Last updated: April 6, 2026
Your privacy matters to us. This policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven).
The data controller responsible for the processing of your personal data on this website is:
Okanagan BC Wines
Operated by Lidia Didriksen
Norway
For privacy inquiries, please use our contact form.
We collect the minimum amount of personal data necessary to operate the website and provide our services. The categories of data we collect depend on how you interact with the website:
When you visit our website, the following data may be collected automatically by our server infrastructure:
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — to understand our audience, improve the website, and ensure security.
When you actively interact with the website, you may provide:
Contact Form
Name, email address, and message content. Legal basis: Consent (Article 6(1)(a) GDPR) and legitimate interest.
Comments on Articles
Name, email address, and comment text. Legal basis: Consent (Article 6(1)(a) GDPR).
In accordance with the Norwegian Electronic Communications Act (Ekomloven), as updated January 1, 2025, and the GDPR, we use only strictly necessary cookies that are essential for the website to function. These do not require consent under Norwegian law.
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| next-auth.session-token | Admin authentication session | Strictly Necessary | Session |
| next-auth.csrf-token | Cross-site request forgery protection | Strictly Necessary | Session |
| theme | Stores your display preference (light/dark) | Functional | 1 year |
We do not use third-party analytics cookies, advertising cookies, social media tracking pixels, or any non-essential tracking technologies. We do not use Google Analytics or similar third-party analytics services.
We use the personal data we collect for the following purposes:
We do not sell, rent, lease, or trade your personal data to any third party. We do not use your data for profiling, automated decision-making, or targeted advertising.
Your personal data may be shared with the following categories of service providers, strictly for the purposes outlined in this policy:
Data may be transferred outside the EEA (to the United States) for hosting and storage purposes. Such transfers are protected by appropriate safeguards, including the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) as required by Chapter V of the GDPR.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
Under the GDPR and Norwegian data protection law, you have the following rights regarding your personal data. You may exercise any of these rights by contacting us through our contact form.
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restriction
Request that we restrict processing of your data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests, including profiling.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Right to Lodge a Complaint
File a complaint with the Norwegian Data Protection Authority (Datatilsynet).
We will respond to your request within 30 days. In complex cases, this may be extended by up to 60 days, in which case we will inform you of the extension and the reason for the delay.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:
While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any breaches in accordance with GDPR Article 33 (notification within 72 hours).
This website is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. This website contains content about alcoholic beverages and is intended for adults of legal drinking age. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such data promptly. If you believe a child has provided us with personal data, please contact us immediately.
If you believe that our processing of your personal data violates the GDPR or Norwegian data protection law, you have the right to lodge a complaint with the supervisory authority:
Datatilsynet (Norwegian Data Protection Authority)
Postal address: P.O. Box 458, Sentrum, 0105 Oslo, Norway
Website: www.datatilsynet.no
This website is operated from Norway and is primarily intended for users in Norway and the European Economic Area (EEA). If you access this website from outside the EEA, please be aware that your data will be transferred to and processed in Norway/EEA, and potentially in the United States (for hosting). By using this website, you consent to such transfer and processing. We apply GDPR-level protections to all user data regardless of your location.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Your continued use of the website after changes are posted constitutes acceptance of the revised policy.
For any questions or concerns about this Privacy Policy or how we handle your personal data, please reach out through our contact form.
We are committed to resolving any privacy concerns promptly and transparently.