Privacy Policy
1. INTRODUCTION AND DATA CONTROLLER
1.1 Takisi Fruits Norway (“the Company,” “we,” “us,” or “our”), a business-to-business wholesale import and distribution enterprise operating from Skauboveien 12, 2016 Frogner, Norway, is the data controller responsible for the processing of personal data collected through its website at https://www.takisifruits.com and in the course of its commercial activities. The Company specialises in the wholesale import and distribution of high-quality fresh tropical fruits and vegetables, sourced primarily from Africa and supplied on a B2B basis to wholesalers, restaurants, food retailers, and distributors across Scandinavia.
1.2 The Company is committed to safeguarding the personal data of all individuals who interact with its website, submit inquiries, or engage in commercial dealings on behalf of business clients. All processing of personal data is carried out in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, “GDPR”) as incorporated into Norwegian law through the Norwegian Personal Data Act of 15 June 2018 No. 38 (Personopplysningsloven), together with any supplementary regulations issued thereunder, including Regulation No. 0563/2018 on the Processing of Personal Data.
1.3 For all inquiries, requests, or complaints relating to the processing of personal data, the Company may be contacted as follows:
Phone
+47 409 90 927
+47 944 45 937
info@takisifruits.com
Address
Takisi Fruits Norway Skauboveien 12, 2016 Frogner, Norway
Managing Director: Didey Fundey Takisi
2. CATEGORIES OF PERSONAL DATA COLLECTED
2.1 Given that the Company operates on a strictly B2B wholesale basis and does not sell goods directly to individual consumers, the volume and categories of personal data collected are limited. The Company may nonetheless collect and process the following categories of personal data in the course of its business operations:
2.2 Business Contact Information: Names, job titles, professional email addresses, business telephone numbers, and postal addresses of representatives, employees, and agents of the Buyer or prospective business client, provided in connection with order inquiries, quotation requests, contract negotiations, or general commercial correspondence.
2.4 Inquiry and Correspondence Data: Any personal data voluntarily submitted through the contact form on the Company’s website, via email, or by telephone, including the content of messages, the sender’s name, and contact details.
2.5 Invoicing and Payment Data: Business billing details, including the name of the authorised representative, company registration number, VAT identification number, bank account details, and invoicing address, to the extent such data constitutes or includes personal data relating to identified or identifiable natural persons.
3. PURPOSES AND LEGAL BASES FOR PROCESSING
3.1 The Company processes personal data solely for the purposes outlined below, each of which is supported by a lawful basis as required under Article 6(1) of the GDPR:
3.2 Performance of a Contract or Pre-contractual Measures (Article 6(1)(b) GDPR): Personal data of business contacts is processed to respond to order inquiries, issue quotations, confirm orders, arrange delivery of fresh produce, process invoices, and manage ongoing commercial relationships. Where an individual submits an inquiry on behalf of a prospective business client, processing of that individual’s contact details is necessary for the purpose of taking steps at the request of the data subject prior to entering into a contract.
3.3 Legitimate Interests (Article 6(1)(f) GDPR): Certain processing activities are carried out on the basis of the Company’s legitimate business interests, provided that such interests are not overridden by the fundamental rights and freedoms of the data subject. Such legitimate interests include: (a) administering and maintaining the Company’s website, including monitoring traffic patterns and ensuring the security and integrity of the site; (b) managing business relationships and communicating with existing and prospective clients; (c) maintaining internal records for accounting, auditing, and regulatory compliance; and (d) protecting the Company’s legal rights in the event of a dispute.
3.4 Compliance with Legal Obligations (Article 6(1)(c) GDPR): The Company may process personal data where necessary to comply with obligations imposed by Norwegian law, EU regulation, or the directives of competent regulatory authorities. Such obligations include, but are not limited to, those arising under the Norwegian Bookkeeping Act of 19 November 2004 No. 73 (Bokføringsloven), the Norwegian VAT Act of 19 June 2009 No. 58 (Merverdiavgiftsloven), and applicable customs and import regulations.
3.5 Consent (Article 6(1)(a) GDPR): Where processing is not covered by any of the foregoing legal bases, the Company shall seek the data subject’s explicit, informed, and freely given consent before commencing such processing. Consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal, by contacting the Company at info@takisifruits.com.
