Privacy Policy
1. Introduction and Company Information
This Privacy Policy explains how Fjellstien Opplevelser AS collects, uses, stores, shares, and protects personal data when you use our services, visit our website, contact us, or otherwise interact with us. We operate a hiking and outdoor activity business and are committed to handling personal data in a lawful, fair, transparent, and secure manner.
Data Controller: Fjellstien Opplevelser AS
Address: Fjellveien 18, 0156 Oslo, Norway
Email: [email protected]
Phone: +47 22 84 73 19
2. Data Collection and Processing
We may collect and process the following categories of personal data, depending on how you interact with us:
- Identification and contact details: name, address, email address, telephone number, and emergency contact information.
- Booking and transaction information: reservation details, payment status, invoices, and service history.
- Participation and safety information: age, fitness-related information you choose to provide, dietary preferences, medical or accessibility information relevant to safety, and special requirements for hiking activities.
- Communication data: messages, inquiries, feedback, complaints, and correspondence with us.
- Technical data: IP address, browser type, device information, log data, and website usage data.
- Marketing preferences: consent choices and communication preferences.
We generally collect personal data directly from you, for example when you make a booking, contact us, subscribe to updates, complete forms, or participate in our activities. In some cases, we may also receive data from third parties such as payment providers, booking platforms, or business partners.
3. Purpose of Data Processing
We process personal data for the following purposes:
- To manage bookings, registrations, and customer accounts.
- To provide hiking and related outdoor services.
- To communicate with you before, during, and after our services.
- To ensure safety, assess suitability for activities, and respond to emergencies.
- To process payments, refunds, and accounting records.
- To comply with legal obligations, including bookkeeping, tax, and safety requirements.
- To improve our services, website, and customer experience.
- To send marketing communications where permitted and, where required, with your consent.
- To prevent fraud, misuse, and unauthorized access.
4. Legal Basis for Processing
We process personal data only where we have a valid legal basis. Depending on the context, our legal bases may include:
- Performance of a contract: to provide booked services and manage customer relationships.
- Legal obligation: to comply with applicable laws and regulatory requirements.
- Legitimate interests: to operate and improve our business, maintain security, prevent fraud, and communicate with customers in a reasonable manner.
- Consent: for certain marketing activities, optional cookies, or processing of sensitive information where consent is required.
- Vital interests: where necessary to protect the life or physical safety of a person, for example in an emergency during a hiking activity.
5. Data Sharing and Third Parties
We may share personal data with trusted third parties when necessary for the purposes described in this policy. These may include:
- Payment service providers for processing payments and refunds.
- IT and hosting providers for website operation, storage, and communication services.
- Booking and reservation platforms used to manage customer registrations.
- Professional advisers such as accountants, auditors, lawyers, and insurers.
- Public authorities where disclosure is required by law or necessary to protect rights, safety, or property.
- Emergency services or medical personnel if needed during an activity for safety reasons.
We require third parties to handle personal data securely and only for the purposes we specify, in accordance with applicable law.
6. Data Transfer to Third Countries
Some of our service providers may process personal data outside Norway, the European Economic Area (EEA), or in countries that may not provide the same level of data protection. Where such transfers occur, we will take appropriate safeguards to protect your personal data, such as relying on adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms permitted by applicable privacy law.
7. Storage Duration
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Retention periods may depend on the type of data and the purpose of processing.
- Booking and contract data: retained for the duration of the customer relationship and for a reasonable period thereafter.
- Accounting and tax records: retained for the period required by applicable law.
- Communication records: retained as long as needed to handle your inquiry or resolve a dispute.
- Marketing data: retained until you withdraw consent or object, where applicable.
- Safety-related information: retained only as long as necessary for the activity and any related legal or insurance requirements.
When personal data is no longer needed, we will delete, anonymize, or securely archive it in accordance with applicable law and internal retention procedures.
8. User Rights
Subject to applicable law, you may have the following rights regarding your personal data:
- Access: to request confirmation of whether we process your personal data and to receive a copy of that data.
- Rectification: to request correction of inaccurate or incomplete personal data.
- Erasure: to request deletion of your personal data in certain circumstances.
- Restriction: to request that we limit the processing of your personal data in certain situations.
- Data portability: to receive certain data in a structured, commonly used, machine-readable format and, where technically feasible, have it transmitted to another controller.
- Objection: to object to processing based on legitimate interests and, where applicable, to direct marketing.
To exercise your rights, please contact us using the details provided below. We may need to verify your identity before responding. We will respond within the time limits required by applicable law.
9. Withdrawal of Consent
Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal. If you withdraw consent, we may no longer be able to provide certain optional services or communications.
You may withdraw consent by contacting us at [email protected] or by using any unsubscribe or preference-management options we provide.
10. Right to Complain
If you believe that our processing of your personal data violates applicable privacy laws, you have the right to lodge a complaint with the relevant supervisory authority. In Norway, this is the Norwegian Data Protection Authority (Datatilsynet).
We encourage you to contact us first so that we can try to resolve your concern directly and promptly.
11. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption where appropriate, secure storage, staff confidentiality obligations, and regular review of our security practices.
While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We therefore cannot guarantee absolute security.
12. Contact Information
If you have questions about this Privacy Policy or our processing of personal data, or if you wish to exercise your rights, please contact us:
Fjellstien Opplevelser AS
Fjellveien 18, 0156 Oslo, Norway
Email: [email protected]
Phone: +47 22 84 73 19
13. Changes to Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or other operational needs. Any updated version will be published on our website with a revised effective date where appropriate.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.