Privacy statement

Coop requires personal data to be processed in accordance with the data protection legislation, fundamental data protection considerations/principles and internal routines. Coop processes all personal data in the way described in the privacy statement and in accordance with the agreement you have entered into, the consents that have been granted and the Normal Statutes for Cooperative Societies.

We use technology to prevent unauthorised third parties from accessing our IT systems and information. Only selected employees have access to the personal data in order to carry out this work.

You can shop in Coop's shops without being a member, but voluntary membership allows you member benefits and a dividend on purchases.

Controller
Coop Norge SA, Postboks 21 Haugenstua, NO-0915 Oslo, organisation no. 936 560 288, is the controller for the Coop membership programme. Contact the Customer and Member Service by calling (+47) 64875000 between 8.30am and 4pm if you have any questions regarding marketing, the membership scheme or other issues.

In Coop, the responsibility for the processing of your personal data is shared between the cooperative society you are a member of and Coop Norge SA. The cooperative society processes, for instance, its members' personal data linked to the members' legal rights to elect representatives to the board and committees of their cooperative society. Coop Norge SA processes the personal data of all the members of all the cooperative societies in connection with the membership programme.

Purpose of and basis for the processing

Coop processes your personal data for the following purposes, based on the following processing basis:

• To ensure the necessary basis for calculating the dividend on purchases, member bonus and discounts accrued through the membership programme, and to handle your member account and deposits appropriately. The basis for the processing is the framework agreement you have entered into with Coop.

• To have registered contact information, so that we can send you owner information on your membership benefits account, changes to interest rates, statements of accounts, corporate changes/mergers that relate to your cooperative society and notices of annual meetings and Coop Elections as part of your membership. Emails are also used for customer surveys and offers. The basis for the processing is the framework agreement and/or consent.

• To give you offers and market communication that are relevant for you – based on your member and buying conduct, your use of your membership card, websites, apps and digital communication. Adaptations/analyses are conducted based on the information on your purchases and your buying pattern. Coop uses various segmentation models so that you are, for example, assigned to one of our customer segments. The basis for the processing is the consents you have given to Coop.

• To notify you of any recall of products via letters or emails or to a mobile phone number. This is based on a weighing up of interests.

• To safeguard the dialogue we have had with you via communication with customers and members. This is based on the framework agreement and/or a weighing up of interests.

• To give you an opportunity to act quickly and efficiently using ShopExpress and self-service checkouts. The basis for the ShopExpress processing is the agreement you have entered into with Coop. If you use self-service checkouts, you can choose whether to register your membership card in order to receive a dividend on purchases and a bonus.

• To give you an opportunity to influence Coop's shops and product range via the Coop Member Panel. This is based on the consents you have given to Coop.

See below for more information on the processing bases.

The personal data that is processed

a) Coop membership
When you register as a member of a cooperative society, your name, address, telephone number, national ID number (or other ID number) and email address are registered, among other things. Your national ID number is necessary to establish a deposit account with Coop.

b) Use of your membership card/app
If you use your membership card/app when shopping at Coop or our business partners, your membership number and information on your purchases are registered (the individual product that is bought, the amount, the shop and the time of the purchase) in order to allow the correct dividend on purchases and bonus to be calculated in accordance with section 4 no.7 of the Normal Statutes for Cooperative Societies. If you do not want your purchases to be registered, you must either not use your membership card/app or cancel your Coop membership. Coop receives data from business partners in order to give you a member bonus on the goods you have purchased. The personal data transferred from Coop to various business partners is personal and member data and information on purchases, your balance, card, agreements and coupons.

c) Information from other sources
In some cases, Coop obtains available personal data relating to you from other sources. This may, for example, be information on your address from the National Register. This processing is necessary to ensure that Coop has your correct address.

d) Coop Member Panel
Your membership number, name, email, an analysis of your shopping conduct and replies given during Coop Member Panel surveys are processed provided you have consented to take part in the Coop Member Panel.

