Our Policies





1         Purpose

According to the general data protection regulation (EU) 2016/679, called ”GDPR” and the Act (2018:218) with supplementary provisions to the EU’s data protection regulation, NoseOption AB (556861-2294), Observatoriegatan 5, 113 29 Stockholm, Sweden (”NOSA”), in its capacity as data controller, is responsible for the processing of personal data collected from you.

NOSA is fully committed to protecting your individual rights and keeping your personal data safe. This Privacy Policy is meant to help you understand what information we collect about you, why we collect it, our storing and sharing practices, and what your privacy rights are.


2        Scope

NOSA protects the privacy of customers, partners and employees and is always careful to comply with applicable data protection regulations. Everyone has the right to the protection of the personal data concerning him or her.

NOSA has therefore adopted this Policy for the processing of personal data to ensure that everyone within the company complies with the data protection rules.

If a processing of personal data were to contravene the provisions of the data protection regulation, there is the risk of infringement of the personal integrity of the data subjects, but also the risk of damaged reputation for NOSA. To avoid such consequences, all employees are obliged to follow these guidelines.


3        Responsibility

The policy applies to all NOSA’s employees and consultants, in all markets and at all times.

NOSA’s board must ensure that this Policy is complied with, which includes training for all employees. The information to the employees must also include information that, violation of the policy may entail, for example, labor law consequences.


4       Basic Principles

The basic principles described below must always be observed when personal data is processed. NOSA is responsible for and must be able to demonstrate that the principles are adhered to.


4.1        Legality, sound judgment, transparency

Personal data must be processed legally, correctly and transparently in relation to the data subject. This means that each type of processing must be based on a valid so-called legal basis, e.g. fulfillment of an agreement, fulfilling a legal obligation, legitimate interest or consent. If any legal basis applicable to the processing cannot be identified, the processing must not be carried out. Communication with data subjects must be clear about, among other things, for what purposes the personal data is processed, what type of processing is carried out, if and how the personal data is shared with others, how long the personal data is stored and how to get in touch with NOSA.


4.2       Purpose Limitation

Personal data may only be collected and otherwise processed for specific, explicitly stated and justified purposes and they may not later be processed in a way that is incompatible with these purposes.


4.3       Data minimization

Personal data that is processed must be adequate, relevant, and not too extensive in relation to the purposes. Ensure that the data collected is necessary for the purpose.


4.4       Accuracy

Personal data that is processed must be correct and, if necessary, updated. Take appropriate measures to ensure that incorrect or incomplete information is corrected, for example procedures for changing address when moving with a compilation of systems and registers where the address is stored. Avoid storing copies of the data in many systems and that non-updated information is saved.


4.5       Storage Limitation

Personal data may not be stored for longer than is necessary with regard to the purposes of the processing. When the data is no longer needed, it must be thinned, which means that it must either be deleted or de-identified.


4.6       Accountability

The principle of accountability means that NOSA must be able to demonstrate that the data protection regulation is being complied with. NOSA must therefore document implemented and planned processes and measures relating to data protection issues.

Furthermore, there must be a register of all types of processing of personal data carried out and NOSA must be able to report such a register to the supervisory authority when required.


5        Personal data

Personal data is all data that refers to an identified or identifiable natural person and that can directly or indirectly identify a person. Examples of personal data are names, contact details, location details or factors specific to a person’s physical, economic, cultural or social identity. Data that individually do not meet the requirements can nevertheless constitute personal data together.

All processing of personal data is covered by the data protection regulation and its rules. Processing means an action or combination of actions regarding personal data, which is carried out fully or partially automatically. Personal data in e-mail and in documents on servers, in a simple list, on websites and in other unstructured material is also covered.

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and processing of genetic data, biometric data, data on health or data on a person’s sex life or sexual orientation (so-called special categories of personal data) is generally prohibited. In order for such treatment to be permitted, a valid exception to the prohibition is required. The most common exceptions are that the data subject has given consent or published the data themselves, in order to exercise rights or fulfill obligations within labor law, to be able to establish, assert or defend legal claims or for health and medical purposes.

Processing of social security numbers may only be carried out if it is clearly justified with regard to the purpose of the processing, the importance of secure identification or any other considerable reason.


