Privacy statement for Halne Fjellstugu AS

  1. Introduction

We at Halne Fjellstugu AS treat your personal information in various contexts, for example when you order the services of us, stay overnight at our hotel, use the services we provide, and in other contexts. In our privacy statement, you will find more information about our processing of personal information. Below you will also find contact information if you have any questions or would require access.

We process your personal information in accordance with the applicable Norwegian Personal Data Act, hereinafter referred to as GDPR.

  1. Responsible for your personal information

Our company, Halne Fjellstugu AS, org. No. 917459037, Ålmannvegen 90, 3576 Hol, tel. +47 53 66 57 12, e-mail is responsible for the treatment for all processing of personal data registered in our systems.

  1. Processing of personal information related to booking and stay

In connection with your bookings, made by yourself or by others on your behalf, we process the personal information we need to enable us to fulfill the booking and purchase services agreement. This is information you have given us directly or that you have provided us through a travel agent. For example, we process information about your identity, your contact information and your payment information. In some cases we will store your passport number. In addition, we treat other information you may have given us and which are relevant to your stay with us. This may be information about allergies or special requests for your stay. We record all purchases and orders you make with us, such as restaurant, activities, etc., to provide such services and for you to pay for them.

We process this information as long as it is necessary to fulfill the booking agreement with you, as well as applicable law or authority imposes upon us.

  1. Processing of personal data for marketing purposes

If you sign up for our newsletter, we will save and use your email address to send you news and offers from us. We can also use your email address or phone number to send you news and offers, provided you have consented to this. You can withdraw your consent at any time by sending an email to 

  1. Processing of personal data for development, troubleshooting and security

We can process data that includes personal information to make debugging and fix errors, improve our services and the technology we use, and to analyze usage and user behavior. Furthermore, we will process personal information to verify your identity, including verifying identity in connection with your use of our digital services.

We process information about your purchases and orders for the development of our business and customer offerings, execution of customer analysis, troubleshooting, support and testing, as well as for statistical purposes and surveys. We have a legitimate interest in processing your personal information in order to improve our offering, ensure customer satisfaction, and that our systems maintain high quality and high level of security.

  1. Processing of personal data in general

For competitions or other activities that you can participate in, we will process personal information such as name and contact information when this is necessary, for example, to register who is participating, and then draw one or more winners. We will as far as possible inform this specifically about your participation in competitions or other activities.

If you contact our customer service or otherwise contact us with inquiries, we will process the personal information you provide as far as is necessary to answer and log your inquiry. We also list the newsletters and offers we send out and whether these are opened. The basis for this is legitimate interests or to fulfill agreements with you or to answer your inquiries. The legitimate interests are to exercise good customer care and to adapt the amount of newsletters sent out.

In addition to the treatment described in our privacy statement or based on your consent, we will in some cases have or may process personal information when applicable law, including the Personal Data Act and the GDPR, valid government order or court imposes or permits us.

  1. Processing of personal information about our suppliers, corporate customers and contacts in the business sector

We process information about contact persons at our suppliers, corporate customers, partners, participants at our events aimed at the business community and other persons who act in business activities. We do this in order to work efficiently, enter into and enforce contracts, recruit, operate our business and develop our business and our professional network. Such information is typically made up of names, contact information, position, business, expertise, business interests and participation in our business events or previous interest in us and our employees.

We store such information as long as we consider that the person is a business contact with us.

The basis for this is legitimate interests.

  1. Delivery of personal data and statutory treatment

We do not disclose your personal information to third parties unless you have consented to this, or unless applicable law, including the Personal Data Act and the GDPR, valid government mandate or court allows or imposes on us.

For the sake of order, we state that our use of external data processor to process information on our behalf is not considered extradition.

  1. Obtaining personal information from others

To make sure we have the right information about you, we can wash your information against other sources such as the telephone directory, national registry and the like. In some cases, it may be appropriate to credit our customers, which means obtaining credit data from other sources. We collect demographic information such as age, gender and language from other sources. We collect information from our partners and from other parts of our group when this is legal and necessary for the delivery of services and communications to you.

  1. Your rights

You as a person have more rights under the Personal Data Regulations.

You have the right to demand access, correction or deletion of the personal information we process about you. You also have the right to demand limited processing, correct objection to the processing and demand the right to provide personal data to other data processors.

If you would like access to our processing of your personal data or other inquiries, please send us an email: We will respond to your inquiry to us as soon as possible, and at the latest within 30 days.

We will ask you to confirm your identity or ask you to provide additional information before we allow you to exercise your rights to us. We need to do this to make sure that we only give you access to your personal information – and not someone who pretends to be you.

  1. Privacy complaint

If you believe that our processing of personal data does not match what we have described here or that we in other ways violate the privacy law, you can appeal to the Data Inspectorate in Norway. You can find information on how to contact the Data Inspectorate at the Data Inspectorate’s website

  1. Use of data processor.

We use several data processors to deliver our services to you.

We share information with other actors who are our data processors, ex. suppliers that we hire for data storage, system support or other data management, payment services, distribution of information, print, marketing or analysis. In such cases, we have a data processing agreement with the supplier. The data processor is not entitled to use the personal data for purposes other than agreed.

  1. Changes in privacy statement or in processing

We work continuously on developing and improving our services to our customers. This may change the way or scope of our processing of personal data. The information we provide through this privacy statement will therefore be adjusted and updated at regular intervals. We will also change the privacy statement when new rules or government practice make it necessary.

  1. How do we protect your personal information?

We and our networking and data storage partners have policies to ensure that your personal information does not go astray. Our employees and data processors will handle all information in accordance with applicable laws, regulations and guidelines.

We and our partners generally process your personal information within the EU / EEA area, with the exception of the aforementioned Google Analytics. If we enter into agreements where the information is processed outside the EU / EEA, this will only be done in accordance with applicable privacy legislation.

  1. Use of information from websites

Online statistics and cookies

We collect unidentified information about visitors to our sites. The purpose of this is to compile statistics that we use to improve and further develop the information on the website. Examples of what the statistics answer to are how many people visit different pages, how long the visit lasts, which sites the users come from and which browsers are used.

To analyze the information, we use the Google Analytics analysis tool.

Google Analytics uses cookies / cookies (small text files that the site stores on the user’s computer), which records the users IP address, and provides information about each user’s online movement. Examples of what the statistics give us answers to are; how many people visit different pages, how long the visit lasts, which sites the users come from and which browsers are used. None of the cookies allows us to associate information about your use of the site with you as an individual.

If you do not want such information to be stored in your browser, you must enter the settings in that browser and disable this functionality.

Note that this setting may cause some websites not to work optimally.

The information collected by Google Analytics is stored on Google’s servers in the United States. Received information is subject to Google’s privacy policy.

An IP address is defined as a personal information because it can be traced back to a particular hardware and thus to an individual. Difi anonymizes the user’s IP address before the information is stored and processed by Google. Thus, the anonymised IP address cannot be used to identify the individual user.

Your IP address is also logged for a short period by our web servers. The user’s IP address, time, URL, HTTP status, number of bytes sent, HTTP reference and HTTP user agent are logged for 15 days. Then the log is automatically deleted.

  1. Search

We store information about which keywords users use on our sites through Google Analytics.

The purpose of the storage is to make our information offer better. The usage pattern for search is stored in aggregate form. Only the keyword is stored, and they cannot be linked to other user information such as IP addresses.

Sharing posts from one of our sites:

When you share posts, information is added there and then to the community you choose. How the relevant online community handles the data is regulated by your agreement with the online community. However, information that you have shared a post is not stored with us.