Generally

This privacy statement applies to Telemarkhytter AS. It explains what kind of personal information we collect when you use our services, what we use it for and what rights you have.

1. What is personal data?

Personal data is any information that can be directly or indirectly linked to a natural person, such as name, postal address, email address, location and mobile phone number.

2. Who is the data controller?

Telemarkhytter AS, headed by the CEO, is the data controller for our processing of personal data. This means that we have the primary responsibility for complying with the privacy policy.

3. What personal information do we collect and where do we get it from?

In order to provide the best possible service, we rely on collecting various types of information, including personal information about you. The personal information we process about you and where it comes from depends on your role. We do not collect sensitive information. Below is an overview of how we normally collect personal information and what information this typically is.

3.1 Information you provide to us

When you register on our website, you must provide some information that is stored by us, such as your name, email address and mobile phone number. In some cases, we also need your address to reach you by mail or to know more about your location. The information you provide may also be enriched by using lookup services or social media you give us access to or through analytics.

3.2 Information we receive when you use our services

When you use our services, we record information about which services you use and how you use them. We collect information about, among other things:

i. Your device and your internet connection

We may record information about the device you use, such as your mobile/PC manufacturer, operating system, and browser. We may also collect information about your connection to our services, such as IP addresses, network IDs, and cookies.

ii. Use of service or purchase

We record information about your use of the services, such as which pages you visit, when you visit the pages, and which functions you have used on the pages.

3.3 Information we obtain about you from other sources

From time to time, we receive personal information from other sources, for example when you come into contact with our partners or if we obtain information that is publicly available (e.g. on the internet).

4. What do we use the personal data for and what is the legal basis for our processing?

In this section, we provide you with an overview of the purposes for which we process personal data, the types of personal data we process and the legal basis for our processing.

Deliver and improve our services . We use personal data to deliver our services to you and to ensure the best possible user experience for you, including by adapting the display of content to your screen/device and ensuring the fastest possible loading of pages. The basis for processing is GDPR Article 6 No. 1 Letter b (contractual obligation in line with our terms of use).

Customize services, recommendations and product information. We want to provide you with recommendations, product information and service customizations that are as relevant to you as possible. This will be based on your own behavior, e.g. based on which products and services you have used, advertisements you have clicked on, or articles you have read, and based on the behavior of other users with similar usage patterns to you. The basis for processing is GDPR Article 6 No. 1 Letter b (contractual obligation in line with our terms of use).

Other marketing : We send newsletters to email addresses that are registered as customers and others who have requested to receive our newsletter. Recipients of the newsletter can easily unsubscribe from the service by using the link included in each individual inquiry. The basis for processing is GDPR Article 6 No. 1 Letter f (balancing of interests) where we have received the email address in connection with a sale. If there is an existing customer relationship, marketing will take place in accordance with Section 15(3) of the Marketing Act. In other contexts, marketing is based on the consent of the person concerned, cf. Section 15(1) of the Marketing Act and GDPR Article 6 No. 1 a. 

Prepare statistics and understand market trends. We prepare statistics and map market trends. We do this in order to improve and further develop our product offerings and services. As far as is practically possible, we try to do this with anonymous information, without us knowing that the information is specifically linked to you. The basis for processing is GDPR Article 6 No. 1 Letter f (balancing of interests).

IT operations and security : Personal data stored in our IT systems may be available to us or our suppliers in connection with system updates, implementation or follow-up of security measures, error correction or other maintenance. The basis for processing is also our legal obligation to have satisfactory information security, cf. GDPR articles 32 and 6 no. 1 letter c. 

Prevent misuse of our services . We use personal data to prevent misuse of our services. Misuse can include attempts to log in to other people's accounts, attempts at fraud, "spamming", incitement, harassment and other actions that are prohibited by Norwegian law. The basis for processing is also our legal obligation to have satisfactory information security, cf. GDPR articles 32 and 6 no. 1 letter c.

5. How long do we store your personal data?

We do not store your personal data for longer than is necessary to fulfill the purpose of the processing. However, this does not apply if storage is required by law for a longer period than our purpose dictates.