5.1         Legal basis for the processing of personal data

A processing of personal data is only legal if and to the extent that one of the following grounds is applicable.

The data subject has consented to the personal data being processed for one or more specific purposes. There are special requirements that must be met for the consent to be valid.

The processing is necessary to fulfill an agreement to which the data subject is a party or to take measures at the request of the data subject before entering into such an agreement.

The processing is necessary to fulfill a legal obligation incumbent on NOSA. Examples include control data submitted to the Swedish Tax Agency.

The processing is necessary to protect interests that are of fundamental importance to the data subject or to another natural person (e.g. when life is at risk).

The processing is necessary for purposes relating to NOSA’s or third party’s interests, unless the data subject’s interests or fundamental rights and freedoms outweigh and require the protection of personal data. When balancing interests, there are special requirements for documentation regarding the assessment made.


5.2       Security measures, authorization control and access, deletion

The personal data must be processed in a way that ensures appropriate security for the personal data using technical and organizational measures. Organizational security measures can mean that access control is used for the systems that contain personal data, logging of access to personal data or that computers and the like that contain personal data must be stored so that unauthorized access is made difficult and not left in front. Examples of technical measures that must be checked are whether NOSA has sufficient back-up routines, sufficient firewalls, password-protected wireless networks, updated virus protection, password protection for mobile devices such as mobile phones and tablets, protection against unauthorized internal access, password requirements, encryption where necessary, access to and use of IT systems, etc.

Personal data may not be kept longer than is necessary with regard to the purpose of the processing. By establishing and following a thinning routine for each database/processing, you ensure the structured thinning work. Even personal data in so-called unstructured material such as in documents on servers, in a simple list, on websites etc. needs to be deleted when the purpose of the processing is fulfilled.


5.3       Transfer to third countries

Special rules apply to the transfer of personal data to countries outside the EU and EEA (so-called third country transfer). The Data Protection Regulation means that all EU member states, and the EEA countries have equivalent protection for personal data and personal privacy and therefore personal data can be transferred freely within that area without restrictions. For countries outside that area, on the other hand, there are no general rules that provide corresponding guarantees, and therefore third-country transfers may only take place under special conditions. This concerns every form of transfer of information across borders, e.g. many online IT services, cloud-based services, services for external access or global databases, etc. and needs to be analyzed separately.


5.4       Impact assessment

NOSA has a special routine in place to be able to identify and manage special integrity risks within the business and for structured follow-up. Special risks for the rights and freedoms of natural persons may, for example, occur in connection with a certain type of data processing, particularly sensitive data, processing on a particularly large scale, use of new technology or the like.

If a new or changed processing of personal data in a certain respect is likely to entail a high risk for the rights and freedoms of natural persons, the routine must be followed, and an assessment made of the effects of the intended processing for the protection of personal data before the processing begins.

Before such personal data processing begins, the Data Protection Officer must be contacted to investigate whether an impact assessment is required and, if necessary, an impact assessment will be carried out together with the person in charge.


5.5       Register extraction and disclosure

The Data Protection Regulation gives the registered several rights regarding the processing of personal data. It is NOSA’s task to fulfill these rights and to ensure that sufficient processes are in place to accommodate the data subjects.

The data subject has the right to information when the personal data is collected. This information must be provided in an easily accessible written form using clear and unambiguous language. The data protection regulation prescribes a number of clear requirements that must be met, and the requirements vary depending on whether the information has been collected from the data subject himself or from a third party.

The registered person has the right to receive confirmation as to whether personal data belonging to him is being processed, and in such cases to receive a copy of the personal data (extraction from the register). This right applies regardless of the place where the personal data is processed.

If personal data that is processed is incorrect or incomplete, the data subject may demand correction. If the data subject shows that the purpose for which the personal data is processed is no longer permitted, necessary or reasonable in the circumstances, the personal data in question must be deleted, unless there are any legal provisions stating otherwise.

The data subject has the right to transfer personal data that he has provided to NOSA to another personal data controller (right to data portability) if the processing is supported on the legal grounds of agreement or consent. The personal data must be provided to the data subject in a structured, commonly used and machine-readable format. If it is technically possible, the data subject can request that the data be transferred directly to another personal data controller. The right only applies to the personal data that the data subject himself has provided to NOSA.

