Privacy policy
Shur Shur
Company Privacy Policy
Company: Private entrepreneur Savchuk Anna Vasylivna
Approved by: Savchuk Anna Vasylivna
Effective date:
Private entrepreneur Savchuk Anna Vasylivna (“Company”, “we”, “us” and “our”) is created this Company Privacy Policy (“Policy”) for Company’s employees and contractors (“You”) to describe how we process personal data of our Data Subjects/his, which personal data Company is processed according to the Privacy Notice and Cookie Notice.
- What terms does the Company use?
Consent. Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, signifies agreement to the processing of personal data relating to him or her.
Controller. The natural or legal person (and others) who determines the purposes and means of processing.
Co-controller. The natural or legal person (and others) who determines the purposes and means of processing with another controller.
Data Protection Authority. The public organization or governmental body protects the data subjects from unlawful processing.
Data Subject. The natural person, whose personal data is processed.
Data Breach Response Team. A team who fulfills the requirements of the Personal Data Breach and Notification Policy.
Legal Ground for Processing. One of the legally defined grounds for which the processing of personal data is permitted.
Personal Data. Any information relating to an identified or identifiable natural person.
Personal Data Breach. A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Processing. Any action or set of actions with personal data.
Processor. The natural or legal person, who processes personal data on behalf of the controller. You can see the list of our processors via the link.
Profiling. Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Third-Party. Any person, except the subject of personal data, the Controller or Processor and the Data Protection Authority, to whom the Controller or Processor transfers personal data.
Site. An internet site with domain names https://shurshur.com and https://en.shurshur.com.
- On what basis does the Company process personal data?
Principles of personal data protection. Our Company processes personal data according to the following principles:
- Lawfulness, fairness, and transparency;
- Purpose limitation;
- Data minimization;
- Accuracy;
- Integrity and confidentiality.
Lawfulness, fairness, and transparency. Personal data must be processed lawfully, fairly, and in a transparent manner.
Purpose limitation. Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimization. Personal data must be adequate, relevant, and limited to what is necessary for relation to the purposes for which they are processed.
Accuracy. Personal data must be accurate and, where necessary, kept up to date.
Integrity and confidentiality. Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
- What personal data does the Company process?
Processing in general. Our Company processes personal data according to the Privacy Notice and Cookie Notice. You must not ask the Data Subject to provide personal data other than those specified in this Policy or in the documents described above.
Data Subject’s Site Visit Information. When the Data Subject visits the Site, he gives to us his personal data under the following conditions:
- Personal Data collected.A version of a web browser, IP address, time zone, cookie information, what sites or products he views, search terms, and how he interacts with the Site.
- Purpose of collection.To load the Site accurately for the Data Subject, and to perform analytics on the Site usage to optimize our Site.
- Source of collection.Collected automatically when he accesses our Site using log files.
- Legal Ground. Legitimate interest.
- While the Data Subject is using the Site and 1 year after.
Order Information. When the Data Subject places an order on the Site, he gives to us his personal data under the following conditions:
- Personal Data collected.Name, billing address, shipping address, and payment information (including credit and debit card numbers, email addresses, and phone numbers.
- Purpose of collection.To provide products or services to the Data Subject to fulfill our contract, to process his payment information, arrange for shipping, and provide the Data Subject with invoices and/or order confirmations, communicate with the Data Subject, screen our orders for potential risk or fraud, and when in line with the preferences he has shared with us, provide the Data Subject with information or advertising relating to our products or services.
- Source of collection.Collected from the Data Subject.
- Legal Ground.
- While the Data Subject is using the Site and 1 year after.
Customer Support Information. When the Data Subject contacts our customer support, he gives to us his personal data under the following conditions:
- Personal Data collected.It depends on a case by case but can include name, billing address, shipping address, payment information (including credit and debit card numbers, email address, and phone number.
- Purpose of collection.To provide information about our product and services, consult how to use our Site, etc.
- Source of collection.Collected from the Data Subject.
- Legal ground.
- While the Data Subject is using the Site and 1 year after.
