SWITCH TO SUMMER

 

 

PRIVACY POLICY
Last updated November 6, 2024

 
 

Lyngen Aurora Resort is dedicated to protecting your privacy and handling your personal data responsibly. As we collect and process personal data, we adhere to the requirements set by the General Data Protection Regulation (GDPR), which applies to the personal data of individuals within the European Union. This Privacy Policy describes the types of personal data we collect, how we use and share it, and your rights under GDPR.

For more information on GDPR, please refer to the EU’s official GDPR website and Datatilsynet, Norway’s Data Protection Authority.

Data controller information

Lyngen Aurora Resort is the data controller responsible for processing your personal data through this website, https://lyngenaurorareso, in compliance with GDPR. If you have any questions about this Privacy Policy, how we process your data, or wish to exercise any of your data protection rights, please contact us at:

Lyngen Aurora Resort
post@lyngenauroraresort.com
Myhreveien 6, 9060 Lyngseidet
+47 92 87 43 41

GDPR principles in our data processing

Under GDPR, personal data processing must adhere to the following principles. Lyngen Aurora Resort commits to upholding these principles in every aspect of data processing:

  • Lawfulness, fairness, and transparency: We process personal data legally, transparently, and in a way that is fair to you. We inform you about how we use your data through this Privacy Policy and secure your consent for data collection where necessary.
  • Purpose limitation: We collect and process data for specific, explicit, and legitimate purposes only, such as booking management, customer support, and marketing if you have opted in.
  • Data minimization: We only collect data that is necessary for the purposes outlined in this Privacy Policy.
  • Accuracy: We take reasonable steps to keep your personal data accurate and up to date.
  • Storage limitation: We retain personal data for only as long as needed for the specified purposes or as required by law.
  • Integrity and Confidentiality: We use secure systems and implement technical measures to protect your data from unauthorized access, loss, or misuse.
 

Personal data we collect and how it is collected

We collect personal data directly from you and through automated technologies to facilitate reservations and improve our services. When you book a reservation, contact us, or sign up for our newsletter, we may collect your name, contact information, payment information, and additional data needed to manage your booking.

Our website also uses cookies and tracking technologies to enhance functionality and analyze user behavior. For example, we use Google Analytics 4 to gather data on how users interact with our site, which helps us make informed improvements to the user experience.

We are partnered with BookVisit for booking management. When you book a reservation through Lyngen Aurora Resort, Book Visit also collects and processes data as part of booking fulfillment. Book Visit, as a data processor, adheres to GDPR requirements and ensures that personal data is handled securely and legally. For more information regarding BookVisits data collecting, please see their Privacy Policy.

Legal basis for processing personal data

In compliance with GDPR, we only process personal data when we have a lawful basis for doing so. The primary legal grounds under GDPR for processing your data include:

  • Consent: We rely on your explicit consent for specific processing activities, such as subscribing to our marketing communications. You may withdraw this consent at any time.
  • Contractual necessity: Processing your data is necessary to fulfill a contract with you, such as when you make a reservation with us.
  • Legitimate interests: We process your data to improve our services and manage our business operations in ways that are legitimate and that do not override your privacy rights. For example, we use Google Analytics 4 for website performance analysis.
  • Legal obligation: We process certain data to comply with legal obligations, such as tax reporting and fraud prevention.
 

How we use your personal data

We use your personal data to fulfill bookings, process payments, communicate with you regarding your reservation, and provide customer support. Additionally, we analyze website usage and performance using tools like Google Analytics 4, which helps us improve our online presence and offer a more tailored experience. If you have consented to receive marketing communications, we will send you relevant offers and updates about Lyngen Aurora Resort. We handle your personal data securely, transparently, and in a way that respects your rights.

How we ensure GDPR compliance

Lyngen Aurora Resort has taken specific steps to align with GDPR requirements:

  • We ensure transparency by providing clear information on our data processing practices through this Privacy Policy and additional disclosures where necessary.
  • We use contracts and conduct due diligence to ensure that our third-party providers, including Book Visit and Google Analytics 4, comply with GDPR. These service providers act as data processors, and we require them to protect your personal data and restrict its use to the purposes outlined in their agreements with us.
  • We have implemented security measures to protect personal data, including encryption, secure storage, and regular security assessments to minimize risks of unauthorized access or breaches.
 

