PRIVACY POLICY
(GDPR – EU Regulation 2016/679)
Last updated: 31 December 2025
Alshemal Norway (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and Norwegian data protection law.
1. Data Controller
Company:
Alshemal Norway (part of Norveya AS)
Address:
[Storgata 150], [9008] Tromsø, Norway
Organization Number:
[933773205]
Email:
post@alshemalnorway.com
2. Personal Data We Collect
We collect only the personal data necessary to operate tours safely and efficiently. This may include:
- Full name
- Email address
- Phone number (including WhatsApp contact)
- Booking reference and tour details
- Pickup location
- Clothing size (thermal suits)
- Dietary restrictions, allergies, or health-related information
- Photos and videos captured during tours (with consent)
Special Category Data (GDPR Article 9)
Dietary restrictions, allergies, or health-related information may constitute
special category (health) data.
By voluntarily providing this information, the guest gives
explicit consent
for us to process it
solely for safety, dietary, and operational purposes
during the tour.
3. Purpose of Processing
Personal data is used strictly for:
- Processing bookings and payments
- Tour coordination and pickup communication
- Safety and operational communication
- Sending essential tour updates
- Photo delivery after the tour
- Customer support
- Legal, accounting, and regulatory obligations
We do not sell or rent personal data.
4. WhatsApp & Messaging Communication
By providing a phone number, guests consent to being contacted via WhatsApp or SMS for:
- Pickup coordination
- Tour timing updates
- Safety-related communication
- Photo delivery links
WhatsApp is used
only for operational communication, not marketing, unless explicitly requested by the guest.
Guests may request to change communication channels at any time.
5. Legal Basis for Processing (GDPR Article 6)
We process personal data under the following legal bases:
- Contractual necessity – to deliver the booked service
- Legitimate interest – safety, logistics, customer support
- Consent – photo usage and optional communication
- Legal obligation – accounting and regulatory compliance
6. Data Retention
- Booking and communication data is stored securely
- Tour photos are stored temporarily for delivery
- Photos are deleted or anonymized no later than 6 months after the tour, unless earlier deletion is requested
- Personal data is retained only as long as necessary for its purpose
7. Data Sharing
Personal data may be shared only with:
- Booking platforms (e.g. Bókun, Viator, GetYourGuide)
- Payment processors
- Authorities where legally required
We do not share data beyond what is necessary.
8. International Data Transfers
Some service providers may process data outside the EEA.
Where this occurs, we rely on
GDPR-approved safeguards, including
Standard Contractual Clauses (SCCs)
and
Data Processing Agreements (DPAs).
9. Internal Data Sharing – Norveya AS
Alshemal Norway operates as part of Norveya AS, which manages multiple brands, including AuroraTime.
Personal data may be shared internally within Norveya AS for legitimate operational purposes such as:
- Booking management
- Tour operations
- Customer communication
- Photo delivery
- Safety, quality control, accounting, and compliance
All internal processing follows GDPR principles.
10. Stripe Climate Contributions (Privacy Notice)
A carbon removal contribution may be added to bookings through Stripe Climate.
- Contributions are processed directly by Stripe
- Alshemal Norway does not control project selection
- Funds are committed immediately and are non-refundable
- The contribution is not a charitable donation to Alshemal Norway
11. Analytics, Cookies & Conversion Tracking
Our websites use analytics and tracking tools to measure traffic and conversions and improve performance.
Tools may include:
- Google Analytics (GA4)
- Google Tag Manager
- Booking system conversion tracking (e.g. Bókun)
Cookie Consent
Non-essential cookies (analytics and marketing) are
only activated after user consent
via our cookie banner.
Users may accept, reject, or withdraw consent at any time.
12. Your Rights Under GDPR
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion
- Withdraw consent
- Restrict or object to processing
- Request data portability
Requests: post@alshemalnorway.com
Supervisory Authority:
Datatilsynet
P.O. Box 458 Sentrum
0105 Oslo, Norway
13. Data Security
We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.
14. Acceptance
By booking a tour or communicating with us, you acknowledge and accept this Privacy Policy.
15.Aurora RAW Photo Archive – Privacy & Data Handling
1. Data Collected
For subscription access, we may collect:
- Name and email address
- Payment status (handled by Stripe)
- Access logs related to archive usage
We do not sell or share personal data.
2. Payment Processing
All payments are processed securely by
Stripe.
Alshemal Norway does
not store full payment details.
3. Archive Access & Security
- Access is provided via a private, secured cloud folder
- Access credentials are unique and non-transferable
- Unauthorized sharing may result in access termination
4. Personal Data in Images
The Aurora RAW Photo Archive is nature-focused.
Images:
- Primarily feature landscapes, sky, and environment
- Do not intentionally include identifiable individuals
- Any human presence is incidental and non-identifiable
5. Data Retention
Subscriber data is retained only:
- For account management
- Legal and accounting obligations
- Service operation purposes
You may request data deletion after subscription termination, subject to legal requirements.
6. Subscriber Responsibility
By accessing the archive, you agree to:
- Handle files responsibly
- Respect copyright and privacy boundaries
- Use content ethically and lawfully
7. Policy Updates
These terms may be updated to reflect:
- Legal requirements
- Platform changes
- Service evolution
Updates will apply
prospectively, not retroactively.