Marketing and Advertisement. Our Company processes personal data for direct marketing and targeted advertisement under the following conditions:
-
Personal Data collected. Our Company can use all personal data the Data Subject and our co-controller give to us:
- Full name;
- Sex, gender, marital status, and age;
- Registration and residence address;
- Phone number links to social networks, and instant messengers;
- Information about friends and contacts;
- Physical and email address;
- Place of work;
- Search terms and preferences;
- Reactions;
- Information from accounts;
- Any other information.
- Purpose of collection.Promote our Site, business, and company.
- Source of collection.Collected from the Data Subject and co-controller.
- Legal ground. Our Company processes personal data based on the consent granted to us or our co-controllers, agreements between the Data Subject and us or our co-controllers, and the legitimate interest.
- Our Company processes personal data until the Data Subject withdraws his consent, terminates his contract with us or our co-controllers, and/or exercises his right to object against the processing based on legitimate interest.
Other processing conditions. These are other conditions apply to data processing:
- Data source. Our Company processes personal data received from the Data Subject and public sources. If in the future, we process personal data obtained from Third Parties, we will notify the Data Subject of this.
- Data storage. Data Subject’s personal data is stored on servers in Amsterdam, Kingdom of the Netherlands.
- Selling of personal data. Our Company doesn’t sell personal data at all, without the consent of the Data Subject.
- Our Company doesn’t process the personal data of people who are under ___ years.
- Our Company doesn’t use profiling on the Data Subject.
- California Consumer Protection Act. Our Company doesn’t have an obligation under the CCPA.
- How does the Company share personal data with others?
Sharing in general. Our Company can share personal data with processors, co-controllers, and third parties located over the world. If the receiving party is in the European Union, the European Economic Area, or in the list of countries that provide a reliable level of protection for personal data, we enter into Data Processing Agreement only. If the receiving party is in any other place, we conclude Data Processing Agreement and Standard Contractual Clauses. Also, we can use another legal instrument provided by law.
List of processors. Our Company shares personal data with the following processors:
Software |
Processors |
Goals |
Privacy Notice |
Shopify |
Shopify International Ltd. |
Website builder and hosting provider |
|
ShopPay |
Shopify International Ltd. |
Payments processing |
|
PayPal |
PayPal (Europe) S.à.r.l. |
Payments processing |
Link (But can depend from your country) |
GooglePay |
Google LLC |
Payments processing |
|
KeyCRM |
GetBetter OU |
Keeping for clients, contracts, contacts, etc. |
|
- |
Juscutum Attorneys Association |
Legal, accountant and business consulting services |
|
Telegram |
Telegram Messenger Inc. |
Trade goods, communication with clients |
|
|
Meta Platforms, Inc. |
Trade goods, communication with clients |
|
|
Meta Platforms, Inc. |
Trade goods, communication with clients |
|
Viber |
Viber Media S.à r.l., |
Trade goods, communication with clients |
|
|
WhatsApp Ireland Limited |
Trade goods, communication with clients |
|
|
Pinterest Inc. |
Trade goods, communication with clients |
|
YouTube |
Google LLC |
Trade goods, communication with clients |
List of co-controllers. Our Company shares personal data with the following co-controllers:
Software |
Co-controller |
Goal |
Privacy Notice |
|
Google LLC |
Search engine and advertisement |
|
|
Meta Platforms, Inc. |
Advertisement |
|
|
Meta Platforms, Inc. |
Advertisement |
Sharing with other persons. Our Company may share personal data with other processors, co-controllers, and third parties when it is necessary to provide services to the Data Subject or for our business, but you cannot share personal data without our authorization.
- How does the Company protect personal data?
Protection in general. Our Company protects personal data through technical and organizational measures.
Measures of protection. These measures include:
- HTTP connection with SSL and TLS certificates;
- Training employees in cyber security and data privacy via onboarding;
- Employees distribute access to personal data;
- Distribute storing in different databases;
- Safe servers for web hosting and data storage;
- Integration with Third Party’s software through official APIs;
- Strong password requirements.
HTTP connection with SSL and TLS certificates. An HTTP connection with SSL (Secure Sockets Layer) and TLS (Transport Layer Security) certificates is a secure method of establishing a connection between a client and server over the internet, encrypting the data transmitted between them to prevent eavesdropping, tampering or forgery.
