Privacy Policy (Personvernerklæring)

Last updated: February 2026

1. Data Controller

[YOUR COMPANY NAME AS], org.nr. [ORG NUMBER], is the data controller for the processing of personal data described in this policy.

Address: c/o [VIRTUAL OFFICE PROVIDER], [STREET ADDRESS], [POSTAL CODE] [CITY], Norway

Contact: hello@vernis.art

BEFORE PUBLISHING: Replace bracketed placeholders with your actual company details and virtual office address. Required under GDPR Article 13. Use a virtual office (kontorhotell) address — not your home address.

2. What Data We Collect

2.1 Data you provide directly

• Shipping information: Name, address, phone number, email — collected when you claim your device.
• Communication data: Emails and messages you send to us.

2.2 Data collected automatically

• Wallet address: Your public Ethereum wallet address, visible on the blockchain when you mint or interact with the Vernis smart contract. We do not store private keys.
• Website analytics: We may collect anonymized usage data (pages visited, device type, browser) to improve the website experience.

2.3 Data we do NOT collect

• Private keys or seed phrases
• Contents of your NFT collection (the device processes this locally)
• Data from your Vernis device after delivery (it operates independently)

3. How We Use Your Data

Purpose	Legal basis (GDPR)
Fulfilling your order (shipping the device)	Contract performance (Art. 6(1)(b))
Communicating about your order	Contract performance (Art. 6(1)(b))
Complying with Norwegian accounting and tax law	Legal obligation (Art. 6(1)(c))
Improving our website and services	Legitimate interest (Art. 6(1)(f))

4. Data Sharing

We may share your data with:

• Shipping providers: To deliver your device (name, address, phone number).
• Accounting/tax authorities: As required by Norwegian bookkeeping law (bokføringsloven).

We do not sell your personal data. We do not share data with third parties for marketing purposes.

5. International Transfers

If you are located outside the EEA, your shipping data may be transferred to Norway for order fulfillment. Norway is part of the EEA and follows GDPR standards. If data is transferred outside the EEA (e.g., to a shipping provider), we ensure adequate safeguards are in place as required by GDPR Chapter V.

6. Data Retention

• Shipping/order data: Retained for 5 years as required by Norwegian bookkeeping law (bokføringsloven).
• Communication data: Retained for the duration of the business relationship plus 1 year.
• Website analytics: Anonymized data retained for up to 26 months.

7. Your Rights

Under GDPR, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data (subject to legal retention requirements).
• Data portability: Receive your data in a structured, machine-readable format.
• Object: Object to processing based on legitimate interest.
• Restriction: Request restricted processing in certain circumstances.

To exercise any of these rights, contact us at hello@vernis.art. We will respond within 30 days.

8. Blockchain Data

Please note that data recorded on the Ethereum blockchain (wallet addresses, transaction history, NFT ownership) is public and immutable. We cannot modify or delete on-chain data. This is inherent to blockchain technology and is not within our control as a data controller.

9. Cookies

The Vernis website uses only essential cookies required for site functionality. We do not use tracking cookies or third-party advertising cookies. If this changes in the future, we will update this policy and request your consent where required.

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit (HTTPS), secure storage, and access controls.

11. Supervisory Authority

If you believe your data rights have been violated, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):

Datatilsynet
Website: www.datatilsynet.no

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via the website. The "Last updated" date at the top indicates when the policy was last revised.