top of page

Privacy Policy and GDPR

1. Data Controller

This privacy policy explains how we collect and use (process) personal data in our business. Prosjekt Bryllup AS, through its managing director, is the data controller for the processing.

Our contact information is:

Prosjekt Bryllup AS
Business address: Møklegårdslia 2, 1622 Gressvik
Organization number: 929 764 781
Email address: hola@prosjektbryllup.com

We take your privacy very seriously and have taken several measures to ensure that we provide you with clear information about how we process your data and what rights you have. If you feel something is unclear or missing, please do not hesitate to contact us.
 

2. Your Rights

Contact us if you have any questions or wish to exercise any of your rights.
You are entitled to receive a response within 30 days. Read more on the Data Inspectorate's website.

  • Access to and correction of your data: You can request a copy of all the data we process about you and ask us to correct any incorrect information.

  • Erasure or restriction: In certain situations, you may request that we delete and/or restrict the processing of your data, but we cannot delete data we are legally required to process.

  • Object to processing: If we process your data based on legitimate interest, you have the right to object to it.

  • Data portability: If we process your data based on consent or a contract, you can ask us to transfer your data to you or another data controller.

  • Withdraw consent: You have the right to withdraw your consent at any time.

If you are dissatisfied with how we handle your data, you can file a complaint with the Data Inspectorate. However, we hope you will contact us first to allow us to resolve the matter for you.
 

3. Who We Process Personal Data About

We process personal data about:

  • Customers

  • Potential customers

  • Contact persons at suppliers and partners

  • Visitors to our website

  • Job applicants

  • Employees

  • Former employees
     

4. Purpose, Legal Basis, and Storage

Under Article 6.1 of the General Data Protection Regulation (GDPR), we process personal data based on:
a) Your consent
b) A contract we have entered into
c) A legal obligation
d) A legitimate interest we believe we have

As a rule, personal data should not be processed or stored longer than necessary to fulfill the purpose of the processing. We conduct annual GDPR reviews to evaluate and update our data protection practices, including deleting personal data when necessary.

We store data as long as required by applicable laws, such as accounting, tax, or employment legislation. Contact us if you want us to stop processing or delete your data, but note that we cannot delete data we are legally required to process.
 

5. How We Process Personal Data

Here we describe when and how we process your personal data, for what purpose, on what legal basis, and for how long.

Communication with Us

When you contact us via email, phone, social media, or forms on our website, we process data such as your name, contact information, and the content of your message.

Purchase of Our Products and Services

When you make a purchase, we process data such as your name, contact information, payment details, and purchase history.

Marketing

If you have an existing customer relationship with us, we may send you marketing emails and SMS messages in accordance with Section 15 of the Marketing Act.
 

6. Who We Share Personal Data With

We share your personal data with:

  • Service providers who process data on our behalf

  • Professional advisors, such as lawyers and auditors

  • Public authorities we are legally required to report to

We ensure that all our partners comply with the General Data Protection Regulation (GDPR).
 

7. Transfer of Personal Data Outside the EU/EEA

In certain cases, your personal data may be transferred outside the EU/EEA, for instance, when we use providers outside the EU/EEA to handle newsletter distribution, process customer data, provide products and services on our website, enable payments, or enhance the security of our website. Transfers of personal data outside the EU/EEA are only permitted to countries approved by the European Commission or with necessary safeguards under the GDPR, such as the EU's standard contractual clauses.

For security reasons, we have not specified these providers by name. Feel free to contact us if you would like more information about the data processors we use, the necessary safeguards for such transfers, and any additional security measures we have implemented.
 

8. Security

We take information security very seriously and always strive to protect your personal data in the best possible way. Among other measures, we use strong passwords, data encryption, access control, backups, and two-factor authentication to secure our data and prevent unauthorized access, alteration, deletion, or any other form of misuse of the data we store, including your personal data.

We only work with recognized providers of IT and administrative services, such as web hosting, website and computer security, antivirus software, email services, and backups. Others are only allowed to access and/or process your personal data according to our instructions and only when strictly necessary (e.g., during IT support).

We have established routines for handling data breaches, and in the event of an incident, we will report it to the Data Inspectorate within 72 hours of discovery. If the breach involves a high privacy risk, we will also notify the affected individuals.

bottom of page