjects/his, which personal data Company is processed according to the Privacy Notice and Cookie Notice. 


  1. What terms does the Company use?

Consent. Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, signifies agreement to the processing of personal data relating to him or her.

Controller. The natural or legal person (and others) who determines the purposes and means of processing.

Co-controller. The natural or legal person (and others) who determines the purposes and means of processing with another controller.

Data Protection Authority. The public organization or governmental body protects the data subjects from unlawful processing.

Data Subject. The natural person, whose personal data is processed.

Data Breach Response Team. A team who fulfills the requirements of the Personal Data Breach and Notification Policy. 

Legal Ground for Processing. One of the legally defined grounds for which the processing of personal data is permitted.

Personal Data. Any information relating to an identified or identifiable natural person.

Personal Data Breach. A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Processing. Any action or set of actions with personal data.

Processor. The natural or legal person, who processes personal data on behalf of the controller. You can see the list of our processors via the link.

Profiling. Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Third-Party. Any person, except the subject of personal data, the Controller or Processor and the Data Protection Authority, to whom the Controller or Processor transfers personal data.

Site. An internet site with domain names https://shurshur.com and https://en.shurshur.com.


  1. On what basis does the Company process personal data?

Principles of personal data protection. Our Company processes personal data according to the following principles:

  • Lawfulness, fairness, and transparency;
  • Purpose limitation;
  • Data minimization;
  • Accuracy;
  • Integrity and confidentiality.

Lawfulness, fairness, and transparency. Personal data must be processed lawfully, fairly, and in a transparent manner.

Purpose limitation. Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Data minimization. Personal data must be adequate, relevant, and limited to what is necessary for relation to the purposes for which they are processed.

Accuracy. Personal data must be accurate and, where necessary, kept up to date.

Integrity and confidentiality. Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

  • What personal data does the Company process?


Processing in general. Our Company processes personal data according to the Privacy Notice and Cookie Notice. You must not ask the Data Subject to provide personal data other than those specified in this Policy or in the documents described above.

Data Subject’s Site Visit Information. When the Data Subject visits the Site, he gives to us his personal data under the following conditions:

  • Personal Data collected.A version of a web browser, IP address, time zone, cookie information, what sites or products he views, search terms, and how he interacts with the Site.
  • Purpose of collection.To load the Site accurately for the Data Subject, and to perform analytics on the Site usage to optimize our Site.
  • Source of collection.Collected automatically when he accesses our Site using log files.
  • Legal Ground. Legitimate interest.
  • While the Data Subject is using the Site and 1 year after.

Order Information. When the Data Subject places an order on the Site, he gives to us his personal data under the following conditions:

  • Personal Data collected.Name, billing address, shipping address, and payment information (including credit and debit card numbers, email addresses, and phone numbers.
  • Purpose of collection.To provide products or services to the Data Subject to fulfill our contract, to process his payment information, arrange for shipping, and provide the Data Subject with invoices and/or order confirmations, communicate with the Data Subject, screen our orders for potential risk or fraud, and when in line with the preferences he has shared with us, provide the Data Subject with information or advertising relating to our products or services.
  • Source of collection.Collected from the Data Subject.
  • Legal Ground.
  • While the Data Subject is using the Site and 1 year after.

Customer Support Information. When the Data Subject contacts our customer support, he gives to us his personal data under the following conditions:

  • Personal Data collected.It depends on a case by case but can include name, billing address, shipping address, payment information (including credit and debit card numbers, email address, and phone number.
  • Purpose of collection.To provide information about our product and services, consult how to use our Site, etc.
  • Source of collection.Collected from the Data Subject.
  • Legal ground.
  • While the Data Subject is using the Site and 1 year after.

Marketing and Advertisement. Our Company processes personal data for direct marketing and targeted advertisement under the following conditions:

  • Personal Data collected. Our Company can use all personal data the Data Subject and our co-controller give to us:
    • Full name;
    • Sex, gender, marital status, and age;
    • Registration and residence address;
    • Phone number links to social networks, and instant messengers;
    • Information about friends and contacts;
    • Physical and email address;
    • Place of work;
    • Search terms and preferences;
    • Reactions;
    • Information from accounts;
    • Any other information.
  • Purpose of collection.Promote our Site, business, and company. 
  • Source of collection.Collected from the Data Subject and co-controller.
  • Legal ground. Our Company processes personal data based on the consent granted to us or our co-controllers, agreements between the Data Subject and us or our co-controllers, and the legitimate interest.
  • Our Company processes personal data until the Data Subject withdraws his consent, terminates his contract with us or our co-controllers, and/or exercises his right to object against the processing based on legitimate interest.

