Skip to content

Privacy and Cookie Policy

Vend Marketplaces AS (Vend) as the controller of your personal data

At Vend Marketplaces AS (“Vend”) we strive to empower people to make smart choices for themselves and future generations through our online marketplaces and services in four core verticals – Mobility, Recommerce, Real Estate and Jobs . We offer a range of different websites, apps, products and services, and use data across these to deliver this core purpose under the controllership and responsibility of Vend Marketplaces AS. 

Handling personal data in a secure way, so that we can receive and maintain our users' trust in us and our services, is of great importance for us. 

We value our users' privacy. We also know that processing personal data is key to delivering the high quality and effortless products and services our users expect. Use of data across Vend involves that data is used and shared across our sites and brands to develop, design and optimize all the products and services we offer to you based on users’ actual use of our marketplaces. We also use data to personalise and increase the relevance of Vend’ display advertising  services and marketing activities. We use data across our brands and sites since it is Vend, and not the individual brand, that is responsible for our users’ data. 

We strive to be transparent about our processing of personal data, and commit to always seek the right balance between privacy and commercial interests. 

This document gives a summary of what data we collect, why we collect it, who it may be shared with and how to access your rights over your personal data. 

You can also address any concerns or complaints at any time to your national data protection supervisory authority:

The below apply across all countries where Vend marketplaces operate. Country-specific parts are indicated separately. 

Your rights as a user and as a data subject

In our general communication, we may use the term “user” or “customer” for both private individuals and representatives of professional legal entities that use our marketplace services, such as sellers or buyers of items.

This privacy policy is meant for our private users only and in this context, a “user” specifically refers to private individuals (consumers). Individuals using our marketplace products and services in their professional capacity and for business purposes are referred to our B2B Privacy Policy. 

Under European (GDPR) and national data protection laws, users have legally defined rights relating to their personal data. Vend is fully committed to supporting users in accessing and using those rights. The table below shows your user rights and how you can access them. Vend aims to respond to any requests related to these rights as quickly as possible, but always within 30 calendar days.

Norway and Denmark only: please note that, where we act as joint controllers of your data together with a partner, you may exercise your data protection rights (such as access, rectification, or deletion) against either of us. To make this easier, you can always contact us at Vend Privacy and we will coordinate with our partner as needed.

Norway only: If you order from Helthjem without login into your Vend Account and want to use your individual rights please contact their customer support (Helthjem: customer support page).

Norway, Sweden and Finland only: When using safe rental services provided by Qasa, you need to direct user rights requests to Qasa’s customer service. You can contact Qasa’s customer service via info@qasa.com.

Norway only: If you order a product by using Finn’s “Nybrukt” service, without logging into your Vend Account, and wish to make use of your rights, please contact Finn customer support.

In addition to the user controls described above you can also control certain processing activities we carry out within the apps of our services directly on your phone. This includes the option to turn off and on push notifications and control the transmission of location data to services that use such data. We note that this will affect the possibility of receiving personalized notifications and ads. For some Vend applications downloaded via Apple's App Store, depending on your device platform settings, Vend and its partners request your consent to access your device-specific advertising identifier (IDFA). Note that denying tracking will not impact the amount of advertising you are shown, but that such advertising may be less relevant to you. 

The purposes Vend uses your personal data for

At Vend Marketplaces, we are committed to providing secure and efficient marketplace services to our users. To deliver these services we process personal data in a manner that balances business necessity with data protection and individuals’ privacy.

The following sections detail our processing purposes. By aligning our data practices across our various platforms, we ensure a consistent standard of protection and transparency, regardless of which specific service you are utilizing. Our guiding principles focus on maintaining a secure environment, providing meaningful personalisation, and adhering to regulatory compliance.

General purposes

Norway only: We connect you with the real estate agents when you inquire about properties and help real estate agencies to display their listings effectively to the right audience. Read more about the processing here

Online Advertising purposes

Vend’s marketplaces are partially advertising funded. Displaying advertising on our services helps us to offer the marketplaces to our users free or at reasonable cost. Vend processes personal data to display both basic contextual advertising, and personalised advertising on our websites and apps. 

