Effective: 16 May 2018
- Policy Context
- Information we collect
- How we use the information we collect
- Sharing and disclosure
- Accessing/Changing your information
- Data retention
- Cookies, Web Beacons, Local Storage and Similar Technologies
- Information Security
SECTION 1 – DEFINITIONS
Consent – means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. [GDPR Ch. 1 Art. 4]
Data controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. [GDPR Ch. 1 Art. 4]
Data processor – means a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the controller.[GDPR Ch. 1 Art. 4]
Data subject – is the person to whom personal data may be linked. [Personal Data Act (14 April 2000 No. 31)]
Personal data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. [GDPR Ch. 1 Art. 4]
Processing of personal data – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. [GDPR Ch. 1 Art. 4]
Sensitive personal data – means information relating to: racial or ethnic origin, or political opinions, philosophical or religious beliefs, the fact that a person has been suspected of, charged with, indicted for or convicted of a criminal act, health, sex life, trade-union membership.
SECTION 2 – POLICY CONTEXT
GoNorth AS (organisation nr. 913 102 835), registered at: Hamnegata 3, 9600 Hammerfest, is a sightseeing supplier. Services we provide include but are not limited to sightseeing tours and electric bicycle rental.
We process personal data for customers who use our services. We safeguard your privacy according to the Personal Data Act of 14 April 2000 Nr. 31.
GoNorth AS is the data controller of any ‘personal data’ collected. Our website can be found at: www.go-north.no
SECTION 3 – CONSENT
3.1 Your Consent
Note: Explicit consent is required only for the processing of sensitive personal data. For non-sensitive date, “unambiguous” consent suffices. Unambiguous meaning consent that is not open to more than one interpretation.
3.2 Consent for Minors
The age of consent in Norway is 16 years. As such, consent must be given by the holder of parental responsibility for the child (up to and including age 15) in order to collect and process the child’s personal data.
SECTION 4 – INFORMATION WE COLLECT
Our primary purpose for collecting your information is to provide you with services provided by GoNorth and to market Hammerfest as a destination.
There are three general categories of information we collect.
4.1 Information you give us
4.11 As part of the rental agreement, when you rent an electric bicycle from us we will retain a photocopy of your photo identification for the duration of the rental.
4.12 When you sign up for a sightseeing activity we may collect information necessary in order to provide the necessary services to you.
Note: If personal information of a child is required we will require the consent of the holder of parental responsibility for that child. This is in effect for children up to and including 15 years of age.
4.2 Photographs taken while using a GoNorth service
By signing up for any services provided by GoNorth AS, you agree that any photographs taken during such tours may be used by GoNorth AS and Hammerfest Turist AS for the purpose of destination marketing.
If you do not wish to have photos of you published on social media or used in promotional materials please let your tour guide know prior or during your sightseeing activity or e-bike rental or contact us and we will remove such materials from public view.
Contact information: email@example.com, GoNorth AS, Postboks 504, 9615 Hammerfest, or call +47 9018 2402.
4.3 Information collected via our website
Our website is: www.go-north.no
Please see ‘Section 9 – Cookies, Web Beacons and Similar Technologies’ in regards to what type of information is collected via our websites.
SECTION 5 – HOW WE USE YOUR INFORMATION
You agree that we may use your personal information for:
5.1 Communication with customers
We may communicate with you by phone, email or post in order to provide services to you. If you have a preferential way to communicate with us, please let us know. You can contact us at: firstname.lastname@example.org, GoNorth AS, Postboks 504, 9615 Hammerfest, or by calling +47 9018 2402.
5.2 Destination Marketing
Information collected from you may be used to promote Hammerfest as a destination using various methods. This includes:
- Posts on various social media including but not limited to Facebook.
- Promotional print materials.
- Promotional videos.
SECTION 6 – SHARING AND DISCLOSURE
GoNorth AS will never sell your personal information. However, we may need to disclose your information if required by law or if we have your permission to do so.
Photos may have been taken during tours you participated in. These may be used for marketing purposes to promote Hammerfest as a destination. Such photos may be posted on social media, including but not limited to Facebook or be used on other promotional materials and may be shared with third parties who promote and sell our sightseeing activities and electric bike rental.
SECTION 7 – ACCESSING/CHANGING YOUR INFORMATION
7.1 Right of Access
You have the right to request a copy of all the information we hold about you. The request should be in writing and include a name, address and a description of the information requested.
You can contact us at: email@example.com or at GoNorth AS, Postboks 504, 9615 Hammerfest.
7.2 Changes to your Information
Keeping your information up to date is important. If your personal information changes or if you wish to delete the personal information we hold about you please contact us at: firstname.lastname@example.org, GoNorth AS, Postboks 504, 9615 Hammerfest or by calling +47 9018 2402.
SECTION 8 – DATA RETENTION
8.1 We only retain your personal data for so long as is necessary for the purposes for which it was collected.
8.2 Photocopies taken of your photo identification for the purpose of electric bike rental will be destroyed once the rental period has expired and the bike has been returned to us in appropriate condition.
8.3 Photos taken during sightseeing activities or e-bike rentals will be retained until they are deemed no longer necessary for the purpose of destination marketing.
8.4 Social media content will remain accessible for an indefinite period of time. You may contact us at any time to remove photos you are featured in from social media websites. You can contact us at: email@example.com, GoNorth AS, Postboks 504, 9615 Hammerfest or by calling +47 9018 2402.
SECTION 9 – COOKIES, WEB BEACONS AND SIMILAR TECHNOLOGIES
SECTION 10 – INFORMATION SECURITY
GoNorth AS is committed to handling personal information in accordance with the Personal Data Act of 14 April 2000 Nr. 31.
We take appropriate measures to ensure that your information is stored securely, is accurate and up to date as much as possible, and is kept only for so long as is necessary for the purposes for which it was collected.
All data is only stored on servers located in Norway.
How do we protect your personal information?
- We only authorise access to personal information to employees who require access to it in order to meet their job responsibilities.
- We use computer safeguards such as firewalls and data encryption to keep your information secure.
If we could not resolve your questions or concerns you may also lodge a complaint with your local supervisory authority. A list of National Data Protection Authorities is available at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
For detailed information on the Personal Data Act of 14 April 2000 Nr. 31 and the General Data Protection Regulation (GDPR) visit:
The Personal Data Act
The General Data Protection Regulation (GDPR)
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG (English) (Norwegian version not available)
Version 1 Effective: 16 May 2018