Privacy Policy – Saga Payments AS
Last updated: 24.12.2025
This Privacy Policy explains how Saga Payments AS ("Saga", "we", "us") processes personal data in connection with our website, services, sales, marketing and customer support.
Saga Payments AS
Org. no: 934 751 183
Address: Myragutua 25, 2022 Gjerdrum, Norway
Email (privacy & support): kristoffer@sagapay.no
1. Scope and role
Saga Payments AS is an independent sales organization (ISO) and partner of Surfboard Payments AB. Payment services are primarily delivered by Surfboard Payments AB, which acts as data controller for most personal data related to payment processing.
Saga Payments AS is a separate data controller for personal data processed in connection with:
- Sales, marketing and CRM
- Customer onboarding and communication
- Website usage and contact forms
- Contract administration and support
Surfboard Payments AB processes personal data related to payment services in accordance with its own Privacy Policy.
2. What is personal data?
Personal data means any information relating to an identified or identifiable natural person, such as name, contact details, IP address or business-related identifiers connected to an individual.
3. What personal data do we process?
We may process the following categories of personal data:
- Contact details (name, email, phone number, company, role)
- Communication data (emails, messages, support tickets)
- CRM and sales data (customer history, preferences, notes)
- Website data (IP address, browser type, cookies, usage data)
- Contract and account information
- Limited identification data for onboarding purposes
Saga Payments AS does not store or process card numbers or sensitive payment credentials.
4. Sources of data
We collect personal data:
- Directly from you
- Via our website and contact forms
- Through CRM and customer support systems (Odoo)
- From Surfboard Payments AB when relevant for support or relationship management
- From public business registers where applicable
5. Purpose and legal basis
We process personal data for the following purposes:
- Providing and administering our services
- Customer communication and support
- Sales, marketing and relationship management
- Website operation and security
- Compliance with legal obligations
Legal bases include:
- Performance of a contract
- Legitimate interest
- Legal obligation
- Consent, where required
6. Website, cookies and Odoo
Our website and CRM are hosted on Odoo. Odoo may process personal data on our behalf as a data processor. We use cookies and similar technologies to ensure website functionality, analytics and user experience. Cookie details are provided separately.
7. Sharing of personal data
We may share personal data with:
- Surfboard Payments AB (where relevant)
- IT and hosting providers (e.g. Odoo)
- Professional advisors and authorities where legally required
We do not sell personal data.
8. International transfers
Some service providers may process data outside the EU/EEA. In such cases, we ensure appropriate safeguards such as standard contractual clauses.
9. Data retention
We retain personal data only as long as necessary for the purposes described or as required by law.
10. Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss or misuse.
11. Your rights
You have the right to:
- Access your personal data
- Request rectification
- Request erasure
- Restrict processing
- Object to processing
- Data portability
- Lodge a complaint with Datatilsynet or relevant authority
12. Contact
For questions regarding privacy or personal data, contact: