NS

Privacy Policy

Last updated: June 2026

Who is responsible

Nordmark Service AS (NS Tuning) is the data controller for personal data collected through this website.

What data we collect

  • Account information: username, first and last name, email address, hashed password.
  • Contact enquiries: the name, email, phone number, vehicle, and message you submit through the contact form.
  • Usage data: basic server logs (opaque user IDs, request paths) for debugging and security purposes.

We do not collect payment data through this site.

How we use your data

  • To create and operate your account.
  • To send account-related emails (email confirmation, password reset).
  • To answer your enquiry and arrange any tuning work you ask about.
  • To improve the service and diagnose technical issues.

We do not use your data for advertising and we do not sell or trade it.

Legal basis for processing

We process your personal data under the following legal bases (GDPR Article 6):

  • Contract (Art. 6(1)(b)) — account data and account-related emails are necessary to provide the account you signed up for.
  • Legitimate interests (Art. 6(1)(f)) — contact enquiries are processed so we can respond to you, and server logs are retained for security monitoring and debugging. Our interest does not override your rights — you can object at any time.

Data sharing

We do not sell or trade your personal data. The platform is self-hosted on infrastructure under our direct control; there is no upstream cloud or hosting provider. We use the following third-party data processor:

  • Brevo (France, EEA) — transactional email delivery (email confirmation, password reset) and delivery of contact-form enquiries. Your email address and the email body are shared with Brevo solely for this purpose.

We may also disclose data when required by law.

Data retention

  • Account & preferences — until you delete your account, after which your username, name, email and password are scrubbed.
  • Contact enquiries — kept for as long as needed to handle your request and any follow-up, then deleted.
  • Server logs — 90 days. Metrics — 60 days.
  • Database backups — encrypted at rest. After account deletion, residual data may persist in backups for up to about 6 months until rotation completes; backups are not used for any processing.

Your rights

Under GDPR you have the right to:

  • Access & portability — download a copy of your account data in JSON format from your account page. For a copy of any enquiry we still hold, contact us.
  • Erasure — permanently delete your account and associated data from your account page.
  • Correction — update your name from your account page. For email or username changes, contact us.
  • Object — object to processing carried out on the basis of our legitimate interests.

For any other request, contact us. You may also lodge a complaint with the Norwegian Data Protection Authority.

Cookies

We use cookies for authentication and session management. See our Cookie Policy for details.

← Back to home