HomeArtAboutContact
NO

Stay updated

Get notified about new works and exclusive offers

All products•Prints •Malerier•Dirty Collection
14-day returns
Secure payment
Dotty.
InstagramTikTok
PrivacyTermsMy DataGuides

© 2026 Dotty. All rights reserved.

Org.nr: 829736322 | hei@dotty.no

Privacy Policy

This privacy policy describes how Dotty. (data controller) collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR).

Data Controller

Dotty. is the data controller for the processing of personal data described in this privacy policy. Contact us at hei@dotty.no for privacy questions.

What information we collect

When purchasing

  • Full name
  • Email address
  • Phone number
  • Delivery address

When subscribing to newsletter

  • Email address
  • IP address (for consent documentation)

When using contact form

  • Name
  • Email address
  • Message content

Automatically collected

  • Cookies for shopping cart and login

Legal basis for processing

We process your personal data based on the following legal grounds:

  • Contract: Processing orders, delivery, and customer service (GDPR Art. 6(1)(b))
  • Consent: Newsletter and marketing (GDPR Art. 6(1)(a))
  • Legitimate interest: Fraud protection and security (GDPR Art. 6(1)(f))
  • Legal obligation: Accounting and tax purposes (GDPR Art. 6(1)(c))

How we use the information

  • Process and deliver your order
  • Send order confirmation and delivery updates
  • Respond to inquiries via contact form
  • Send newsletters (only with your consent)
  • Improve our services and user experience

Data processors and third parties

We share your data with the following third parties who process data on our behalf:

ServicePurposeLocation
StripePayment processingEU/USA (EU-US DPF)
SupabaseDatabase and authenticationEU (Frankfurt)
ResendEmail servicesUSA (EU-US DPF)
VercelWeb hostingEU/Global CDN
Shipping companiesDelivery of goodsNorway

All data processors have signed a Data Processing Agreement (DPA) with us.

Retention periods

We retain your personal data as long as necessary for the purpose for which it was collected:

Data typeRetention period
Order data7 years (legal accounting requirement)
NewsletterUntil you unsubscribe
Contact messages2 years
Shopping cart15 minutes (temporary)

Payment information

All payment information is handled securely by our payment partners (Stripe and Vipps). We never store card information or other sensitive payment data on our servers. Stripe is PCI DSS certified.

Newsletter

We use double opt-in for newsletter subscriptions. You must confirm your subscription via email before receiving newsletters. You can unsubscribe at any time via the unsubscribe link in emails or on the "My Data" page.

Cookies

We only use essential cookies:

NamePurposeDuration
AuthenticationKeep you logged inSession
Shopping cartStore shopping cartPermanent
ConsentRemember your cookie choicePermanent

We do not use any tracking, analytics, or marketing cookies.

Your rights

Under GDPR, you have the following rights:

AccessRequest a copy of your personal data
RectificationCorrect inaccurate data
ErasureRequest deletion of your data
Data portabilityReceive your data in machine-readable format
RestrictionRestrict processing of your data
ObjectionObject to processing based on legitimate interest
Withdraw consentWithdraw consent at any time

Use the "My Data" page to exercise your rights, or contact us at hei@dotty.no.

Right to complain

If you believe we are not handling your personal data correctly, you have the right to complain to the supervisory authority:

Datatilsynet (Norwegian DPA)

Postboks 458 Sentrum, 0105 Oslo

postkast@datatilsynet.no

https://www.datatilsynet.no

Security

We take data security seriously. All data is transferred via HTTPS, stored encrypted, and we use row-level security (RLS) to protect your data.

Changes

We may update this privacy policy as needed. For significant changes, we will notify you via email or the website.

Last updated: January 2026

Manage your data →