Privacy Policy

Your privacy matter to Namdal Bruk AS. It is important for us that you understand how we manage your personal data. In this privacy policy we will explain which personal data we collect and process, for which purposes we process your data and provide information about your rights.

  1. What is personal Data?

Personal data is any information that can be directly or indirectly linked to a natural person, such as name, postal address, e-mail address, IP address and mobile number.

  1. Who is responsible? 

Namdal Bruk AS ("Namdal Bruk"), Prost Tvetes vei 7, 7892 Trones, represented by the chief executive officer (CEO) Niklas Roland Marcus Jansson, is the data controller responsible where we determine the purpose and the means for the processing of personal data as set out in this privacy policy. 

As the data controller we must process your personal data in accordance with our obligations under current privacy legislation, including the EU's General Data Protection Regulation ("GDPR").

  1. Who do we process personal data about?

This privacy policy covers the processing of personal data concerning the following groups of people: 

  • Those that visit our website 

  • Customers of Namdal Bruk 

  • Individuals recorded by our surveillance cameras covering access to certain roads 

  • Applicants for vacant positions 

  • Those that contact our customer service

  • Other individuals that we interact with

  1. What personal data do we process? 

We normally collect and process the following categories of personal data:

  • Personal information such as name and age

  • Contact details such as e-mail address and domicile  

  • Information about your customer relationship, such as bookings, billing information and inquiries to customer support

  • Information about the service you have ordered such as dates of reservation, location for stay, prices, comments and any preferences 

  • Information regarding your visit to our websites (including date and time, what type of PC/mobile phone, operating system and the browser you use, IP addresses, screen size etc.)

  • Personal data recorded by our surveillance cameras located at the access point to private roads such as the license plate 

  • Any other information collected on the basis of your consent. In that case, you will receive specific information about what information we collect and what it is used for when we ask for your consent.

  1. how do we collect your personal data?

We collect your personal data in various ways:

  • We receive personal data directly from you when you order our services or otherwise interact with us. This information is necessary for us to be able to deliver the service you have ordered or to follow up on your inquiries.

  • We receive personal data indirectly from you when you use our services, for example our websites. This information is important in order to be able to improve and further develop the services we offer you.

  • We receive personal data from third parties when you come into contact with our partners via distribution channels that are connected to our distribution channels, or if your information is available in public registers. This information is important for us to be able to improve and adapt the services we offer you.

It is voluntary to share your personal data with us. However, certain information may be necessary to be able to carry out any agreement that you have entered into with us, including, among other things, information that is used in connection with invoicing.

  1. What are the legal bases for our processing personal data?

According to the current privacy legislation, we must have a legal basis for our processing of personal data. Our processing is based on one or more of the following bases:

  • You have given your consent to the processing of your personal data for one or more specific purposes (GDPR Article 6(1)(a)

  • The processing is necessary for the performance of a contract with you (GDPR Article 6 (1) b).

  • The processing is necessary for compliance with a legal obligation to which we are subject, including, for example, storing information in accordance with accounting legislation (GDPR Article 6 (1) c).

  • The processing is necessary for the purposes of the legitimate interests pursued by us, except where our interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (GDPR Article 6 (1) f).

If our processing of personal data is based on your consent, you have the right to withdraw your consent at any time.

  1. For what purposes do we process your personal data?

We collect and process your personal data for various purposes depending on your affiliation  and how you interact with us. 

Below we explain what personal data we use for which purpose and the legal basis for each of these processing activities.

Namdal Bruk processes personal data for the following purposes:

  • Providing our products and services: We process personal data to provide and deliver our products and services to you. For instance, your information is processed in connection with booking of hunting, fishing and accommodation. In relation to this activity we process the following categories of personal data: Name, contact details, date of birth, information concerning service and booking, billing information and contact with customer support. The legal basis for the processing is GDPR article 6 No 1 b), the performance of our contract with you. 

  • CCTV: We use camera surveillance of certain access points to our private roads to deter, prevent and investigate criminal activity. The areas subject to camera surveillance are marked as such. We process certain personal data that is recorded by our cameras,  such as license plate numbers. The legal basis for our processing is GDPR article 6 No 1 f), our legitimate interest. 

  • Development and business analytics: We process personal data to better understand the needs of our customers and to improve and further develop our products and services. In relation to this activity we process the following categories of personal data: demographic information such as age and sex, information concerning service and booking, billing information and contact with customer support. The legal basis for our processing is GDPR article 6 No 1 f), our legitimate interest. 

  • Sales and marketing: We use both anonymized data and personal data for marketing purposes in accordance with current legislation. These activities include the marketing of products and services, including to create target groups, adapt the marketing to your needs and to send out newsletters and other information you have requested. In relation to this activity we process the following categories of personal data: Name and contact details. The legal basis for our processing is GDPR article 6 No 1 f), our legitimate interest. 

  • Job advertisement and employment: We use personal data to assess candidates who apply for positions with us, either unsolicited or through an advertisement. In relation to this activity we process the following categories of personal data: Name, contact details, date of birth, CV, references, job application, information from job interview and aptitude tests. The legal basis for the processing is GDPR article 6 No 1 b), steps necessary prior to entering into a contract with you. 

