Privacy at Fjord Line
We respect and protect your privacy and personal data. Here we tell you how Fjord Line collects and uses personal data.
1.Introduction
Fjord Line AS (“Fjord Line”) is a responsible company that understands that your personal data must be processed in a safe and secure manner, in accordance with applicable privacy laws.
The policy contains information you may demand when data is collected from our websites (Section 19 of the Personal Data Act) and general information on how we process personal data (Section 18, 1st paragraph of the Personal Data Act).
You will find the company’s address and contact information at the bottom of this page. This privacy policy applies to the website www.fjordline.com and our other independent distribution channels.
2.Data controller
At Fjord Line the CEO is the data controller for the company’s processing of personal data. The basis for processing is unless otherwise specified your consent as a visitor/customer.
3.Cookies
Our website, www.fjordline.com, uses cookies. Cookies are small text files that our website stores on your computer for among other things to improve user-friendliness, navigation, and analytical capacity.
We use four different types of cookies on our website:
3.1Required cookies
These cookies are absolutely necessary for the pages on the website to work properly. Without these cookies, we cannot guarantee that you can navigate through the website, search and book ferry tickets or log in to your Fjord Club profile.
3.2Functional cookies
To improve the usability on www.fjordline.com, we use cookies that “remember” the choices you make on our site. This can be, for example, the preferred port of departure, which article topics you read most and which products you are most interested in.
3.3Analysis cookies
As an important part of the effort in creating a user-friendly website, we look at the user browsing pattern of those who visit the site. In order to analyse the information, we use the analytics tool, Google Analytics.
Google Analytics uses cookies that detect users’ IP addresses, which provide information about the online movement of the individual user. Examples of the answers that the statistics provide are : how many people visit different pages, how long the visit lasts, which websites the users are coming from and what browsers are used. None of the cookies allow us to link information about your use of the website to you as an individual.
The information collected by Google Analytics is stored on Google’s servers in the USA. The information received is subject to Google’s privacy policy.
Our website uses Microsoft Clarity, a web analytics service provided by Microsoft Corporation, to collect information about how users interact with our website. Microsoft Clarity uses cookies and other tracking technologies to collect data such as user behaviour, click patterns, navigation paths and other information related to the user’s experience on our website. This information helps us to analyse and understand how users use our content, identify areas for improvement and improve the overall user experience.
The data collected via Microsoft Clarity is aggregated and anonymised. It does not identify individual users and is only used to improve the performance and usability of the website.
3.4Advertising cookies
These cookies are used to show you ads that may be relevant to you on other websites you visit. They are placed on our website by third party ad networks (Facebook, Google, Schibsted, Amedia, etc.), on behalf of us and with our permission.
Examples of information used by these cookies are the preferred port of departure, article topics you like and which products you are most interested in.
Our website utilizes the Salesforce Collect Code, to gather data about visitor interactions. This technology helps us understand how visitors use our site, enabling us to enhance user experiences, personalize content, and improve our services.
3.5Consent to use of cookies
When you visit www.fjordline.com, you give consent to us using the cookies mentioned above.
3.6How to manage cookies in your browser
You can read on www.aboutcookies.org.uk about setting your browser to accept/reject cookies, and get tips for a more secure use of the Internet.
4.Collection of personal data
4.1What is personal data?
Personal data is any form of information that is directly or indirectly attributable to a natural person. Examples of personal data are: name, date of birth, address, e-mail address and phone number.
4.2Personal data collected
Fjord Line collects personal data in several ways. First and foremost, in direct dialogue with you as a customer. The collection is based on consent, or as part of the fulfilment of the contractual obligations we conclude when booking travel and other products by us.
4.2.1When booking travel
When you book a trip with Fjord Line, we collect personal data about the travelling companions in order to complete the booking.
Main traveller
We collect the following information about the main traveller (the person who books and pays for the trip): name, address, mobile number, e-mail address, date of birth, gender and nationality. In connection with booking, we also collect the payment information for the main traveller.
Travelling companion
If there are several people in the travel party (including children), we collect the following information about them: name, nationality, date of birth and gender.
Fjord Club members
If the main traveller or others in the travelling party is a member of Fjord Club, this can be added to the booking. If you want to get Fjord Club benefits, the membership number must be registered. See terms and conditions for Fjord Club.
Non-Nordic citizens
If the main traveller or others in the travelling party is a non-Nordic citizen, we are required by the Norwegian authorities to collect the passport number of such individuals.
