Last Updated: July 7, 2025
Introduction: This Privacy Policy explains how Merete Mowinckel (“we,” “us,” or “our”) collects, uses, and protects personal information when you use our website meretemowinckel.com. We are committed to complying with applicable privacy laws (including the EU General Data Protection Regulation (GDPR)) and safeguarding your data. By using our site or services, you agree to the collection and use of information as described in this policy.
Information You Provide: When you make a purchase or contact us, we collect personal details such as your name, email address, postal/shipping address, and payment information. This includes data needed to fulfill your order (for example, billing and shipping addresses and payment method details). If you choose to create an account or subscribe to any newsletter (if available), we will also collect the credentials and information you provide. We do not intentionally collect sensitive financial information directly – your credit card or payment details are handled securely by our payment processor (Stripe) as described below.
Payment Details: Payments on our site are processed by Stripe (via the GetPaid plugin). When you enter payment information, it is transmitted securely to Stripe. Stripe may collect and process your payment data (such as your name, card number, billing address, email, and purchase amount) in order to complete the transaction. We do not store your full credit card details on our servers. Stripe is a certified payment provider; for more information, please see the Stripe Privacy Policy.
Automatically Collected Data: Like most websites, we and our service providers may collect certain technical data automatically when you visit our site. This includes your IP address, browser type, device type, operating system, and browsing actions on our site. For example, our web hosting and security systems may log your IP address and device information for performance monitoring and security (e.g. to detect malicious activity or attacks). We also use cookies and similar technologies to ensure the site functions properly and to remember your preferences (see our Cookie Policy below for details). These technologies might record information such as pages you visited, items in your cart, or cookie consent choices. We do not use Google Analytics or any third-party analytics tracking at this time, so no analytics cookies are placed for site traffic analysis.
Third-Party Plugins and Integrations: Our site is built on WordPress and uses various plugins (e.g. Elementor, Royal Elementor Addons, WP GetPaid, Complianz, Google Maps, Stripe integration, and WP Content Copy Protection). Some of these plugins may incidentally collect or process data in order to function:
Elementor: Used for content design; it may set a technical cookie to store actions or improve site performance, but it does not share any personal data with third parties.
Google Maps: We embed Google Maps for location display. When you interact with the map, Google may collect your IP address and usage data to load the map tiles and ensure service quality. This happens only after you consent to the Google Maps integration via our cookie consent banner (blocked otherwise for GDPR compliance). Google’s use of your data is governed by Google’s Privacy Policy.
Stripe (via GetPaid): As noted, Stripe processes payments on our behalf. It may place functional cookies on your device to prevent fraud and ensure a secure checkout (for example, Stripe’s cookies __stripe_mid and __stripe_sid help identify trusted devices and prevent fraudulent transactions). These cookies are only used for security and are considered necessary for payment.
Complianz: This plugin manages cookie consent on our site. It will store your cookie preferences in a cookie so that the site remembers which cookies you have consented to or declined. This data is not shared with any external party.
WP Content Copy Protection: This plugin prevents unauthorized copying of our website content (text and images). It does not collect personal data about you; it simply runs scripts to disable right-click and text selection on the site for content protection.
We may use other standard WordPress features which set functional cookies (for example, WordPress may set a test cookie to check if your browser supports cookies, and if you log in to an account, WordPress will use a cookie to keep you logged in during your session). These are strictly necessary for website functionality and security.
Communications: If you contact us via email, contact form, or other means, we will collect the information you provide (such as your name, email address, and the content of your message). We will use this information to respond to your inquiry or provide customer support. We may keep a record of our correspondence.
We do not knowingly collect personal information from children under the age of 16. Our website and services are intended for general audiences and not directed to children. If you are under 16, please do not provide personal data without consent from a parent or guardian.
We will only use your personal information for legitimate purposes. These purposes include:
Providing and Improving Our Services: We use the collected information to process your orders, complete transactions, and deliver the products you purchased. For example, we need your name and address to ship physical art to you, and we need your email to send order confirmations or digital receipts. Processing your personal data for these purposes is necessary to perform the contract between you and us (fulfilling your purchase). We may also use your data to manage your account (if you register one), to personalize your experience on the site, and to improve our offerings based on customer feedback.
Communication: We use contact information (email or phone, if provided) to communicate with you about your order status, delivery updates, or any issues related to your purchase. We might also respond to your inquiries or provide information you request. We will not send you marketing emails unless you have opted in to such communications. If at any point we start a newsletter or promotional email list, it will only include you if you have given explicit consent, and you can opt out at any time.
