GDPR COMPLIANCE FILE
Nordic Paddling AS
When using our services, we communicate via our brand name “Nordic Paddling” with the domain: www.nordicpaddling.no
To help service you as a customer in the best way possible, and to comply with local regulation in the countries we operate, we may ask for, and gather any or all of the below example data categories. In certain occasions, where necessary the information we gather includes, but is not limited to the summarised list below:
– Address, phone number, email address, age, gender, product preferences, travel budgets, salary levels, location data, DOB information.
In addition we may display marketing materials in various online platforms, to provide information about our products that are relevant to you, depending on what intent or interest that has been show on our site. We do have “retargeting pixels” or “cookies” on our website and do remarket to some or all of our users in digital plattforms, including but not limited to; facebook, instagram, google, youtube and various partner networks connected to these platforms. You can read more about our GDPR process at: www.nordicpaddling.no/gdpr
Your information is stored with us in GDPR compliant platforms, that may include but not be limited to Rezdy, Smarwaiver, and Google Suite softwares and apps.
We may store your data for up to a maximum of 5 years after your last point of contact, but we have no intention to store your data longer than necessary. Within a 5 year timeframe we will ensure to review our stored data and delete any data within the shortest time possible. We may store your data for longer if the purpose of such storage seems necessary to provide you with a continuous service, but only when you have shown direct interest in our products or been in contact with us, such as a returning customer year after year. At any time we will care for the safety of your data, and you can always request your data to be transfered or deleted as of the procedures following in this documentation. Decisions are to store or delete data is made on a yearly basis during GDPR compliance policy review on 1st of July each year.
You as a individual has the right to request any of the following information, and we as a company will comply by providing all the requested information about your personal data, and take the action required to either inform, delete or transfer your personal data upon request.
If you request access to your data, we will ask for proof of your ID, and we may request any of the following identification as a minium, and in some instances request further information or that identification is secured by a solicitor if the identification process is not completed in full.
Proof of ID: (POI Documentation)
Current valid passport
The passport must be valid (showing holder’s signature).
Current valid government issued identity card
Proof of Address – in addition to the above we will request that a proof of address to be provided. (POA documentation.
Some examples of POA documentation:
A bank / credit card or mortgage statement
A utility (water, gas or electricity), landline, broadband or TV bill
A council tax bill
When identification has been secured, we will comply with your request within 30 days.
Some of the information that you as an individual can request from us;
Any request for data will be sent out to you, after a completed identification process, via a secured encrypted way of communication, that is compliant with GDPR regulations.
The right to be forgotten – if you are no longer customers of ours, or if you want to withdraw your consent from our company(ies) to use their personal data, then you always have the right to have your data deleted.
If a request to be forgotten is sent to us, we will provide a summary report of all the data categories that has been stored and confirm that is has been securely deleted.’
The right to data portability – Individuals using our services have a right to transfer their data from one service provider to another. If this request is make it will be done in a commonly used and machine readable format, compliant with GDPR regulations.
The right to be informed – When using our services we refer to this our terms of service where a policy of our GDPR processes are displayed. We may in addition ask for your consent when using our site to ensure that you are aware that we may collected data to promote relevant content to you after you leave your site, commonly referred to ads “cookies”.
The right to have information corrected – We ensure that upon request we will help individuals to have their data updated if it is out of date or incomplete or incorrect.
The right to restrict processing – We ensure that we will restrict the processing of Individuals data. In these instances, the record of the data can remain in place, but not be used.
The right to object – We ensure that we will comply if a individuals object the processing of their data for direct marketing.
The right to be notified – If there has been a data breach which compromises your individual personal data, you as an individual has a right to be informed within 72 hours of our organisation first having become aware of the breach.
Data retention policy
We may store your data for up to a maximum of 5 years after your last point of contact. We may store your data for longer if the purpose of such storage seems necessary to provide you with a better service, but only when you have shown direct interest in our products or been in contact with us.
Data destruction policy
At the point of the destruction of personal data stored for marketing or other purpose, our company policy is to hired professional consultants to ensure this action is completed correctly. It’s the dedicated data protection officer that carries the responsibility to ensure such professional consultancy services where deemed necessary, at the scheduled time of data destruction.
For any further information about our GDPR processes please contact us at firstname.lastname@example.org.