top of page

Privacy policy

Generally

This privacy policy applies to Bjugn Hotell AS. It explains to you what kind of personal data we collect when you use our services, what we use it for and what rights you have.

​​

​

1. What is personal data?
Personal data is any information that can be directly or indirectly linked to a natural person, such as name, postal address, e-mail address, location and mobile number.

​


2. Who is responsible for processing?
Bjugn Hotell AS by the general manager is responsible for our processing of personal data. This means that we have the main responsibility for following the privacy rules.

​


3. What personal data do we collect and where do we get it from?
In order to deliver the best services possible, we are dependent on collecting various types of information, including personal data about you. Which personal data we process about you and where it comes from depends on your role. We do not collect sensitive information. Below is an overview of how we normally collect personal data and what information this typically is. 


3.1 Information you provide to us yourself
When you submit a contact form with us, you must provide some information that is stored by us, such as name, e-mail address and mobile number. In some cases, we also need the address to reach you by post or to know more about your whereabouts.

 

3.2 Information we receive when you use our services
When you use our services, we record information about which services you use and how you use them. We collect, among other things, information about:

​

 in. Your device and your internet connection
We can register information about the device you use, for example mobile/PC manufacturer, operating system and browser. We may also collect information about the connection to our services, such as IP addresses, network ID and cookies. 


ii. Use of service or purchase
We record information about your use of the services, such as which pages you are on, when you are on the pages and which functions you have used on the pages.


3.3 Information we receive about you from other sources
From time to time we receive personal data from other sources, e.g. when you come into contact with our partners or if we obtain information that is publicly available (e.g. on the internet). 


​
4. What do we use the personal data for and what is the legal basis for our processing?
In this section, we give you an overview of the purposes for which we process personal data, the types of personal data we process and the legal basis for our processing.

​

Delivering and improving our services: We use personal data to deliver our services to you, and to ensure the best possible user experience for you, including by adapting the display of the content to your screen/device and ensuring the fastest possible loading of the pages. The processing basis is GDPR article 6 no. 1 letter b (contractual obligation in line with our terms of use).

 

Customize services, recommendations and product information: We want to provide you with recommendations, product information and service customizations that are as relevant as possible to you. This will both be given on the basis of your own behaviour, e.g. on the basis of which products and services you have used, advertisements you have clicked on, or articles you have read, and on the basis of the behavior of other users with similar usage patterns to you. The processing basis is GDPR article 6 no. 1 letter b (contractual obligation in line with our terms of use).

​

Other marketing: We send out newsletters to email addresses registered as customers and others who have requested to receive our newsletter. Recipients of the newsletter can easily unsubscribe from the service by using the link included in each inquiry. The processing basis is GDPR article 6 no. 1 letter f (balancing of interests) where we have received the e-mail address in connection with a sale. If there is an existing customer relationship, the marketing will take place in accordance with Section 15(3) of the Marketing Act. In other contexts, marketing is based on consent from the person concerned, cf. Marketing Act § 15(1) and GDPR Article 6 no. 1 a.

​

Prepare statistics and understand market trends: We prepare statistics and map market trends. We do this in order to be able to improve and further develop our product offerings and services. As far as is practically possible, we try to do this with anonymous information, without us knowing that the information is linked specifically to you. The processing basis is GDPR article 6 no. 1 letter f (balancing of interests).

​​

IT operation and security: Personal data stored in our IT systems may be accessible to us or to our suppliers in connection with system updates, implementation or follow-up of security measures, error correction or other maintenance. The basis for processing is also our legal obligation to have satisfactory information security, cf. GDPR articles 32 and 6 no. 1 letter c. 

 

Prevent misuse of our services: We use personal data to prevent misuse of our services. Abuse can be attempts to log into other people's accounts, attempts at fraud, "spamming", incitement, harassment and other actions prohibited by Norwegian law. The basis for processing is also our legal obligation to have satisfactory information security, cf. GDPR articles 32 and 6 no. 1 letter c.

​

​

5. How long do we store your personal data?
We do not store your personal data longer than is necessary to fulfill the purpose of the processing. However, this does not apply if the storage is required by law for a longer period than our purpose dictates. 

