Privacy Policy & Notice

Privacy and Your Personal Data

The Privacy Policy applies to Information collected by us and provided by you. It is also intended to assist you in making informed decisions when using our Website, and/or contact us. It is important that you read this Privacy Policy together with the Terms of Use and any other notice we may provide. This Privacy Notice supplements other notices and is not intended to override them.

All your personal Information shall be held and used in accordance with Data Protection Laws, being: (i) the Data Protection Act 1998, until the effective date of its repeal (ii) the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, for so long as the GDPR is effective in Norway, and (iii) any successor legislation to the Data Protection Act 1998 and the GDPR, and any other legislation relating to the protection of Personal Data.

Teropan Group, Huken 3A, 3921 Porsgrunn, Norway.

Our Data Protection Lead can be contacted at

Data Controller

Teropan Group is the Data Controller and responsible for your personally identifiable information as listed in clause 3 below.

Our Head of Compliance is our appointed Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights as set out in Clause 7 of this Privacy Policy, please contact the DPO using the details set out above.

What information do we collect?

We may collect, receive from you, use, store and transfer different kinds of Personal Data about you, the reader who has accessed this website, which we have grouped together follows:


a. Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.


b. Contact Data includes billing address, delivery address, email address and telephone numbers.


c. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.


d. Usage Data includes information about how you use our website.


We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal


Data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.


The legal basis for processing your Personal Data

Teropan Group will only process Personal Data where there is a lawful basis as per Data Protection Laws. This lawful basis shall be one or more of the following:

a. Express consent from you;


b. In order to perform and/or complete a contract with a third party;


c. To comply with a legal obligation;


d. To protect your vital interest;


e. It is in the public interest; and


f. There is a legitimate interest.

How we share your information

In certain circumstances we will share your Information with other parties. Details of those parties are set out below along with the reasons for sharing it.


Data Retention

Teropan Group will retain your Personal Data for as long as is necessary for the purposes set out in this Privacy Policy and for the services and products which Thalarctos provides.


We will retain and use your Personal Data to the extent necessary to:


a. comply with our legal obligations;


b. comply with applicable laws;


c. resolve disputes and potential future litigation; and


d. enforce our legal agreements and policies.


Teropan Group will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our website or service, or we are legally obligated to retain this data for longer time periods.

If ‘consent’ is the basis for our lawful processing of your data, we will retain your data so long as both the purpose for which it was collected, and your consent, are still valid. We review the status of your consent every twelve (12) months and treat non-response to our requests for renewal of consent as if they were your request to withdraw consent. Occasionally, we might identify a legitimate interest in retaining some of your Personal Data that has been obtained by consent. If we do, we will inform you that we intend to retain it under these conditions and identify the interest specifically.

If we process your data on the basis of ‘legitimate interests’, we will retain your data for so long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.

All categories of Personal Data that are held by us because they are essential for the performance of a contract, will be held for a period of six years, as determined by reference to the Limitations Act 1980, for the purposes of exercising or defending legal claims.


Your rights as a Data Subject

When reading this notice, it might be helpful to understand that your rights arising under Data Protection Laws include:

a. The right to be informed of how your Personal Data is used (through this notice);


b. The right to access any Personal Data held about you;


c. The right to withdraw consent at any time, by emailing us using the details set out above.;


d. The right to rectify any inaccurate or incomplete Personal Data held about you;


e. The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy, or where you have withdrawn consent;


f. The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and


g. The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.


Data Security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


Does your Personal Data leave the EU?

a. Your Personal Data may be transferred to our affiliated companies outside the EU.


b. We may transfer your Personal Data to third parties which are outside the EU, this will be carried out in accordance with Data Protection Laws and for the purposes of carrying out any services we provide for you.


c. Teropan may from time to time use overseas web and IT providers. We can disclose such details of what data is sent where, and the safeguards in place, following your written request.


Changes to our Privacy Policy

This Privacy Policy can be changed by us at any time. If we change our Privacy Policy in the future, we will advise you of material changes or updates to our Privacy Policy by email, where we are holding your email address.