Other processing conditions. These are other conditions apply to data processing:

  • Data source. Our Company processes personal data received from the Data Subject and public sources. If in the future, we process personal data obtained from Third Parties, we will notify the Data Subject of this.
  • Data storage. Data Subject’s personal data is stored on servers in Amsterdam, Kingdom of the Netherlands.
  • Selling of personal data. Our Company doesn’t sell personal data at all, without the consent of the Data Subject.
  • Our Company doesn’t process the personal data of people who are under ___ years.
  • Our Company doesn’t use profiling on the Data Subject.
  • California Consumer Protection Act. Our Company doesn’t have an obligation under the CCPA.


  1. How does the Company share personal data with others?

 

Sharing in general. Our Company can share personal data with processors, co-controllers, and third parties located over the world. If the receiving party is in the European Union, the European Economic Area, or in the list of countries that provide a reliable level of protection for personal data, we enter into Data Processing Agreement only. If the receiving party is in any other place, we conclude Data Processing Agreement and Standard Contractual Clauses. Also, we can use another legal instrument provided by law.


List of processors. Our Company shares personal data with the following processors:


Software

Processors

Goals

Privacy Notice

Shopify

Shopify International Ltd.

Website builder and hosting provider

Link

ShopPay

Shopify International Ltd.

Payments processing

Link

PayPal

PayPal (Europe) S.à.r.l.

Payments processing

Link (But can depend from your country)

GooglePay

Google LLC

Payments processing

Link

KeyCRM

GetBetter OU 

Keeping for clients, contracts, contacts, etc.

Link

-

Juscutum Attorneys Association

Legal, accountant and business consulting services

Link

Telegram

Telegram Messenger Inc.

Trade goods, communication with clients

Link

Instagram

Meta Platforms, Inc.

Trade goods, communication with clients

Link

Facebook

Meta Platforms, Inc.

Trade goods, communication with clients

Link

Viber

Viber Media S.à r.l.,

Trade goods, communication with clients

Link

WhatsApp

WhatsApp Ireland Limited

Trade goods, communication with clients

Link

Pinterest

Pinterest Inc.

Trade goods, communication with clients

Link

YouTube

Google LLC

Trade goods, communication with clients

Link


List of co-controllers. Our Company shares personal data with the following co-controllers:


Software

Co-controller

Goal

Privacy Notice

Google

Google LLC

Search engine and advertisement

Link

Facebook

Meta Platforms, Inc.

Advertisement

Link

Instagram

Meta Platforms, Inc.

Advertisement

Link


Sharing with other persons. Our Company may share personal data with other processors, co-controllers, and third parties when it is necessary to provide services to the Data Subject or for our business, but you cannot share personal data without our authorization.

  1. How does the Company protect personal data?

Protection in general. Our Company protects personal data through technical and organizational measures.

Measures of protection. These measures include:

  • HTTP connection with SSL and TLS certificates;
  • Training employees in cyber security and data privacy via onboarding;
  • Employees distribute access to personal data;
  • Distribute storing in different databases;
  • Safe servers for web hosting and data storage;
  • Integration with Third Party’s software through official APIs;
  • Strong password requirements.

HTTP connection with SSL and TLS certificates. An HTTP connection with SSL (Secure Sockets Layer) and TLS (Transport Layer Security) certificates is a secure method of establishing a connection between a client and server over the internet, encrypting the data transmitted between them to prevent eavesdropping, tampering or forgery.

You should visit only websites with an HTTP connection.

Training employees in cyber security and data privacy via onboarding. This type of training covers topics such as password security, phishing awareness, social engineering attacks, data classification and handling, incident reporting, and other related topics to ensure that employees are aware of their role in maintaining the security of the organization's information assets and are equipped with the knowledge and skills to identify and mitigate security risks.

You visit our training in cyber security and data privacy.

Employees distribute access to personal data. Employees' distribution access to personal data refers to the practice of granting access to personal data on a need-to-know basis, where employees are only given access to the personal data that is necessary for them to perform their job responsibilities.

