This privacy statement describes how Hunderfossen processes your personal information. Hunderfossen’s app, website, online store and booking is owned by Hunderfossen Familiepark AS, Fossekrovegen 21, 2625 Fåberg, organization number 981711041
1. Roles and contact information
Hunderfossen Familiepark AS is concerned with respecting your privacy. If you do not agree with how we process your personal information or have questions about the processing, you can send an inquiry to us where you describe what the case is about. Use ourcontact form
According to the Personal Data Act, Hunderfossen Familiepark AS has the role of data controller for visitors to the parks and on the website and for users of the online store, booking and app.
Hunderfossen Familiepark AS will also be responsible for processing our social media (Facebook page, Youtube, Vimeo, Instagram)
When booking accommodation and accommodation-related products, the personal information is handed over to Hunderfossen Familiepark AS, which will have the role of data controller in these cases. If information about you is disclosed to other partners, the partner will have processing responsibility for this information.
See section “Who do we share information with” below for further information.
You can complain about how Hunderfossen Familiepark AS processes your information to the Data Inspectorate: e-mail: email@example.com and telephone +47 22 39 69 00.
2. Basis for treatment
We only process personal data if it is necessary to carry out our agreement with you, we have a legitimate interest in the processing, the processing is imposed on us by law or other legal basis is available. Our legitimate interest is to be able to provide you with the best possible service and market our services and products, both before, during and after your park visit.
Any treatment beyond this requires your consent. You can withdraw your consent at any time without prejudice to the lawfulness of any treatment based on the consent before the consent is withdrawn. This does not prevent us from using data processors to process personal data on our behalf (pursuant to a data processor agreement).
Norwegian law applies.
3. The purpose of collecting personal information
The purpose of the website, app and other electronic platforms is to be able to offer information about Hunderfossen and our products, purchase of goods and services, provide customized communication, benefits and offers, and to build general knowledge about purchasing trends and how we can improve our services based on the use of these. See here the terms you accept when you buy from us.
The processing of the information about you is based both on the consent (s) you have given and the other processing bases we have and are processed in accordance with the Personal Data Act, the Accounting Act and any other relevant laws.
4. What information is collected
Hunderfossen processes the personal information you have provided, such as name, address, e-mail, telephone number. We process information from your purchases such as traded amounts, products, date / time and where the purchase was made. Use of products (for those that are relevant) is also registered with date / time.
In connection with the annual card, photos are also collected to be able to identify and check ownership of the annual card.
We also collect your response to general campaigns, customized coupons / messages, e-mail and SMS mailings, logged in activity online and in the app, as well as location data / movement data. The latter is anonymized immediately.
When you contact us via message on Facebook / Twitter, email and contact form, these messages are also registered and processed. This can also apply when you contact us by phone regarding accommodation or other questions.
Through Facebook Insight, Hunderfossen receives anonymous information about e.g. gender, age, place of residence, language, etc. We can also see how many people have visited our pages (Eventyrparken, Barnas Gård, Hunderfossen Hotel & Resort, Hunderfossen Camping) and how many have been reached through posts in a selected time period.
The legal basis for the anonymised processing is based on legitimate interest according to GDPR article 6 letter f. The anonymised target groups contribute to Hunderfossen receiving real and focused feedback on how our information and marketing on our Facebook fan pages is received by followers and users of Facebook . That way, we can understand our customer group better and also improve ourselves, but without this affecting your privacy.
Hunderfossen will also process personal information associated with likes, shares and followers on our pages and our page activities. The processing of this is based on your consent and you can at any time remove your own likes, shares and stop following our fan pages. You can choose which marketing you will be exposed to in Facebook’s pages here.
Facebook mainly has its servers in the EU, but when transferring personal data to a server outside the EU, this will be done based on other legal bases for the transfer of personal data outside the EU and Switzerland, such as the EU model contract clauses or Privacy shields framework.
5. How Hunderfossen uses your information
Hunderfossen uses the information you have registered, and information that arises through purchases, so that we can deliver the goods and services you have purchased from us. This also involves checking the validity of purchased ticket and / or booking product. This is done by registering the use of the products to ensure that they are not used more than permitted and by checking the ownership of the annual card using the photo and date of birth.
Hunderfossen uses the information to provide you with offers, communication, surveys and important messages in line with what you have purchased and the consents you have given or according to the legitimate interest we have. We analyze purchase history to give you relevant offers and suggestions for shopping lists with frequently purchased products.
In the app, we send out messages in connection with the visit to Hunderfossen, if you have given your consent. There may be notifications about activities and experiences, commercial offers or questions about giving feedback on experiences. We adapt the messages based on location (where you are in the park and which areas you have visited), ticket purchases and favorite activities stored in the app. Location data can also be used for retargeting and marketing in digital channels. You can refrain from this, by checking this under “Settings” in the app.
Hunderfossen uses purchase history and movement history in the form of aggregated data to analyze trends and responses to campaigns, and to optimize the range and operation of Hunderfossen, our website, online store and booking. Then personally identifiable information is not used.
