Effective: 24 May 2018
- Policy Context
- Information we collect
- How we use the information we collect
- Sharing and disclosure
- Accessing/Changing your information
- Data retention
- Cookies, Web Beacons, Local Storage and Similar Technologies
- Information Security
Section 1 - DEFINITIONS
Consent - means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. [GDPR Ch. 1 Art. 4]
Data controller - means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
[GDPR Ch. 1 Art. 4]
Data processor - means a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the controller. [GDPR Ch. 1 Art. 4]
Data subject - is the person to whom personal data may be linked. [Personal Data Act (14 April 2000 No. 31)]
Personal data - means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. [GDPR Ch. 1 Art. 4]
Processing of personal data - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. [GDPR Ch. 1 Art. 4]
Sensitive personal data - means information relating to: racial or ethnic origin, or political opinions, philosophical or religious beliefs, the fact that a person has been suspected of, charged with, indicted for or convicted of a criminal act, health, sex life, trade-union membership.
Section 2 - POLICY CONTEXT
Hammerfest Turist AS (Organisation nr.: 954 361 403, registered address: Hamnegata 3, 9600 Hammerfest) is a destination management organisation.
We process personal data for members and customers who use our services. We safeguard your privacy according to the Personal Data Act of 14 April 2000 Nr. 31.
Hammerfest Turist AS is the data controller of any ‘personal data’ collected for both Hammerfest Turist and ‘The Royal and Ancient Polar Bear Society’ (hereafter referred to as ‘The Polar Bear Society’). The Polar Bear Society is a subsidiary of Hammerfest Turist AS and is as such fully controlled by Hammerfest Turist AS. Our websites include: www.hammerfest-turist.no, www.visithammerfest.no, www.visithammerfest.net and www.isbjornklubben.no.
Note: For a more detailed description of what constitutes ‘personal data’ please see ‘Section 1 - Definitions’.
Section 3 - CONSENT
3.1 Your Consent
Note: Explicit consent is required only for the processing of sensitive personal data. For non-sensitive data, “unambiguous” consent suffices. Unambiguous meaning consent that is not open to more than one interpretation.
3.2 Consent for Minors
The age of consent in Norway is 16 years. As such, consent must be given by the holder of parental responsibility for the child (up to and including age 15) in order to collect and process the child’s personal data.
Section 4 - INFORMATION WE COLLECT
Our primary purpose for collecting your information is to provide you with services as provided under the Polar Bear Society Membership and to develop and promote Hammerfest as a destination.
There are three general categories of information we collect.
4.1 Information you give us
At the time you sign up for a membership to the Polar Bear Society we collect information such as names, addresses, age, gender and e-mail addresses.
In regards to memberships for children, we will only collect a child’s personal information with the consent of the holder of parental responsibility for that child. This is in effect for children aged up to and including 15 years of age.
4.2 Photographs taken during activities provided by Hammerfest Turist AS and/or by GoNorth AS.
Photographs taken during activities provided by Hammerfest Turist AS or their sightseeing activities supplier GoNorth AS may be used for the purpose of destination marketing. GoNorth AS supplies both sightseeing tours as well as electrical bicycle rentals to Hammerfest Turist AS.
If you do not wish to have photos of you published on social media or used in promotional materials please let your tour guide know before or during your tour or contact us and we will remove such materials from public view.
4.3 Information collected via our websites
Websites included are: www.hammerfest-turist.no, www.visithammerfest.no, www.visithammerfest.net and www.isbjornklubben.no.
Please see ‘Section 9 - Cookies, Web Beacons and Similar Technologies’ in regards to what type of information is collected via our websites.
Section 5 - HOW WE USE YOUR INFORMATION
You agree that we may use your personal information for:
5.1 Communication with Polar Bear Society members
5.2 Destination Marketing
Information collected may be used to promote Hammerfest as a destination using various methods. This includes:
- Posts on various social media including but not limited to Facebook.
- Promotional print materials.
- Promotional videos.
Section 6 - SHARING AND DISCLOSURE
Hammerfest Turist AS will never sell your personal information. However, we may need to disclose your information if required by law or if we have your permission to do so.
If you participated on tours provided by our tour supplier GoNorth AS (organisation nr. 913 102 835) photos may have been taken during such tours. These may be used for marketing purposes to promote Hammerfest as a destination. Such photos may be posted on social media, including but not limited to Facebook or be used on other promotional materials.
Section 7 - ACCESSING/CHANGING YOUR INFORMATION
7.1 Right of Access
You have the right to request a copy of all the information we hold about you. The request should be in writing and include a name, address and a description of the information requested.
Hammerfest Turist AS, Postboks 504, 9615 Hammerfest.
7.2 Changes to your Information
Section 8 - DATA RETENTION
We only retain your personal data for so long as is necessary for the purposes for which it was collected.
The Polar Bear Society memberships are lifetime memberships. As such, personal information collected for this purpose will be kept indefinitely unless the data subject has made a request for deletion.
Section 9 - COOKIES, WEB BEACONS AND SIMILAR TECHNOLOGIES
These collect information about how our site is used and are solely used for statistical purposes or for the functionality of the website.
Section 10 - INFORMATION SECURITY
Hammerfest Turist AS is committed to handling personal information in accordance with the Personal Data Act of 14 April 2000, Nr. 31.
We take appropriate measures to ensure that your information is stored securely, is accurate and up to date as much as possible, and is kept only for so long as is necessary for the purposes for which it was collected.
All data is only stored on servers located in Norway.
How do we protect your personal information?
- - We only authorise access to personal information to employees who require access to it in order to meet their job responsibilities.
- - We use computer safeguards such as firewalls and data encryption to keep your information secure.
If we could not resolve your questions or concerns you may also lodge a complaint with your local supervisory authority. A list of National Data Protection Authorities is available at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
For detailed information on the Personal Data Act of 14 April 2000 Nr. 31 and the General Data Protection Regulation (GDPR) visit:
The Personal Data Act
The General Data Protection Regulation (GDPR)
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG (English) (Norwegian version not available)
Version 1 Effective: 24 May 2018