You should visit only websites with an HTTP connection.
Training employees in cyber security and data privacy via onboarding. This type of training covers topics such as password security, phishing awareness, social engineering attacks, data classification and handling, incident reporting, and other related topics to ensure that employees are aware of their role in maintaining the security of the organization's information assets and are equipped with the knowledge and skills to identify and mitigate security risks.
You visit our training in cyber security and data privacy.
Employees distribute access to personal data. Employees' distribution access to personal data refers to the practice of granting access to personal data on a need-to-know basis, where employees are only given access to the personal data that is necessary for them to perform their job responsibilities.
You must not attempt to gain unauthorized access to personal data to which you should not have access and report any known to you such access by another employee or contractor.
Distribute storing in different databases. This approach ensures that the data is not stored in a single point of failure and can be accessed even if one of the databases or data centers is offline or unavailable. By distributing data storage in this way, organizations can improve their overall data resilience and reduce the impact of any potential data breaches or disasters that could affect the availability or integrity of data.
You must not attempt to gain unauthorized access to personal data in different databases to which you should not have access and report any known to you such access by another employee or contractor.
Safe servers for web hosting and data storage. This includes implementing security measures such as firewalls, intrusion detection systems, access controls, data encryption, backups, and disaster recovery plans. Safe servers also provide physical security measures, such as access controls, environmental controls, and power backups to ensure that servers remain operational even during power outages or other disruptions.
You must not attempt or interfere with the operation of these systems and report any incident of infringement.
Integration with Third Party’s software through official APIs. By using official APIs, organizations can securely exchange data and information with third-party services while minimizing the risk of security breaches or other issues that can arise from unauthorized integration. Official APIs provide a standardized, secure, and controlled way for applications to interact with each other, ensuring that data is transmitted and received in a secure and reliable manner.
When integrating with third-party software, employees and contractors must use only official APIs provided by the third-party service. The use of unauthorized integration methods or non-standardized APIs is strictly prohibited.
Strong password requirements. Include a combination of length, complexity, and uniqueness:
- The password length must be at least 12 characters;
- Use at least one uppercase letter, one lowercase letter, one number, and one symbol from the set of @#$%^&+=!?;
- Avoid using simple words and phrases, as well as personal information such as names, dates of birth, etc;
- Passwords must be unique and not reused for different accounts;
- It is recommended to change the password every 90 days. It is recommended to use two-factor authentication for additional account protection.
- How does the Company delete personal data?
Consent. If our Company processes personal data based on the Data Subject’s consent and the Data Subject revoked this consent, we shall delete this personal data within ___ months after the revocation.
Contract. If our Company processes personal data based on the contract between us and the Data Subject or to conclude a such contract and this contract was terminated or the conclusion of the such contract was declined, we shall delete this personal data within ___ months after the termination or rejection.
Legal obligation. If our Company processes personal data based on our legal obligation, we shall delete this personal data within ___ months after the cancellation of this legal obligation.
Vital interest. If our Company processes personal data based on the Data Subject’s vital interest, we shall delete this personal data within ___ months after the termination of such vital interest.
Legitimate interest. If our Company processes personal data based on our legitimate interest and the Data Subject objects to our legitimate interest, we shall delete this personal data within ___ months after the objection.
Exceptions. The above-mentioned rules have the following exceptions:
- Business needs. Timeframes can be prolongated, but no longer than up to ___ months, in the case that the data deletion will interrupt our ongoing business;
- Legal requirements. The retention period can be prolongated if it is required by laws or ordered by a government body. In this case, the period will be prolongated according to such requirements;
- Technical impossibility. Some information is technically impossible or disproportionally difficult to delete. For e.g. deletion of the information may lead to a system integrity violation, or it is impossible to delete the information from the backup copies. In such cases, the information can be further stored;
- The Data Subject’s data can be further processed for our own purposes (e.g. marketing) if we fully anonymize these data after the retention period is expired. This means that all personal identifiers and connections to them will be deleted from the data.
- What does Company do in the case of a data breach?
