Personal data processing in Norway is primarily regulated by the Personal Data Act. However, other laws and regulations, such as the Norwegian Accounting Act, also provide guidelines for how personal data shall be processed.
Hurtigruten AS recognizes the importance of protecting the privacy of all information provided by customers. The following policy guidelines are created with respect to customers’ rights to privacy, and to ensure that Hurtigruten AS complies with the Norwegian Personal Data Act and other relevant laws and regulations.
1. Data controller – Hurtigruten AS
Hurtigruten AS is responsible for the data processing of its customers’ personal information, and the daily responsibility for personal data processing in Hurtigruten belongs to the General Manager.
Personal data is used for customer administration, invoicing, marketing, and to fulfil those obligations Hurtigruten has taken on regarding delivering services/products to its customers.
In addition, Hurtigruten uses information about user behavior on the website to measure interest in various areas and improve the websites.
3. Legal basis
Hurtigruten AS is processing personal data to fulfill agreements and to ensure safety for its customers’ according to the Personal Data Act.
4. Types of personal data
Hurtigruten AS collects the following personal data about their customers: Personalia (name, title, date of birth, nationality, language, and gender), contact information (address, telephone number, and e-mail), booking and travel information, handicaps/disabilities and allergies, passport information (explorer travels), next of kin-information, information about purchases on board, and communication with the customer.
5. Where data is collected from
Hurtigruten AS collects information about users by voluntary submission, IP addresses, and cookies.
6. How Hurtigruten handles customer data
Customer profiles consist of a collection of information that Hurtigruten has collected from the customer; such as name, contact information, services used, and previous purchases. Customer profiles are used for maintaining the customer relationship, simplifying the booking for returning customers, and as basis for new product development.
Hurtigruten deletes customer profiles after 10 years of inactivity. Inactivity means that the customer has not made any purchases/bookings, or been unenrolled from receiving marketing material. Customers wanting to have their profiles deleted at an earlier point in time can contact Hurtigruten’s customer service.
Scanning of boarding cards/CruiseCards on board
When making purchases on board, customers are asked to scan their boarding card/CruiseCard. The purpose of this procedure is to collect information for demographic data analysis in order to improve offers/services on board. The information will not be connected to individuals. Scanning is voluntary, unless the customer uses the CruiseCard as a purchase card.
When the CruiseCard is used as a purchase card on board, information regarding purchases will be connected to the customer. The information will only be used for billing purposes.
Video surveillance and telephone recordings
When customers call Hurtigruten to make bookings, they are asked to accept that the phone call is recorded. Recordings are used for internal training and as documentation of the entered agreement. The recordings are stored for 5 years.
Hurtigruten uses video surveillance to ensure safety and law-abidingness on board ships. Surveillance tapes will be deleted within 7 days, unless special incidents, such as accidents or criminal offences, have occurred.
In order to improve the customer experience, Hurtigruten sends customers a feedback form after completion of their travel. It is voluntary to reply, and answers are registered anonymously. The survey is administered by a third party, who is restricted from using customers’ contact information to anything other than this specific purpose.
7. Internet use
Internet use and IP addresses
When people use the Internet, they leave electronic traces that show which pages they have visited. When users visit Hurtigruten’s websites, the server automatically logs the user’s IP address. An IP address is a number that is automatically assigned to the computer when people surf the Internet. Hurtigruten does not use this information to identify individuals, but they log the time spent on the site.
Secure data connection
Billing information provided by the customer through hurtigruten.no, is transmitted using SSL (Secure Socket Layer) encryption. SSL is a proven coding system that lets the customer’s browser automatically encrypt, or scramble, data before it is sent to Hurtigruten - ensuring that all personal information is as safe as possible.
8. Information exchanged to third parties
Hurtigruten passes customer information on to third parties; such as airlines, ships, hotels, and transport companies etc. that are involved in the customer’s travel plans. Information may also be given to third parties for credit rating, public authorities, or as required by law. Information will never be given to private individuals or companies not directly responsible for part(s) of the customers’ travel.
9. Data protection
Hurtigruten uses reasonable precautions to keep the personal information disclosed secure. Hurtigruten has put in place appropriate physical, electronic, and managerial procedures to prevent unauthorized access, maintain data accuracy, and ensure correct use of information.
10. Customers’ rights
Registered customers at Hurtigruten have a right to be informed about what data Hurtigruten processes about them. Customers can contact Hurtigruten’s customer service to get access to this information. Hurtigruten will reply as soon as possible, and at the most 30 days after receiving the request.
Registered users can change or update various pieces of personal information through My Page on hurtigruten.no. Beyond this, customers can contact Hurtigruten’s customer service with requests to have incorrect data rectified, supplemented, or deleted.
Hurtigruten may periodically emit e-mail newsletters to users about new cruises, special promotions, services, or other news using e-mail addresses provided at registration or otherwise. Upon request, Hurtigruten will remove users (and their information) from their database or permit them to “opt-out” of any further e-mail newsletters lists. If users receive any such e-mail messages they do not wish to receive again in the future, they shall notify: firstname.lastname@example.org.
11. Contact information
Visiting address: Fredrik Langes gate 14, Postbox 6144, 9291 Tromsø
Phone number: +47 970 57 030