1 Introduction
Visit Lillehammer is strongly committed to safeguarding your privacy. This Privacy Policy explains our policy for the collection and use of information about you.
This Privacy Policy applies to our collection, use and processing of your personal data. We collect, use and process your personal information when you use our service. This includes when you use our website, book a travel, or communicate with us by phone, e-mail, social media or alike. When booking your trip, an addition to the Privacy Policy will be made available for you upon booking.
In this Privacy Policy, we explain how we are processing your personal data, what category of personal data these activities involve, the purpose and the legal basis for these processing activities. We also explain when and why your personal data are disclosed to a third party.
We also inform you of your rights related to our processing of your personal data in this Privacy Policy, and any transfer we may make of your personal data.
From time to time, we may update or amend this Privacy Policy to reflect new or different privacy practices. Your continued use of our products, applications, services and websites that are subject to this Policy will signify your acceptance of any and all changes to this Policy made by us from time to time.
2 How we use your personal data
In this section we have set out:
the general categories of personal data that we may process
the purposes for which we may process personal data; and
the legal basis for the processing
We will process your personal data in accordance with Norway’s Data Protection Legislation. We maintain strict security standards and procedures with a view to preventing unauthorized access to your data by anyone, including our staff. We use leading technologies such as (but not limited to) data encryption, fire walls and server authentication to protect the security of your data. For all of our staff and whenever we hire third parties to provide support services, we will require them to observe our privacy standards and to allow us to audit them for compliance.
2.1 Marketing
Aiming to help you make the most of the offers provided by us, we will send you or in other ways make you aware of various activities and offers via email, which may include newsletter, unique offers based on your preferences, or information on other special or seasonal offers. For this purpose, we will process your e-mail address, campaign participation history.
Visit Lillehammer strives to be as relevant as possible for each customer across different digital channels. If you have visited our website, we may present relevant offers to you on other digital media based on your web clicks. Anonymized IP in cookies will be processed for this purpose. When you visit our website, we will use your on-line behaviour in order to present relevant offers through our internet portals, campaign and in other digital media. This type of data may also be shared with Visit Lillehammer AS’ stakeholders in the region’s tourism industry.
You are free to delete your personal data used for marketing by deleting your profile on the account page. As for anonymous user cookies, they are not identifiable to a specific person but will nonetheless be deleted according to industry practice, or by yourself - see chapter 9 of this privacy policy.
The legal basis for processing your personal data is your consent and our legitimate interests to operate and improve our business.
2.2 User Generated Content – Social Media
If you use any of our social network pages or applications or you use one of our products or services that allow interaction with social networks, we may receive information relating to your social network accounts. For more information and for details about how you can control access to your social network profile, you should view the privacy policy and other guidance available on your social network’s website.
The legal basis for processing is legitimate interest.
2.3 Legal Obligation
In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with regulatory and legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3 Providing your personal data to others
We may use other third-party service providers to provide certain data processing services for us (acting as our authorized data processors). Examples of authorized data processors could include IT solution providers, data analytics providers who process information on our behalf. For example, we may use the services of third parties to personalize content, send emails, provide marketing assistance and provide customer services.
When acting as our authorized data processors, our service providers are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.
In addition to the specific disclosures of personal data set out in this section, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
4 International transfers of your personal data
We store your data on our secure servers in the United Kingdom and retain it for a reasonable period or as long as the law requires. However, your data may be transferred to, stored at, and processed at a destination inside or outside the European Economic Area by our partners or service providers. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
5 Retaining and deleting personal data
We have implemented technical, physical and organizational measures to prevent personal data from being lost or unauthorized access to data. We keep the information encrypted where necessary.
Visitor information is deleted / anonymized on a continuous basis. Other information we receive from you will be deleted when we no longer need to store them.
6 Links to third-party sites
On our website we link to third party websites that are not operated by us. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices of those third-party websites. We strongly encourage you to view the privacy and cookie policies displayed on those third-party websites to find out how your personal information may be used.
7 Changes and amendments
From time to time, we may update or amend this Privacy Policy to reflect new or different privacy practices. We invite you to review the latest version of this Privacy Policy.
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by email or through private messaging system or via our website.
Your continued use of our products, applications, services and websites that are subject to this Policy will signify your acceptance of any and all changes to this Policy made by us from time to time.
8 Your Rights
You have the right to request access, rectification, restriction and deletion of your personal data held by us, and to receive a copy of your personal data in a structured machine-readable format. Inquiries regarding processing of personal data and access request shall be directed to the point of contact provided below.
You also have rights to object to some processing and, where we have asked for your consent to process your data, to withdraw this consent. Where we process your data because we have a legitimate interest in doing so (as explained above), you also have a right to object to this. These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data.
Please note that withdrawal of any consent does not affect the lawfulness of the processing that has taken place based on consent given prior to the withdrawal.
9 Cookies
By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.
9.1 About Cookies
A cookie is a simple text file that is stored on a user’s computer (or mobile device) that is created when a user visits a website using a program called a browser (Chrome, Internet Explorer, Firefox or Safari).
A cookie isn't a program itself and doesn't actively do anything on a user's computer. A cookie cannot be used to identify a user personally, but they do contribute to improving a user's experience of a website.
A cookie simply allows the website to read the contents of the cookie text file. The text file itself simply contains a unique identifier code; the site name and some digits and numbers.
9.2 Why are Cookies used?
Our cookies are used to customize the web pages to your use and your settings, as well as to conduct anonymous surveys of user behaviour on the web pages and record the number of visitors. Cookies can also be used for user-targeted marketing in accordance with applicable laws.
Most websites will use cookies in order to improve the user experience by enabling the website to ‘remember’ the user, either for the duration of the visit or for repeat visits.
Cookies do lots of different jobs, such as:
remembering what items a user may have added to a shopping basket or an itinerary as the user moves between pages on a website
saving a user's preferences to allow them to customise a website
measuring what users do on a website to ascertain which parts of a website are popular, how long they spend on a website, how often users return, where they come from etc
We process visitor information, information that the server automatically generates when someone visits our site. This typically includes which pages have been downloaded, time, which page you came from, device type (e.g., iPhone), browser type, and operating system. Visitor information is used anonymously, for the purpose of operating and further developing web pages.
9.3 What Cookies are used by this site?
Cookies are set by this website (first party cookies) but may also be set by other websites (e.g. You Tube) that run content on the website’s pages (third party cookies).
This website uses Google Analytics to collect information about users so that at any time we can provide the best possible functionality and develop our information services. This information is taken from the computer's web browser and may include your IP address, operating system, browser, screen resolution and previous website. We also use cookies to do targeted marketing (e.g. banners, posts in Social Media).
Cookies can be set to remember a visitor for the duration of their visit (session cookies) or to remember a visitor for repeat visits (persistent cookies). Most cookies have an expiration date, and will be automatically deleted after a given period.
To read more about cookies, including how to opt out of accepting cookies on your computer, see for example: allaboutcookies.org/manage-cookies/ and Google Analytics
10 About Us
The website is owned and operated by Visit Lillehammer AS
We are registered in Norway under registration no. 979 776 101 and our registered office is at Jernbanetorget 2, 2609 Lillehammer, Norway.
Contact us: Email: info@lillehammer.com
Effective date: July 11th, 2018 / Last updated: August 13th, 2019