This means, for example, that personal data that we process on the basis of your consent will be deleted when your consent is withdrawn. If the basis for processing is our legitimate interest, the personal data will be deleted when such legitimate interest no longer exists. Information that is stored in accordance with statutory obligations will be deleted when the obligation ceases. A typical example of this is the obligation to retain accounting information under accounting legislation.

6. Who do we share personal information with?

Telemarkhytter AS sometimes shares personal information with other companies that perform services on our behalf. This means that these third parties process information about you on our behalf. This is primarily to provide you with a safer and better user experience. Here are the most important examples:

1. When others perform services on our behalf. For example, web and marketing agencies to operate the website and show you targeted marketing and create campaigns. They are not allowed to use this personal information for anything other than performing services for Telemarkhytter AS. To ensure your rights, we have entered into data processing agreements with our suppliers which, among other things, mean that your personal information cannot be used for purposes other than what we have agreed with you.
2. In the event of suspected violations of the law, etc., we may be required to disclose information to public authorities unsolicited or upon request. We may also disclose information in the event of suspected fraud, or information that is necessary to resolve specific disputes.

7. How do we transfer personal data to other countries?

Some of our subcontractors are located outside the EU/EEA. This means that your personal data may be transferred to, and processed in, so-called third countries. We only transfer personal data to countries outside the EU/EEA that the European Commission considers to provide you with an adequate level of protection or to subcontractors who have committed to protecting your personal data through EU standard contractual clauses. Where necessary, we have implemented additional technical and organizational measures to achieve an appropriate level of protection.

8. What rights do you have?

The Privacy Policy gives you a number of rights related to the personal data we process about you. Which rights you have depends on the circumstances. In this section you will find an overview of important rights.

Request access : You have the right to access the personal information we have registered about you, as long as confidentiality does not prevent this. To ensure that personal information is disclosed to the right person, we may require that requests for access be made in writing or that identity be verified in another way.

Request rectification or deletion : You can ask us to correct inaccurate information we hold about you or ask us to delete personal information. We will comply with a request to delete personal information as far as possible, but we cannot do this if there are compelling reasons not to delete, for example, that we have a duty to document the information. 

Data portability : In some cases, you may have the right to have personal information you have provided to us transferred in a machine-readable format to another provider. 

Other rights : You also have the right to object to the processing of personal data, personal profiling and automated decisions where relevant. 

Complaint to the supervisory authority : If you disagree with the way we process your personal data, you can submit a complaint to the Norwegian Data Protection Authority. You can find information about the procedure on the Norwegian Data Protection Authority's website: www.datatilsynet.no . 

Rights may be limited by law. Please contact us by email at post@telemarkhytter.no if you wish to exercise your rights or would like information about which limitations apply. We will respond to your inquiry as soon as possible, and as a general rule within one month.

9. How do we secure your personal data?

We use appropriate security measures to protect personal data against unauthorized access, alteration or deletion.

The data controller has established routines and measures to ensure that unauthorized persons do not gain access to your personal data and that all processing of the data is otherwise in accordance with applicable law.

The controller has established procedures to ensure confidentiality, integrity and availability. The measures are both technical and organizational in nature. They include encryption, authentication solutions and routines for verifying access and correction requests.

The controller regularly assesses the security of all central systems used for handling personal data, and agreements have been entered into that require suppliers of such systems to ensure satisfactory information security.

Access to personal data is limited to personnel who need access to perform their work tasks.

The controller has adopted internal IT guidelines, and the controller regularly trains employees with regard to security and use of IT systems.

10. How do we use cookies?

We use cookies on our websites. These help us to tailor the content specifically for you. You can read more about how we use cookies and how you can change your browser settings, etc. in our Cookie Statement .

11. Changes to the Privacy Policy

We may periodically update or change this Privacy Policy. You will always find the latest version on our website.

12. Contact information

If you have any questions about our privacy policy or our use of personal information, please contact us at post@telemarkhytter.no .