You must not attempt to gain unauthorized access to personal data to which you should not have access and report any known to you such access by another employee or contractor.

Distribute storing in different databases. This approach ensures that the data is not stored in a single point of failure and can be accessed even if one of the databases or data centers is offline or unavailable. By distributing data storage in this way, organizations can improve their overall data resilience and reduce the impact of any potential data breaches or disasters that could affect the availability or integrity of data.

You must not attempt to gain unauthorized access to personal data in different databases to which you should not have access and report any known to you such access by another employee or contractor.

Safe servers for web hosting and data storage. This includes implementing security measures such as firewalls, intrusion detection systems, access controls, data encryption, backups, and disaster recovery plans. Safe servers also provide physical security measures, such as access controls, environmental controls, and power backups to ensure that servers remain operational even during power outages or other disruptions.

You must not attempt or interfere with the operation of these systems and report any incident of infringement.

Integration with Third Party’s software through official APIs. By using official APIs, organizations can securely exchange data and information with third-party services while minimizing the risk of security breaches or other issues that can arise from unauthorized integration. Official APIs provide a standardized, secure, and controlled way for applications to interact with each other, ensuring that data is transmitted and received in a secure and reliable manner.

When integrating with third-party software, employees and contractors must use only official APIs provided by the third-party service. The use of unauthorized integration methods or non-standardized APIs is strictly prohibited.

Strong password requirements. Include a combination of length, complexity, and uniqueness:

  • The password length must be at least 12 characters;
  • Use at least one uppercase letter, one lowercase letter, one number, and one symbol from the set of @#$%^&+=!?;
  • Avoid using simple words and phrases, as well as personal information such as names, dates of birth, etc;
  • Passwords must be unique and not reused for different accounts;
  • It is recommended to change the password every 90 days. It is recommended to use two-factor authentication for additional account protection.
  1. How does the Company delete personal data?

Consent. If our Company processes personal data based on the Data Subject’s consent and the Data Subject revoked this consent, we shall delete this personal data within ___ months after the revocation. 

Contract. If our Company processes personal data based on the contract between us and the Data Subject or to conclude a such contract and this contract was terminated or the conclusion of the such contract was declined, we shall delete this personal data within ___ months after the termination or rejection. 

Legal obligation. If our Company processes personal data based on our legal obligation, we shall delete this personal data within ___ months after the cancellation of this legal obligation. 

Vital interest. If our Company processes personal data based on the Data Subject’s vital interest, we shall delete this personal data within ___ months after the termination of such vital interest. 

Legitimate interest. If our Company processes personal data based on our legitimate interest and the Data Subject objects to our legitimate interest, we shall delete this personal data within ___ months after the objection. 

Exceptions. The above-mentioned rules have the following exceptions: 

  • Business needs. Timeframes can be prolongated, but no longer than up to ___ months, in the case that the data deletion will interrupt our ongoing business; 
  • Legal requirements. The retention period can be prolongated if it is required by laws or ordered by a government body. In this case, the period will be prolongated according to such requirements;
  • Technical impossibility. Some information is technically impossible or disproportionally difficult to delete. For e.g. deletion of the information may lead to a system integrity violation, or it is impossible to delete the information from the backup copies. In such cases, the information can be further stored;
  • The Data Subject’s data can be further processed for our own purposes (e.g. marketing) if we fully anonymize these data after the retention period is expired. This means that all personal identifiers and connections to them will be deleted from the data.
  • What does Company do in the case of a data breach?

Personal Data Breach Response and Notification Policy. Our Company lays out the general principles and actions for successfully managing the response to а data breach as well as fulfilling the obligations surrounding the notification to Supervisory Authorities and individuals in the Personal Data Breach Response and Notification Policy.

  • What rights does Data Subject have?