Payments and Fraud Prevention: As described, we use Stripe to handle payments. Your payment information is used to charge for your orders and to prevent fraud. Stripe, as a third-party payment processor, uses personal data for fraud monitoring and compliance purposes (for instance, verifying your identity and payment details to ensure legitimate transactions). We share only the necessary data with Stripe to process the payment (e.g., name, card info, billing info) and do not receive or store sensitive card details ourselves beyond what is needed (such as the last four digits for reference). Payment processing is conducted securely and in compliance with PCI-DSS and other security standards.
Shipping and Fulfillment: We will use your address and contact information to fulfill deliveries of physical artwork. This may involve sharing your name and address with shipping carriers or postal services that deliver the package to you. If shipping internationally, we may be required to include details on customs forms. We only share the minimum information required to carry out the shipping service.
Site Functionality and Security: Automatically collected technical data (like IP address and cookies) are used for maintaining the website’s core functionality, security, and performance. For example, we may use your IP address to help diagnose and prevent attacks on our site’s infrastructure (e.g., via a security plugin or firewall). Cookies are used to remember items in your cart and your cookie consent choices, so that the site works as expected. Using such data may be based on our legitimate interests in running a safe and functional service. Where we use cookies that are not strictly necessary (such as for Google Maps integration), we will do so only with your consent, in compliance with ePrivacy laws.
Legal Obligations and Rights: We may process and retain personal information as required to comply with our legal obligations – for instance, maintaining transaction records for tax and accounting purposes, or if we are required to respond to lawful requests by public authorities. Additionally, we may use or disclose personal data to protect our rights or the rights of others: for example, to prevent fraud, to enforce our terms of service, or to handle any disputes. We will also use data to detect and prevent malicious or fraudulent activity on our site.
We do not sell or rent your personal information to third parties for marketing or any other purposes. We only use your data for the purposes stated and compatible purposes that you would reasonably expect.
We treat your personal data with care and confidentiality. We only share it with third parties when necessary to operate our business or comply with the law, and always under appropriate safeguards. Key instances where data is shared include:
Payment Processing (Stripe): As noted, when you purchase an item, your payment details are transmitted to Stripe to process the payment. Stripe acts as a data processor for us in this context, and they are bound to handle your personal data securely and only for the purposes of payment. For more details, you can review Stripe’s own privacy policy. We receive confirmation from Stripe once your payment is completed, but we do not receive your full payment card numbers or bank information. Essentially, Stripe lets us know if a payment was successful so we can proceed with your order.
Delivery Partners: We share necessary information with shipping companies or postal services to deliver your physical art purchase. This typically includes your name, delivery address, and possibly phone number or email (so the carrier can provide tracking updates). These partners are provided information only to perform their delivery duties. If required by customs regulations for international shipments, we might also have to provide an invoice or description of the item for customs clearance.
Service Providers and Website Partners: We use certain trusted third-party service providers to help us run the website and provide services to you. For example, our site is hosted on a web server infrastructure and may use cloud service providers or email service providers. Such providers might incidentally process personal data (e.g., your IP address could pass through a content delivery network or our email server will handle sending an order receipt to your email). We ensure that such providers implement appropriate security measures and, where required by law, we have data processing agreements in place with them. These providers are not permitted to use your data for their own purposes. Aside from Stripe and carriers mentioned above, other examples might include:
Our web hosting or IT support providers (for site maintenance and backup).
Email and IT services (for sending communications).
If we use any external plugins that require server-side processing (e.g., a map service or anti-spam service like reCAPTCHA), those services will receive data as needed to perform their functions. For instance, if we enabled Google reCAPTCHA to filter spam on forms, Google would receive some usage data to determine if you are human. (We will update this policy if such services are added.)
Google Maps: If you accept cookies for Google Maps on our site and view an embedded map (for example, a map showing our gallery or event location), Google will receive certain data such as your IP address and possibly device/browser info while the map loads. Google may use this data for their own purposes in accordance with their privacy policies. We allow the Google Maps content only after you have given consent via our cookie banner (so it is blocked by default for EEA users until consent is given). We do not actively send any of your personal data to Google; the integration simply allows Google to collect data via their embedded map frame when it loads. If you prefer not to have Google collect this information, you can choose not to interact with the map or deny the “Marketing/Third-Party” cookies on our cookie consent prompt.
