Privacy Policy

Responsibility

This privacy declaration explains how we collect and use (process) personal data in our company. Northern Explorers AS is responsible for the treatment through the managing director.

NB! It is not permitted to copy text from this privacy declaration, see copyright law.

Our contact information is:
Northern Explorers AS
Vedskogmyra 25
7777 Nord-Statland
Norway

Tax identification number: NO 998 813 530 MVA

Email: anja@northern-explorers.com

We take your privacy seriously and have taken various steps to ensure that you receive clear information about how we process your data and what rights you have. If you think something is unclear or missing, don’t hesitate to contact us.

Your rights

Contact us if you have any questions about any of your rights or if you want to make use of them. You are entitled to an answer within 30 days at the latest. You can find more information on the website of the Norwegian data supervisory authority Datatilsynet.

• Accessing and correcting your own information: You can request a copy of any information we process about you and ask us to correct any incorrect information.
• Deletion or restriction: In some cases, you can ask us to delete and/or restrict the processing of information about yourself. However, we cannot delete any data that we need to process.
• Protest against treatment: If we process information about you on the basis of a legitimate interest, you have the right to protest against it.
• Data portability: If we process information about you on the basis of a consent or a contract, you can ask us to transfer information about you to you or another person responsible for data processing.
• You also have the right to withdraw your consent at any time.
• If you are not satisfied with the processing of your data, you can complain to the data supervisory authority. However, we hope that you will contact us first so that we can try to resolve the case for you in a satisfactory manner.

Who we process personal data about

We process personal data from:

• Customers
• Potential customers
• Contact persons at suppliers and partners
• Website visitors

How we collect personal information

It is voluntary to provide us with personal data. However, in order to complete a transaction, we need a variety of information from you. We do not rent, buy or sell any personal information from/to third parties. We do not use any automated decisions or profiling when processing your personal data and we do not process any special categories of personal data that go beyond what applies in a normal employment or customer relationship.

We process your personal data in the following cases:

• Buy of our products/services
• Contact by phone, SMS, via our website, email or social media
• Registration for the newsletter
• Use of our homepage

Purpose, legal basis and storage

In accordance with Article 6 Paragraph 1 of the Privacy Regulation, we process personal data based on:

a) your consent
b) an agreement that we have concluded
c) a legal obligation that we have
f) a legitimate interest that we believe we have

As a rule, personal data may not be processed and stored for longer than necessary to fulfil the processing purpose.

We keep data for as long as we are required to do so in accordance with applicable legal obligations, e.g. in connection with accounting, tax or labour laws and/or other relevant rules and regulations. You can contact us at any time if you would like us to stop processing or delete your personal data. Please note, however, that we cannot delete personal data that we are legally obliged to process.

This is how we process personal data

Here we describe in detail when and how we process your personal data, for what purposes, on what legal basis and for how long.

We process personal data when:

You communicate with us

If you have given us a business card, entered it in lists or contact us via the website (contact form, comment field, chat or similar), by email, phone (call, SMS) or via social media, we process personal data. Depending on how you contact us, this could be your name, your contact information, your IP address and other information that is sent to us.

The purpose is to be able to respond to inquiries from you and to have documents in case we receive complaints, claims or legal claims. The legal basis is f) if the legitimate interest is to respond to inquiries from you, to have the history and to have documents in case we receive complaints, complaints or legal claims. We check, archive and delete inquiries as required, but not less than every 5 years. Accounting material is stored for up to five years in accordance with the rules of the Accounting Act.

You buy our products and services

When you buy products and services from us, we process personal data such as name, contact information, order and payment information and purchase history.

The purpose is to be able to deliver the corresponding products and services to you after the order/purchase, to have a history of the products and services sold and to manage and track the customer relationship with you in another way. The legal basis is b) agreement and c) legal obligation, among others according to the accounting and tax law. Accounting material is stored for up to five years in accordance with the rules of the Accounting Act.