e) Customer surveys
The personal data that is processed is your membership number and the email address that you have consented to Coop using to communicate with you.

f) Use of Coop's website and apps
If you are visiting our website, we will for a short period register certain information via cookies and the IP address linked to your computer. The same applies when using Coop's apps, including apps for mobile phones and tablets, as well as other apps on social media and other websites. For further information, refer to the section entitled Cookies and IP addresses.

g) Electronic communication
If you want Coop to send you information electronically, such as the customer newsletter, information on your membership and/or offers of products and services, we can tailor the communication to you. In such case, in addition that that described, we register the information you give us for this purpose, such as preferences and electronic contact information.

Further description of the basis for the processing

Consent
Whether or not you want to grant consent and the consents you want to actively give are up to you. You must grant a specific consent for each purpose, and the purpose of your consent and the personal data we are gathering are to be stated. The consents you grant apply until you cancel your Coop membership or withdraw your consent. You may at any time administer your consents at "coop.no/min-side", refer to the section below on "Change or withdraw consent".

a) Emails, SMS text messages, digital communication and marketing
Coop adapts information and offers to you electronically via emails, your mobile phone or other digital means of communication, including social media. In order to do so, your consent is required. Coop will always be able to send you information in a letter, irrespective of whether any other medium is stated.

If you have granted consent, we will use your information and shopping history to send you offers on the goods you have purchased before, so that you can save more on the goods that are most relevant to you. You will receive these offers in the communication channels you have consented to, such as in the app, by email or SMS text message, in social media or via electronic communication channels in the form of digital adverts via the services of Coop's business partners, such as Schibsted ASA and its subsidiaries, Amedia, Facebook and Google.

If you consent to push notifications on your mobile phone, this consent will only apply to the individual mobile unit so the consent must be administered there. This consent will not be shown on coop.no/min-side.

You will receive newsletters by email if you have consented to this on coop.no/min-side.

By registering your email address on a specific chain's website, you can subscribe to this chain's customer newsletter. This subscription is administered by the chain from which you receive the customer newsletter.

b) Analysis
Coop requires your consent in order to analyse your buying and member conduct when your membership card/app is registered at the checkout. This allows your membership to be adapted to you and your preferences. Membership offers, product offers, coupons and other marketing from Coop or its business partners may be adapted. This information is communicated in letters or electronically.

Adaptation takes place on the basis of analyses and the storage of, for instance, buying information and the use of various segmentation models. You will receive information if such models have been used to give you adapted marketing.

You may at any time refuse to be analysed by Coop.

Change or withdraw consent
You can at any time make changes, demand access or withdraw consents and refusals at coop.no/minside or by contacting Coop's Customer and Member Service.

If you withdraw one or more consents, we will delete your personal data relating to this consent as quickly as possible unless other legislation means we are under a duty to store this data.

The withdrawal of your consent to analysis means Coop will no longer give you offers and coupons that are adapted to you. Your preferred chain will nonetheless be shown in Coop's digital channels.

You can at any time stop receiving future electronic customer newsletters by clicking on the link that accompanies the customer newsletter. If you terminate a customer newsletter subscription, your email address will be deleted with regard to that subscription. The email address stored on coop.no/minside will not be deleted by you terminating your customer newsletter subscription.

If you do not want Coop to process your personal data relating to purchases, you must either not register your membership card/app when you buy goods or cancel your Coop membership.

If new legal requirements mean that Coop has to change your consents, you will be notified of this. This will lead to changes to this privacy statement.

Refusals
You remain a Coop member even if you choose to refuse some of the services offered by Coop. You can refuse:
a) Telephone sales from Coop/its business partners
b) Advertising relating to Coop credit cards
c) To receive membership letters, value coupons or other direct marketing communications from Coop
d) To receive membership letters in the post

Right to access information
You are entitled to know the personal data that is registered about you. You can access your stored personal data by logging into coop.no/minside. Here, you can see important information. If you want additional information on what we have stored about you, send a written inquiry to Coop.no/kontakt, specifying the personal data you wish to access. If you cannot contact Coop in writing, you can contact the Customer and Member Service by calling (+47) 64875000.