Privacy Rights. We do care about the rights of the Data Subject concerning the information collected about them. For this reason, we must ensure that the rights of the Data Subject about whom information is held can be fully exercised. These rights include: 

  • Right on information about personal data;
  • Right on access to the personal data;
  • Right on rectification;
  • Right to erasure;
  • Right to restriction of processing;
  • Right on withdrawal of consent;
  • Right on withdrawal of consent;
  • Right to object;
  • Right on data portability;
  • Right to the protection of the rights;

Right on information about personal data. The right to be fully informed about the collection and further processing of the Data Subject data before the data is collected or, if not possible, without undue delay; 

Right on access to personal data. The right of access to the collected information about the Data Subject. This means that a person should be able to obtain a copy of all the collected data; 

Right on rectification. The right to update and keep relevant the processed information if the information is outdated. We shall take reasonable steps to ensure personal data is accurate as well; 

Right to erasure. The right to delete the collected information, if possible under Company’s other legal obligations. This obligation also concerns all the recipients of the Personal Data; 

Right to restriction of the processing. The right to restrict the scope and purposes of the processing of one’s information. This obligation also concerns all the recipients of the Personal Data; 

Right on withdrawal of consent. In case that information is processed based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; 

Right to object. In case that information is processed on another legal basis than consent, the right to object (stop) the processing, if appropriate; 

Right on data portability. The right to request the Company to send a copy of all collected personal data to a third party; 

Right to the protection of the rights. The right to file a complaint to the Data Subject’s national data protection authority. In this course, our duty is to inform the Data Subject about it; 

Profiling. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning. 

  1. How does the Company respond to inquiries from the Data Subject?

Data Subjects’ Inquiries Responding Policy. Our Company describes how we respond to inquiries of our Data Subject, which personal data Company is processed in the Data Subject’s Inquiries Responding Policy.

  1. Miscellaneous.

Effective date. Version of the Policy is valid from the Effective date.

Confirmation of acceptance of the Policy. Employees and contractors acknowledge that they have read, understand, and will comply with the Policy when signing the Employee Obligation.

Changes in the Policy. Our Company may make changes from time to time to the Policy. The new version will be valid from the time of the changes of the Effective date. 

Governing Law. The Policy is construed in accordance with the Ukrainian legislation with subject to the provisions of European Union General Data Protection Regulation.   


Annex I

to the Personal Data Breach Response and Notification Policy

 

Company: Private entrepreneur Savchuk Anna Vasylivna

Effective date: Savchuk Anna Vasylivna

Approved by:

National Data Protection Authorities


Austria

Österreichische Datenschutzbehörde

Barichgasse 40-42

1030 Wien

Tel. +43 1 52 152-0

Email: dsb@dsb.gv.at

Website: http://www.dsb.gv.at/

Member: Dr Andrea Jelinek - Director

 

Belgium

Autorité de la protection des données - Gegevensbeschermingsautoriteit (APD-GBA)

Rue de la Presse 35 – Drukpersstraat 35

1000 Bruxelles - Brussel

Tel. +32 2 274 48 00

Fax +32 2 274 48 35

Email: contact@apd-gba.be

Website: https://www.autoriteprotectiondonnees.be https://www.gegevensbeschermingsautoriteit.be

Member: Ms Cédrine Morlière - President of APD-GBA and Joint representative of EDPB


The competence for complaints is split among different data protection supervisory authorities in Belgium.


Competent authorities can be identified according to the list provided here:
https://www.autoriteprotectiondonnees.be/citoyen/l-autorite/autres-autorites
https://www.gegevensbeschermingsautoriteit.be/burger/de-autoriteit/andere-autoriteiten

Bulgaria

Commission for Personal Data Protection

2, Prof. Tsvetan Lazarov blvd.

1592 Sofia

Tel. +359 2 915 3580 +359 2 915 3548

Fax +359 2 915 3525

Email: kzld@cpdp.bg

Website: https://www.cpdp.bg/

Member: Mr Ventsislav Karadjov - Chairman of the Commission for Personal Data Protection

 

Croatia

Croatian Personal Data Protection Agency

Selska Cesta 136

10000 Zagreb

Tel. +385 1 4609 000

Fax +385 1 4609 099

Email: azop@azop.hr

Website: http://www.azop.hr/

Member: Mr Zdravko Vukić - Director

 

Cyprus

Commissioner for Personal Data Protection

1 Iasonos Street
P.O. Box 23378

1082 Nicosia

Tel. +357 22 818 456

Fax +357 22 304 565

Email: commissioner@dataprotection.gov.cy

Website: http://www.dataprotection.gov.cy/

Member: Ms Irene Loizidou Nikolaidou - Commissioner for Personal Data Protection

 