4. DATA SHARING AND RECIPIENTS
4.1 The Company does not sell, rent, or trade personal data to third parties for marketing or any unrelated commercial purpose. Personal data may, however, be shared with the following categories of recipients where such sharing is necessary for the purposes described in Section 3:
4.2 Service Providers and Processors: Third-party service providers engaged by the Company to perform functions on its behalf, including but not limited to web hosting providers, IT support and maintenance contractors, accountancy firms, and logistics or freight partners. All such processors are bound by data processing agreements in accordance with Article 28 of the GDPR and are permitted to process personal data only in accordance with the Company’s documented instructions.
4.3 Professional Advisors: Legal counsel, auditors, and other professional advisors retained by the Company, to the extent that disclosure is reasonably necessary for the provision of professional services or the protection of the Company’s legal interests.
4.4 Regulatory and Public Authorities: Norwegian tax authorities, customs agencies, or other governmental bodies where disclosure is required by law or regulation, or in response to a binding request or order from such authority. Disclosures to public authorities shall be limited to the minimum data necessary to satisfy the relevant legal obligation.
4.5 Business Successors: In the event of a merger, acquisition, reorganisation, or sale of all or a substantial portion of the Company’s assets, personal data held by the Company may be transferred to the acquiring entity or successor, provided that the acquirer undertakes to process such data in accordance with the GDPR and the terms of this Policy.
5. INTERNATIONAL TRANSFERS OF PERSONAL DATA
5.1 The Company is based in Norway, which forms part of the European Economic Area (“EEA”). Personal data is primarily stored and processed within the EEA. Where it becomes necessary to transfer personal data to a country outside the EEA that has not been recognised by the European Commission as providing an adequate level of data protection, the Company shall ensure that appropriate safeguards are in place, in accordance with Chapter V of the GDPR (Articles 44 to 49).
5.2 Appropriate safeguards may include, depending on the circumstances: (a) the European Commission’s Standard Contractual Clauses (“SCCs”) adopted pursuant to Article 46(2)(c) of the GDPR; (b) binding corporate rules approved by the competent supervisory authority; or (c) any other transfer mechanism recognised as lawful under the GDPR. Where relevant, the Company shall conduct a transfer impact assessment to evaluate whether the laws of the recipient country afford an essentially equivalent level of data protection.
5.3 Individuals may request further information regarding the specific safeguards applied to any international transfer of their personal data by contacting the Company at info@takisifruits.com.
6. DATA RETENTION
6.1 Personal data shall be retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The Company applies the following general retention periods:
6.2 Business Contact and Transaction Records: Contact details and records relating to completed commercial transactions shall be retained for a minimum of five (5) years following the conclusion of the relevant business relationship, in accordance with the retention obligations set forth in the Norwegian Bookkeeping Act of 19 November 2004 No. 73 (Bokføringsloven), Section 13, which mandates the preservation of accounting documentation for a period of five years.
6.3 Inquiry and Correspondence Data: Personal data submitted through the website contact form or via general correspondence, where no commercial relationship materialises, shall be retained for a period of twelve (12) months from the date of last contact, after which it shall be securely deleted or anonymised.
6.4 Website Usage Data: Technical data collected through server logs or analytics tools shall ordinarily be retained for a period not exceeding twenty-six (26) months, consistent with standard analytics retention configurations.
6.5 Upon expiry of the applicable retention period, personal data shall be permanently deleted, securely destroyed, or irreversibly anonymised, in accordance with the Company’s internal data management procedures.
7. COOKIES AND TRACKING TECHNOLOGIES
7.1 The Company’s website may use cookies and similar technologies to facilitate the functioning of the site and, where applicable, to gather statistical data on website usage. A cookie is a small text file placed on the user’s device by a web server when the user accesses a website.
7.2 The Company’s use of cookies is governed by the Norwegian Electronic Communications Act of 4 July 2003 (Ekomloven), as amended and updated by the new Electronic Communications Act adopted by the Norwegian Parliament with effect from 1 January 2025, which aligns Norwegian cookie consent requirements with the GDPR and the EU ePrivacy Directive (Directive 2002/58/EC as amended by Directive 2009/136/EC). Under the current legislation (Section 3-15 of the new Act, formerly Section 2-7b), active, explicit, and GDPR-compliant consent is required before any non-essential cookies are set on a user’s device.
7.3 The Company presently uses the following categories of cookies:
Necessary Cookies: Cookies that are strictly necessary for the operation of the website and the provision of services explicitly requested by the user. Such cookies do not require user consent. At present, the Company’s website deploys a WordPress functionality cookie (wpEmojiSettingsSupport), which is a session-based, necessary cookie set by the WordPress platform to determine whether the user’s browser supports emoji display.
