The protection of your personal information or data is important to us at Love Norway Limited. In order to respond to an enquiry, process and fulfil your booking, we need to collect personal data from you. We will only process your personal data in accordance with the EU General Data Protection Regulations and the UK Data Protection Act, for or in connection with the purpose for which you have provided it (for example, arranging your holiday). We refer to this legislation as data protection laws.
Love Norway Limited will act as a data controller of your personal data. In order to produce a quotation for you, we will need to take your name, telephone number, email address and home address. This is usually done over the telephone or by email.
In order to create a bespoke holiday for you we will also require information regarding your personal interests and special requirements.
Once you accept a quote then we will need further information; full names, dates of birth and any special requirements for all of your party members.
For outdoor activity pursuits we may need written confirmation of any pre-existing medical conditions and fitness levels of the booking party members.
Furthermore, we will require your travel insurance details, in case you need assistance whilst abroad and you may need to show proof of your insurance to some activity providers.
Sharing your data with suppliers/third parties:
Part of the reason that we need to collect your data is so that we can pass it on to our suppliers or to third parties, this will enable your holiday and activity participation in Norway. Information will be needed for transport bookings, accommodation bookings and activity/excursion providers. All our suppliers are subject to the same stringent EU data protection laws and will only use this information for the purpose of providing their services and not for marketing.
Payments by debit and credit card:
Love Norway uses an invoicing system through Stripe Card Payment facilities. This ensures that we never see, have access to or hold your payment details on our premises. Stripe complies with the Payment Card Industry Security Standards (PCI DSS0) as a PCI Level 1 Service Provider, which requires the highest security protocols to meet the most stringent level of certification in the payment industry.
Storage of data:
We take appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, which is appropriate to the harm that might result. We may retain your personal data for the entitled period after the end of holiday arrangements or other services that you have contracted.
You may ask us what personal data of yours is being held or processed, for what purpose and to whom it may be or has been disclosed. Please also let us know if you believe the personal data we are holding is inaccurate, out of date or incomplete. You may contact us by e- mail at firstname.lastname@example.org. If you have any complaint about the way in which your personal data has been dealt with, please let us know by e-mail to email@example.com. We will investigate and respond to you as soon as we reasonably can. If you remain dissatisfied, you may complain to the Information Commissioner's Office.