In certain cases, the data subject has the right to demand that NOSA limit the processing of his personal data, i.e. limit the processing to certain limited purposes. The right to restriction applies, among other things, when the data subject considers that the information is incorrect and has requested that the personal data be corrected. The data subject can then request that the processing of the personal data be restricted while the accuracy of the data is investigated. When the restriction ends, the individual must be informed of this.

The data subject has the right to object to the processing of personal data based on legitimate interest as a legal basis. In the event of an objection, the agency must cease the processing if compelling legitimate grounds for the processing cannot be demonstrated that consider the interests, rights and freedoms of the data subject or if the processing of personal data is carried out for the establishment, exercise or defense of legal claims.

In some cases, the data subject has the right to request deletion of his personal data (”the right to be forgotten”). An example is when consent is the legal basis for the processing and the data subject withdraws their consent.


5.6       Personal data incidents

A personal data incident is a security incident that leads to the accidental or unlawful destruction, loss, alteration or unauthorized access to personal data. Examples of personal data incidents can be the theft of customer records, the accidental disclosure of salary information via e-mail to the wrong recipient, an employee taking home an unencrypted work computer that is later stolen in a burglary that leads to the disclosure of employee or customer information, personal data being published on the web accidentally, a laptop containing personal data is lost or stolen, etc.

Personal data incidents may need to be reported to the supervisory authority within 72 hours of discovery of the incident if it is likely that there is a risk to the rights and freedoms of natural persons. Incidents that have occurred must be documented and it may be necessary to notify the affected data subjects.

In the event of a suspected personal data incident, immediately contact the company’s Data Protection Officer. It is then the Data Protection Officer who decides whether the supervisory authority or the registered parties need to be notified.


6       How do we collect your data and what data do we collect?

We collect your personal information in order to provide and continually improve our products and services.

All personal information collected from you will be kept secret. However, as informed above, NOSA may need to share the personal information collected from you by law or court decision.

NOSA may also need to share the personal information collected from you with its service providers and / or business partners. However, such sharing will not adversely affect your rights. NOSA will take all reasonable steps required to ensure that the personal data collected from you will continue to be stored securely and in accordance with the GDPR.

If the personal data collected from you is shared outside the jurisdiction of the GDPR, NOSA confirms that they will use EU standard contractual clauses or equivalent means to protect such transfer of the personal data collected from you.


6.1        Consent

By giving your consent to a specific processing activity, you agree that NOSA can process, transfer, share and store the data in question for the purposes described in the activity.

It is important for NOSA that the personal data collected from you over time remains correct. Therefore, we ask you to inform us about any changes to the personal data collected from you via e-mail to gdpr@nosamed.com.

Please also note that this Privacy Policy may change or update over time due to additional requirements of the GDPR. This privacy policy was last updated on Feb 06, 2023.


6.2       Data collection

We collect information you provide directly to us. For example, when becoming a new customer, we may collect personal data such as name, e-mail address and phone number. We may also collect payment details to be able to provide you with the product or service in question. NOSA may also collect information which you provide to us, such as messages you have sent as feedback or a request in our digital channels.

You provide us with information when you:

  • shop for products in our webshop
  • add or remove an item from your cart, or place an order through or use our webshop
  • communicate with us by phone, email, or otherwise
  • complete a questionnaire or provide and rate reviews
  • complete a form to order samples or other goods

As a result of those actions, you might supply us with such information as:

  • identifying information such as your name, address, and phone numbers
  • payment information
  • your age
  • Your professional title, workplace and department
  • your location information
  • your IP address
  • content of reviews and emails to us
  • corporate and financial information


6.3       Automatic Information

Examples of the information we collect and analyze include

  • the internet protocol (IP) address used to connect your computer to the internet
  • email address
  • the location of your device or computer for language selection at the website
  • phone numbers used to call our customer service number
  • cookies


6.4       Information from Other Sources

To be able to offer you our products and services and to comply with statutory requirements, we will also collect personal data from third parties, such as publicly available and other external sources.

