Privacy statement

Karivollen Overnatting, by the general manager, is responsible for our processing of personal data. This statement is about how we collect and use such personal data, and what you can demand from us when we collect such data about you.

What is personal data?
Personal data is information that can be used to identify a person. This can be name, address, telephone number, e-mail address etc. Information about what you do is also considered personal data and this can e.g. be information about which stores you shop in, which TV series you like and where you go jogging.

Some personal information is considered sensitive. This can be information about health, religion, ethnicity, sexuality etc., but on our website we neither have access to nor need this type of information.

What is meant by data controller?
Processing means any use of personal data, such as collection, registration, sharing, storage, analysis and the like. The controller is the person who decides why and how such personal data is processed and is legally responsible. In this case, it is Karivollen Overnatting.

What is a data processor?
A data processor is another company that helps with the processing, but does so on behalf of the data controller. These can be suppliers of accounting systems, analysis tools, shipping solutions, etc. Everyone who uses such data processors is required by law to have a data processor agreement which ensures that all personal data is processed in a responsible manner and in accordance with the legislation.

What kind of personal data do we collect?
In order to create as good a website as possible, we depend on being able to follow what is happening there and this means that we would like to store information that is personal data. Below you will find a list of the types of information we collect:

  1. Information we receive about your connection: This is primarily your internet address, also called IP address. When you ask to see our website, it is this person who is listed as the sender on the request.
  2. Information we receive from your device: This is information included when your request reaches us. This is information about which operating system and which browser you use when you visit our website.
  3. Information you give us: This is information you give us voluntarily if you e.g. using a contact form. This will often be name, address, telephone, e-mail address etc.
  4. Information about what you do: When you click on things, we save when and what you click on, but in most cases this information will not be used to identify you as a person.
  5. Cookies: These are small data files that we store in the browser and which we can later read again. These are used to recognize you when you jump from side to side.

Why do we process personal data?
There are several reasons why we collect personal data. We collect some simply because the website will not work properly without it, while we collect other information to make the website more user-friendly. Below you will find a list of why we collect such personal data.

  1. To deliver the website to you: In order for you to be able to see our website, we are completely dependent on knowing where you are on the internet so that we know where the website should be sent. We use your IP address for this.
  2. To remember what you have given consent to: When you give us consent, we try to remember it for the next time you visit. For this we use such a cookie.
  3. To improve the website: We do not need to identify everyone who visits our website, but we would like to know things about how many people visit us, whether they have visited us before and what they do on the website. This is information we use to improve both how we set up our computers and how the website should work as best as possible.
  4. To market us: Marketing is important to us. We depend on getting our message out to the world, but by analyzing some of the information we collect, we can do this in a more targeted way.
  5. To prevent abuse: Not everyone is as kind on the internet and we use personal data to a certain extent to secure our website against abuse. This can e.g. be that someone tries to hack us, defraud us or other such unwanted behavior that is prohibited by Norwegian law.

What basis do we have for processing personal data?
In order for us to be able to process personal data, we must have a legal basis. There are several bases that can be used, but below you will find the four that are relevant for us.

In the main, our collection of personal data is based on your consent and this is voluntary. So that we e.g. to be able to store cookies, you must approve this in advance. If we already have an existing customer relationship, we can use this as a basis (this is called legitimate interest) to send out newsletters etc., but if you are a new customer, you are still entitled to approve this in advance.

Sometimes we have to use personal data to fulfill obligations with our customers and then this is the basis for the collection.

How do we take care of personal data?
You should be able to trust that your personal data is in safe hands with us. We do not take care of more than we have to and we try as far as possible to ensure that the information we store cannot be used to identify anyone. Only when it is strictly necessary for someone to do their job, access to such information is given and all personal data is stored in a safe and secure manner.

We use a security certificate (SSL) to secure the communication between us and you. The certificate allows us to assure you who we are and that all information that is transmitted is encrypted before it is sent. All information we store is stored here in Norway and we have a responsibility to ensure that the information we store is correct and that changes can be tracked. Should we suspect that personal data has gone astray, we are also obliged to notify you of this as soon as possible.

Who do we share personal data with?
We use Google Analytics to keep statistics on visits to the website. For this to work, we are dependent on storing a separate cookie and submitting information about how users move on the website. The information we send to Google is automatically anonymised and cannot be used to identify individuals.

In very special cases, the authorities may also demand access to the information we have stored where this is required by law.

What rights do you have?
After the new law comes into force, everyone has the right to see what personal data is stored, ask for a copy of this data and demand to have their personal data corrected or deleted. When you give us a consent, e.g. to store cookies, you also have the right to withdraw this consent whenever you wish.

In cases where we process personal data based on legitimate interests, e.g. when we send out newsletters, you have the right to object and we are obliged to stop this type of processing. In addition, everyone has a claim to general information about how we process personal data, but this is covered by this privacy policy.

All such requests must be processed free of charge and within 30 days, and for more information about what rights you have, visit this website at the Norwegian Data Protection Authority:

Contact information
Karivollen Accommodation
Karivollvegen 92
7224 Melhus