Privacy Policy for Retur AS and www.retur.no

This privacy policy describes what types of personal information Retur AS collects, and how those personal data are handled.

Arctic Rentals AS upholds to the Norwegian law of personal information ("Personopplysningsloven"). This privacy policy is made in accordance with the demands in the aforementioned law §§ 18 and 19.

What is personal information

Personal information is information about an individual. This could be the person's name, address, workplace, marital status, phone number, e-mail address etc. Information about your contact, reason for contact, and form of contact with Retur AS, can also be seen as personal information.

Sensitive personal information is neither collected, nor used by Retur AS. These are personal data such as criminal offences, crimes committed, health related issues, and similar.

If you are looking for more information about personal information in general, you can visit https://www.datatilsynet.no/om-personvern/personopplysninger/

Who is responsible for the handling of your personal information at Arctic Rentals AS

Retur AS Manager is responsible for the business' handling of personal information. In the event of delegation in the future, it is solely the delegation of work related tasks that occur. The responsibility for any personal information is always carried by Retur AS. Our goal is to maintain a high level of integrity regarding all processing of personal data in connection with our products and services provided through our website/booking solutions/on site in the centre.

Personal information received by Arctic Rentals AS

Retur AS has two (2) sources of personal information, which both have basis in § 8 of the law of personal information ("personopplysningsloven").

• The main source of personal information, is information that you yourself provide. This happens primarily when you place a reservation via on Arctic Rentals's website and when you rent equipment or book a tour in our rental centre. It is entirely voluntary if you wish to make a reservation with us or to remain a passive visitor on the sites.
• By making a booking via our booking system, the user acknowledges Retur AS' processing of personal data in accordance with the provisions below.
• Personal information that is collected during reservation process depends on the product and may include name, surname, phone number, e-mail, address, height, weight, shoe size, preferences regarding set up on splitboard bindings, time of pick up and return of the equipment, gender, address of your accommodation in Lofoten, size of the clothes and boots and other information you may find relevant to share (eg. food allergies).
• When you pick up equipment you rent from Retur AS you need to fill up and sign the rental agreement and we take a copy of your ID. We accept as ID confirmation any official documents with your name, birthday and picture on it.
• Additional personal information may be generated through e-mail, phone and similar correspondence between Retur AS and you as a potential/existing customer.

• The second source of personal information, is information that Retur AS itself collects. This collection happens when you visit our website through the use of Google Analytics and Cookies. The information that is collected is how long you stay on the site, your IP-address, which links you click, and how many users there are on the site at any given time, to name some. All data collected this way is anonymous. Most browsers allow you to disable cookies or set your browser to alert you when cookies are being sent to your computer.
• All personal data is handled on an encrypted site (SSL 128 bit), and via G-Suit email system, so all information provided is secure.
• Retur AS uses data processors to collect, store or in other ways process personal data on our behalf. Our booking system City Break is provided by Visit Technology Group AB. Please note that we have entered into a data processing agreement with the supplier of the system ensuring compliance with applicable information security requirements.
• Retur AS requires safety deposit on some of the rental products, transactions are carried via payment terminal and we do not store any personal data in relation to the authorization transactions (we never store your card number or verification code this way).

How does Retur AS use the personal information

The purpose of the cookies is to improve the user experience of our website.

Retur AS is dependent on an external booking platform and customer information in order to ensure satisfactory communication and end product as well as to follow up requests and duties to the customers. The processing of your personal data is necessary in order to fulfil our agreement with you (GDPR art. 6 (1) b). We also collect your date of birth in cases where this is necessary out of mandatory security requirements. This is based on our legitimate interest (GDPRart. 6 (1) f). We are of the opinion that the processing of personal data is necessary to respond to the inquiries we receive.

The purpose of the information from Google Analytics, is to improve the website experience and optimize our offers. This could for example be to make the layout more user friendly, understand user trends, improve its effectiveness, and deliver the expected services in a better way, and prevent criminal behavior such as hacking.

