We ship nationwide, and you can pay with a bank card or Vipps.

Privacy Policy

Last Updated: 1. December, 2025

This Privacy Policy explains how Naturhistorisk museum ('we', 'us', 'our') processes personal data relating to customers who visit and make purchases in our online store. The store is operated using Shoppin ('the Platform'), which provides technical infrastructure for storefronts, checkout, and payment processing.

This policy is intended to comply with the EU General Data Protection Regulation (GDPR).

1. Data Controller and Processor

Data Controller

UNIVERSITETET I OSLO

Org. No.: 971035854

Address: Sars' gate 1, 0562 OSLO


Naturhistorisk museum is the data controller for the personal data of customers.

Data Processor

The online store is hosted and operated using Shoppin, which acts as a data processor on behalf of the merchant by providing storefront, order management, and checkout functionality.

Payment processing is handled by third-party payment providers acting as independent controllers or processors, as described below.

2. Personal Data We Process

We may process the following categories of personal data:

  • Name
  • Email address
  • Phone number
  • Billing address
  • Shipping address
  • Order and purchase history
  • Customer account information (login credentials are stored securely; passwords are not visible to us)
  • Device, browser, and language information
  • Analytics data relating to use of the online store

3. Purpose of Processing

Personal data is processed for the following purposes:

  • Processing and fulfilling orders
  • Delivering physical goods or digital products
  • Providing customer support
  • Payment processing and fraud prevention
  • Analytics and improvement of our products and services
  • Sending marketing communications where consent has been given

4. Marketing and Communications

  • Transactional communications (such as order confirmations and receipts) are necessary to complete purchases and cannot be opted out of
  • Marketing communications (such as newsletters and promotions) are sent only with the customer's consent
  • Customers may withdraw consent at any time via account settings or by using the unsubscribe link included in marketing emails

5. Payments

Payments in the online store are processed by Stripe, including available payment methods such as Vipps.

  • Sensitive payment information (such as card or bank details) is processed directly by Stripe and is not stored by the merchant
  • Stripe acts as a payment processor in accordance with its own privacy policy

6. Sharing of Personal Data

Personal data may be shared with the following recipients where necessary:

  • Shoppin – storefront, checkout, and order processing
  • Stripe – payment processing and fraud prevention
  • Vipps – payment processing
  • POS and logistics systems used by the merchant for order handling, inventory management, delivery status, reporting, and customer management
  • External CRM systems used by the merchant for customer relationship management
  • Email service providers – sending transactional and opted-in marketing emails
  • Analytics providers (such as Google Analytics)

All recipients process personal data in accordance with applicable data protection laws.

7. Cookies and Tracking Technologies

The online store uses:

  • Essential cookies required for basic functionality and security
  • Analytics cookies to understand usage and improve the store

A cookie consent banner is provided, and additional information is available on the Cookies page.

8. Data Storage and Transfers

  • Personal data is stored within the EU/EEA
  • If personal data is transferred outside the EU/EEA in the future, appropriate safeguards such as Standard Contractual Clauses (SCCs) will be applied

9. Data Retention

Personal data is retained:

  • For as long as the customer account exists
  • As required by applicable accounting and legal obligations

Data is deleted or anonymized when it is no longer necessary for the purposes described in this policy.

10. Customer Rights

Customers have the right to:

  • Access their personal data
  • Request correction of inaccurate or incomplete data
  • Request deletion of personal data
  • Withdraw consent to marketing communications
  • Request data portability

Requests regarding personal data should be directed to: museumsbutikken@nhm.uio.no

11. Children

The online store is not specifically directed at children. If required by law, parental or guardian consent must be obtained for the processing of personal data relating to minors.

12. Contact and Privacy Inquiries

For questions about this Privacy Policy or how personal data is processed, please contact: museumsbutikken@nhm.uio.no