Some destinations/products
Some destinations/products require the authorities to obtain a passport number. Passport numbers can be shared with them in these cases.
Specifically regarding disability
If the main traveller or others in the travelling party have special needs in connection with disability, this is recorded in the booking to provide possible assistance if required. Please note that information given in connection with the booking of travel regarding disability is deleted in its entirety after the journey has ended.
4.2.2In the event of personal contact
We collect personal data from you when you contact us by e-mail, chat, phone, or other means. First and foremost, we collect personal data that is required to handle your inquiry.
This is often information such as name and booking number. Depending on how you choose to contact us, we can also collect contact information such as e-mail address and phone number.
In the event of personal contact, we also collect other personal data that you choose to disclose. This may include information regarding disability, allergies, state of health or other information about you or others in the travelling party.
4.2.3When registering membership in Fjord Club
Information about which personal data is collected in connection with membership of the Fjord Club, as well as its processing can be found on the page ”Fjord Club terms and conditions” under chapter 6.
4.2.4When using Fjord Line’s websites
When using Fjord Line’s websites or other Fjord Line digital services, we collect information about your use. We also collect information about how you navigate, which searches you make and what pages, products, and articles you’re interested in.
If you are logged in as a Fjord Club member or provide information that enables us to identify you, we link information about your user browsing pattern to the other information we have about you.
We do this to provide you with the best possible user experience, and to provide us with a picture of what interests you have for marketing purposes.
5.Storage and processing of personal data
Fjord Line processes personal data in accordance with existing Norwegian legislation. Personal data can be processed to complete the travel agreement on the grounds that the information is required to fulfil legal obligations, or with the consent of the individual.
5.1Travel Administration
In order to provide the services you book through Fjord Line, we use your personal data for various purposes. The information is used to create travel documents, to manage hotel stays when a booking travel package, and for payment of the services you have booked.
If you have booked a travel package, the data is used in a similar manner in order to deliver these services. If you have ordered other services, such as entrance tickets to theme parks, concert tickets or the like, the data is also used in a similar manner in order to deliver these services.
Administration of your trip also includes the use of your data for accounting, settlement and audit, credit or other payment card checks, immigration and customs control.
When you have booked a trip with us, we use your personal data to send booking confirmation, important information about the trip, and information about relevant offers for the trip in question if consent to this is given when booking. Such mailings will be sent to the e-mail address that you provide when booking.
Before and during the trip, we send you important information via SMS to the mobile number provided in connection with the booking. This can for example be information about changes, delays and cancellations.
5.2Contact with the customer service centre
If you contact our customer service centre by e-mail, chat, phone or in person at one of our booking offices, we use your personal data to provide you with the best possible service and to answer questions or address complaints.
We use your name and booking number to identify you and your trip. We use your contact information, such as e-mail address and phone number, to contact you in connection with questions and inquiries.
5.3Marketing and personalisation
Customer data can be used by Fjord Line for marketing purposes.
If you are a member of Fjord Club and thus subscribe to our newsletter, we use your personal information to send you the newsletter and to customise the content of the newsletter to you. Such information includes e-mail address and information about travel history, usage patterns and preferences. By using this information, we can provide you with the offers that we think you are most interested in and benefit from.
On Fjord Line’s websites, we use information about our users for personalisation among other things. This means that we use the information we have collected about you and your use of our services to determine how the content of the site appears when you visit us. Such adaptation can, for example, mean that we save and display information about destinations you’ve searched previously on our webpages, language preferences, and that we show ads and offers that we think suit you and your wishes.
5.4Statutory requirements and provisions
We process your personal information to comply with statutory requirements and provisions, such as connected to security and accounting.
Fjord Line may be required to disclose personal data to authorities, such as police and customs in accordance with various laws. Such authorities have access to the passenger manifest through National Single Window Safe Sea Net, administered by the Norwegian Coastal Administration.
If we are to disclose such information, it is a requirement that a written request, referring to the applicable legal basis of the Extradition Act, is sent to Fjord Line. A demand for the extradition of the personal data must be submitted with the request.
5.5Storage locations
In order to safeguard the security, stability and regularity of our services, Fjord Line utilises subcontractors in their data processing. The use of subcontractors is regulated through data processor agreements with the individual supplier. Fjord Line exclusively uses suppliers that have their data centres within the EU/EEA area and are subject to European data protection legislation.
