English | Deutsch | Norsk

Privacy Policy

1. Name and Contact Details of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

SeaSpots AS
Hestvikveien 257
7247 Hestvika
Norway
Phone: +47 413 83 142
Email: gppr@seaspots.net
Website: https://seaspots.net

2. Data Protection Officer

No data protection officer has been appointed, as the legal prerequisites of Art. 37 GDPR are not met.

3. Legal Framework

We process personal data in accordance with the General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven).

The GDPR applies throughout the European Economic Area (EEA).

4. General Information on Data Processing

We process personal data only to the extent necessary to:

  • provide and operate the SeaSpots platform,
  • aggregate publicly accessible business information,
  • handle user enquiries,
  • facilitate communication between users and providers,
  • carry out contractual or pre-contractual measures.

5. Purposes and Legal Bases of Processing

The processing of personal data is carried out on the basis of:

  • Art. 6(1)(a) GDPR (consent)
  • Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures)
  • Art. 6(1)(c) GDPR (compliance with a legal obligation)
  • Art. 6(1)(f) GDPR (legitimate interests)

Legitimate Interests

Our legitimate interests consist in particular of:

  • providing transparent and comparable information on tourist and fishing-related offerings,
  • the secure and stable operation of the platform,
  • protection against misuse,
  • quality assurance of the data displayed,
  • the enforcement of legal claims.

These interests regularly outweigh the interests of the data subjects, as predominantly publicly accessible business contact data is processed and no special categories of personal data within the meaning of Art. 9 GDPR are involved.

6. Scope of Data Processing

We process in particular the following categories of personal data:

  • Contact details (name, email address, phone number)
  • Business and registration data
  • Booking and contract information
  • Communication content
  • Technically required access data (server log files)
  • Publicly accessible location and address data

Processing is carried out exclusively to the extent necessary.

7. Aggregation of Public Business Data

In the course of platform operations, publicly accessible information on tourist and fishing-related businesses is processed and consolidated, in particular from:

  • public registers,
  • official data sources,
  • publicly accessible websites of the respective providers.

Only factual, business-related information is processed. No private or sensitive personal data is processed.

8. Server Log Files

When our website is accessed, the following data is automatically collected:

  • IP address
  • Date and time of the request
  • Browser type and version
  • Operating system
  • Referrer URL

Processing is carried out to ensure system security and stability on the basis of Art. 6(1)(f) GDPR.

Server log files are generally deleted after no more than 14 days, unless security-relevant events require longer retention.

9. Disclosure of Data

Personal data is only disclosed to third parties where:

  • this is necessary for the performance of a contract,
  • a legal obligation exists,
  • consent has been given.

Providers act as independent controllers within the meaning of Art. 4(7) GDPR.

User data is only transmitted to providers for the purpose of processing specific enquiries or bookings.

10. Hosting and Data Processing Agreements

Our platform is operated on infrastructure within the European Economic Area (EEA), in particular in data centres of:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

A data processing agreement in accordance with Art. 28 GDPR has been concluded with the hosting provider.

11. Cookies

We use exclusively technically necessary cookies that are required for the operation of the platform.

The legal basis is Art. 6(1)(f) GDPR.

No tracking for marketing or advertising purposes takes place.

12. Retention Periods

Personal data is deleted as soon as the purpose for which it was stored no longer exists and no statutory retention obligations apply.

Aggregated business data is regularly reviewed and updated.

13. Rights of Data Subjects

You have the right to:

  • access pursuant to Art. 15 GDPR
  • rectification pursuant to Art. 16 GDPR
  • erasure pursuant to Art. 17 GDPR
  • restriction of processing pursuant to Art. 18 GDPR
  • data portability pursuant to Art. 20 GDPR
  • objection pursuant to Art. 21 GDPR

To exercise your rights, an informal message to the contact details above is sufficient.

14. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority within the European Economic Area.

The competent authority for SeaSpots AS is:

Datatilsynet (Norwegian Data Protection Authority)
Tollbugata 3
0152 Oslo
Norway
https://www.datatilsynet.no

15. Automated Decision-Making

No solely automated decision-making within the meaning of Art. 22 GDPR takes place.

16. Amendments to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in the legal framework or technical developments.

The current version is always available on this website.