The NorDesh

Legal

Privacy Policy

Last updated:

1. Who we are

The NorDesh (“we”, “us”, “our”) is a multilingual blog and Nordic news aggregator operated by MD Shehab Chowdhury, based in Norway. This Privacy Policy explains what personal data we collect when you visit nordesh.com (the “Site”), how we use it, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act.

2. What we collect

  • Server logs. When you visit the Site, our hosting provider records your IP address, browser type and version, the pages you request, the time of the request, and the referring page. We use this to operate the Site and to detect abuse.
  • Essential cookies. We use a minimal set of cookies required for the Site to function (such as language preference). We do not use advertising or cross-site tracking cookies.
  • Contact form. If you send us a message via the contact form, we receive your name, email address, and the contents of your message.
  • No accounts. The Site does not require registration. We do not maintain user accounts or profiles.

3. Legal basis for processing

We process personal data on the following lawful bases under GDPR Article 6:

  • Legitimate interests (Article 6(1)(f)) for server logs, security, and basic analytics.
  • Consent (Article 6(1)(a)) when you voluntarily submit information through the contact form.

4. Third-party processors

We rely on the following service providers to operate the Site. Each acts as a data processor on our behalf and is contractually bound to protect your data:

  • Render— database and backend hosting (Frankfurt, EU region).
  • Cloudflare— content delivery, image hosting (R2), and DDoS protection.
  • fal.ai— AI image generation and editing for editorial illustrations.
  • Anthropic— large-language-model API used to draft and translate editorial content.
  • Meta Platforms (Facebook, Instagram, Threads) — we publish links to our articles on these platforms. When you interact with our content there, Meta’s own privacy policy applies.

5. International data transfers

Some of the providers listed above are based outside the European Economic Area (EEA). Where data is transferred outside the EEA, we rely on the European Commission’s Standard Contractual Clauses or an adequacy decision to ensure your data receives equivalent protection.

6. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (the “right to be forgotten”) — see our Data Deletion page.
  • Object to or restrict processing.
  • Receive your data in a portable format.
  • Lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.

To exercise any of these rights, email us at shehab.nordesh@gmail.com.

7. Data retention

  • Server logs: 30 days.
  • Contact-form messages: until your inquiry is resolved, plus six months.
  • Aggregated analytics: indefinitely, in anonymised form.

8. Children

The Site is not directed at children under 13, and we do not knowingly collect personal data from anyone under that age. If you believe a child has provided us with personal data, please contact us so we can delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top of the page will reflect the most recent revision. Material changes will be announced on the Site before they take effect.

10. Contact

For any privacy-related questions, write to shehab.nordesh@gmail.com.