(last updated 16.09 2022)
VIP Transport Ålesund is responsible for the processing of personal data carried out by ourselves or by others on our behalf. This means that we determine the purpose and means of processing personal data, i.e. why we process your data and how we process it. We mainly process your personal data when you:
- Communicating with us
- Travel with us
- Visits our websites, our social media platforms or uses our applications
Your personal data is important to us. We are therefore concerned that the personal data that is collected about you is stored and processed in a safe and secure manner, and in accordance with applicable data protection legislation.
2. OUR PRINCIPLES FOR PROCESSING PERSONAL DATA
- We shall process personal data in a legal, fair and transparent manner.
- We will only collect personal information that is relevant to our customers' journeys and customer relationships with us.
- We do not collect more personal data than is necessary.
- Personal information that we have collected must be up-to-date and correct.
- Personal data that we have collected must be deleted when there is no longer a need for it.
- Personal data that we have collected must be treated confidentially.
- We never sell personal data to third parties.
- Our customers have the right to access personal data relating to their customer relationship. They must be able to get a copy of these, and can choose to delete them from our systems.
3. HOW WE PROCESS YOUR PERSONAL DATA
Personal data is all information that can be directly or indirectly (i.e. together with other information) linked to you, e.g. name, photo, social security number and IP address.
3.1 For what purpose do we process your personal data
We process your personal data in accordance with applicable laws. This means that each processing has a so-called legal reason. Most processing is carried out so that we can offer services, carry out services and charge for the services. If we process your personal data for a purpose that will require your consent, we will ask for this before processing begins
3.2 When you visit our websites or our social media platforms
When you visit our websites or our social media platforms, we process:
- Information that you give us yourself, e.g. name and contact details.
We process your personal data to:
- Making available, maintaining, testing, improving and developing our websites and social media platforms.
- Sending offers, reports and press releases when you choose to subscribe to such.
3.3 When you communicate with us
When you otherwise communicate with us, e.g. via our customer service or our switchboard, we process information that you give us yourself, e.g. name, contact details and information about your enquiry.
We process your personal data to provide good customer service, offer services, find errors and handle any complaints.
3.4 When we have an obligation according to the law
In certain cases, we also process your personal data when we are obliged by law, e.g. due to accounting rules, or in cases where a traffic accident occurs and there is a claim settlement.
3.5 How long do we store your personal data?
Your personal data is only stored for as long as is necessary to achieve the purpose of the processing, or for as long as we have to store it in accordance with the law. They are then deleted according to our deletion routines.
3.6 To whom we can disclose your personal data
We may disclose your personal data to the following recipients:
- Some of the companies within the same group
- External partners (for example other bus companies that carry out a trip on our behalf)
- Other recipients when required by law, other constitution or authority decision.
Companies that handle personal data on our behalf must always enter into a so-called data processing agreement with us, with the aim that we will be able to ensure a high level of security for your personal data with our partners and suppliers.
If we use partners and suppliers outside the EU/EEA, we take special security measures, e.g. we sign an agreement that includes the standardized model clauses for data transfer adopted by the European Commission, and which can be found available on the European Commission's website.
3.7 How do we protect your personal data
We protect your personal data with technical and organizational security measures. It is e.g. all employees who have access to personal data are prohibited from disseminating the information. Most systems also contain access restrictions, so that as few people as possible have access to information.
The information collected via cookies on our websites is only used for VIP Transport Ålesund's own purposes, i.e. not for third-party purposes. Cookies are sometimes used to collect information that is considered to be personal data, such as e.g. IP addresses and information linked to the IP address, but no personal data that leads directly to you as a person.
Cookies can either be deleted automatically when you close your browser (so-called "session cookies"), alternatively they are stored on your PC to help with future visits to the website (so-called "permanent cookies"). Permanent cookies must also be removed automatically after a specified time.
5. YOUR RIGHTS
According to the current Personal Data Act, you have the right to access, correct and delete personal data. You also have the right to object to our processing, and to lodge a complaint with the supervisory authorities. Some of the rights only apply in certain situations, if we e.g. has a requirement according to law to store certain information, then we cannot delete it.
If you want to exercise any of these rights, or know more about our processing of your personal data, please contact us via firstname.lastname@example.org. If you consider that our processing of your personal data does not take place in accordance with the privacy legislation, you can also complain to the Norwegian Data Protection Authority, which is the supervisory authority in Norway.