Personal Data Breach Response and Notification Policy. Our Company lays out the general principles and actions for successfully managing the response to а data breach as well as fulfilling the obligations surrounding the notification to Supervisory Authorities and individuals in the Personal Data Breach Response and Notification Policy.
- What rights does Data Subject have?
Privacy Rights. We do care about the rights of the Data Subject concerning the information collected about them. For this reason, we must ensure that the rights of the Data Subject about whom information is held can be fully exercised. These rights include:
- Right on information about personal data;
- Right on access to the personal data;
- Right on rectification;
- Right to erasure;
- Right to restriction of processing;
- Right on withdrawal of consent;
- Right on withdrawal of consent;
- Right to object;
- Right on data portability;
- Right to the protection of the rights;
Right on information about personal data. The right to be fully informed about the collection and further processing of the Data Subject data before the data is collected or, if not possible, without undue delay;
Right on access to personal data. The right of access to the collected information about the Data Subject. This means that a person should be able to obtain a copy of all the collected data;
Right on rectification. The right to update and keep relevant the processed information if the information is outdated. We shall take reasonable steps to ensure personal data is accurate as well;
Right to erasure. The right to delete the collected information, if possible under Company’s other legal obligations. This obligation also concerns all the recipients of the Personal Data;
Right to restriction of the processing. The right to restrict the scope and purposes of the processing of one’s information. This obligation also concerns all the recipients of the Personal Data;
Right on withdrawal of consent. In case that information is processed based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
Right to object. In case that information is processed on another legal basis than consent, the right to object (stop) the processing, if appropriate;
Right on data portability. The right to request the Company to send a copy of all collected personal data to a third party;
Right to the protection of the rights. The right to file a complaint to the Data Subject’s national data protection authority. In this course, our duty is to inform the Data Subject about it;
Profiling. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning.
- How does the Company respond to inquiries from the Data Subject?
Data Subjects’ Inquiries Responding Policy. Our Company describes how we respond to inquiries of our Data Subject, which personal data Company is processed in the Data Subject’s Inquiries Responding Policy.
- Miscellaneous.
Effective date. Version of the Policy is valid from the Effective date.
Confirmation of acceptance of the Policy. Employees and contractors acknowledge that they have read, understand, and will comply with the Policy when signing the Employee Obligation.
Changes in the Policy. Our Company may make changes from time to time to the Policy. The new version will be valid from the time of the changes of the Effective date.
Governing Law. The Policy is construed in accordance with the Ukrainian legislation with subject to the provisions of European Union General Data Protection Regulation.
Annex I
to the Personal Data Breach Response and Notification Policy
Company: Private entrepreneur Savchuk Anna Vasylivna
Effective date: Savchuk Anna Vasylivna
Approved by:
National Data Protection Authorities
Austria
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
Tel. +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: http://www.dsb.gv.at/
Member: Dr Andrea Jelinek - Director
Belgium
Autorité de la protection des données - Gegevensbeschermingsautoriteit (APD-GBA)
Rue de la Presse 35 – Drukpersstraat 35
1000 Bruxelles - Brussel
Tel. +32 2 274 48 00
Fax +32 2 274 48 35
Email: contact@apd-gba.be
Website: https://www.autoriteprotectiondonnees.be https://www.gegevensbeschermingsautoriteit.be
Member: Ms Cédrine Morlière - President of APD-GBA and Joint representative of EDPB
The competence for complaints is split among different data protection supervisory authorities in Belgium.
Competent authorities can be identified according to the list provided here:
https://www.autoriteprotectiondonnees.be/citoyen/l-autorite/autres-autorites
https://www.gegevensbeschermingsautoriteit.be/burger/de-autoriteit/andere-autoriteiten
Bulgaria
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov blvd.