Czech Republic

Office for Personal Data Protection

Pplk. Sochora 27

170 00 Prague 7

Tel. +420 234 665 111

Fax +420 234 665 444

Email: posta@uoou.cz

Website: http://www.uoou.cz/

Member: Mr Jiří KAUCKÝ - President

 

Denmark

Datatilsynet

Carl Jacobsens Vej 35

2500 Valby

Tel. +45 33 1932 00

Email: dt@datatilsynet.dk

Website: http://www.datatilsynet.dk/

Member: Ms Cristina Angela GULISANO - Director

 

Estonia

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

Tatari 39

10134 Tallinn

Tel. +372 6828 712

Email: info@aki.ee

Website: http://www.aki.ee/

Member: Ms Pille Lehis - Director General

 

Finland

Office of the Data Protection Ombudsman

P.O. Box 800

FI-00531 Helsinki

Tel. +358 29 56 66700

Fax +358 29 56 66735

Email: tietosuoja@om.fi

Website: http://www.tietosuoja.fi/en/

Member: Ms Anu Talus - Ombudsman

France

Commission Nationale de l'Informatique et des Libertés - CNIL

3 Place de Fontenoy

TSA 80715 – 75334 Paris, Cedex 07

Tel. +33 1 53 73 22 22

Fax +33 1 53 73 22 00

Website: http://www.cnil.fr/ https://www.cnil.fr/en/contact-cnil

Member: Ms Marie-Laure Denis - President of CNIL

 

Germany

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

Graurheindorfer Straße 153

53117 Bonn

Tel. +49 228 997799 0

Fax +49 228 997799 5550

Email: poststelle@bfdi.bund.de

Website: http://www.bfdi.bund.de/

Member: Mr Prof. Ulrich Kelber - The Federal Commissioner for Data Protection and Freedom of Information

Deputy for the federal states of Germany: Prof. Dr. Thomas Petri, Bavarian Data Protection Commissioner Postfach 22 12 19
80502 München
Email: laendervertreter@datenschutz-bayern.de

The competence for complaints is split among different data protection supervisory authorities in Germany.


Competent authorities can be identified according to the list provided under www.bfdi.bund.de/anschriften.

Greece

Hellenic Data Protection Authority

Kifisias Av. 1-3

11523 Ampelokipi Athens

Tel. +30 210 6475 600

Fax +30 210 6475 628

Email: contact@dpa.gr

Website: http://www.dpa.gr/

Member: Mr Konstantinos Menoudakos - President of the Hellenic Data Protection Authority

 

Hungary

Hungarian National Authority for Data Protection and Freedom of Information

Falk Miksa utca 9-11

H-1055 Budapest

Tel. +36 1 3911 400

Email: privacy@naih.hu

Website: http://www.naih.hu/

Member: Dr Attila Péterfalvi - President of the National Authority for Data Protection and Freedom of Information

Ireland

Data Protection Commission

21 Fitzwilliam Square

D02 RD28 Dublin 2

Tel. +353 76 110 4800

Email: info@dataprotection.ie

Website: http://www.dataprotection.ie/

Member: Ms Helen Dixon - Data Protection Commissioner

 

Italy

Garante per la protezione dei dati personali

Piazza Venezia, 11

00187 Roma

Tel. +39 06 69677 1

Fax +39 06 69677 785

Email: segreteria.stanzione@gpdp.it

Website: http://www.garanteprivacy.it/

Member: Prof. Pasquale Stanzione - President of Garante per la protezione dei dati personali

 

Latvia

Data State Inspectorate

Elijas Street 17

LV-1050 Riga

Tel. +371 6722 3131

Fax +371 6722 3556

Email: pasts@dvi.gov.lv

Website: https://www.dvi.gov.lv/

Member: Ms Jekaterina Macuka - Director of Data State Inspectorate

 

Lithuania

State Data Protection Inspectorate

  1. Sapiegos str. 17

LT-10312 Vilnius

Tel. +370 5 271 2804 +370 5 279 1445

Fax +370 5 261 9494

Email: ada@ada.lt

Website: https://vdai.lrv.lt/

Member: Ms Dijana Šinkūnienė - Director of the State Data Protection Inspectorate

 

