top of page

Privacy Policy

When you use our website, contact us, or use our services, the companies within the Smart Retur Holding AS group will process personal data about you.

This includes the following companies:

  • Smart Retur AS

  • Smart Retur Norge AS

  • Smart Work AS

  • Smart Retur Danmark AS

  • Provipal ApS

  • Smart Wash AS

  • Smart Retur Sverige AB

Below you will find information about the personal data we collect, why we collect it, and your rights related to the processing of your personal data.

1. Data Controller / Contact Us
The data controller for your personal data is each individual Smart Retur company, represented by their Managing Director. We are responsible for ensuring that your personal data is processed in accordance with this privacy policy and applicable privacy legislation.

Contact information:
Smart Retur Norway – Headquarters:
Fugleåsen 10, 1405 Langhus
Phone: +47 975 67 000

Smart Retur Denmark:
Engelsholmsvej 28, Randers
Phone: +45 4022 9788

Smart Retur Sweden:
Transportgatan 17, Hisings Backa
Phone: +46 (0)42-400 40 45

For any questions regarding our processing of your personal data, you may contact us at legal@smartretur.no

2. Who We Process Personal Data About
When delivering our services and products to businesses, we process personal data about:

  • Contact persons at corporate customers

  • Contact persons at our suppliers and partners

  • Individuals involved in the services we deliver

3. What Data We Collect and the Legal Basis
We collect and use personal data for different purposes depending on who you are and how we interact with you. We collect the following types of personal data for the purposes described below:
Use of our services

To provide our services, we require you to register personal data—e.g., through our user portal. We register and process information such as your name, email address, location address, mailing address, and phone number.
This information is used to administer your company’s or customer/supplier relationship with us, including ordering, delivery, invoicing, and service follow-up.

Legal basis: GDPR Article 6(1)(b) – necessary for the performance of a contract.

Marketing
We send newsletters and other information to email addresses registered in our client database and to others who have consented to receive such information.
Recipients may easily unsubscribe by using provided links in newsletters. 


For existing customer relationships, marketing is performed in accordance with the Norwegian Marketing Act §15 (3).
Legal basis: Legitimate interest, GDPR Article 6(1)(f).
In other cases, marketing is based on consent, cf. Marketing Act §15 (1) and GDPR Article 6(1)(a).


Other inquiries
We sometimes receive inquiries from company representatives, partners, or private individuals by email, telephone, or other means. We may process information such as name, phone number, email address, the subject of the inquiry, and other information provided.

Not providing such information will normally mean we cannot respond to the inquiry.
Legal basis: Legitimate interest, GDPR Article 6(1)(f), where our legitimate interest is to respond to the inquiry.
If the inquiry leads to a customer relationship, supplier/partner relationship, or recruitment process, the processing will follow the rules described in section 1 or in our recruitment privacy policy.

Recruitment
For recruitment we process CVs, applications, certificates, and references. See separate privacy policy.
We may also process personal data for other purposes if they are compatible with the original purpose, e.g., bookkeeping obligations or other legal requirements.

4. Collection of Personal Data
We may collect personal data in various ways.
Primarily, data is collected directly from you through our web portal or through inquiries you make.
Information may also be provided by your company or others.
When permitted by law, we may also collect information from other sources, such as public registers.

5. Disclosure of Personal Data to Third Parties
Our suppliers may access personal data if stored with them or otherwise available according to our agreements.
They operate under a data processor agreement and follow our instructions.
They may only use the data for the purposes we specify.

We may also share personal data with other companies within the Smart Retur Group, based on our legitimate interest in internal administrative purposes or information-sharing between users of our web-based customer system.
Personal data may also be disclosed where legally required, e.g., correspondence with courts, public authorities, or counterparties.

We do not disclose personal data to others except as described in this privacy policy unless explicitly requested/consented by the client or required by law.

6. Transfer of Personal Data Abroad
Your personal data may be transferred abroad.
Smart Retur operates in Norway, Sweden, and Denmark, all within the EU/EEA privacy framework.
As a general rule, we do not transfer personal data outside the EU/EEA.
If such transfers occur, they will be governed by EU Standard Contractual Clauses to ensure adequate protection.

7. Storage of Personal Data
We store your personal data as long as necessary to fulfill the purpose it was collected for.
For example:

  • Data processed based on consent is deleted if you withdraw your consent.

  • Data processed for a contract or service is deleted when the contract/service and all obligations are completed.

8. Your Rights
Your privacy rights include:

  • Right to information: You may request additional information about how we process your data.

  • Access and correction: You may request access to or correction of your personal data at any time, GDPR Articles 15–16.

  • Deletion: You may request deletion where we no longer have a legal basis to store your data. Certain data cannot be deleted if required by law or necessary for the purposes described. GDPR Article 17.

  • Withdraw consent: If processing is based on consent, you may withdraw it at any time.

  • Restriction: You may request restriction of processing where applicable under GDPR Article 18.

  • Objection: You may object to our processing, Article 21.

  • Data portability: You may request that your data be transferred to you or another business in a structured, machine-readable format, Article 20.

Requests may be sent to the contact information in section 1.


Complaints:
If you believe we process your data unlawfully, you have the right to file a complaint with your national supervisory authority.
In Norway, this is the Norwegian Data Protection Authority: www.datatilsynet.no

9. Security
We take your personal data seriously and have implemented necessary security measures to protect it from loss, destruction, misuse, and unauthorized access.
Access is limited to authorized personnel and suppliers who need the information to perform their tasks.
Please note that no security system can prevent all conceivable breaches, although we strive to maintain the required level of security.

10. Cookies
When you visit our website, certain cookies are stored on your device.
Cookies are small text files that help improve user experience and analyze website usage.
We do not link cookies to you as an individual; the information is anonymous.
Data processed includes cookie ID, device type, browser type, and anonymized IP address.

You consent to cookies unless you opt out via your browser.

11. Changes to This Policy
We may update this privacy policy from time to time.
The most recent version will always be available on the Smart Retur website.

bottom of page