GDPR and privacy

Handling of personal data and cookies

Privacy Policy, OsloBuss

This Privacy Policy describes how OsloBuss processes your personal data when you are in contact with us, travel with us or use our services. It also describes how we ensure that the processing of personal data is carried out responsorably and in accordance with applicable legislation (The Personal Data Act and gdpr)

(last updated 1 March 2021)


1. INTRODUCTION

OsloBuss is responsible for the processing of personal data carried out by ourselves or by others on our behalf. This means that we determine the purpose and means of processing personal data, i.e. why we process your data and how we process it. We mainly process your personal data when you:

  • Communicating with us
  • Travelling with us
  • Visit our websites, our social media platforms or use our applications

Your personal data is important to us. We are therefore concerned that the personal data collected about you is stored and processed in a safe and secure manner, and in accordance with applicable data protection laws.


2. OUR PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
  • We shall process personal data in a lawful, fair and transparent manner.
  • We shall only collect personal data relevant to our customers' travel and customer relationships with us.
  • We do not collect more personal data than necessary.
  • Personal data that we have collected shall be up to date and correct.
  • Personal data that we have collected shall be deleted when it is no longer needed.
  • Personal data that we have collected shall be treated confidentially.
  • We never sell personal data to third parties.
  • Our customers have the right to gain access to personal data related to their customer relationship. They should be able to obtain a copy of these and may choose to delete them from our systems.


3. HOW DO WE PROCESS YOUR PERSONAL DATA

Personal data is any information that is directly or indirectly (i.e. together with other information) can be linked to you, e.g. name, photo, social security number and IP address.


3.1 For what purpose do we process your personal data

We process your personal data in accordance with applicable laws. This means that each treatment has a so-called legal cause. Most treatments are carried out in order for us to provide services, carry out services and charge for the services. If we process your personal data for a purpose that will require your consent, we will request this before commencement of the processing


3.2 When you visit our websites or our social media platforms

When you visit our websites or our social media platforms, we process:

  • Information that you provide to us, e.g. name and contact details.
  • Information about your visits to our website, via so-called cookies. For more information on how we use cookies, see section 3.

We process your personal data to:

  • Make available, maintain, test, improve and develop our social media websites and platforms.
  • Send offers, reports and press releases when you choose to subscribe to such.


3.3 When communicating with us

When you otherwise communicate with us, e.g. through our customer service or our switchboard, we process information that you provide to us, e.g. your name, contact details and information about your inquiry.

We process your personal data to provide good customer service, provide services, find errors and handle any complaints.

3.4 When we have an obligation under the law

In certain cases, we also process your personal data when we are obligated by law, e.g. due to accounting rules, or in cases where there is a traffic accident and there is a damage settlement.

3.5 How long do we store your personal data?

Your personal data is stored only for as long as it is necessary to achieve the purpose of processing, or for as long as we must store it in accordance with the law. Then they are deleted according to our delete routines.

3.6 To whom can we disclose your personal data

We may disclose your personal data to the following recipients:

  • Some of the companies within the same group
  • External partners (e.g. other bus companies performing a trip on our behalf)
  • Other recipients when required by law, other constitution or government decision.

Companies that handle personal data on our behalf shall always enter into a so-called data processing agreement with us, for the purpose of ensuring a high level of security for your personal data with our partners and suppliers.

If we use partners and suppliers outside the EU/EEA, we take special security measures, e.g. we sign agreements that include the standardised data transfer model clauses adopted by the European Commission and found available on the European Commission's internet site.


3.7 How we protect your personal data

We protect your personal data with technical and organizational security measures. For example, it is forbidden for all employees who have access to personal data to disseminate the information further. Most systems also include access restrictions, so that as few people as possible have access to information.


4. COOKIES

We use cookies on our website. A cookie is a small text file that is placed on your pc to, for example, help certain features, such as navigation on the homepage. We also use cookies to collect statistics on the number of visitors to our pages, analyse visitor patterns and improve the functionality of the website and the user's experience of the pages. This information allows us to develop and optimize our websites.

The information collected via cookies on our website is used only for OsloBuss's purposes, i.e. not for third party purposes. Cookies are sometimes used to collect information that is considered to be personal data, such as IP addresses and information connected to the IP address, but no personal data that leads directly to you as a person.

Cookies can either be deleted automatically when you close your browser (so-called "session cookies"), or they are stored on your computer to help with future visits to the website (so-called "permanent cookies"). Also permanent cookies should be removed automatically after a certain specified time.

If you do not accept the use of cookies, your browser may be set so that it automatically refuses to store cookies, or informs you every time a website requests to store a cookie. Through the browser, previously stored cookies can also be deleted. If your browser refuses cookies, it may limit the functionality of the website.


5. YOUR RIGHTS

In accordance with the applicable Personal Data Act, you have the right to access, rectification and deletion of personal data. You also have the right to object to our processing and lodge a complaint with the supervisory authorities. Certain rights apply only in certain situations, if, for example, we have a requirement under the law to store a certain information, then we cannot delete it.

If you would like to exercise any of these rights, or know more about our processing of your personal data, please contact us via post@oslobuss.no. If you consider that our processing of your personal data does not take place in accordance with data protection legislation, you may also complain to the Data Protection Authority, which is the supervisory authority of the Norway.