Vend's ad delivery methods primarily fall into two categories:

  • Non-programmatic advertising (direct sales): This refers to ad space sold and negotiated directly between Vend and an advertiser, often for guaranteed placement. These ads can be both basic (contextual) or personalised. If the ads are personalised the data used targeting is limited to data Vend processes (no third party data). In this type of advertising data sharing is typically limited to our ad serving technology (Google) and advertising measurement. 

  • Programmatic advertising (automated): This involves the automated buying and selling of ad space using technology partners. These ads can be both basic (contextual) or personalised. If the ads are personalised the data used in the targeting can be Vend’s data about you, or third party or advertiser data. Programmatic advertising relies on data sharing between multiple partners to connect right sellers and buyers of ads space.

The online advertising business is complex, involving many different companies and advanced technology. Because of this, your data is often shared with several of these partners, and most of them are independent controllers for processing your personal data. Vend and our advertising partners can use data collected as part of online advertising for multiple purposes like selecting ads, measuring ad performance, product development and ad safety and debugging. Data can be collected from Vend services but our partners may have also collected data about you from other services you have visited. Vend provides transparency, choice, and control over how your data is used for online advertising through our cookie consent settings. These settings use the industry standard of IAB Transparency and Consent Framework (called ‘TCF’). The cookie consent settings allow you to:

  • Give or withdraw consent for data processing activities that require it (e.g., collection or use of data for personalized ads).

  • Access a full list of all third-party advertising partners 

  • Review the specific purposes and legal basis (consent or legitimate interest) for all data processing related to advertising.

You can access the cookie consent settings at any time through our services (footer of the page or app settings) to review or change your preferences.

Norway only: Fordeler fra FINN


The categories of personal data processed by Vend and retention of personal data

In the personal data categories and retention table below you see the categories of personal data Vend collects, the source of that data. When it comes to retention, Vend operates with the general rule that we retain user personal data only for as long as retention is necessary to fulfill the purposes for which the data was collected, which must have been communicated to our users and which must have a legal basis under the privacy regulation.

Our retention policy can be summarized by five high level rules:

  1. We retain behavioural data, inferred segmentation data (e.g. your interests) and technical data  (e.g. your IP address) about users for advertising targeting purposes for 30 days or less.  

  2. We retain behavioural and technical data for product improvement, ads audience measurement, content personalisation, security logging and service stability/performance logging for 18 months or less. For statistics and analytics purposes we keep such data for 36 months.

  3. We retain behavioural, inferred segmentation data and technical data for marketing purposes on behalf of Vend itself for 15 months or less.

  4. Location data is retained for advertising, marketing of Vend’ own services, or to enable local content functions in our products for no more than 30 days and for product improvement purposes for a maximum of 125 days.

  5. We retain the Vend Account for as long as the user has actively used that Account to access our services in the last 3 years. User Accounts that have been inactive for 3 years will be deleted (including profile data). Payment, order and financial information is retained as long as the user is a loggediIn customer) and further in accordance with legal requirements (e.g. bookkeeping).

There are considerable details underlying the specific application of data retention periods, depending on purpose, type of data and user/profile type. 

Personal data categories

We respect your right to request the deletion of your personal data. However, we may be required to retain certain information to comply with legal obligations—for example, tax, Accounting, regulatory requirements or to exercise or defend legal claims. In such cases, we will keep only the data necessary to fulfill these obligations. After this period or once the relevant requirements no longer apply, we will delete the data in accordance with applicable regulations.

We also create data sets that are anonymized for statistical and analytical purposes. Since these data cannot be used to identify any individuals we do not have any specific retention rules for data that are not personal data. 

Login to Vend Account

We use a passwordless login method to authenticate users securely without requiring a password. To provide this feature, we use your email address to deliver a one-time authentication token. These tokens are used solely for single-session verification and are not retained any longer than necessary.

Use of AI

We use artificial intelligence (“AI”) technologies to support and enhance the delivery, security, and improvement of our services. AI is used as a tool to assist our operations and product features; it does not replace our responsibility to process personal data lawfully, fairly, and transparently.