1592 Sofia
Tel. +359 2 915 3580 +359 2 915 3548
Fax +359 2 915 3525
Email: kzld@cpdp.bg
Website: https://www.cpdp.bg/
Member: Mr Ventsislav Karadjov - Chairman of the Commission for Personal Data Protection
Croatia
Croatian Personal Data Protection Agency
Selska Cesta 136
10000 Zagreb
Tel. +385 1 4609 000
Fax +385 1 4609 099
Email: azop@azop.hr
Website: http://www.azop.hr/
Member: Mr Zdravko Vukić - Director
Cyprus
Commissioner for Personal Data Protection
1 Iasonos Street
P.O. Box 23378
1082 Nicosia
Tel. +357 22 818 456
Fax +357 22 304 565
Email: commissioner@dataprotection.gov.cy
Website: http://www.dataprotection.gov.cy/
Member: Ms Irene Loizidou Nikolaidou - Commissioner for Personal Data Protection
Czech Republic
Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
Email: posta@uoou.cz
Website: http://www.uoou.cz/
Member: Mr Jiří KAUCKÝ - President
Denmark
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Tel. +45 33 1932 00
Email: dt@datatilsynet.dk
Website: http://www.datatilsynet.dk/
Member: Ms Cristina Angela GULISANO - Director
Estonia
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Tatari 39
10134 Tallinn
Tel. +372 6828 712
Email: info@aki.ee
Website: http://www.aki.ee/
Member: Ms Pille Lehis - Director General
Finland
Office of the Data Protection Ombudsman
P.O. Box 800
FI-00531 Helsinki
Tel. +358 29 56 66700
Fax +358 29 56 66735
Email: tietosuoja@om.fi
Website: http://www.tietosuoja.fi/en/
Member: Ms Anu Talus - Ombudsman
France
Commission Nationale de l'Informatique et des Libertés - CNIL
3 Place de Fontenoy
TSA 80715 – 75334 Paris, Cedex 07
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Website: http://www.cnil.fr/ https://www.cnil.fr/en/contact-cnil
Member: Ms Marie-Laure Denis - President of CNIL
Germany
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Straße 153
53117 Bonn
Tel. +49 228 997799 0
Fax +49 228 997799 5550
Email: poststelle@bfdi.bund.de
Website: http://www.bfdi.bund.de/
Member: Mr Prof. Ulrich Kelber - The Federal Commissioner for Data Protection and Freedom of Information
Deputy for the federal states of Germany: Prof. Dr. Thomas Petri, Bavarian Data Protection Commissioner Postfach 22 12 19
80502 München
Email: laendervertreter@datenschutz-bayern.de
The competence for complaints is split among different data protection supervisory authorities in Germany.
Competent authorities can be identified according to the list provided under www.bfdi.bund.de/anschriften.
Greece
Hellenic Data Protection Authority
Kifisias Av. 1-3
11523 Ampelokipi Athens
Tel. +30 210 6475 600
Fax +30 210 6475 628
Email: contact@dpa.gr
Website: http://www.dpa.gr/
Member: Mr Konstantinos Menoudakos - President of the Hellenic Data Protection Authority
Hungary
Hungarian National Authority for Data Protection and Freedom of Information
Falk Miksa utca 9-11
H-1055 Budapest
Tel. +36 1 3911 400
Email: privacy@naih.hu
Website: http://www.naih.hu/
Member: Dr Attila Péterfalvi - President of the National Authority for Data Protection and Freedom of Information
Ireland
Data Protection Commission
21 Fitzwilliam Square
D02 RD28 Dublin 2
Tel. +353 76 110 4800
Email: info@dataprotection.ie
Website: http://www.dataprotection.ie/
Member: Ms Helen Dixon - Data Protection Commissioner
Italy
Garante per la protezione dei dati personali
Piazza Venezia, 11
00187 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
Email: segreteria.stanzione@gpdp.it
Website: http://www.garanteprivacy.it/
Member: Prof. Pasquale Stanzione - President of Garante per la protezione dei dati personali
Latvia
Data State Inspectorate
Elijas Street 17
LV-1050 Riga
Tel. +371 6722 3131
Fax +371 6722 3556
