Privacy Statement for Kystriksveien Reiseliv AS – travel-shop.no
This privacy statement was published 2018-05-25 (edited 2020-07-08).
At Kystriksveien Reiseliv AS (travel-shop.no) we are comitted to protect and respect Your privacy in compliance with EU – General Data Protection Regulation (GDPR), dated 27th April 2016. This privacy statement explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Who are we?
The online shop travel-shop.no is a part of Kystriksveien Reiseliv, located in Steinkjer in Trøndelag, Norway. Kystriksveien Reiseliv is a marketing company for the Scenic road Kystriksveien. Questions regarding data security and privacy can be directed to email [email protected]
When do we collect personal data about you?
When you buy a product in our online shop.
When you interact with us in person, through correspondence, by telephone, by social media, or through our websites.
Why do we collect and use personal data?
We collect and use personal data mainly to offer products related to your interests – based on purchase history. This can be in the form of newsletters or direct communication with you as a customer.
We may use your information for the following purposes:
Send you marketing communications which you have requested. These may include information about our products and services, events, activities, and promotions of our associated partners’ products and services. By associated partners, we mean all tourism companies along Kystriksveien. This communication is subscription based and requires your consent.
Send you information about the products and services that you have purchased from us.
Perform direct sales activities in cases where legitimate and mutual interest is established.
Reply to a “Contact me” or other web forms you have completed on på travel-shop.no.
Follow up on incoming requests (customer support, emails, chat or phone calls).
Contact you to conduct surveys about your opinion on our products and services.
Our legal basis for collecting personal data
Collecting personal data based on purchases.
We use personal information to fulfill obligations related to the dispatch of products to you as a customer.
Collecting personal data based on consents.
We collect personal data based on consent by using “Consent Forms” that will store documentation related to the consent given by the individual. Individual consents will always be stored and documented in our systems.
Collecting personal data based on legitimate interest
We may use personal data if it is considered to be of legitimate interest, and if the privacy interests of the data subjects do not override this interest. Normally, to establish the legal basis for data collection, an assessment has been made during which a mutual interest between Kystriksveien Reiseliv AS and the individual person has been identified. This legale basis is primarily related to our sales and marketing purposes. We will always inform individuals about their privacy rights and the purpose for collecting personal data.
What type of personal data is collected?
In our online shop we collect name, phone number, address, and email address. Information related to the purchase of our products. We may also collect additional information via web forms for campaigns related to purchase history or market research. You as a customer choose to give any consent to provide this information.
How long do we keep your personal data?
We store personal data for as long as we find it necessary to fulfill the purpose for which the personal data was collected.
This means that we may retain your personal data for a reasonable period of time after your last interaction with us. When the personal data that we have collected is no longer required, we will delete it in a secure manner. We may process data for statistical purposes, but in such cases, data will be anonymised.
Your rights to your personal data
You have the following rights with respect to your personal data:
The right to request a copy of your personal data that Kystriksveien Reiseliv AS holds about you.
The right to request that Kystriksveien Reiseliv AS corrects your personal data if inaccurate or out of date.
The right to withdraw any consent to personal data processing at any time:
If you want to withdraw your consent to e-marketing, please make use of the link to manage your subscriptions included in our communication.
The right to request that Kystriksveien Reiseliv AS provides you with your personal data and, if possible, to pass on this information directly (in a portable format) to another data controller when the processing is based on consent or contract.
All these rights over also applies automatically for Kystriksveien Reiseliv`s information stored about you as a customer.
The right to request a restriction on further data processing, in case there is a dispute in relation to the accuracy or processing of your personal data.
The right to delete personal information about you in our database.
Questions regarding data security and privacy can be directed to email [email protected]
The use of cookies and beacons
We use cookies and web beacons (‘Website Navigational Information’) to collect information as you navigate the company’s websites. Website Navigational Information includes standard information from your web browser, such as browser type and browser language; your Internet Protocol (“IP”) address; and the actions you take on the company’s websites, such as the web pages viewed and the links clicked.
This information is used to make websites work more efficiently, as well as to provide business and marketing information to the owners of the site, and to gather such personal data as browser type and operating system, referring page, path through site, domain of ISP, etc. for the purposes of understanding how visitors use a website. Cookies and similar technologies help us tailor our website to your personal needs, as well as to detect and prevent security threats and abuse. If used alone, cookies and web beacons do not personally identify you.
Do we share your data with anyone?
We do not share, sell, rent, or trade your information with any third parties without your consent, except from what is described below:
Kystriksveien Reiseliv has access to the personal information contained in the online shop travel-shop.no
Use of sub-contractors (processors and sub-processors):
Data/net providers will in some cases have access to personal information in connection with testing and new functionality, but only for this purpose. We are responsible for making sure they commit themselves to adhere to this Privacy Policy and applicable data protection legislation
If required by law:
We will disclose your personal information if required by law or if we, as a company, reasonably believe that disclosure is necessary to protect our company’s rights and/or to comply with a judicial proceeding, court order or legal process. However, we will do what we can to ensure that your privacy rights continue to be protected.
Changes to this Privacy Statement
Kystriksveien Reiseliv AS reserves the right to amend this Privacy Statement at any time. The applicable version will always be found on our websites. We encourage you to check this Privacy Statement occasionally to ensure that you are happy with any changes.
If we make changes that significantly alter our privacy practices, we will notify you by email or post a notice on our websites prior to the change taking effect.
Your right to complain with a supervisory authority
If you are unhappy with the way in which your personal data has been processed, you may, in the first instance, contact [email protected].
If you remain dissatisfied, then you have the right to apply directly to your national supervisory authority for a decision. The supervisory authorities can be contacted at:
Norway:
Datatilsynet
www.datatilsynet.no
Sweden:
Datainspektionen
www.datainspektionen.se
Denmark:
Datatilsynet
www.datatilsynet.dk
Germany:
Each individual German state has a Data Protection Authority which is responsible for the enforcement of data protection laws and competent in respect of data controllers established in the relevant state.
The Netherlands:
Autoriteit Persoonsgegevens
www.autoriteitpersoonsgegevens.nl
United Kingdom:
Information Commissioner’s Office (ICO)
www.ico.org.uk
Switzerland:
Federal Data Protection and Information Commissioner (FDPIC)
www.edoeb.admin.ch
Lithuania:
Valstybinė duomenų apsaugos inspekcija in Lithuanian
www.ada.lt