Personvern er viktig for meg og jeg følger de til enhver tid gjeldene regler for behandling av personopplysninger gitt i personopplysningsloven og personvernforordningen (GDPR). Formålet med følgende informasjon er å gi deg som kunde en oversikt over hvilken informasjon som samles og hva den brukes til.

Hvilken informasjon samles inn

Jeg bruker e-post, navn og adresse for å kunne levere bøkene og for å kunne kontakte deg dersom det trengs i forbindelse med din ordre, eller for å sende deg linken om du har bestilt en gratis e-bok. Jeg sender ikke nyhetsbrev. Jeg lagrer ikke kortinformasjon i nettbutikken. Håndtering av personopplysninger i forbindelse med betaling gjøres av PayPal. Du kan finner mer informasjon om håndteringen på PayPals nettsider.

Hvordan brukes informasjonen som samles inn

Jeg bruker informasjonen som samles for å kunne sende deg bøkene som er bestilt, og kontakte deg dersom det er nødvendig.
Jeg bruker to WordPress utvidelser (plugins) som heter WP Email Capture og Easy Digital Downloads for å håndtere min epostliste. Dersom du har bekreftet at du vil bli med på listen, henter jeg følgende data:
Ditt navn.
Din e-post. .
Datoen du meldte deg på. For at jeg vet når jeg skal slette informasjonen senere.


Jeg selger ikke personopplysninger videre til tredjepart. Informasjonen blir heller ikke byttet eller videreformidlet til tredjepart.

Kan informasjonen slettes/hvor lenge oppbevares den

Du kan selv se din informasjon ved å kontakte meg. Ordreinformasjon kan ikke slettes da jeg er pålagt å oppbevare denne informasjonen i forbindelse med regnskapsføring og eventuell garanti og returhåndtering. Kundekontoen kan derimot slettes om det er ønskelig ved å kontakte meg.

Trollfortellinger er en enkeltpersonforetak og jeg er ansvarlig for behandlingen av personopplysninger. 


My EU GDPR Statement of Data Protection Compliance

I have read the Information Commissioner’s Office Guidelines for compliance with the new General Data Protection Regulation (GDPR) rules, and the following explains how I comply with this. If you have given me your email address (by subscribing to my blog and or contacting me via my contact form, for example), you should read this to reassure yourself that I am looking after your data responsibly. I value the security of your information extremely highly, and will never intentionally breach the rules; the rules are designed for large organisations, and most authors are sole traders, but we are doing our best to keep up.
I use a WordPress plugin called WP Email Capture to aid management of my email marketing list. Should you wish to join my email list, I collect the following data:
Your Name (or what you chose to address yourself as). This is used for simple personalisation purposes.
Your Email Address. This is used to contact you.
The date of signup. This is so I can reference when to delete your data at a later date.


I am a sole trader, so there is no one else in my organisation to make aware.

The Information I hold.

Email addresses of people who have contacted me via my contact form or via email, or people to whom I have replied, are automatically saved. I do not share this information with anyone – ever. I am the data controller but not the data processor for these external databases. I always use strong passwords.

Communicating privacy information.

I have attached this information to the ‘About’ section of my WordPress site, and will also send it to my WordPress followers via a post on 21st May 2018. I will also send it to the followers of my Facebook author page and Twitter author account.

Individuals’ rights.

On request, I will delete data. If someone asks to see their data, I would take a screenshot of their entry/entries and send it to them.

Subject access requests.

I will aim to respond to all requests within 24 hours, although there are some times when I am away from home, and will not see requests until my return.

Lawful basis for processing data.

If people have emailed me, or contacted me via my ‘Contact’ form, they have given me their email address. I do not add this to a list, database or spreadsheet, but my email server will automatically save it.


If in the future I set up an email list, I will ensure that those people who wish to be on my list receive reminders about the T and C of my holding their data, and I will regard this consent as confirmed for a year. Consent is not indefinite, so I will make sure that I remind subscribers that they can unsubscribe or ask for their information to be removed.


I only know the ages of the people who email me, or otherwise contact me, if they tell me, and I only have their word for that. If I become aware that a child has contacted me, I will reply to the email but not contact them again. Since I am not ‘processing’ their data, I am not required to ask for parental consent.

Data breaches.

I have done everything I can to prevent this, by password-protecting my lap-top, my mobile phone, my WordPress account and the accounts I use within organisations such as Twitter and Facebook. If the organisations with whom I have accounts are compromised, I will take steps to follow their advice immediately.

Data Protection by Design and Data Protection Impact Assessments.

I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.

Data Protection Officers.

I am not a major organisation so I do not need to appoint a Data Protection Officer.


My data protection supervisory authority is The Norwegian Data Protection Authority (