Legal Compliance and Protection: We may disclose personal information if required to do so by law or in response to valid requests by public authorities (e.g., law enforcement or regulators). We may also disclose information if we believe in good faith that it is necessary to investigate or protect against harmful activities to our customers, users, associates, or property (for example, preventing fraud or enforcing our terms). This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction, where permitted by law.
Aside from the situations above, we will not share your personal data with third parties unless we have your explicit consent to do so. If in the future we have partners or scenarios not covered by the above, we will update this Privacy Policy and, if required, obtain your consent.
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by relevant laws.
Order Information: When you make a purchase, we will keep your order details (such as your contact info, order items, transaction dates and amounts) in our records. This is kept to maintain a record of transactions for our accounting/tax obligations and to provide customer service (returns, warranties, etc.). Generally, financial and transaction records are kept for at least the minimum period required by law (for example, under Norwegian or EU law, we may need to keep records for 5 to 10 years for tax and bookkeeping). We will not keep payment card details, but references to the transaction and amount are retained for financial records.
Account Data: If you create an account on our site (if that feature is available), we will retain your profile information and credentials until you delete the account or request deletion. If accounts remain inactive for a prolonged period, we may contact you to confirm if you wish to keep it. You can also request us to delete it at any time.
Communication Data: Emails or communications you send us may be retained as long as needed to address your inquiry and for any follow-up. We may keep a history of communications for reference if you have ongoing dealings with us.
Cookies and Technical Data: Cookies have varying lifespans. Some cookies (like your cookie consent preference or Stripe fraud prevention cookies) will remain on your device for a set period (e.g., Stripe cookies last up to 1 year; our cookie consent cookie lasts up to 365 days), unless you clear them. We detail cookie durations in our Cookie Policy below. Server logs containing IP addresses are typically rotated or deleted within a few weeks to months, unless needed longer for security analysis. If any technical logs need to be kept longer (e.g., for investigating security incidents), they will be retained only until resolved.
Once personal data is no longer needed for the purposes stated, we will either delete it or anonymize it in our systems. For example, if you request deletion of your data or if we no longer need certain data, we will remove it or strip out identifying details. In some cases, we may retain limited information even after an account is deleted or a transaction completed, if necessary to meet legal obligations, resolve disputes, prevent fraud, or enforce agreements. But we will not keep personal data longer than necessary for those legitimate purposes.
We take appropriate security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our website is hosted in a secure environment and we use industry-standard security protocols. Measures we employ include:
Using HTTPS encryption (TLS) on our website, so that data transmitted between your browser and our site is encrypted.
Storing personal data on secure servers or services that have security measures in place (firewalls, access controls, encryption for sensitive data, etc.).
Restricting access to personal data to only those persons and service providers who need it to perform their duties (for example, our small team and critical service providers). They are subject to confidentiality obligations.
Implementing authentication and security plugins on our WordPress site to monitor and prevent unauthorized login attempts or malware. For instance, if we use security tools (like Wordfence or others), they will help block suspicious activity and protect user data. We ensure such tools do not misuse any personal data.
Regularly updating our software, plugins, and systems to patch security vulnerabilities, and generally following good IT practices.
No website or transmission is completely secure, however, so we cannot guarantee 100% security of information at all times. You should also take care with how you handle and disclose your personal data. If we become aware of a data breach that affects your personal information, we will notify you and any applicable authorities as required by law.
As an individual using our site, especially if you are in the European Economic Area (EEA) or other regions with similar laws, you have certain rights regarding your personal data. We honor these rights and have provided mechanisms for you to exercise them. Your principal rights include:
Right to Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it. We will provide you with a summary of the data and details if you ask.
Right to Rectification: If any personal data we have is incorrect or incomplete, you have the right to have it corrected or updated. For example, if you change your name or email, or find a typo in what we have stored, you can ask us to fix it.
Right to Erasure: Commonly known as the “right to be forgotten,” you can request that we delete your personal data. If you withdraw consent or if you believe data is no longer necessary for the purpose collected, you can ask us to remove it. We will honor this request provided there is no overriding lawful reason for us to keep the data (such as a legal requirement or our legitimate interests in retaining essential information). For instance, if you created an account you no longer want, we can delete it along with personal info, but we might keep a record of your past transaction for accounting.
Right to Restrict Processing: You can ask us to limit or suppress the processing of your data in certain circumstances. This might apply if you contest the accuracy of the data or if you object to us processing it (pending a resolution).