5.6Period of retention
Fjord Line adheres to good practice and does not retain personal data longer than what is required to fulfil the aim of the processing. If the processing is based on consent, it will be clearly stated in each consent as to how long the relevant personal data is stored.
- Member and travel information related to Fjord Club members are stored for 3 years – calculated from last registered activity.
- Travel information/history and written customer enquiries are linked to your customer profile and stored as long as the customer relationship is active, and consent is given.
- Data relevant for accounting records are stored for 5 years from the date of transaction.
5.7Consent
Consent for the collection, processing and disclosure of personal data will in some cases be indirect or implied based on the activity or transaction in which you have provided us with such personal data.
We have, since it is required by law, adapted an “accept” policy to obtain consent in connection with direct marketing and newsletters. This applies for instance when joining Fjord Club.
5.8Processing of IP Addresses
In our commitment to maintaining the integrity and security of your personal data, we store IP addresses as part of our data processing activities.
Whenever you make changes to your personal information on your account page, your IP address is recorded and stored alongside these changes. This practice is vital for substantiating who has made specific alterations to the account, ensuring the accuracy and legitimacy of the data. Additionally, for completed orders, we retain the IP address associated with the order as part of its metadata for a period of up to 30 days. This helps in verifying transaction authenticity and enhances security.
For our club members, the IP addresses linked to changes on their personal account pages are retained for as long as they remain members of our club. This process is a crucial part of our commitment to protecting your account and personal information from unauthorized access or alterations, aligning with our dedication to uphold the highest standards of data security and privacy.
6.Disclosure of personal data
Your personal data will only be disclosed to a third party with your permission or when it is necessary for us to fulfil the contractual obligations we have towards you. Fjord Line does not sell personal data to others.
We may for instance use a service provider to perform technical services, administrative services, marketing services or other services on our behalf, and share your data with the
appropriate service provider.
Our suppliers include accommodation (when ordering package deals), Salesforce (marketing Fjord Club members), Kantar TNS (customer surveys), Google (marketing), Facebook (marketing), Amedia (marketing), Schibsted (marketing) and Carus Ab (booking system). They also include authorities like the police and Norwegian Customs (upon request).
7.Personal Data and Security
Fjord Line uses several forms of security to protect personal data against unauthorised access, use or transfer.
For example, we store the personal data you provide in data centres with physical security and access control. We use well-known encryption technologies in connection with data transfer, and we only provide relevant staff access to systems containing personal data.
As a part of our safety work, we also test our security mechanisms on a regular basis.
8.Right of access to information
Section 18 of the Personal Data Act grants you the right to see what personal data we have about you. You may request access to this information by contacting us as described below. You can get access to the personal data stored about you as described above.
9.Contact
If you would like to contact us to find out what personal data we are in possession of, to correct errors or to request deletion of data, please contact by e-mail or send a letter to the address below with a copy of your ID (driving license/passport):
Fjord Line AS
Elganeveien 1
4370 Egersund
Norway
10.Authentication Management
10.1Use of Keycloak for Authentication
To enhance the security and integrity of your data, Fjord Line utilizes Keycloak, an open-source identity and access management tool, for authenticating and managing access to your account when you log in to “My Page” and our “Customer Club”.
10.1.1Data Collection and Purpose
Keycloak helps us securely manage your login credentials and authentication data, which includes:
- Username and Password: Essential for securing your account access.
- Authentication Logs: Includes data such as timestamps and IP addresses, which helps monitor and protect against unauthorized access.
The primary purpose of collecting this data is to authenticate users and to ensure a secure user experience across our digital platforms.
10.1.2Data Processing and Security
All personal data processed through Keycloak is handled in compliance with GDPR and applicable privacy laws. We implement stringent security measures such as data encryption and controlled access to safeguard your information.
10.1.3Data Retention
Authentication-related data is retained for a period of 30 days. After this period, it is securely deleted from our systems in accordance with our data retention policies.
10.1.4Social Platform Logins
If you choose to log in using a social platform such as Google Sign-in or Facebook, we will store your first name, last name, and email address in our database. This data is retained until it is deleted, in line with our data retention and deletion policies.
10.1.5Third-Party Access
Keycloak data is managed internally and is not shared with third parties unless necessary to provide required services, under strict data protection agreements that meet GDPR standards.
10.1.6User Rights
You retain full rights over your personal data, as provided under GDPR, including the rights to access, correct, and request the deletion of your data. For any concerns or requests regarding your data, please refer to the contact information provided in Section 9.