This privacy policy explains how we collect and use (process) personal data in our business. Prosjekt Bryllup AS, headed by the CEO, is the data controller for the processing.

 

Our contact information is:

Prosjekt Bryllup AS

Business address: Fredrikstad Innovation Park. Øraveien 2, 1630 Gamle Fredrikstad, Norway

Org. no.: 929 764 781

Email address: hola@prosjektbryllup.com

 

We take your privacy seriously and have taken several steps to ensure that we provide you with clear information about how we process your data and what rights you have. If you feel that something is unclear or missing, please do not hesitate to contact us.

Please contact us if you have any questions about or would like to exercise any of your rights.

You are entitled to a response within 30 days at the latest. Read more on the Norwegian Data Protection Authority's website.

 

• Access to and correction of your own information: You can request a copy of all information we process about you, and ask us to correct information that is incorrect.

• Deletion or restriction: In some situations, you can ask us to delete and/or restrict the processing of information about you, but we cannot delete data we are required to process.

• Object to processing: If we process information about you on the basis of legitimate interest, you have the right to object to it.

• Data portability: If we process information about you on the basis of consent or a contract, you can ask us to transfer information about you to you or to another data controller.

• You also have the right to withdraw your consent at any time.

• If you are not satisfied with the processing of your data, you can complain to the Norwegian Data Protection Authority, but we hope that you will tell us directly first so that we can try to resolve the matter for you in a good way.

We process personal data about:

 

• Customers

• Potential customers

• Contact persons at suppliers and partners

• Website visitors

• Job seekers

• Employees

• Former employees

According to Article 6(1) of the General Data Protection Regulation, we process personal data on the basis of:

 

a) Your consent

b) An agreement we have entered into

c) A legal obligation we have

d) A legitimate interest we believe we have

 

As a general rule, personal data should not be processed and stored for longer than is necessary to fulfil the purpose of the processing. To comply with this, we have annual GDPR audits where we formally assess and review our privacy practices. The purpose is to amend, update and, if necessary, delete personal data.

 

We retain data for as long as we are required to do so by applicable legal obligations, for example relating to accounting, tax or employment laws, and/or other relevant rules and regulations. You may contact us at any time if you would like us to stop processing or delete your personal data, but please note that we cannot delete personal data that we are legally obliged to process.

 

We have procedures in place to ensure that personal data is deleted from all relevant systems when we no longer have a purpose and/or legal basis for continuing to process it.

Below we explain when and how we process personal data, what purposes the processing has, what legal basis we rely on, and how long the information is stored.

​

When you contact us

When you contact us, for example via the website (contact form, chat, comment box or similar), email, phone, SMS, social media or by giving us a business card, we process personal data such as name, contact details, IP address and other information you choose to provide us. We may also use CRM or customer support systems to register and follow up on inquiries from potential and existing customers.

The purpose of the processing is to be able to respond to your inquiry, follow up on the dialogue, document history and safeguard our interests in the event of any complaints, grievances or legal claims.

The processing is based on Article 6(1)(f) of the General Data Protection Regulation, where our legitimate interest is to be able to handle and document inquiries, as well as safeguard our rights. If the processing is necessary to enter into or fulfill a contract with you, the processing may also take place pursuant to Article 6(1)(b).

Enquiries are reviewed, archived and deleted as needed, and at the latest during periodic assessments. Information included in accounting records is kept in accordance with the rules of the Norwegian Accounting Act, normally for up to 5 years.

 

When you purchase our products or services

When you purchase products or services from us, we process personal data such as name, address, telephone number, email address, order and payment information, purchase history and other information necessary to deliver what you have ordered.

When purchasing exhibition space, we may process your name, address, telephone number, email address and relevant information about your business.

When purchasing our services, including wedding planning, we may process your name, address, telephone number, email address, age and other information necessary to complete the assignment.

The purpose of the processing is to deliver our products and services, administer the customer relationship, follow up on orders and fulfill legal obligations, including accounting and tax obligations.

The processing is based on Article 6(1)(b) (performance of contract) and (c) (legal obligation) of the General Data Protection Regulation.

Information is kept for as long as necessary to fulfill the agreement and our statutory obligations. Accounting material is kept in accordance with the Norwegian Accounting Act, normally for up to 5 years.

​

Marketing in existing customer relationships

When you are a customer with us, we may use your contact information to send you marketing about our own corresponding products and services via email and SMS, in accordance with Section 15 of the Marketing Act.

The purpose is to be able to follow up on customer relationships and offer relevant products and services.

The processing is based on Article 6(1)(f) of the GDPR, where our legitimate interest is to market our services to existing customers. Where required by law, the processing will be based on consent pursuant to Article 6(1)(a).

You can opt out of marketing or withdraw any consent you have given at any time. Information on how to do this will be included in all marketing communications we send.

The information is stored as long as the customer relationship exists, until you unsubscribe, withdraw consent or object to the processing.

In order to operate our business efficiently and securely, we sometimes need to share your personal information with parties such as:

 

• Data processors: providers of various services who process your personal data on our behalf*

• Professional advisors from industries such as law, finance, accounting, auditing and insurance

• User support for IT and administration systems

• Public authorities we are obliged to report to

 

We require that everyone we share your personal data with secure your data in accordance with good information security practices and the requirements of the General Data Protection Regulation. We enter into data processing agreements with everyone who processes data on our behalf, and confidentiality agreements as required.

 

* We use data processors for:

 

• Email, calendar and digital meetings

• Bookkeeping, accounting and invoicing

• Cloud storage

• Newsletter

• Electronic signing

• Surveys

• Website and related services

 

For security reasons, we have not specified these by name, but please feel free to contact us if you would like to know more.

In some cases, your personal data is transferred outside the EU/EEA, for example where we use suppliers outside the EU/EEA to handle newsletter delivery, to process customer data, to make products and services available on our website, to enable payment, for security on our website and otherwise to be able to operate our business in a safe and efficient manner. Transfer of personal data outside the EU/EEA is only permitted to countries approved by the EU Commission, or under necessary safeguards under the General Data Protection Regulation. This may be, for example, the EU's standard contracts.

For security reasons, we have not specified these by name. Please contact us if you would like to know more about which such data processors we use, what kind of necessary guarantees apply to such transfers and what additional security measures we have implemented.

We take information security seriously, and we will always do our utmost to protect your personal information in the best possible way. Among other things, we use strong passwords, data encryption, access control, backups and two-factor authentication to secure our data and prevent unauthorized persons from viewing, changing, deleting or in any way influencing the data we store, including your personal information.

 

We only use reputable providers of IT and administrative services such as web hosting, website and PC security, virus protection, email provider, backup, and more. We only allow others to access and/or process your personal data in accordance with our instructions, and only where strictly necessary (e.g. for IT support).

 

We have established procedures for handling data security breaches, and in the event of a breach, we will submit a breach report to the Norwegian Data Protection Authority within 72 hours of the breach being discovered. If the breach involves a high privacy risk, we will also notify affected data subjects.

 

This privacy policy was last updated.