Coop will send you a reply within 30 days of receiving your inquiry regarding access to your personal data. Coop will notify you if this deadline cannot be met.

You must apply to your cooperative society if you want access to information it may have stored about you and for which it is the controller.

Personal data disclosed to third parties

a) Data processors
Coop may allow data processors to be responsible for the technical part of the data processing or the processing of the personal data on behalf of the controller, subject to an existing agreement.

If Coop transfers personal data to countries outside the EU/EEA, it enters into standard agreements and takes the necessary precautions in accordance with the requirements of prevailing legislation.

b) Disclosure to public authorities
Coop discloses personal data to the police or other public authorities if there is a legal basis for this.

Location-based services

Beacons:
When you shop at or are in the vicinity of a Coop shop or take part in an event at which Coop is represented, Coop can use Bluetooth technology to give you useful information or offers at your current location via SMS text messages on your mobile phone. You must grant consent on the mobile phone in order to receive such offers or information.

CCTV
Coop's premises use CCTV. This is done to prevent and reveal criminal offences. The viewing and deletion of the recordings are in accordance with the Norwegian Data Protection Act and internal routines.

Online shopping
When you shop at the online shop coop.no, you are asked to provide payment information. This information is stored by our payment-service supplier so that you can complete the payment. In addition, you must register your contact information so that Coop can reach you if required in connection with the delivery. If there is an active customer relationship, Coop can also use your email address for marketing purposes.

Demographic data
We gather, use and share aggregated data, such as statistical or demographic data, for some purposes. Aggregated data is legally not regarded as personal data since it is not directly or indirectly linked to individuals.

The deletion of data while the individual is still a member
The personal data necessary for your membership will be stored for as long as you are a member. Your buying history data is stored for two years and three months and is then anonymised so that the data cannot identify you.

If you withdraw your consent to analysis, your old buying data used for analysis will be anonymised after six months to safeguard the information should you decide to change your consent once again.

If you withdraw your consent to taking part in the Coop Member Panel, your data will be deleted as quickly as possible after you have withdrawn your consent.

If you cancel your membership, all information on you will be deleted, including your online shopping order history and the history of your contact with the Customer and Member Service unless there is a continued need to store this when you cancel your membership.

Documentation
You are responsible for storing receipts as documentation for purchases from Coop.

Complaints
You may at any time complain to the Norwegian Data Protection Authority about the processing of your personal data – for more information visit www.datatilsynet.no.

Changes to the privacy statement
Coop may regularly update or make changes to this privacy statement. Coop will inform you if any major changes are made.

IP addresses - Cookies

About cookies
When you visit our website, Coop will for a period register certain information via so-called cookies. Cookies are small text files stored on your computer. They cannot execute program codes or transmit viruses. The cookies are linked to the equipment used and can only be read by the server that installed the cookies and is linked to the equipment used. The same applies if the Coop App for mobile phones and tablets or other apps on social media and other websites are used. Coop gathers and uses the information obtained by using its digital solutions to operate the solutions. In addition, this information is used to analyse activities so that we can adapt and improve the solutions and our marketing aimed at you and your desires.

The deactivation and deletion of cookies
You can at any time refuse to allow the use of cookies. You do this in your browser settings, where the use of cookies can be deactivated. If you choose to do this, the website will not function optimally for you but you will still have access to key data and information.

What cookies are used for
Currently, the following cookies are used on coop.no:

Digital advertising
Cookies are used on Coop's website to gather information in order to adapt our offers, that shown on webpages and information to your preferences and needs. For example, we can register that you have been browsing a specific product category at coop.no and, based on this, give you offers linked to this product category. Our goal is to give you a better, more personal and more relevant user experience. Information that we receive from our cookies is not stored together with your private data or order history.

