Privacy policy


This privacy policy contains information you are entitled to when Optisan AS (hereinafter «Optisan», «we», or “us”) processes your personal data using our website. Personal data is information that can be directly or indirectly linked to you.

We mainly process personal data because it is necessary for you to be able to purchase products from our online store. In some cases, we will also process information for marketing purposes, or to comply with a legal obligation. You can read more about this below.


Content of the privacy policy

  1.  Data controller and contact information
  2.  What types of personal data do we collect?
  3.  For what purposes do we use personal data, and what is our basis for processing?
  4.  Transfer to third parties
  5.  Marketing control
  6.  Your rights
  7.  Retention period
  8.  Security
  9.  Minors
  10.  Updates


1. Data controller and contact details
Optisan is the data controller for the processing of personal data described in this policy. This means that Optisan is responsible for securing your data, that it is processed lawfully, and that your rights are safeguarded.

If you have questions about our processing of personal data, please contact us at:

Optisan AS
Address: Vækerøåsen 12B, NO-0282 Oslo
CRN: 913 661060
Telephone, customer service: +47 22 06 17 00


2. What types of personal data do we collect?
We collect and process the following information that may be linked to you:

  • Name
  • E-mail address
  • General information about you such as your address, age and gender
  • Telephone number
  • Purchase history information
  • Any customer service inquiries


When you visit our website, cookies collect personal data about your behaviour on our website, including your IP address. The extent of the information collected depends on the cookies for which you have given consent, and you can manage and change selected cookies at any time.  Learn more in our cookie policy.


3. For what purposes do we use personal data and what is our basis for processing?
Optisan only collects personal data for specific purposes. Our processing of the data always has legal basis in Article 6 of the General Data Protection Regulation (GDPR), which is called the “basis for processing”. In the table below is an overview of our purposes and basis for processing.

If we use your consent as a basis for processing, you can withdraw this at any time, either by contacting us or by following instructions specified in our newsletters or SMS. Withdrawing your consent does not affect the lawfulness of our processing of personal data before the consent was withdrawn.


4. Transfer to third parties
We may share personal data with the following third parties:


4.1 Third-party providers
Our third-party providers, to provide services such as web hosting, data analytics, information technology and related infrastructure supply, customer service, email delivery, auditing, and other services. Their data processing and access to personal data is regulated in agreements that, among other things, impose a duty of confidentiality on the third parties.


4.2 Other companies
Other companies with which we work on certain products or services such as payment partners or partners for products that we jointly develop and/or market, or external telemarketing agencies that assist us in contacting customers.


4.3 Authorities
Relevant authorities to the extent that it is based on a legal obligation that rests with us. We do not transfer personal data to countries outside the EU/EEA.


5. Marketing control
If you no longer want to receive marketing communications from us, please contact us as set out in clause 1, or follow the relevant instructions provided in the marketing communications. You can restrict personalized advertisements on third-party websites by following the instructions in our cookie policy.


6. Your rights
Your rights. You have the right to access your personal data, including requesting information about the origin, scope and recipients of the stored data and the reason for its storage.

You have the right to ask us to correct, complete, anonymize and in some cases delete your personal data. If the information is incorrect or incomplete, you have the right to have the information corrected with the restrictions imposed by the legislation. You also have the right to object to our processing of your data where we have requested consent to process information about you and the right to withdraw that consent.

There are some exceptions to these rights. For example, we may deny you access to personal data, if this results in you gaining access to another person’s personal data, or if we are legally prevented from disclosing such information. In some cases, we may retain information even after you have withdrawn your consent, e.g., where a legal obligation requires us to retain the information. You can read more about your rights on the Norwegian Data Protection Authority.

Requesting a restriction on the processing of your personal data may result in some products and services no longer being available to you. We therefore encourage you to contact us for more information about the consequences a restriction may have on your customer relationship.

To exercise your rights, you may contact us as set out in clause 1. You have the right to complain to the relevant supervisory authority (the Norwegian Data Protection Authority), if you believe our processing of your personal data is unlawful.


7. Retention period
We retain your personal data for as long as necessary or permitted in light of the purpose/purposes for which it was collected and as described in this privacy policy. The criteria used to determine our retention periods include: 1) How long we have an ongoing customer relationship with you; 2) Whether we are subject to a legal obligation; or 3) Whether retention is necessary to defend us against legal claims.

Unless we have legal obligations that require otherwise, we retain information about you as a customer for as long as a customer relationship exists and for a maximum of 3 years after termination of the contractual relationship.


8. Security
All personal data is stored in a secure environment. Our website uses Secure Sockets Layer (SSL) encryption technology. This is one of the most advanced security technologies currently available for online transactions. It encrypts all your personal information; thus, it cannot be read as information over the Internet.


9. Minors
Our website and services are not directed at persons under the age of eighteen, and we will not process personal data relating to minors. If you are under the age of 18, you will need permission from your parents or legal guardian to use the website. Please contact your parents or legal guardian before using the website.

If you provide us with personal data to persons under the age of 18, it means that you confirm that you have the authority to do so and that you can prove such authority to us upon request.

You must be at least 18 years old to be able to subscribe to SulforaPlus.


10. Update
We will update this privacy policy periodically. Any changes will be effective when we post the revised privacy policy on the website. The privacy policy was last updated according to the “Last Updated” date shown below. If we make significant changes to this privacy policy, we will actively make you aware of them.

Privacy policy last updated: 4. December 2021