Privacy Policy

Nordisk Opplevelse AS (org.no. 935 112 761) want you to be familiar with how we collect, use and disclose personal data. In this privacy policy we will explain which personal data we collect and process, for which purposes we process your data and provide information about your rights. You can find more information about data protection on the Norwegian Data Protection Authority’s website http://www.datatilsynet.no.

1. What is personal data?

Personal data is any information that can be directly or indirectly linked to a natural person, such as name, postal address, e-mail address, IP address and mobile number.

2. Who is responsible?

Nordisk Opplevelse AS is the responsible data controller for the processing of personal data, for the purposes set out in this privacy policy. We must process your personal data in accordance with our obligations under current privacy legislation, including the EU’s General Data Protection Regulation (“GDPR“). The contact information for Nordisk Opplevelse is:

Postal address: Finnvolldalsveien 1244, 7896 Brekkvasselv

Email: info@parknordica.no

3. Who do we process personal data about?

This privacy policy covers the processing of personal data concerning the following groups of people:

Those that visit our website.
Customers and park visitors.
Recipients of email marketing, including alerts and newsletters.
Applicants for vacant positions.
Those that contact our customer service.
Other individuals that we interact with.

4. What personal data do we process?

The categories of personal data which we collect and process are as follows:

Basic information such as name and contact details, including phone number and email address.
Demographic information, such as date of birth.
Information about your customer relationship, such as booking and payment information and inquiries to customer service.
Information regarding your visit to our websites (including date and time, what type of PC/mobile phone, operating system and the browser you use, IP addresses, screen size etc.)
Photographs and video recordings in which park visitors are identifiable.
Any other information collected on the basis of your consent. In that case, you will receive specific information about what information we collect and what it is used for when we ask for your consent.

5. how do we collect your personal data?

We can collect your personal data in various ways:

We receive personal data directly from you when you use our web shop to order tickets, or otherwise contact us. This information is necessary for us to be able to deliver the tickets you have ordered or to follow up on your inquiries.
We receive personal data indirectly from you when you use our services, for example our websites through cookies and other similar technologies. The collection is based on your consent pursuant to GDPR Article 6(1)(a) and Section 3-15 of the Norwegian Electronic Communications Act. This information is important in order to be able to improve and further develop the services we offer you. Certain technical information (e.g. IP address or HTTP data) may be processed without your consent when this is strictly necessary for the website to function. You can read more about how we use cookies and similar technologies in sections 7 and 13.
We receive personal data from our photographers when you visit our park. Photographies and video recordings may subsequently be published on our website, social media channels and other marketing materials. You have the right to object to use of photographies and video recordings in which you are identifiable by notifying the relevant photographer or by contacting us as described in section 15.

It is voluntary to share your personal data with us. However, certain information may be necessary to be able to carry out any agreement that you have entered into with us, including, among other things, information that is used in connection with invoicing.

6. What is our legal basis for processing personal data?

According to the current privacy legislation, we must have a legal basis for our processing of personal data. Our processing is based on one or more of the following bases:

You have given your consent to the processing of your personal data for one or more specific purposes (GDPR Article 6(1)(a).
The processing is necessary for the performance of a contract with you (GDPR Article 6 (1) b).
The processing is necessary for compliance with a legal obligation to which we are subject, including, for example, storing information in accordance with accounting legislation (GDPR Article 6 (1) c).
The processing is necessary for the purposes of the legitimate interests pursued by the us, except where our interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (GDPR Article 6 (1) f).

If our processing of personal data is based on your consent, you have the right to withdraw your consent at any time.

7. For which purposes do we process your personal data?

We collect and use personal data for various purposes. Below you can read more about what personal data we process, what we use it for (the purpose) and why we are authorized to do so (the basis for processing).

Purpose	Processing activity	Categories of personal data	Lawful basis for processing
Deliver our booking services to customers	Process orders: We process personal data to provide and deliver our online booking services, manage orders and carry out transactions, including handling payments.	• Name and other contact details (email address, telephone, etc.) • Demographic information, including date of birth and whether you are eligible for a child/student/senior ticket • Order information, including order ID • Content of messages or other communication in relation to the placement of an order • Payment details (e.g. credit card number) processed via our third party payment provider. • Billing information	Article 6(1)(b) – necessary for the performance of a contract.
Customer support	Customer support Assist with resolving any questions or issues you may have with our booking services	• Contact information, • Details of the inquiry, communication history • Booking information • Information on customer’s technical equipment or software • Error messages	Article 6(1)(f) – Our legitimate interest in providing customer service
Marketing and commercialisation	Direct marketing: We may send you newsletters and information about our park that we believe may be of interest to you, based on your previous orders and/or other interactions with us, either via email, phone or SMS.	• Contact details, • Information on previous orders • Communication preferences	Article 6 (1) (a) – Consent
Marketing and commercialisation	Publication of photography and videography from the park: We may record, use and publish situational images and films recorded by our photographers in the park.	• Photographies • Video recordings	Article 6(1)(f) – Our legitimate interest in marketing our services.
Improve and/or customize our website and services	Statistics and analysis: We may collect and use your personal data to improve our services, and to provide a better experience by understanding and analyzing your purchase and usage patterns.	• Transaction data (data on purchases, frequency, value, and type of tickets purchased) • Demographic data (age, gender) • Behavioural data (patterns in purchasing behaviour)	Article 6(1)(f) – Our legitimate interest in conducting statistics and analysis.
Improve and/or customize our website and services	Website improvement: We will process your personal information when you use our website by logging customer behavior patterns.	• Name • Username • Information collected through cookies when you visit our website (including date and time, what kind of PC/mobile phone you use, operating system and browser, screen size, behavioral patterns etc.)	Article 6(1)(f) – legitimate interests in improving and further develop the service we offer you.
Recruitment	Processing job applications: We may process job applications to assess candidates’ suitability for a position with us and to conduct the recruitment process.	• Personal details provided in your application and CV • Additional information you choose to share with us during the application process • Names and contact details of the references you provide	Article 6(1)(f) – Our legitimate interest in recruitment and Article 9(2)(a) if there are special categories of data being processed.
	Conducting interview process: Conduct and evaluate interviews as part of the recruitment process, with the goal of identifying the most qualified candidate for the position.	• Statements from references • Assessments	Article 6(1)(f) – Our legitimate interest in recruitment.
Protection against fraud and data security breaches	Monitoring: Monitoring the use of our website and booking solution to detect and prevent various types of fraud or security breaches.	• Metadata (including timestamps, user identifiers, IP addresses, browser and device details, session data, etc).	Article 6(1)(f) – Our legitimate interest in maintaining information security.
Compliance with various legal requirements.	Processing to fulfil a legal obligation: We process personal data to fulfil our legal obligations, for example, in connection with accounting and to provide information to the competent authority when this is required of us according to applicable legislation.	• All categories of personal data that are strictly necessary to fulfil our obligations.	Article 6(1)(c) – necessary for compliance with a legal obligation.
Other purposes	We will be able to process your personal data for any other purpose to which you have specifically consented.		Article 6 (1) (a) – Consent