7.4 Analytics Cookies (if and when deployed): The Company may in the future utilise third-party analytics services, such as Google Analytics, for the purpose of monitoring website traffic and analysing user behaviour patterns in aggregate form. Should analytics cookies be deployed, they will only be activated following the user’s active, informed, and freely given consent, obtained through a cookie consent banner displayed upon the user’s first visit to the website. No analytics or tracking cookies are deployed at this time without prior consent.
7.5 Users may manage or withdraw cookie preferences at any time through the cookie consent mechanism provided on the website or through their browser settings. Disabling certain cookies may affect the functionality of the website.
8. RIGHTS OF DATA SUBJECTS
8.1 Under Articles 15 to 22 of the GDPR, individuals whose personal data is processed by the Company are entitled to exercise the following rights, subject to any applicable limitations or exemptions provided by law:
8.2 Right of Access (Article 15): The right to obtain confirmation as to whether personal data concerning the individual is being processed, and, where that is the case, to obtain access to such data together with the information specified in Article 15(1) of the GDPR.
8.3 Right to Rectification (Article 16): The right to obtain the correction of inaccurate personal data and, taking into account the purposes of the processing, the completion of incomplete personal data.
8.4 Right to Erasure (Article 17): The right to obtain the deletion of personal data where one of the grounds set out in Article 17(1) applies, for example where the data is no longer necessary for the purposes for which it was collected, or where consent has been withdrawn and no other legal basis for processing exists.
8.5 Right to Restriction of Processing (Article 18): The right to obtain the restriction of processing in certain defined circumstances, including where the accuracy of the data is contested by the data subject or where the processing is unlawful and the data subject opposes erasure.
8.6 Right to Data Portability (Article 20): The right to receive the personal data provided to the Company in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where the processing is based on consent or on a contract and is carried out by automated means.
8.7 Right to Object (Article 21): The right to object, on grounds relating to the individual’s particular situation, to processing based on the Company’s legitimate interests under Article 6(1)(f). Upon receipt of such objection, the Company shall cease processing unless it demonstrates compelling legitimate grounds that override the interests, rights, and freedoms of the data subject.
8.8 Requests to exercise any of the foregoing rights should be directed to the Company by email at info@takisifruits.com. The Company shall respond to all valid requests within one (1) month of receipt, in accordance with Article 12(3) of the GDPR. Where a request is complex or numerous requests are received, the response period may be extended by a further two (2) months, with notification to the data subject within the initial one-month period.
9. DATA SECURITY
9.1 The Company implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, in accordance with Article 32 of the GDPR. Such measures are proportionate to the nature, scope, and sensitivity of the personal data processed, and include, where applicable: access controls; encrypted communications; secure storage systems; regular backup protocols; and periodic review of security policies.
9.2 In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, the Company shall notify the Norwegian Data Protection Authority (Datatilsynet) without undue delay and, where feasible, no later than seventy-two (72) hours after becoming aware of the breach, in accordance with Article 33 of the GDPR. Where the breach is likely to result in a high risk to the rights and freedoms of affected individuals, the Company shall also notify the affected data subjects without undue delay, pursuant to Article 34 of the GDPR.
10. CHANGES TO THIS POLICY
10.1 The Company reserves the right to amend or update this Privacy Policy at any time to reflect changes in legal requirements, business practices, or the Company’s data processing activities. The revised Policy shall be published on the Company’s website at https://www.takisifruits.com, and the effective date at the top of the document shall be updated accordingly. Where material changes are made that significantly affect the manner in which personal data is processed, the Company shall take reasonable steps to inform affected individuals, including by way of a notice on the website.
11. RIGHT TO LODGE A COMPLAINT
11.1 Any individual who considers that the processing of their personal data by the Company infringes the GDPR or the Norwegian Personal Data Act has the right to lodge a complaint with the competent supervisory authority. In Norway, the supervisory authority is:
Datatilsynet (Norwegian Data Protection Authority) Postal Address: Postboks 458 Sentrum, 0105 Oslo, Norway Visiting Address: Trelastgata 3, 0191 Oslo, Norway Telephone: +47 22 39 69 00
Website
https://www.datatilsynet.no/en/
info@takisifruits.com
Address
Postboks 458 Sentrum, 0105 Oslo, Norway Visiting Address: Trelastgata 3, 0191 Oslo,
11.2 The Company encourages individuals to contact the Company directly in the first instance, at info@takisifruits.com, so that any concerns may be addressed promptly and cooperatively. Lodging a complaint with the supervisory authority does not preclude the data subject from pursuing a judicial remedy before a competent court, in accordance with Article 79 of the GDPR.