About logging into Min Side (My Page) on Coop's digital solution
As long as you are not logged into any of our digital solutions, your usage cannot be linked back to you as an individual. If you are logged in, we will use general information stated in your profile to adapt the solutions and make the contents more personal and relevant. Such information may, for instance, be which shop chain you usually buy from, etc.

Security
All data communication between you (your browser) and our website (the server) is encrypted using Transport Layer Security (TLS). You can see a full overview of all the cookies at www.coop.no. This list is updated as soon as new tracking is added to our pages. The list also includes the length of time it takes until each cookie is deleted from your browser.

Help/Remember cookie
If you click on "Remember me" when you log into coop.no, a cookie from Coop will be installed on your computer. When you visit coop.no during the next 45 days, this cookie will identify you. You will therefore remain logged into "my page" and/or Coop's online shop. Coop advises you not to use this function if you are using a public computer.

Browser cookies store information on forms, such as your name, address, etc, so that you do not have to fill in this information again every time. Log-in information is also stored, so that you do not have to remember this yourself. This information is not removed when you close the browser. This can be changed in browser settings.

Apptus eSales information cookies
Apptus, a search and personalisation engine, tracks user conduct to adapt the website to your interests and needs and give you suitable offers and lists of products. This cookie is deleted after five years.

About IP addresses, etc.
When you use our digital solutions, your IP address is registered along with information about your browser, operative system, approximate location and the website you came from. We log the use of our various digital solutions.

Adform
Adform obtains data for user statistics, such as the number of hits and clicks on adverts, in order to adapt marketing campaigns to you. This data is also used to tailor adverts to specific target groups and to contact customers who have visited Coop's website and meet specific criteria. Adform does not gather personally identifiable data from your visit to its domains, apart from information that you voluntarily provide. Adform cookies are installed for varying periods.

Google, DoubleClick and YouTube
Google script is used by our media agency to create and deliver marketing campaigns in Google's advertising network. We obtain data on the type of websites you visit, the mobile apps you have on your unit, the cookies in your browser and the advert settings you have chosen. Google also registers websites and apps you have visited which belong to companies that advertise using Google as well as previous interaction with adverts or advertising services from Google and your Google profile (including activity on YouTube and Google+). Read more about how to prevent Google from registering your behavioural pattern here. You can read more about Google's privacy guidelines here. Some Google cookies may be deleted after a few minutes while others last for several years.

Facebook
We use cookies and similar technology to show adverts on and outside Facebook's services. You can adjust the advert settings if you want to control and administer the type of adverts you see on Facebook. Read more about this in Facebook's privacy guidelines. Some Facebook cookies may last for several years. If you do not want this, you must therefore delete them from your browser yourself.

Netlife
Netlife installs cookies to track users who voluntarily answer user surveys on our website. We sometimes conduct user surveys to gather feedback from our users. Netlife cookies are deleted when Coop no longer has any need for them.

Hotjar
Hotjar, an analysis tool, installs cookies that gather information on how users behave in the website. Coop uses this information to understand customers better. Hotjar and Coop store this information.

Windows cloud platform
This cookie stores the name of the server that a user was sent to and ensures a balance when loading the page in that a user is sent to the same server for each inquiry or movement that the user makes on the page. It is thus the webpage and Windows system that, together with the servers, use this cookie in order to function optimally and ensure balance in their systems. This cookie is deleted when you have finished your visit.

EPiServer cookies
Our website provider, EPiServer, uses cookies to ensure that the website functions optimally.

EPiServer uses cookies to make sure that different variables are the same throughout the user's session. A temporary ID for the session is also defined for each user in order to tie together your visits to several pages, understand your user pattern and improve your user experience. For example, we can understand which shop you like best and give you more information on this. This cookie is deleted when you terminate your browsing session.

List of Cookies: