GDPR and privacy
(last updated 1 March 2021)
OsloBuss is responsible for the processing of personal data carried out by ourselves or by others on our behalf. This means that we determine the purpose and means of processing personal data, i.e. why we process your data and how we process it. We mainly process your personal data when you:
Your personal data is important to us. We are therefore concerned that the personal data collected about you is stored and processed in a safe and secure manner, and in accordance with applicable data protection laws.
Personal data is any information that is directly or indirectly (i.e. together with other information) can be linked to you, e.g. name, photo, social security number and IP address.
3.1 For what purpose do we process your personal data
We process your personal data in accordance with applicable laws. This means that each treatment has a so-called legal cause. Most treatments are carried out in order for us to provide services, carry out services and charge for the services. If we process your personal data for a purpose that will require your consent, we will request this before commencement of the processing
3.2 When you visit our websites or our social media platforms
When you visit our websites or our social media platforms, we process:
We process your personal data to:
3.3 When communicating with us
When you otherwise communicate with us, e.g. through our customer service or our switchboard, we process information that you provide to us, e.g. your name, contact details and information about your inquiry.
We process your personal data to provide good customer service, provide services, find errors and handle any complaints.
3.4 When we have an obligation under the law
In certain cases, we also process your personal data when we are obligated by law, e.g. due to accounting rules, or in cases where there is a traffic accident and there is a damage settlement.
3.5 How long do we store your personal data?
Your personal data is stored only for as long as it is necessary to achieve the purpose of processing, or for as long as we must store it in accordance with the law. Then they are deleted according to our delete routines.
3.6 To whom can we disclose your personal data
We may disclose your personal data to the following recipients:
Companies that handle personal data on our behalf shall always enter into a so-called data processing agreement with us, for the purpose of ensuring a high level of security for your personal data with our partners and suppliers.
If we use partners and suppliers outside the EU/EEA, we take special security measures, e.g. we sign agreements that include the standardised data transfer model clauses adopted by the European Commission and found available on the European Commission's internet site.
3.7 How we protect your personal data
We protect your personal data with technical and organizational security measures. For example, it is forbidden for all employees who have access to personal data to disseminate the information further. Most systems also include access restrictions, so that as few people as possible have access to information.
The information collected via cookies on our website is used only for OsloBuss's purposes, i.e. not for third party purposes. Cookies are sometimes used to collect information that is considered to be personal data, such as IP addresses and information connected to the IP address, but no personal data that leads directly to you as a person.
Cookies can either be deleted automatically when you close your browser (so-called "session cookies"), or they are stored on your computer to help with future visits to the website (so-called "permanent cookies"). Also permanent cookies should be removed automatically after a certain specified time.
In accordance with the applicable Personal Data Act, you have the right to access, rectification and deletion of personal data. You also have the right to object to our processing and lodge a complaint with the supervisory authorities. Certain rights apply only in certain situations, if, for example, we have a requirement under the law to store a certain information, then we cannot delete it.
If you would like to exercise any of these rights, or know more about our processing of your personal data, please contact us via firstname.lastname@example.org. If you consider that our processing of your personal data does not take place in accordance with data protection legislation, you may also complain to the Data Protection Authority, which is the supervisory authority of the Norway.