Marketing in existing customer relationships

If you become a customer of ours, we process personal data as described above. If you already have a customer relationship with us, we can send you marketing material in accordance with Section 15 of the Marketing Act by email.

The aim is to be able to offer good customer service. The legal basis is f) if the legitimate interests are to be able to offer you relevant products and services. The legal basis can also be a) if you have given us your consent. You can unsubscribe from email marketing at any time. Information on how to unsubscribe can be found in all marketing-related emails we send. The information will be kept for as long as the customer relationship exists until you unsubscribe, or you protest against the processing.

You sign up for the newsletter

We send newsletters by email with information about new trips, offers, general information about the company and similar. If you subscribe to the newsletter, we process personal information such as name, contact information and IP address.

The aim is to be able to provide information about relevant news and offers and to offer potential and existing customers good customer service. The legal basis is a) consent. Subscribing to the newsletter is voluntary, and you can revoke your consent at any time (unsubscribe) by clicking on “Unsubscribe” at the bottom of one of the emails. Your email address will then be deleted within 2 months.

The provider we use to send newsletters has an integrated analysis that shows that subscribers open links in the newsletters and may click on them. This functionality is built into the system and cannot be deactivated. If you don’t want your data to be analysed this way, don’t become a subscriber. We use the data to analyse the results of the newsletter and to tailor the content to our subscribers. The legal basis is f) if the legitimate interest is to continuously improve our products and services.

You use our website

If you use our website, we process personal data in accordance with our cookie statement. [INSERT LINK] The purpose is to administer our website, promote the company and respond to inquiries from visitors. The legal basis for cookies that store or process information that falls under the Electronic Communication Act § 2-7b is consent through a pre-set in your browser in accordance with the recommendations of Nkom described here (November 2020).

Who we share personal data with

To run our business efficiently and securely, we sometimes need to share your personal information with third parties, e.g.

• Data processors: providers of various services that process your personal data on our behalf *
• Professional consultants in industries such as law, finance, accounting, auditing and insurance
• Support for IT and administration systems
• Authorities to whom we must report

We demand that everyone with whom we share your personal data protects your data in accordance with good information security and in accordance with the requirements of the data protection regulation. We conclude a data processing agreement and, if necessary, confidentiality agreements with anyone who processes data on our behalf.

* We use data processing providers for:

• Email, calendar, and digital meetings
• Accounting, billing and invoicing
• Newsletter

For security reasons, we have not named these providers by name, but you are welcome to contact us if you would like to know more.

Transfer of personal data outside the EU/EEA

In some cases, your personal data will be transferred outside of the EU/EEA, for example when we use suppliers outside the EU/EEA to send newsletters, process customer information, make products and services available on our website and make payments to ensure the security of our website and to operate our business in a safe and efficient manner. The transfer of personal data outside the EU/EEA is only permitted in countries approved by the EU Commission or within the framework of the guarantees required by the data protection regulation. These can be the standard EU contracts, for example.

For security reasons we have not given them by name. Contact us if you would like to find out more about which such data processors we use, what necessary guarantees apply to such a transfer and what additional security measures we have implemented.

Security

We take data security seriously and will always do our best to protect your personal data in the best possible way. Among other things, we use strong passwords and backups to protect our data and to prevent unauthorized persons from accessing, changing, deleting or in any way influencing the data we have stored, including your personal data.

We only use reputable providers of IT and administration services such as web hosting, website and PC security, virus software, email providers, backup and more. We only allow others to access and/or process your personal data in accordance with our instructions, and only if this is absolutely necessary (e.g. through IT support).

We have established routines for handling data security breaches and, in the event of a breach, send a breach report to the Norwegian Data Protection Authority Datatilsynet within 72 hours of detecting the breach. If the breach entails a high data protection risk, we will also notify the persons affected by it.

This data protection declaration was last updated on: May 2nd, 2021

NB! It is not permitted to copy text from this privacy declaration, see copyright law.