GDPR COMPLIANCE FILE

Please read the below information, where we have summarised our GDPR procedures. The below information is included in our terms and service and privacy policy. We refer to this documentation as our GDPR compliance file, for our company group including but not limited to the following companies:

Nordic Paddling AS

When using our services, we communicate via our brand name “Nordic Paddling” with the domain: www.nordicpaddling.no

To help service you as a customer in the best way possible, and to comply with local regulation in the countries we operate, we may ask for, and gather any or all of the below example data categories. In certain occasions, where necessary the information we gather includes, but is not limited to the summarised list below:

– Address, phone number, email address, age, gender, product preferences, travel budgets, salary levels,  location data, DOB information.

In addition we may display marketing materials in various online platforms, to provide information about our products that are relevant to you, depending on what intent or interest that has been show on our site. We do have “retargeting pixels” or “cookies” on our website and do remarket to some or all of our users in digital plattforms, including but not limited to; facebook, instagram, google, youtube and various partner networks connected to these platforms. You can read more about our GDPR process at: www.nordicpaddling.no/gdpr

Your information is stored with us in GDPR compliant platforms, that may include but not be limited to Rezdy, Smarwaiver, and Google Suite softwares and apps.

We may store your data for up to a maximum of 5 years after your last point of contact, but we have no intention to store your data longer than necessary. Within a 5 year timeframe we will ensure to review our stored data and delete any data within the shortest time possible. We may store your data for longer if the purpose of such storage seems necessary to provide you with a continuous service, but only when you have shown direct interest in our products or been in contact with us, such as a returning customer year after year. At any time we will care for the safety of your data, and you can always request your data to be transfered or deleted as of the procedures following in this documentation. Decisions are to store or delete data is made on a yearly basis during GDPR compliance policy review on 1st of July each year.

You as a individual has the right to request any of the following information, and we as a company will comply by providing all the requested information about your personal data, and take the action required to either inform, delete or transfer your personal data upon request.

1. The right to access – We provide individuals that use our service the right to request and access their personal data, and that we provide a information about how the individuals data is used after it has been gathered. On request, we provide this data free of charge.

If you request access to your data, we will ask for proof of your ID, and we may request any of the following identification as a minium, and in some instances request further information or that identification is secured by a solicitor if the identification process is not completed in full.

Proof of ID: (POI Documentation)

Current valid passport

The passport must be valid (showing holder’s signature).

• The passport must not be expired.
• The First and Last name must exactly match the provided ones.
• The Date of Birth must match the applicant’s provided one.
• The passport’s date of issues and expiry date must match the provided ones.
• The passport’s number must match the provided one.
• The passport must contain a clear face picture of the Customer.
• The Machine Readable Zone (bottom barcode) must be legible and complete.
• The uploaded copy must contain a full photo ID page, the page with Customer’s signature and be in good quality.

Current valid government issued identity card

• The First and Last name must exactly match the provided ones.
• The Date of Birth must match the applicant’s provided one.
• The document’s date of issues and expiry date must match the provided ones.
• The document number must match the provided one.
• The document must contain a clear face picture of the Customer.
• The document must not be expired.
• We can not accept Electoral Identity Cards.

Proof of Address – in addition to the above we will request that a proof of address to be provided. (POA documentation.

Some examples of POA documentation:

A bank / credit card or mortgage statement

A utility (water, gas or electricity), landline, broadband or TV bill

A council tax bill

When identification has been secured, we will comply with your request within 30 days.

Some of the information that you as an individual can request from us;

• The categories of their personal data you process
• The purposes for which you process it
• To whom you disclose their data
• The source of the data
• The existence of other rights
• How long the data is retained
• If automated decision making around your data is made

Any request for data will be sent out to you, after a completed identification process, via a secured encrypted way of communication, that is compliant with GDPR regulations.

The right to be forgotten – if you are no longer customers of ours, or if you want to withdraw your consent from our company(ies) to use their personal data, then you always have the right to have your data deleted.

If a request to be forgotten is sent to us, we will provide a summary report of all the data categories that has been stored and confirm that is has been securely deleted.’

The right to data portability – Individuals using our services have a right to transfer their data from one service provider to another. If this request is make it will  be done in a commonly used and machine readable format, compliant with GDPR regulations.

The right to be informed – When using our services we refer to this our terms of service where a policy of our GDPR processes are displayed. We may in addition ask for your consent when using our site to ensure that you are aware that we may collected data to promote relevant content to you after you leave your site, commonly referred to ads “cookies”.

 The right to have information corrected – We ensure  that upon request we will help individuals to have their data updated if it is out of date or incomplete or incorrect.

The right to restrict processing – We ensure that we will restrict the processing of Individuals data. In these instances, the record of the data can remain in place, but not be used.

The right to object – We ensure that we will comply if a individuals object the processing of their data for direct marketing.

The right to be notified – If there has been a data breach which compromises your individual personal data, you as an individual has a right to be informed within 72 hours of our organisation first having become aware of the breach.

Consent policy

When using our website we will ask for your consent to ensure you as a user are aware that we use cookies on our website. You can at any time withdraw your consent by contacting us.

Data retention policy

We may store your data for up to a maximum of 5 years after your last point of contact. We may store your data for longer if the purpose of such storage seems necessary to provide you with a better service, but only when you have shown direct interest in our products or been in contact with us.

Data destruction policy

At the point of the destruction of personal data stored for marketing or other purpose, our company policy is to hired professional consultants to ensure this action is completed correctly. It’s the dedicated data protection officer that carries the responsibility to ensure such professional consultancy services where deemed necessary, at the scheduled time of data destruction.

For any further information about our GDPR processes please contact us at info@nordicpaddling.no.