8. How do we Keep your personal data safe and secure?

We have established routines and measures to ensure that unauthorized persons do not gain access to your personal information and that all processing of the information otherwise takes place in line with current legislation. The measures include, among other things, regular risk assessments, technical systems and physical procedures to safeguard information security and routines to verify access and correction requests.

9. who do we disclose personal data to?

Any company that processes your personal data on our behalf is called a data processor. If we engage a data processor, we enter into a data processor agreement that regulates how the data processor can process the information they gain access to and their duties in that regard, including for what purposes the personal data can be used.

We may share personal data with selected partners acting as either processors, independent controllers, or joint controllers together with us. This includes our booking system provider Axess and any payment service provider chosen in the Axess checkout (e.g. credit card provider, PayPal etc.).

We will also be able to share personal data with public authorities where there is a statutory disclosure obligation.

10. Do we transfer personal data to other countries?

We may transfer your personal data to countries and/or organizations outside the EU/EEA area (so-called third countries). If such transfers occur, for example, if one of our data processors transfers personal data to sub processors outside the EU/EEA area, we will ensure before the transfer that it is carried out in accordance with the requirements set out in GDPR Chapter V. If this is the case, the transfer will take place on the basis of and adequacy decision by the European Commission, where such is available, or by us entering into an agreement based on the EU’s standard contractual clauses (“Standard Contractual Clauses”) with the recipient of the personal data.

11. How long do we store personal data?

We store your personal data for as long as is necessary for the fulfilment of the above-mentioned purposes for the processing of the data. This means, for example, that personal data we process based on your consent will be deleted when the consent is withdrawn. If the basis for processing is our legitimate interest, the information will be deleted when such legitimate interest no longer exists.

When determining the retention period, we place particular emphasis on the duration of our legal requirements or contractual relationship with you, the nature of your relationship with us, the need to process your data, your expectations and the risk of harm.

Normally, personal data is deleted immediately once a recruitment process or a customer relationship has ended. Information stored in accordance with legal obligations is deleted when the obligation ceases. Accounting legislation otherwise requires us to store certain accounting documents for a specified period of time, generally 3.5 years or 5 years.

Anonymized information is not subject to restrictions regarding processing, as it can no longer be directly or indirectly linked to an individual.

12. what are your rights?

The privacy legislation gives you a number of rights, including the right to access, rectify and erase the personal data we have stored about you.

We strive to ensure that the personal data we have stored about you is correct and up-to-date. If you discover that the information we have stored about you is incorrect, we encourage you to contact us. This also applies if you want the stored data to be deleted.

Regarding the right to erasure, note that it does not apply to information that is necessary to provide a service you wish to use or that we are legally required to retain for a specific period.

You also have the right to data portability. This means that, among other things, you have the opportunity to extract your personal data in a machine-readable format.

Furthermore, you have the right to object to the processing of personal data where this is based on GDPR Article 6(1)(e) or (f).

You also have the right to receive a copy of the personal data we have registered about you, with some exceptions. In order to ensure that personal data is handed over to the right person, we may require that access requests are submitted in written form and that identity is verified.

If you believe Nordisk Opplevelse AS does not comply with this privacy policy or the applicable legislation, you can send us a complaint. You can also complain to the Norwegian Data Protection Authority (“Datatilsynet”).

You can read more about your rights on the Norwegian Data Protection Authority’s website: www.datatilsynet.no.

13. how do we USE cookies?

We use cookies and similar technologies on our websites. You can read more about how we use cookies on www.park-nordica.com.

14. How do we notify you if changes are made to this privacy policy?

Our services are in continuous development. We may therefore need to update our privacy policy. If the privacy policy is subject to updating, the updated privacy policy will be made available on our website www.park-nordica.com.

15. how to get in touch with us

If you have questions regarding how we process your personal data or wish to exercise your rights, you can contact us by sending an email to info@parknordica.no.