​

This means, for example, that personal data we process on the basis of your consent is deleted when consent is withdrawn. If the basis for processing is our legitimate interest, the personal data will be deleted when such legitimate interest no longer exists. Information stored in accordance with statutory obligations is deleted when the obligation ceases. A typical example of this is the retention obligation for accounting information according to the accounting legislation.


​
6. Who do we share personal data with?
Bjugn Hotell AS in some cases shares personal data with other companies that perform services on our behalf. This means that these third parties process information about you on our behalf. This is primarily to give you a safer and better user experience. Here are the most important examples:

 

1. When others perform services on our behalf. For example, our booking system VisBook to run the website and show you targeted marketing and create campaigns. They are not allowed to use this personal data for anything other than performing services for Bjugn Hotell AS. In order to secure your rights, we have entered into data processing agreements with our suppliers which, among other things, mean that your personal data cannot be used for purposes other than what we have agreed with you. 

 

2. In case of suspicion of an offense etc. we may have to hand over information to public authorities unsolicited or upon request. We will also be able to hand over information in the event of suspicion of fraud, or information that is necessary to clarify specific disputes.


​


7. How do we transfer personal data to other countries?
Some of our subcontractors are located outside the EU/EEA. This means that your personal data can be transferred to, and processed in, so-called third countries. We only transfer personal data to countries outside the EU/EEA that the European Commission believes provide you with a sufficient level of protection or to subcontractors who have undertaken to protect your personal data through the EU's standard contract clauses. Where necessary, we have implemented additional technical and organizational measures to achieve a suitable level of protection.

​

​

8. What rights do you have?
The privacy rules give you a number of rights related to the personal data we process about you. What rights you have depends on the circumstances. In this section you will find an overview of important rights. 

​

Request access: You have the right to access the personal data we have registered about you, as long as confidentiality does not prevent this. In order to ensure that personal data is handed over to the right person, we may require that requests for access be made in writing or that identity is verified in another way.​

 

Request correction or deletion: You can ask us to correct incorrect information we have about you or ask us to delete personal data. We will as far as possible accommodate a request to delete personal data, but we cannot do this if there are compelling reasons not to delete, for example that we have a duty to document the information. 

​

Data portability: In some cases, you will be able to have access to personal data you have provided to us in order to have it transferred in a machine-readable format to another supplier.

​

Other rights: You also have the right to object to the processing of personal data, personal profiling and automated decisions where relevant. 

​​

Complaint to the supervisory authority: If you disagree with the way we process your personal data, you can submit a complaint to the Norwegian Data Protection Authority. You can find information about the procedure on the Norwegian Data Protection Authority's website: www.datatilsynet.no

Rights may be limited by law. Contact us via e-mail at post@bjugnhotell.no, if you wish to exercise your rights or want information about which restrictions apply. We will respond to your inquiry as soon as possible, and as a general rule within one month.

​​

​

9. How do we secure your personal data?
We use appropriate security measures to protect personal data against unauthorized access, modification or deletion. 

The data controller has established routines and measures to ensure that unauthorized persons do not gain access to your personal data and that all processing of the data otherwise takes place in line with applicable law. 

​

The controller has established procedures to ensure confidentiality, integrity and availability. The measures are both of a technical and organizational nature. They include encryption, authentication solutions and routines to verify access and correction requests.​

 

 The data controller regularly assesses the security of all central systems used for handling personal data, and agreements have been entered into that require suppliers of such systems to ensure satisfactory information security. â€‹

 

Access to personal data is limited to personnel who need access to perform their work tasks. 

​

The controller has adopted internal IT guidelines, and the controller regularly trains employees with regard to security and the use of IT systems.

​

​

10. How do we use cookies?
We use cookies on our website. These help us adapt the content specifically for you. 


​
11. Changes to the privacy policy
We will periodically be able to update or change the privacy policy. You will always find the latest version on our website. 


​
12. Contact information

If you have any questions about our privacy policy or our use of personal data, please contact us at post@bjugnhotell.no.

bottom of page