Examples of information we receive from other sources include:

  • updated delivery and address information from our carriers or other third parties, which we use to correct our records and deliver your next purchase or communication more easily
  • information about your interactions with products and services offered by our distributors
  • Publicly available data, for example from social media or via search engines. Social media may also share data with us in accordance with your personalized privacy settings in those channels/media.


7        How will we use your Personal data?

We use your personal information to operate, provide, develop, and improve the products and services that we offer our customers. These purposes include:

Purchase and delivery of products and services. We use your personal information to confirm and handle orders, deliver products, process payments, and communicate with you about orders, products, and promotional offers.

Provide, troubleshoot, and improve NOSA services. We use your personal information to provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of the NOSA Services.

Recommendations and personalization. We use your personal information to recommend products that might be of interest to you.

Comply with legal obligations. In certain cases, we collect and use your personal information to comply with laws. For instance, we collect information from sellers regarding place of establishment and bank account information for identity verification and other purposes.

Communicate with you. We use your personal information to communicate with you in relation to NOSA via different channels (e.g., by phone, email).

Advertising. We use your personal information to display interest-based ads for features, products, and services that might be of interest to you. We do not use information that personally identifies you.


8       Marketing

NOSA would like to send you information about products and services of ours that we think you might like and where you might find them, e.g., information about our distributors.

If you have agreed to receive marketing, you may always opt out later.

You have the right at any time to stop NOSA from contacting you for marketing purposes or giving your data to other members within NOSA.


8.1         Deregistration of market information

If you no longer wish to receive marketing information such as newsletters, product information and updates in the IP area from NOSA, you can contact us at grdp@nosamed.com and / or unsubscribe from our newsletters via the ”unsubscribe link” or ”unsubscribe” that you find in our emails.


9       What are your data protection rights?

NOSA would like to make sure you are fully aware of all of your data protection rights.

Every user is entitled to the following:

The right to access – You have the right to request NOSA for copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request NOSA correct any information you believe is incomplete.

The right to erasure – You have the right to request that NOSA erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that NOSA restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to NOSA’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that NOSA transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights,

please contact us at our email: gdpr@nosamed.com

Call us at: +46 (0)771 112 000

Or write to us: Observatoriegatan 5, 113 29 Stockholm, Sweden

 1.     What are cookies?

Cookies are text files placed in your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

For further information, visit allaboutcookies.org


1.1      How do we use cookies?

NOSA uses cookies in a range of ways to improve your experience on our website, including Necessary cookies, Preference cookies, Statistics cookies and Marketing cookies.


1.2     What type of cookies do we use?

You can find the complete list of cookie types within all categories below in the Cookie consent popup when you visit nosamed.com. You could also find a complete Cookie Declaration below where you can change or withdraw your consent.


Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Session cookies fall under the categorization of strictly necessary cookies according to GDPR. This means that session cookies do not need any consent from the user, since they are essential to navigate a website and use its features and functionalities. We use Session cookies for basic e-commerce services, for example to add items to the shopping cart and adding necessary shipping and payment information.



Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.



Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.



Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.



Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies. NOSA does not use these kinds of cookies.


1.3     Cookies consent

When you enter nosamed.com you will get the opportunity to consent to different cookies used on our website. Information about the different cookies can be found under the details tab. After you made your choice, the cookie banner can be found again from the symbol down to the left on our website. To change your settings, simply click the symbol and click on Withdraw your consent / Change your consent.

You can also set your browser to not accept cookies. The information on how to change the cookie settings in your browser will be provided by your specific browser. However, the necessary cookies cannot be deactivated to the extent we use them to provide you with our services.


1.4    Privacy policies of other websites

The NOSA website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.


1.5     Changes to our privacy policy & cookie policy

NOSA keeps its privacy policy under regular review and places any updates on this webpage. This policy was last updated on 06 February 2023. Your cookie deklaration (can be seen below) is always updated accordingly to your chosen cookie settings.


1.6     How to contact us

If you have any questions about NOSA’s privacy policy, the data we hold of you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: gdpr@nosamed.com

Call us at: +46 (0)771 112 000

Or write to us at: Observatoriegatan 5, 113 29 Stockholm, Sweden

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that NOSA has not addressed your concern in a satisfactory manner, you may contact European data protection supervisor.

Website: edps.europa.eu/data-protection/our-role-supervisor/complaints_en


Breathe with care