Privacy Policy for Nordlys Hesteturer AS

This privacy policy explains how Nordlys Hesteturer AS collects, uses, stores, shares, and protects personal data in connection with its horse-walking services and related activities. It also describes your rights regarding your personal data.

1. Introduction and company information

The data controller responsible for the processing of personal data described in this privacy policy is:

• Company: Nordlys Hesteturer AS
• Address: Storgata 12, 0155 Oslo, Norway
• Email: [email protected]
• Phone: +47 21 56 84 39

Nordlys Hesteturer AS provides horse-walking services, guided horse-related experiences, bookings, customer support, and related administrative services. In connection with these activities, Nordlys Hesteturer AS may process personal data about customers, prospective customers, website visitors, business partners, and other individuals who contact us.

2. Data collection and processing

Nordlys Hesteturer AS may collect and process the following categories of personal data, depending on your interaction with us:

• Identification data: name, date of birth, and, where necessary, identification details.
• Contact data: address, email address, telephone number, and other contact information.
• Booking and service data: reservation details, participation history, preferences, special requests, and communication related to services.
• Payment data: payment status, transaction references, and billing information. Card details are typically processed by our payment service providers and are not stored by us unless necessary.
• Health and safety information: information you provide about allergies, physical limitations, experience level, or other details relevant to safe participation in horse-walking activities.
• Communication data: correspondence with us by email, phone, contact forms, or social media.
• Technical data: IP address, browser type, device information, log data, and cookie-related information when you use our website.
• Marketing preferences: consent choices and communication preferences.

We generally collect personal data directly from you, but may also receive data from booking platforms, payment providers, business partners, or publicly available sources where permitted by law.

3. Purpose of data processing

Nordlys Hesteturer AS processes personal data for the following purposes:

• to manage inquiries, bookings, and customer relationships;
• to provide horse-walking services and related activities;
• to assess suitability and safety for participation in activities;
• to communicate about schedules, changes, cancellations, and service updates;
• to process payments, refunds, and invoicing;
• to comply with legal obligations, including accounting and record-keeping requirements;
• to handle complaints, claims, and disputes;
• to improve our services, website, and customer experience;
• to send marketing communications where permitted and, where required, with your consent;
• to protect our business, customers, staff, animals, and property, including for safety and security purposes.

4. Legal basis for processing

Nordlys Hesteturer AS processes personal data only where there is a valid legal basis. Depending on the context, the legal basis may include:

• Performance of a contract: when processing is necessary to provide booked services or take steps at your request before entering into a contract.
• Legal obligation: when processing is necessary to comply with applicable laws, such as accounting, tax, safety, or consumer-related obligations.
• Legitimate interests: when processing is necessary for our legitimate interests, such as managing our business, ensuring safety, preventing fraud, improving services, and maintaining secure operations, provided that your interests and fundamental rights do not override those interests.
• Consent: when you have given clear consent, for example for certain marketing communications or for processing specific optional information where required by law.
• Vital interests: in rare cases, where processing is necessary to protect someone’s vital interests, such as in an emergency involving health or safety.

Where we process special category data, such as health-related information, we do so only when strictly necessary and in accordance with applicable law, typically based on your explicit consent or another lawful exception.

5. Data sharing and third parties

Nordlys Hesteturer AS may share personal data with third parties only when necessary and appropriate for the purposes described in this policy. Such third parties may include:

• payment service providers and banks;
• booking and reservation system providers;
• IT and cloud service providers;
• email, communication, and customer support tools;
• accountants, auditors, legal advisers, and other professional advisers;
• insurance providers;
• public authorities, where required by law or lawful request;
• subcontractors or partners involved in delivering services.

All third parties are required, where applicable, to protect personal data and to process it only in accordance with our instructions or their own legal obligations. Nordlys Hesteturer AS does not sell personal data.

6. Data transfer to third countries

In some cases, personal data may be transferred to or accessed from countries outside Norway, the EEA, or the European Union, for example where we use international service providers or cloud-based tools. If such transfers occur, Nordlys Hesteturer AS will ensure that appropriate safeguards are in place in accordance with applicable law, such as:

• an adequacy decision by the relevant authority;
• standard contractual clauses or equivalent contractual safeguards;
• additional technical and organizational measures where necessary.

You may contact us for more information about international data transfers and the safeguards used.

7. Storage duration

Nordlys Hesteturer AS retains personal data only for as long as necessary for the purposes for which it was collected, or as required by law. The retention period depends on the type of data and the purpose of processing.

• Booking and customer records: retained for the duration of the customer relationship and for a reasonable period thereafter.
• Accounting and tax records: retained for the period required by applicable law.
• Communication records: retained as long as needed to handle the inquiry or related follow-up.
• Consent-based marketing data: retained until you withdraw consent or unsubscribe, unless a longer retention period is required or permitted by law.
• Safety-related information: retained only as long as necessary for the activity and any follow-up obligations.

When personal data is no longer needed, it will be securely deleted, anonymized, or archived in accordance with applicable law and internal retention procedures.

8. User rights

Subject to applicable law, you have the following rights regarding your personal data processed by Nordlys Hesteturer AS:

• Right of access: you may request confirmation of whether we process your personal data and obtain a copy of that data.
• Right to rectification: you may request correction of inaccurate or incomplete personal data.
• Right to erasure: you may request deletion of personal data in certain circumstances.
• Right to restriction: you may request that we restrict processing in certain situations.
• Right to data portability: you may request to receive certain data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller.
• Right to object: you may object to processing based on legitimate interests and to processing for direct marketing.

To exercise your rights, please contact us using the contact details provided below. We may need to verify your identity before responding. We will respond within the time limits required by applicable law.

9. Withdrawal of consent

Where Nordlys Hesteturer AS relies on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

You may withdraw consent by contacting us at [email protected] or by using any unsubscribe or preference-management option provided in our communications. If you withdraw consent, we may no longer be able to provide certain optional services or communications.

10. Right to complain

If you believe that Nordlys Hesteturer AS has processed your personal data in violation of applicable privacy laws, you have the right to lodge a complaint with the relevant supervisory authority. In Norway, this is the Norwegian Data Protection Authority (Datatilsynet).

We encourage you to contact us first so that we can try to resolve your concern directly and efficiently.

11. Data security

Nordlys Hesteturer AS takes the security of personal data seriously and implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include:

• access controls and role-based permissions;
• secure storage and encryption where appropriate;
• regular updates and security maintenance of systems;
• staff training on confidentiality and data protection;
• procedures for handling incidents and suspected data breaches;
• limiting access to personal data to authorized personnel only.

While we strive to protect personal data, no system can be guaranteed to be completely secure. If a personal data breach occurs and is likely to result in a risk to your rights and freedoms, Nordlys Hesteturer AS will take appropriate action in accordance with applicable law.

12. Contact information

If you have questions about this privacy policy, our processing of personal data, or wish to exercise your rights, please contact:

• Nordlys Hesteturer AS
• Address: Storgata 12, 0155 Oslo, Norway
• Email: [email protected]
• Phone: +47 21 56 84 39

13. Changes to privacy policy

Nordlys Hesteturer AS may update this privacy policy from time to time to reflect changes in our services, legal requirements, or data processing practices. The updated version will be published on our website or otherwise made available to you, and the date of the latest revision may be indicated where appropriate.

We encourage you to review this privacy policy periodically to stay informed about how Nordlys Hesteturer AS processes personal data.