  • Information security and misuse of services: We will process personal and traffic data to ensure a level of security appropriate to the risk for all our services. We will also process personal data in order to detect or prevent various types of fraud and abuse and handle any security incidents. In relation to this activity we process the following categories of personal data: Name, contact details, data of birth, booking and billing information, metadata, IP-addresses, e-mail content and security logs. The legal basis for our processing is GDPR article 6 No 1 c) reference article 32, our legal obligation to ensure the security of the processing.

  • Compliance with statutory requirements: We process personal data to fulfill our statutory duties, for example in connection with accounting and to provide information to the competent authority when this is required of us in accordance with applicable legislation. In relation to this activity we will process those categories of personal data that are appropriate in order to comply with the statutory obligation. The legal basis for our processing is GDPR article 6 No 1 c), the legal obligation according to the appropriate statutory legislation.

  • Cookies: We will collect and process certain personal data through the use of various cookies when managing and improving our web site www.namdalbruk.com.  You can read more about this processing in our cookie policy here. 

  • Other purposes to which you have consented: We may process your personal data for any other purpose to which you have specifically consented. In such a case, the legal basis for the processing will be GDPR article 6 No 1 a). 

  1. How do we Keep your personal data safe and secure?

We have established policies and technical and organizational measures to ensure that unauthorized persons do not gain access to your personal information and that all processing of the information otherwise takes place in line with current legislation. The measures include, regular risk assessments, technical systems and physical procedures to safeguard information security and routines to verify access and correction requests.

  1. who do we disclose personal data to? 

Any company that processes your personal data on our behalf is called a data processor. If we engage a data processor, we enter into a data processor agreement that regulates how the data processor can process the information they gain access to and their duties in that regard, including for what purposes the personal data can be used.

We use data processors in connection with accounting, management of the office and our business and management of our web site. 

We will also be able to share personal data with public authorities where there is a statutory disclosure obligation. Personal data from pictures and CCTV recordings may be shared with the police if we suspect someone of committing a criminal offence. 

  1. Do we transfer personal data to other countries? 

As we use cloud based software services (such as Office 365) we, or our data processors, may from time to time transfer personal data to countries and/or organizations outside the EU/EEA area such as the United States that do not offer adequate protection (so-called third countries). 

If your personal data is transferred to such third countries, prior to the transfer, we will ensure that it takes place in line with the requirements set out in GDPR chapter V, including, for example, by us entering into an agreement with the recipient of the data based on the EU's standard contractual clauses.

  1. For How long do we store personal data?

We only store your personal data for as long as it is necessary for the fulfillment of the above-mentioned purposes for the processing of the data. However, this does not apply if storage is required by law for a longer period than the purpose dictates.

This will for instance mean that personal data processed on the basis of your consent is deleted if you retract your consent. If our legal basis for the processing is legitimate interest, the personal data is deleted when the interest in question is no longer present. 

We do not store pictures and CCTV recordings for longer than seven days, unless they are related to a security incident. In such a case we may store the information for as long as is required to clarify the incident, file a complaint with the polices and/or initiate legal proceedings, e.g. in order to claim damages. 

Personal data stored in order to comply with statutory obligations are deleted when the obligation expires. For instance, according to the book keeping act we are required to store certain financial information for either 3.5 or 5 years. 

We always take the purpose of the processing and need for storage into account when we determine the deletion time frames.

  1. what are your rights? 

The privacy legislation gives you a number of rights, including the right to access, rectify and erase the personal data we have stored about you.

We strive to ensure that the personal data we have stored about you is correct and up-to-date. If you discover that the information we have stored about you is incorrect, we encourage you to contact us. This also applies if you want the stored data to be deleted.

Regarding the right to erasure, there is an exception for information which is necessary in order be able to deliver a service that you would like to use, or it is required by law to store the information for a specific period.

You also have the right to data portability. This means that, among other things, you have the opportunity to extract your personal data in a machine-readable format.

Furthermore, you have the right to object to the processing of personal data and the right to object to personal profiling and automated decisions. This means that you can demand that your personal data is not analyzed to reveal your behavior, preferences, abilities or needs. However, this does not apply if the processing is necessary to fulfill an agreement you have entered into with us or if you have previously expressly consented to the processing.

You also have the right to receive a copy of the personal data we have registered about you, as long as an obligation of confidentiality does not prevent this. In order to ensure that personal data is handed over to the right person, we may require that access requests are submitted in written form and that identity is verified.

If you believe we do not comply with this privacy policy or the applicable legislation, you may send us a complaint. You are also entitled to complain to the Norwegian Data Protection Authority ("Datatilsynet").

You can read more about your rights on the Norwegian Data Protection Authority's website: www.datatilsynet.no

  1. how do we USE cookies?

We use cookies and similar technologies on our websites. You can reject storing of cookies by changing the settings in your browser. However, this may cause issues with accessibility on the website. You can read more about how we use cookies here.

  1. How do we notify you if changes are made to this privacy policy? 

Our services are in continuous development. We may therefore need to update our privacy policy. If the privacy policy is subject to updating, the updated privacy policy will be made available on our website www.namdalbruk.com

  1. how do you get in touch with us?

If you have questions regarding how we process your personal data or wish to exercise your rights, feel free to contact us by sending an email to niklas@namdalbruk.no.