ID documents are being destroyed after you return the rentals and otherwise can only to be used in contact with the authorities when the rental articles are stolen or we have reasons to suspect that the customer using our gear is missing or may need help.

The legal foundation for Retur's handling of personal information, is § 11 of the law of personal information ("personopplysningsloven").

How to administrate your own personal information

The limited amount of personal information Retur AS collects via you, and on their own initiative is, compared to other entities and web services, very marginal. This means that administration on the potential/existing customer's part in regards to their personal information, such as their use in apps, and settings for personalised ads, is not applicable. The personal information that is collected is, as mentioned, not used for any such purposes.

Regardless, you still always have rights in regards to the personal information, which you can read more about below.

Sharing of personal information with third parties

Retur AS does not share any personal information from the booking system, rental contract, booking forms, or information from others with any third party, (with exception of the situation listed earlier when we contact the authorities). If such sharing were still to occur, you will always receive a consent request from us.

When you book various travel activities delivered by our business partners through our booking system/our website, please note that the relevant information necessary to provide the service/product will be shared with our suppliers that are to deliver the respective services/travel products. We do not distribute your personal data to anyone other than those suppliers who need such information in order to provide the product or service booked by you. Products arranged by our partners are clearly marked on our website and the name of the business partner is listed.

Moreover, we may be obliged to disclose personal data to other third parties such as the police or another public authority, if this is connected to the investigation of a crime, or if Retur AS is required to disclose such information by law or by decision from a public authority.

Secure archival, deletion and internal control

In league with the law of personal information ("personopplysningsloven") § 13, all personal information received by Retur AS will be archived on either a secure e-mail or server for the duration of the work relationship between you and Retur AS. Upon termination of work relationship, all communication and personal information will be deleted within three (3) years.

Retur AS maintains internal control for such archival, security and deletion. These procedures are all carried out in compliance with legal standards.

Rights

Due to the law of personal information ("Personopplysningsloven"), you the user or customer of Retur AS, have a right to be forgotten, the right to data portability, the right to insight, and the right not to be profiled.

• The right to be forgotten, means that any and all personal information registered with Retur AS can be requested to be deleted. If this is not requested, Retur AS will still delete most personal information three years after end of contract.
• The right to data portability means that you may receive a digital copy of all your personal information at Retur AS .This right also includes that you can bring this personal information to another business if it is technically possible, and defensible. Personal information that is covered by data portability is personal information given to Retur AS,
• The right to insight means that you have the right to see what information Retur AS has registered on you.
• The Right against profiling gives you the right to refuse Retur AS to map your usage and pattern, and as such tailor our services to you based on this mapping. Typical examples would be personalized ads, service development, marketing surveys etc. This is however for the most part not applicable to Retur AS, as Retur AS has very little interest in or need for such width and depth mapping.

In order to use one or more of these rights, please contact us. You have a right by law to receive an answer from us within at least one (1) month.

Protection of children's privacy

Retur AS has no wish or need to collect or handle personal information about children under the age of sixteen (16). Personal information of such nature must come through a legal guardian.

Any personal information left behind by children with Retur AS will be deleted as soon as it is discovered.

Ombudsman for privacy

Retur AS does not have a delegated ombudsman for matters of privacy and personal information, as the company is not a public business, does not handle sensitive personal data, does not carry out systematic mapping of individuals, and does not handle personal information regarding criminal offences.

Changes to policy

Retur AS will from time to time update their privacy policy to ensure that it complies with the legal standard demanded by Norwegian law. This could result in changes to the information provided to you here. You will be notified of such changes where this is appropriate, otherwise up-to-date information will always be available on our website. Any changes will apply only after it has been communicated/published.

Contact information

If you have any further questions regarding Retur AS' privacy policy, or any other requests, you can contact the company.

Phone: +47 98 88 85 16

E-mail: admin@retur.no

This privacy policy was last updated in March 2023.