AI may be used for the purposes described in this Privacy Policy, including service delivery, product improvement, customer support, security, fraud prevention, analytics, and operational efficiency. Where users directly interact with AI (e.g., chat features, semantic search, content assistants), this is clearly disclosed at the point of interaction. AI-generated content such as text, images, audio, or video is clearly labeled. Where applicable, manipulated or synthetic content is disclosed in accordance with legal requirements.

We use carefully vetted providers, under Data Processing Agreements and other contractual safeguards. These providers are contractually prohibited from using our data to train their general models or for their own purposes.

All AI-generated content and high-impact outputs are subject to meaningful human oversight and review before publication or deployment. We do not delegate Accountability to automated systems.

How your personal data is shared with other parties

When Vend processes personal data, it is sometimes shared with other parties to ensure we can deliver our services safely and efficiently. These other parties include:

Data Processors: 

These are companies operating under binding legal agreements with Vend. They process data only for the specific purposes Vend allows and are strictly prohibited from using your data for their own interests.

  • Infrastructure & Cloud: We use global providers like Amazon Web Services (AWS) and Google Cloud Platform (GCP) to host our services.

  • Business Operations: We utilize specialized tools for payment and customer support (e.g., Adyen, Zendesk), as well as analytics platforms (e.g., Amplitude, Snowflake, Tableau) to understand how to improve our products.

  • Communication: We use platforms like Braze to send you relevant notifications and messages.

Data Controllers:

These are independent companies that assume full responsibility for how they use your data once it is shared. Vend only shares data with these parties when it is necessary for a specific service you are using:

  • Transactional Partners: To facilitate payments and deliveries, we share data with financial institutions (e.g., Adyen, Trustly, Vipps, MobilePay) and shipping providers (e.g.,[NO:] PostNord, [NO:] Posten, Posti, [NO:] Helthjem).

  • Marketplace partners: When you inquire about a listing or interact with other adjacent service providers, your data is shared with the seller or other partner (e.g., Real estate agencies, realtors, car dealers, private sellers or banks or insurance providers) so they can respond to you.

  • Advertising & Marketing: Read more about how data is shared in display advertising from section “The purposes Vend uses your personal data for”. When Vend does marketing of its own services e.g. in social media platforms (for example Google, Meta) those companies are typically independent data controllers for some parts of the activities. 

Denmark only:  Vend acts as Joint Controllers In specific cases, such as certain ad categories on DBA.dk, we jointly agree on data processing with partners (like car dealers via DealerHub) to manage sales leads. We will always inform you directly at the point of collection if joint controllership applies. 

Norway only: Vend acts as Joint Controllers in certain cases where personalised listing recommendations are displayed on third party services (Schibsted Media or Polaris) or display advertising is targeted based on our relationship with our advertiser. 

Public authorities and safety disclosures:

We may share personal data with public authorities, such as tax authorities, police or other regulatory bodies, when required by law or to protect our community. This includes:

  • Legal compliance: Reporting transaction values to tax authorities or verifying user identities where legally mandated.

  • Security & anti-fraud: Sharing data (such as message history or ad details) to prevent fraud, harassment, or criminal activity.

  • Dispute resolution: Assisting users in disputes regarding fraudulent ads by providing relevant, limited information to help solve the issue.

Business changes 

  • Acquisitions & Sales: If Vend sells or buys a business, we will inform you of how your data is transitioned, ensuring you have choices regarding your Account and services.

Transfers of Data outside of the EU/EEA

Where Vend is the data controller and uses data processors that are located outside of the EU/EEA, we do this only in cases where

  • the transfer location and recipient is judged to be adequate under rules established under the GDPR, or

  • the transfer takes place under the standard contractual clauses as defined by the EU Commission to regulate such transfers under the GDPR and we have performed a risk assessment of the implications on the individuals by transferring the data and have implemented relevant and necessary safeguards.