Email: pasts@dvi.gov.lv
Website: https://www.dvi.gov.lv/
Member: Ms Jekaterina Macuka - Director of Data State Inspectorate
Lithuania
State Data Protection Inspectorate
- Sapiegos str. 17
LT-10312 Vilnius
Tel. +370 5 271 2804 +370 5 279 1445
Fax +370 5 261 9494
Email: ada@ada.lt
Website: https://vdai.lrv.lt/
Member: Ms Dijana Šinkūnienė - Director of the State Data Protection Inspectorate
Luxembourg
Commission Nationale pour la Protection des Données
15, Boulevard du Jazz
L-4370 Belvaux
Tel. +352 2610 60 1
Fax +352 2610 60 6099
Email: info@cnpd.lu
Website: http://www.cnpd.lu/
Member: Ms Tine A. Larsen - President of the Commission Nationale pour la Protection des Données
Malta
Office of the Information and Data Protection Commissioner
Second Floor, Airways House
High Street
SLM 1549 Sliema
Tel. +356 2328 7100
Fax +356 2328 7198
Email: idpc.info@idpc.org.mt
Website: http://www.idpc.org.mt/
Member: Mr Ian Deguara - Deputy Commissioner
Netherlands
Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel. +31 70 888 8500
Fax +31 70 888 8501
Website: https://autoriteitpersoonsgegevens.nl/
Member: Mr Aleid Wolfsen - Chairman of the Autoriteit Persoonsgegevens
Poland
Urząd Ochrony Danych Osobowych (Personal Data Protection Office)
- Stawki 2
00-193 Warsaw
Tel. +48 22 531 03 00
Email: kancelaria@uodo.gov.pl dwme@uodo.gov.pl
Website: https://uodo.gov.pl/
Member: Mr Jan Nowak - President of the Personal Data Protection Office
Portugal
Comissão Nacional de Proteção de Dados - CNPD
Av. D. Carlos I, 134, 1º
1200-651 Lisboa
Tel. +351 21 392 84 00
Fax +351 21 397 68 32
Email: geral@cnpd.pt
Website: http://www.cnpd.pt/
Member: Dr. Filipa CALVÃO - President, Comissão Nacional de Proteção de Dados
Romania
The National Supervisory Authority for Personal Data Processing
B-dul Magheru 28-30
Sector 1 BUCUREŞTI
Tel. +40 31 805 9211
Fax +40 31 805 9602
Email: anspdcp@dataprotection.ro
Website: http://www.dataprotection.ro/
Member: Ms Ancuţa Gianina Opre - President of the National Supervisory Authority for Personal Data Processing
Slovakia
Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Tel. + 421 2 32 31 32 14
Fax + 421 2 32 31 32 34
Email: statny.dozor@pdp.gov.sk
Website: http://www.dataprotection.gov.sk/
Slovenia
Information Commissioner of the Republic of Slovenia
Dunajska 22
1000 Ljubljana
Tel. +386 1 230 9730
Fax +386 1 230 9778
Email: gp.ip@ip-rs.si
Website: https://www.ip-rs.si/
Member: Ms Mojca Prelesnik - Information Commissioner of the Republic of Slovenia
Spain
Agencia Española de Protección de Datos (AEPD)
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91 266 3517
Fax +34 91 455 5699
Email: internacional@aepd.es
Website: https://www.aepd.es/
Member: Ms María del Mar España Martí - Director of the Spanish Data Protection Agency
Sweden
Integritetsskyddsmyndigheten
Drottninggatan 29
5th Floor
Box 8114
104 20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
Email: imy@imy.se
Website: http://www.imy.se/
Member: Ms Lena Lindgren Schelin - Director General of the Privacy Protection Authority
Iceland
Persónuvernd
Rauðarárstígur 10
105 Reykjavík
Tel. +354 510 9600
Email: postur@dpa.is
Website: https://www.personuvernd.is https://www.dpa.is
Member: Ms Helga Þórisdóttir - Commissioner
Liechtenstein
Data Protection Authority, Principality of Liechtenstein
Städtle 38
9490 Vaduz
Tel. +423 236 6090
Email: info.dss@llv.li
Website: https://www.datenschutzstelle.li
Member: Dr Marie-Louise Gächter – Commissioner
Norway
Datatilsynet
P.O. Box 458 Sentrum
0150 Oslo
Tel. +47 22 39 69 00
Email: postkasse@datatilsynet.no
Website: https://www.datatilsynet.no
Member: Ms Line Coll - Director-General