Your GDPR rights

Under GDPR, individuals have specific rights regarding their personal data. Lyngen Aurora Resort is committed to facilitating the exercise of these rights, which include:

  • Right of Access: You have the right to request access to the personal data we hold about you. This allows you to confirm what data we are processing and understand how it is being used.
  • Right to rectification: If you identify any inaccuracies in your personal data, you have the right to request correction of these inaccuracies.
  • Right to erasure (right to be forgotten): You may request deletion of your personal data when it is no longer needed for the purposes it was collected, subject to certain legal obligations.
  • Right to restrict processing: You have the right to request that we limit processing of your data in specific situations, such as when you contest its accuracy or object to its processing.
  • Right to data portability: GDPR grants you the right to receive your personal data in a structured, machine-readable format and to transfer it to another data controller.
  • Right to object: You may object to our processing of your data for direct marketing purposes or in cases where our legitimate interests are the legal basis for processing.
  • Right to withdraw consent: Where consent is the legal basis for processing, you have the right to withdraw it at any time, which will not affect the legality of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the information in Section 1. We may require verification of your identity to process your request, and we will respond within 30 days, in compliance with GDPR requirements.

Data retention policy

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. For instance, we keep booking details for tax and accounting purposes for a defined period, as required by Norwegian and EU regulations. After these retention periods, data is securely deleted or anonymized to protect your privacy.

How we share your data

Lyngen Aurora Resort only shares personal data with trusted service providers who perform specific functions on our behalf. This includes third-party payment processors, customer communication systems, and our booking partner, Book Visit. All third-party providers are GDPR-compliant and must adhere to data protection agreements that restrict their use of your data to the specific purposes necessary to provide their services to us. We may also share data to comply with legal requirements or to respond to lawful requests by public authorities, including for national security or law enforcement purposes. If our business undergoes a merger, acquisition, or sale, your data may be transferred to the new owners under the same protection standards outlined in this policy.

Data security measures

We prioritize the security of your personal data and implement industry-standard security measures to protect it from unauthorized access, misuse, loss, or alteration. These measures include encrypted data storage, access control, and routine security audits. Our commitment to data security is part of our GDPR compliance, and we continually review and update our security practices to adapt to potential risks. Although we employ strong safeguards, please note that no online platform can guarantee absolute security.

International data transfers

When necessary, your data may be transferred outside the European Economic Area (EEA) to support our operations. We ensure that any international transfers of personal data are protected through GDPR-compliant safeguards, such as the EU Standard Contractual Clauses or other approved data transfer mechanisms that uphold EU data protection standards.

Cookies and tracking technologies

Lyngen Aurora Resort uses cookies to improve website functionality, personalize your experience, and analyze how users interact with our site. For example, we use CookieBot to collect data such as mail address, password and IP address. If you login with Google, your name and potentially your photo will also be processed. We use Google Analytics 4 to gather data on website usage and performance. This data allows us to enhance user experience and optimize content. By consenting to the use of Google Analytics data will also be shared with Google Ads for marketing purposes. You can manage cookie preferences in your browser settings, and further details about our cookie usage are available in our Cookie Policy.

Third-party links

Our website may contain links to third-party websites. These sites are outside our control, and we are not responsible for their privacy practices. We recommend reviewing the privacy policies of any third-party sites you visit.

Changes to this privacy policy

This Privacy Policy may be updated periodically to reflect changes in our practices, regulatory requirements, or business operations. Updates will be posted on this page with the “Last Updated” date at the top. We recommend reviewing this policy regularly to stay informed about our data protection practices.

Complaints and further information

If you believe that we have not complied with GDPR in handling your personal data, you have the right to file a complaint with a supervisory authority. In Norway, you can contact the Norwegian Data Protection Authority (Datatilsynet). You may also reach out to your local data protection authority within the EU.

For more information on your data rights, refer to the EU’s GDPR resources and Datatilsynet’s guidance.

Contact Information
For any questions about this Privacy Policy, to exercise your rights under GDPR, or for general inquiries, please contact us at:

Lyngen Aurora Resort
post@lyngenauroraresort.com
Myhreveien 6, 9060 Lyngseidet
+47 92 87 43 41