6. Who does Hunderfossen share information with (disclosure and data processors)
Personal information about you will not be disclosed to others unless there is a legal basis for such disclosure, for example if the disclosure is necessary to fulfill agreements with you.
Examples of this are:
– Hunderfossen Booking (Hunderfossen Hotel & Resort, Mølla Hotell, HafjellKvitfjell Booking, Birkebeineren Hotell and Scandic Hotell Hafjell) in the cases where you have booked accommodation here. Hunderfossen Booking AS then sends personal information such as name, address, contact information, what you have bought and what you have paid.
– Eidsiva AS, in those cases where you have ordered a ticket for Eidsiva Day. Then we send personal information such as name, e-mail address and number of tickets that have been retrieved.
In some cases, data processors (subcontractors) are used who process data on our behalf. In such cases, data processor agreements have been entered into that set the framework for how the data processor is to process the personal data on our behalf. We have data processors within hosting, operations, system suppliers (eg customer inquiry system, SMS and e-mail sending system).
In the main, the processing of personal data about you takes place within the EU / EEA area. In cases where a data processor established outside this area is used, the data processor has provided sufficient guarantees for the processing of personal data.
Hunderfossen may in certain cases, regulated by legislation, also disclose information to the authorities.
7. Security measures
The protection of your personal information is a high priority with us. Hunderfossen works continuously to protect your personal information and other confidential information. Our security measures include physical, technical and administrative measures.
Our employees and consultants receive training and guidance on how to handle personal information in a secure manner. We have routines and access control to prevent unauthorized loss or disclosure of your personal information. We also have procedures and measures that prevent the loss and destruction of the systems that store personal data. We ensure that the processing of personal data is done correctly and securely, and that the processing is protected against malicious software.
We ensure that personal information is protected in connection with transfer both internally and externally. We ensure that any external party that handles the data meets a satisfactory level of security. Any threats to data security are handled efficiently as the security and protection of your personal information is part of the daily work in our business. We comply with the requirements for the protection and security of personal data that follow from current privacy legislation.
Any breach of our security routines is documented and we have procedures and capacity to detect and deal with security breaches. If a security breach is discovered, this will be reported to management, the risk of security breaches will be assessed, and the Norwegian Data Protection Authority will be notified if necessary. You will also be notified as a user if the security breach poses a risk to you and your rights.
8. Storage time
Personal information about you is only stored as long as there is a factual need to use the information. The storage time will thus depend on the type of information and processing purpose when the information is deleted: some information may be deleted shortly after it was collected, other information will be deleted when you have visited us, while some will be deleted some time after your visit. Anonymous data does not have a deadline for deletion.
Here are some of the criteria that are used when deciding how long personal information should be stored:
– Whether further processing of the information after your visit will be necessary as a result of any claims, objections or other type of dispute. It is normally deleted within 13 months of the inquiry and is assessed annually if the need to store it for longer arises.
– If we are obliged to store the information in accordance with current legislation, such as the Accounting Act. According to the Accounting Act, we have a duty to store certain types of information for up to 5 years after the end of the financial year.
– Some information is deleted or anonymised shortly after it was collected because there is no longer a need for the information. Examples of such information are logs from the IT systems. Many of these processes take place automatically in the respective IT systems Hunderfossen has.
Hunderfossen has prepared internal routines for storage and deletion for each system that processes personal data.
You have, among other things:
– the right to access the use of your personal data (Personal Data Act §1, cf. GDPR article 15) – read more in the article about this ondatatilsynet.no – the right to disclose your personal data (Personal Data Act §1, cf. GDPR article 20) – read more in the article about this on datatilsynet.no – right to request correction of information (Personal Data Act §1, cf. GDPR article 16) – read more in the article about this on datatilsynet.no – the right to have your personal data deleted (Personal Data Act §1, cf. GDPR article 17) – read more in the article about this on datatilsynet.no – the right to limit the processing of your personal data (Personal Data Act §1, cf. GDPR article 18) – read more in the article about this on datatilsynet.no – the right to protest against the processing of your personal data (Personal Data Act §1, cf. GDPR article 21) – read more in the article about this on datatilsynet.no
You can control your consents and choices when you are logged in to the Hunderfossen app. Other stored information can be obtained by contacting us (you will find a link to the contact form at the bottom of this page).
If you delete your user, all information about you will be deleted in addition to the information required by the Accounting Act. If your user has been passive for three years, all personal information beyond what is required by the Accounting Act is also deleted. When the Accounting Act’s requirements for storage have expired, all information about you will be deleted, but unless you still have an active user with us.
You are entitled to a response from us as soon as possible and no later than within 30 days after we have received the necessary information from you.
10. Changes to consent and privacy statementg
Hunderfossen may change terms of consent and privacy statement to comply with new legal requirements, and due to changes in our own practice for the collection and processing of personal data. In the event of changes that require consent, you will be asked to consent to new terms when you log in to the relevant service. Information about other changes will be provided at hunderfossen.no/personvern.
Drag files to upload. Optionally click here to select files.