Information security 

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as required by Article 32 of the GDPR. These measures are designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data. Such measures include, the use of encryption and pseudonymisation, access management controls, regular testing and scanning for security threats, assessments and evaluation of implemented safeguards as well as efficient incident handling.

Privacy of children

We do not want to collect or otherwise process personal information about children under the age of 15 (for Sweden 16).

If children under the age of 15 have provided us with personal information, for example by placing advertisements, we will delete the information as soon as we become aware of the situation. Parents can contact the Privacy Team as stated below.

Our use of cookies, pixel cookies and similar technologies


When you visit our websites or use our services, applications, messaging systems (such as email) and tools, we or our partners may use cookies, pixel cookies and other similar technologies to store information for analytics and statistical product development and reporting purposes, measurement of performance, providing functionalities, advertising, personalisation and marketing. The use of cookies, pixel cookies and similar technologies are regulated in the e-Privacy Directive (2002/58/EC) and its national implementation in our operating countries:

  • Norway: ekomloven (lov om elektronisk kommunikasjon, 2024) og personopplysningsloven (2018)

  • Sweden: Lag om elektronisk kommunikation (2022:482)

  • Denmark: Cookiebekendtgørelsen (No.1148)

  • Finland: Laki sähköisen viestinnän palveluista (917/2014). 

What are cookies, pixel cookies and similar technologies?

Like most internet based service providers, we use technologies that are essentially small data files placed on your computer, tablet or mobile phone (a "Device") that allow us to store certain information each time you visit or interact with our websites, services, applications, messaging systems and tools.

The specific names and types of cookies, pixel cookies and other similar technologies that we use may change from time to time. To help you better understand our cookie policy and our use of such technologies, we have created this brief overview of terminologies and definitions:

Cookies: small text files (typically made of letters and numbers) which are placed in the memory of your browser or device when you visit a website or view a message. Cookies enable a website to recognize a specific device or browser. There are several types of cookies:

  • Temporary (session-based) cookies expire when you stop using the browser and allow us to remember your actions during the period you use your browser.

  • Persistent cookies are stored on your device and allow us to remember your preferences or actions across multiple websites.

  • First-party cookies are set by the website you visit (Vend).

  • "Third-party cookies" are set by a third-party website that is separate from the website you are visiting (our partners).

Pixel cookies: small graphic images (also known as "pixel tags" or "clear GIFs") that may be included in our websites, services, applications, messaging systems and tools. Pixel cookies can be used for a number of purposes, including to measure the effectiveness of our websites, to monitor how many visitors are on our websites and how they navigate our websites. For example, when we send you emails, pixel cookies allow us to track whether you have opened emails and clicked on links to measure campaign performance and improve features.

SDKs and mobile identifiers: when using services with your mobile devices, tracking is technically done differently than on desktop. Mobile applications can include SDKs (software development kits) that collect data about your device and use of the application. SDKs are typically used to allow a third party functionality in the application like payment or serving of advertising. Mobile operating systems (like Apple iOS and Android) also create mobile identifiers for your device that can in certain circumstances be used as a unique identifier to collect data about your actions and use of the application. You can control the use of the platform provided identifiers from your device settings. 

Similar technologies for storing information: technologies that store information in your browser or device and that utilize local devices and local storage, such as flash cookies, HTML 5 cookies and other methods. These technologies can operate across all of your browsers. In some cases, the use of these technologies cannot be controlled by the browser, but requires special tools. We may use these technologies to store information to ensure the security of your Account or to detect irregularities in website usage to prevent your Account from being accessed in an unauthorized manner, or to evaluate the performance of our websites, services, applications or tools.

We may use the terms "cookies" or "similar technologies" interchangeably in this  policy to refer to any technology that we may use to store data on your browser or device or to collect information that helps us identify you , as detailed above.

Your choices and our use of cookies and similar technologies

We offer on our websites certain functions, services, applications and tools that are only available if we use the technologies mentioned above. We obtain consent for cookies when you as a user visit our website for the first time. Once you have given your consent, you can change your preferences under cookie consent settings at any time. Cookies and similar technologies can often also be blocked in the browser settings or on your mobile platform. If tracking is disabled in the browser, this may mean that some features of our website cannot be used. You may, for example, be asked to login more often during a visit to our websites.

