APOLLO PRIVACY NOTICE FOR BUSINESS PARTNERS
1 INTRODUCTION
DER Touristik Nordic AB (Norway), org.nr 980 061 299 (“Apollo”, “we”, “our” or “us”), cares about protecting your privacy. We are committed to being as transparent as possible when processing your personal data. We may process your personal data to contact you in the course of our business activities or other activities by post, telephone, e-mail or online. With this privacy notice (“Privacy Notice”), we would like to inform you about the scope and purpose of the processing as well as your rights as a data subject.
Throughout this Privacy Notice, the term “processing” is used to cover all activities involving your personal data, including e.g., collecting, handling, storing, sharing, accessing, using, transferring, and disposing of your personal data.
“Applicable Data Protection Laws” means all legislation and regulations, including regulations issued by relevant supervisory authorities, protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data that from time to time apply to this Privacy Notice, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) as well as laws and regulations supplementing the GDPR.
“Personal data” means any information relating to an identified or identifiable natural person.
If you have any questions or concerns, please contact us at [email protected].
2 WHO IS THE DATA CONTROLLER FOR THE PERSONAL DATA?
DER Touristik Nordic AB (Norway), org.nr 980 061 299, Postboks 339 Sentrum, 0101 Oslo, Norway, is the data controller for the processing of your personal data as described in this Privacy Notice.
3 FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data:
· Directly from you. We collect information about you that you provide when you email, call or otherwise contact Apollo. This can be information about you or about other people.
· From other sources. We collect information from third parties who provide personal data about you or other people, for example if someone else has been in contact with us on your behalf. We assume that the person providing the information has your consent to provide the personal data to Apollo.
You can always choose not to provide us with voluntary information. However, some personal data is necessary for us to provide you with some of our services. Not providing such personal data may prevent us from providing some of our services to you or performing what you expect from us.
4 WHY DO WE PROCESS YOUR PERSONAL DATA?
4.1 Establishing contact within the scope of a business relationship
We will process your personal data for the initiation or implementation of a business relationship. The provision of personal data for the purpose of entering into a business relationship is voluntary. However, your provision of your contact data might be necessary for the initiation and fulfilment of a contract with you.
Categories of personal data
· Contact data (name, address, telephone number and e-mail address)
· Communication data (e.g. correspondence by e-mail)
· Location data, if applicable (IP address)
Legal basis
Legitimate interest. The legal basis for the processing of your personal data which we receive directly from you, or from a business partner who has named you as a contact person, is based on our legitimate interest to contact our existing or potential business partners.
Contract. If we enter into a contractual relationship with you the legal basis is based on the performance of the contract which we enter into with you.
Retention period
We store your personal data for as long as we have a legitimate interest to maintain a business relationship with you. In addition, your data will be stored for as long as a contractual or statutory retention periods exist for them. No personal data is stored longer than ten (10) years.
4.2 Establishing contact within the framework of our public relations work
We maintain databases with contact details of political, media and press representatives, among others, in order to be able to contact them on relevant issues, events, etc. as part of our public relations work. We also collect contact details from public sources and enter them in our databases.
Categories of personal data
· Contact data (name, address, telephone number and e-mail address)
Legal basis
Legitimate interest. The legal basis for the data processing is based on our legitimate interest to contact political, media and press representatives etc, as part of our public relations work. Our legitimate interest is reinforced by your voluntary provision of your contact details to us (e.g. by handing over your business card or via an online form).
Retention period
We store the data processed by you for as long as we have a legitimate interest to be in contact with you as part of our public relations work. In addition, your data will be stored for as long as contractual or statutory retention periods exist for them. No personal data is stored longer than ten (10) years.
5 RECIPIENTS THAT WE SHARE YOUR PERSONAL DATA WITH
As a general rule, your personal data collected by us will not be disclosed to unauthorised persons. However, in some cases we use service providers to process your personal data including for the purposes of sending emails, chat and have video calls with you. The personal data which we may share with such third parties include:
· contact data (name, address, telephone number and e-mail address),
· communication data (e.g. correspondence by e-mail), and
· location data (IP address).
All service providers have been carefully selected and are subject to data protection agreements with us. The service providers are only given access to your data to the extent and for the period required to provide the services or to the extent that you have consented to the data processing and use.
6 APPROPRIATE SAFEGUARDS FOR TRANSFERS OF PERSONAL DATA OUTSIDE THE EU/EEA
Apollo uses suppliers and third-party providers to process personal data in a matter which includes transfer of personal data to countries outside of the EU/EEA area (so called “third countries”). With these suppliers and partners, Apollo has entered data processing agreements including provisions safeguarding such third country transfers with appropriate safety measures.
Transfers of personal data outside of the EU/EEA area will be processed/performed in accordance with Applicable Data Protection Laws, including the GDPR. Such transfers either rely upon an adequacy decision from the European Commission or legal safeguards through the European Commission’s Standard Contractual Clauses (SSC’s) for transfer of personal data outside of the EU/EEA area, combined with supplementary technological and organisational protection measures including encryption and anonymization/pseudonymization.
Should you have any questions regarding Apollo’s transfers of personal data to countries outside the EU/EEA area, please contact us by using the contact details provided at the end of this Privacy Notice. You are entitled to receive a copy of any documentation demonstrating that appropriate safeguards have been taken to protect your personal data during a transfer to a third country.
To learn more about third country transfers, please read here.
7 YOUR RIGHTS
Under Applicable Data Protection Laws, you have certain rights in relation to the processing of your personal data. We process your personal data to the extent necessary to fulfil your rights. Please submit requests for exercising your rights by contacting us by using the contact details set out below.
You have, under certain circumstances, the right to exercise the following rights:
Access - You may request confirmation whether personal data about you is processed by us and, if that is the case, access your personal data and additional information regarding the operation, such as the purposes of the processing. You are also entitled to receive a copy of the personal data undergoing processing.
Object to certain processing - You have the right to object to the processing of your personal data based on a legitimate interest for reasons which concern your particular situation. In such a situation, we will stop using your personal data where the processing is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary to manage or defend legal claims.
Rectification - You have the right to obtain from us the rectification of inaccurate personal data concerning you.
Erasure - You may have your personal data erased under certain circumstances, such as when your personal data is no longer needed for the purposes for which it was collected.
Restriction of processing - You may ask us to restrict the processing of your personal data to only comprise storage of your personal data under certain circumstances, such as when the processing is unlawful, but you do not want your personal data erased.
Withdrawal of consent - You have the right to at any time withdraw your consent to the processing of personal data to the extent the processing is based on your consent.
Data Portability - You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used, and machine-readable format and ask for the information to be transferred to another data controller (where possible).
Click here to read more about the rights that you have in relation to the processing of your personal data.
8 COMPLAINTS TO THE SUPERVISORY AUTHORITY
In case of any complaints regarding Apollo’s privacy practices, you have the right to lodge a complaint with the competent supervisory authority. For more information, please visit the relevant authority’s website. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection. You can learn more about how to lodge a complaint with the Swedish Authority for Privacy Protection here.
9 CONTACT US
If you have any questions or concerns regarding the processing of your personal data, please contact us by email at [email protected] or by regular mail addressed to:
DER Touristik Nordic AB (Norway)
Att: ”Personvernombud”
Postboks 339 Sentrum
0101 Oslo, Norway
10 CHANGES TO THIS PRIVACY NOTICE
This Privacy Notice is subject to change. You will be adequately notified of any changes to this Privacy Notice unless such changes are non-material or insignificant.
This Privacy Notice was last updated 14 June 2024.