Luxembourg

Commission Nationale pour la Protection des Données

15, Boulevard du Jazz

L-4370 Belvaux

Tel. +352 2610 60 1

Fax +352 2610 60 6099

Email: info@cnpd.lu

Website: http://www.cnpd.lu/

Member: Ms Tine A. Larsen - President of the Commission Nationale pour la Protection des Données

 

Malta

Office of the Information and Data Protection Commissioner

Second Floor, Airways House
High Street

SLM 1549 Sliema

Tel. +356 2328 7100

Fax +356 2328 7198

Email: idpc.info@idpc.org.mt

Website: http://www.idpc.org.mt/

Member: Mr Ian Deguara - Deputy Commissioner

 

Netherlands

Autoriteit Persoonsgegevens

Bezuidenhoutseweg 30
P.O. Box 93374

2509 AJ Den Haag/The Hague

Tel. +31 70 888 8500

Fax +31 70 888 8501

Website: https://autoriteitpersoonsgegevens.nl/

Member: Mr Aleid Wolfsen - Chairman of the Autoriteit Persoonsgegevens

 

Poland

Urząd Ochrony Danych Osobowych (Personal Data Protection Office)

  1. Stawki 2

00-193 Warsaw

Tel. +48 22 531 03 00

Email: kancelaria@uodo.gov.pl dwme@uodo.gov.pl

Website: https://uodo.gov.pl/

Member: Mr Jan Nowak - President of the Personal Data Protection Office

 

Portugal

Comissão Nacional de Proteção de Dados - CNPD

Av. D. Carlos I, 134, 1º

1200-651 Lisboa

Tel. +351 21 392 84 00

Fax +351 21 397 68 32

Email: geral@cnpd.pt

Website: http://www.cnpd.pt/

Member: Dr. Filipa CALVÃO - President, Comissão Nacional de Proteção de Dados

 

Romania

The National Supervisory Authority for Personal Data Processing

B-dul Magheru 28-30

Sector 1 BUCUREŞTI

Tel. +40 31 805 9211

Fax +40 31 805 9602

Email: anspdcp@dataprotection.ro

Website: http://www.dataprotection.ro/

Member: Ms Ancuţa Gianina Opre - President of the National Supervisory Authority for Personal Data Processing

 

Slovakia

Office for Personal Data Protection of the Slovak Republic

Hraničná 12

820 07 Bratislava 27

Tel. + 421 2 32 31 32 14

Fax + 421 2 32 31 32 34

Email: statny.dozor@pdp.gov.sk

Website: http://www.dataprotection.gov.sk/

 

Slovenia

Information Commissioner of the Republic of Slovenia

Dunajska 22

1000 Ljubljana

Tel. +386 1 230 9730

Fax +386 1 230 9778

Email: gp.ip@ip-rs.si

Website: https://www.ip-rs.si/

Member: Ms Mojca Prelesnik - Information Commissioner of the Republic of Slovenia

 

Spain

Agencia Española de Protección de Datos (AEPD)

C/Jorge Juan, 6

28001 Madrid

Tel. +34 91 266 3517

Fax +34 91 455 5699

Email: internacional@aepd.es

Website: https://www.aepd.es/

Member: Ms María del Mar España Martí - Director of the Spanish Data Protection Agency

 

Sweden

Integritetsskyddsmyndigheten

Drottninggatan 29
5th Floor
Box 8114

104 20 Stockholm

Tel. +46 8 657 6100

Fax +46 8 652 8652

Email: imy@imy.se

Website: http://www.imy.se/

Member: Ms Lena Lindgren Schelin - Director General of the Privacy Protection Authority


Iceland

Persónuvernd

Rauðarárstígur 10

105 Reykjavík

Tel. +354 510 9600

Email: postur@dpa.is

Website: https://www.personuvernd.is https://www.dpa.is

Member: Ms Helga Þórisdóttir - Commissioner

 

Liechtenstein

Data Protection Authority, Principality of Liechtenstein

Städtle 38

9490 Vaduz

Tel. +423 236 6090

Email: info.dss@llv.li

Website: https://www.datenschutzstelle.li

Member: Dr Marie-Louise Gächter – Commissioner


Norway

Datatilsynet

P.O. Box 458 Sentrum

0150 Oslo

Tel. +47 22 39 69 00

Email: postkasse@datatilsynet.no

Website: https://www.datatilsynet.no

Member: Ms Line Coll - Director-General