When you are logged in and select your cookie settings, your choices are saved to your Account and applied across all devices while logged in. This means you do not need to manage your cookie settings as frequently. If you make your selections without being logged in, the active cookie settings from the first device on which you later log in will be saved to your Account. You can review or change your saved cookie settings at any time by going to the cookie settings while logged in (in the app, this can be found under the Privacy section.

You find more detailed information above in the “Your rights as a user and as a data subject”section on how to make use of your rights, including controlling the use of cookies.

Categories of Cookies and similar technologies

  1. Strictly necessary: We may use cookies or other similar technologies that are necessary for the operation of our websites, services, applications and tools. This includes technologies that allow you to access our websites, services, applications and tools that are necessary to avoid unauthorized use of these services and that improve security, or that allow you to make use of our features such as shopping, saved searches or the like. Regardless of your consent choice we can do certain activities for purposes of analytics and product development; personalisation and advertising. These can for example be to measure the performance of our services based on simple aggregated statistics or show you a view of listings you previously visited during your session;

  2. Analytics and product development: We may use cookies or other similar technologies that are useful to assess the performance of our websites, applications, services and tools, including as part of our analytical work to help us understand how our visitors use our website or to to improve the content of our websites, applications, services or tools;

  3. Personalisation: We may use cookies or other similar technologies that allow us to offer you enhanced functionality when you use our websites, services, applications or tools. This may include identifying you when you log into our websites or keeping track of your stated preferences, interests and what you have previously viewed so that we can improve the content we show you on our websites;

  4. Marketing: We may use cookies, pixel cookies or other similar technologies to customize marketing in various channels such as email, Meta Platforms (Facebook), Google, RTB house, and Snap based on your interests and use of our services.

  5. Advertising: We may use first-party or third-party cookies and pixel cookies to deliver content, including advertisements, relevant to your interests on our websites or on third-party websites. This includes using technologies to understand the usefulness to you of the advertisements and content delivered to you. 

Read more about advertising in the section ‘Online Advertising purposes’ above. 

You can control data processing for third parties through the cookie consent settings, accessible at any time from the page you are viewing or the settings of the mobile application you are using. Advertising purposes used by third parties are presented separately from Vend purposes.

Under our cookie settings, you will find a comprehensive overview of the purposes and the third-party technologies used on our website. Third parties who appear on the list of advertising partners are usually data controllers. We have also prepared a list of the cookies used by the various business partners, with an indication of the duration of the relevant cookies' lifetime.

The use of third-party technologies is not fully controlled by us even when those technologies are used via our services to store and collect data. The third parties that act as controllers of personal data will publish their own relevant policies related to data processing. You can find links to those from our cookie consent settings.

Contacting the Privacy team at Vend, the Data Protection Officer or filing a complaint with the data protection authority

Vend takes the personal data privacy of our users very seriously. If you have a query or a complaint about how we process your personal data, you can contact the Vend Privacy Team, including our Data Protection Officer, through our contact form. Vend commits to responding to queries as quickly as possible, but at least within 30 days. 

You can also address any concerns or complaints at any time to your national supervisory authority:

For simpler queries we strongly recommend you use the online tools on your Vend account to execute data access / portability requests and data deletion requests, as well as to correct any inaccuracies in your profile in your Vend Account.

You can access your Vend Account profile page using the following links for:

At any time, you can also change your choices for the most common activities Vend executes using your data, via the settings pages of each brand service.  If you are unable to use those services for any reason or wish to restrict or object to processing directly, you should reach out to the Vend privacy team. 

We will update this Privacy Policy from time to time to reflect changes in our practices, new legal requirements, or industry standards. We encourage you to review it periodically for the latest information on how we process your data. If we make significant changes to this policy you will be proactively informed by these changes. 

Complete contact details of the data controller (organisation no. 981159772) are:

Vend Marketplaces AS

P.O. Box 747 Sentrum

0106 Oslo

Norway