Privacy Policy for Nordkyst SeaWalk AS

This privacy policy explains how Nordkyst SeaWalk AS collects, uses, stores, shares, and protects personal data when you use our services, visit our website, contact us, or otherwise interact with us. We are committed to processing personal data in a lawful, fair, transparent, and secure manner.

1. Introduction and company information

Data controller: Nordkyst SeaWalk AS

Address: Sjøgata 12, 9008 Tromsø, Norway

Email: [email protected]

Phone: +47 77 65 84 29

Nordkyst SeaWalk AS operates sea-walk activities and related services. In connection with bookings, customer communication, safety management, administration, and marketing, we may process personal data about customers, potential customers, companions, business contacts, and website visitors.

2. Data collection and processing

We may collect and process the following categories of personal data:

• Identification and contact information: name, address, email address, telephone number, and similar contact details.
• Booking and transaction information: reservation details, payment status, purchase history, invoices, and related correspondence.
• Service and participation information: preferred dates, group size, special requests, language preferences, and information necessary to provide the sea-walk service safely.
• Safety-related information: information you provide about health, mobility, allergies, or other conditions relevant to participation and safety, where necessary.
• Technical information: IP address, browser type, device information, cookies, and usage data from our website or digital services.
• Communication data: inquiries, feedback, complaints, and other messages you send to us.

We generally collect personal data directly from you. In some cases, we may receive data from third parties such as booking platforms, payment providers, travel agents, or business partners acting on your behalf.

3. Purpose of data processing

We process personal data for the following purposes:

• to handle inquiries and provide customer service;
• to manage bookings, payments, cancellations, and refunds;
• to deliver our sea-walk services and related activities;
• to ensure safety, assess suitability for participation, and manage emergencies;
• to comply with legal obligations, including accounting and record-keeping requirements;
• to improve our services, website, and customer experience;
• to send relevant service communications;
• to market our services where permitted by law and, where required, with your consent;
• to establish, exercise, or defend legal claims.

4. Legal basis for processing

We process personal data only when we have a valid legal basis. Depending on the situation, the legal basis may include:

• Performance of a contract: when processing is necessary to provide booked services, manage reservations, or respond to your requests before entering into a contract.
• Legal obligation: when processing is required to comply with applicable laws, including accounting, tax, safety, and consumer-related obligations.
• Legitimate interests: when processing is necessary for our legitimate business interests, such as customer administration, service improvement, fraud prevention, and limited direct marketing, provided your interests and rights do not override those interests.
• Consent: when you have given us clear consent, for example for certain marketing activities, cookies, or processing of special categories of data where required.
• Vital interests: in rare cases where processing is necessary to protect your vital interests or those of another person, such as in an emergency.

5. Data sharing and third parties

We may share personal data with third parties only when necessary and in accordance with applicable law. These may include:

• Payment service providers for processing payments and refunds;
• Booking and IT service providers that support our reservation systems, website hosting, email services, and customer management;
• Accounting and auditing providers for financial administration and compliance;
• Insurance providers where needed to handle claims or incidents;
• Public authorities when required by law or lawful request;
• Business partners and subcontractors involved in delivering the sea-walk service, where necessary for performance of the service.

We require our processors and partners to protect personal data and to process it only according to our instructions and applicable law.

6. Data transfer to third countries

In some cases, personal data may be transferred to or accessed from countries outside Norway and the European Economic Area (EEA). If such transfers occur, we will ensure that appropriate safeguards are in place, such as:

• an adequacy decision by the relevant authorities;
• standard contractual clauses or other approved transfer mechanisms;
• additional technical and organizational measures where necessary.

Where required, you may request more information about the safeguards used for international transfers by contacting us.

7. Storage duration

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. The retention period depends on the type of data and the purpose of processing.

• Booking and customer records: retained for the period necessary to administer the service and handle follow-up matters.
• Accounting and tax records: retained for the period required by applicable law.
• Communication records: retained for as long as needed to respond to inquiries and manage customer relations.
• Marketing data: retained until you withdraw consent or object, or until it is no longer needed.
• Safety-related records: retained for as long as necessary to manage incidents, claims, or legal obligations.

When personal data is no longer needed, we will delete, anonymize, or securely archive it in accordance with applicable requirements.

8. User rights

Subject to applicable law, you have the following rights regarding your personal data:

• Access: you may request confirmation of whether we process your personal data and obtain a copy of that data.
• Rectification: you may request correction of inaccurate or incomplete personal data.
• Erasure: you may request deletion of your personal data where the legal conditions are met.
• Restriction: you may request that processing be restricted in certain circumstances.
• Data portability: you may request to receive certain data in a structured, commonly used, machine-readable format and, where technically feasible, have it transmitted to another controller.
• Objection: you may object to processing based on legitimate interests and to direct marketing at any time.

To exercise your rights, please contact us using the details below. We may need to verify your identity before responding. We will respond within the time limits required by applicable law.

9. Withdrawal of consent

Where we rely on your consent to process personal data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

If you withdraw consent, we will stop the relevant processing unless we have another lawful basis to continue processing.

10. Right to complain

If you believe that our processing of your personal data does not comply with applicable privacy laws, you have the right to lodge a complaint with the relevant supervisory authority. You may also contact us first so that we can try to resolve the matter directly.

11. Data security

We take appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include access controls, encryption where appropriate, secure storage, staff confidentiality obligations, and regular review of our security practices.

While we strive to protect personal data, no system can be guaranteed to be completely secure. We therefore encourage you to take care when sharing information with us, especially over open networks.

12. Contact information

If you have questions about this privacy policy or our processing of personal data, or if you wish to exercise your rights, please contact:

Nordkyst SeaWalk AS
Sjøgata 12, 9008 Tromsø, Norway
Email: [email protected]
Phone: +47 77 65 84 29

13. Changes to privacy policy

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, or our processing practices. The updated version will be published on our website or otherwise made available to you.

We encourage you to review this privacy policy periodically to stay informed about how Nordkyst SeaWalk AS processes personal data.