Right to Object: You have the right to object to certain processing activities. For example, you can object to processing based on legitimate interests or to receiving direct marketing (which we only send with consent in the first place). If you object, we will reconsider our grounds for processing and will stop processing your data unless we have compelling legitimate reasons that override your rights (or if needed for legal claims).
Right to Data Portability: You can request to receive the personal data you provided to us in a structured, commonly used, machine-readable format, and you have the right to have that data transmitted to another controller where technically feasible. This typically applies to data processed by automated means that you initially gave consent for or that was necessary for a contract (e.g., your profile info or order details, which we can export if needed).
Right to Withdraw Consent: If we are processing any personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to receive a newsletter or to accept optional cookies, you can later opt out or change your preference. Withdrawing consent will not affect the lawfulness of processing we conducted prior to withdrawal, and it won’t affect processing under other legal bases.
Right Not to be Subject to Automated Decisions: We do not use your data for any automated decision-making or profiling that has legal or similar significant effects. If that ever changes, you would have rights related to not being subject to such decisions without human intervention.
To exercise any of these rights, you can contact us at any time (see Contact Us section below). We may need to verify your identity before fulfilling certain requests (for example, access or deletion requests) to ensure we don’t modify or release data to the wrong person. We will respond to your requests within a reasonable timeframe and in accordance with applicable law (generally within 30 days for GDPR-related requests).
Please note that some rights have limitations – for instance, we cannot delete data that we are required by law to keep (like an invoice we issued to you unless the retention period has passed), and we cannot provide data that involves others’ privacy without their consent. But we will explain any such limitations if they apply.
If you have an account on our site, you may also have the ability to directly review and update certain information by logging in and editing your profile. For cookie-related consents, you can adjust preferences through our Cookie banner or by clearing cookies (see the Cookie Policy for more on this).
Finally, you also have the right to lodge a complaint with a data protection supervisory authority if you believe we have infringed your privacy rights. For example, if you are in Norway, you can contact the Norwegian Data Protection Authority (Datatilsynet). If you are in another EU country, you can reach out to your local authority. We would, however, appreciate the chance to address your concerns directly first – so we encourage you to contact us and we will do our best to resolve any issue to your satisfaction.
Our business is based in Norway (which is within the EEA). However, some of the third parties we use (like Stripe or potentially our website hosting or email service) may be located outside of your country. If we transfer personal data out of the EEA, we will ensure appropriate safeguards are in place to protect it. For instance, Stripe is a global company and when processing EU transactions it adheres to EU data protection requirements (Stripe’s European entity handles EU transactions, and data may be stored in servers in the U.S. with legal transfer mechanisms in place). Similarly, if any service provider is in the US or another country not deemed “adequate” by the EU, we will rely on measures like Standard Contractual Clauses or the service provider’s certification under frameworks like the EU-US Data Privacy Framework (if applicable) to ensure your data remains protected.
By using our site or buying from us while located outside Norway, note that your information will be transferred to Norway and potentially to other jurisdictions as needed for processing (e.g., to the country of our service providers). We will abide by all legal requirements for such transfers.
We use cookies and similar technologies on our website to provide and optimize our services. Cookies are small text files stored on your device by your web browser. They serve various functions such as keeping you logged in, remembering what’s in your cart, or understanding your preferences. For detailed information about the cookies we use and your choices regarding cookies, please see our Cookie Policy.
In brief, we only use non-essential cookies (like those for maps) with your consent. On your first visit, you will have seen a cookie consent banner (powered by Complianz) allowing you to accept or decline different categories of cookies. You can change your preferences at any time. Essential cookies, which are needed for site functionality (like adding items to your cart or remembering your privacy settings), are used on the basis of legitimate interest or because they are strictly necessary and do not require consent.
“Do Not Track” (DNT) is a preference you can set in your browser to signal that you do not want to be tracked across websites. Our site currently does not respond differently to a DNT signal, because we do not engage in tracking beyond the limited purposes described and we do not serve targeted advertisements. However, you can control cookies via our banner or your browser settings as described.
Our website may contain links to other websites or embedded content from other platforms (for example, social media profiles or external art gallery pages). If you follow a third-party link, you will be directed to a site we do not control. This Privacy Policy does not apply to those external sites. We recommend you review the privacy policies of any third-party websites you visit. We are not responsible for the content or privacy practices of external sites.
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify users by posting a prominent notice on our site or via other means (e.g., email notification if appropriate). The “Last Updated” date at the top will always indicate the latest revision. We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of the website after any changes signifies your acceptance of the revised terms.