Privacy and cookies

Controller
The controller of personal data is Norled AS.

Data Protection Officer
You can reach Norled’s Data Protection Officer by sending an e-mail to personvern@norled.no.

Purpose of storing personal data
In order to be able to offer you as a customer the best possible treatment and follow-up, we must collect personal data. Primarily, the information is used for customer administration, invoicing and to fulfill the obligations that Norled has undertaken for the implementation of assignments and service agreements with our customers.

We will send you booking confirmation and relevant travel information by email and will not use your email address for marketing purposes without your consent. Your phone number is useful to us if we need to contact you quickly regarding your booking.

In some cases, the full name and date of birth or age of our travelers is a statutory security requirement: Forskrift om opptelling og registrering av ombordværende på passasjerskip §6 – Registrering.
Date of birth or age may also be used in our booking system to provide you with the correct price (for example, honesty discount, student discount or child discount).

When making a card payment, you will be forwarded to our digital payment solution provider, Netaxept, which is part of the Nets group. Your card data is stored securely here and is only used by our employees for refunding money in the event of cancellation or change of trip. In such cases, however, we do not have access to complete information about your card.

We store information about you in connection with:

• Subscription in kiosk
• Booking of travel
• Completion of journeys
• Tracking of travelers (covid-19)
• Refunds
• Registration of complaints
• Other written inquiries

Examples of information that is stored

• Contact and customer information – Such as name, address, phone number, email and bank account number
• Vehicle information – Such as registration number or AutoPass chip number
• Travel information – Such as travel distance, departure time and arrival time
• Case content – Necessary information to process e.g. requests, orders, changes, refunds and customer complaints
• Payment and credit card data – Last four digits of credit card number
• Audio recording (dictaphone) – Information about name, year of birth and place of arrival where necessary
• Camera surveillance – Stored temporarily during boarding and for security purposes where necessary
• Online information

Your information will only be used to resolve the specific request to which the inquiry relates.

Personal data we collect from third parties
We have agreements with travel agencies and other tour operators that mediate ticket sales on behalf of Norled. In these cases, personal data is collected by third parties.

Privacy policy for job applicants
When you apply for a position at Norled AS / Norled Drift, the company is the data controller for personal data that is registered and processed in connection with your application. Both Norled Drift and Norled AS process the applicant’s personal data in accordance with this privacy policy.

Norled Drift and Norled AS (hereinafter Norled) use the job seeker portal Webcruiter to manage submitted applications for vacant positions.

What personal data does Norled have about you
The personal data we register about you is name, age, gender, nationality, residential address, email address, telephone number, CV, reference and internal assessments. Health information will only be processed if the applicant states it themselves. Norled will never ask for health information beyond the requirement for a health certificate for maritime employees. If background checks, tests and the like are required, this will be based on your consent, which you can withdraw at any time.

Basis and purpose for the use of personal data
In order to assess submitted documentation, conduct interviews and call references, the basis for processing is the General Data Protection Regulation (GDPR) article 6 no. 1b. This provision allows us to process personal data when it is necessary to carry out measures at the job applicant’s request before an agreement is entered into. By applying for the position and uploading documents, we consider that the job applicant is asking us to assess submitted documentation, conduct interviews and call references with a view to entering into an employment contract.

If your application contains special categories of personal data, our legal basis for processing is Article 9(2)(b) and (h) of the General Data Protection Regulation.

Who does Norled share your personal data with
The job search service is owned and operated by Webcuiter AS, which is the Data Processor for Norled.

How long do we store your personal data
We store your personal data as long as it is necessary in connection with the application, and the deletion routine is carried out by the Data Processor (Webcruiter) on behalf of the Data Controller (Norled).

Applications are deleted within 365 days, where the deletion routine anonymizes all application data with the exception of demographic data such as gender, country, nationality, date of birth and special consideration (excluding public, preferential, immigrant background and disability). All links to the job applicant are deleted, while statistical data is retained. Anonymization is synonymous with the concept of deletion in GDPR.

If you do not get the job, we may ask for your consent to store your CV for possible future offers.

Automated decisions
Norled does not use automated decisions regarding personal data.

Your rights
You can contact our Data Protection Officer at personvern@norled.no if you have questions about your customer relationship, want to change your privacy settings, opt out of marketing, withdraw consent or request more information about our processing of your personal data.

Complaints
Any complaints about the processing of your personal data can be directed to the Norwegian Data Protection Authority. You can find information about this at www.datatilsynet.no.

Use of cookies
Norled’s websites use cookies to offer you as a user a customized web service and ensure the best possible user experience. Cookies can have many different tasks, such as saving choices you make along the way, as well as tracking usage patterns for statistical purposes. Some cookies allow the website to “remember” who you are during the time you are on it (so-called session-dependent cookie), while others will also recognize you the next time you come to the website (fixed cookie).

Without the use of cookies, the website will think you are a new user for every page you navigate to. For example, if you have changed the font size on the website, you will have to change this for every page you visit. Nor will it be possible to highlight relevant content based on your visit history.

What if you don’t want to allow cookies?

If you do not wish to accept the use of cookies, you can withdraw your consent by changing the settings in your browser. For example, it is possible to ask your browser to notify you each time cookies are sent from the website you are visiting. You can also choose to stop all cookies being sent to your browser. More information on how to do this should be available in the Help function in your browser. Please note that changing the settings for cookies may mean that www.norled.no will not function optimally.

The website uses Google Analytics

In order to get the best possible impression of what you are interested in and how you use our website, we use the Google Analytics tool, which uses anonymized data to tell us how many people visit which pages. No data that can identify you as a person is sent to Google.

The Google Analytics tool helps us decide what to prioritize on our websites.