Privacy policy
Updated: 23.11.2020
By virtue of being a property developer, Vulkan Oslo AS is the data controller for personal data processed in connection with our business operations, including for Mathallen. In this regard, we are subject to data protection regulations, see in particular the Personal Data Act and the General Data Protection Regulation (GDPR).
In this privacy policy you will find information about why we process personal data, what personal data is processed, what is the legal basis for the processing and what rights you have that are registered with us.
treatment Responsible
The controller for personal data processed about you is:
Company: Vulkan Oslo AS
Org. number: 986 328 564
If you have any questions related to privacy, you can contact the privacy officer of the Aspelin Ramm group:
Privacy Officer: Christopher Utne
Email: chu@aspelinramm.no
Phone: 40020550
Processing of your personal data – purpose, type of personal data and legal basis
Contract conclusion and ongoing follow-up with tenants
In connection with the conclusion and administration of contracts with tenants, we process the following personal data about our tenants and their contact persons: Name, contact details, customer number and copy of ID. The legal basis for the processing is the agreement (Article 6(1)(b) GDPR) for private tenants and the legitimate interest in communicating with our contractual partners' contact persons (Article 6(1)(f) GDPR) for business customers.
Camera surveillance
To safeguard the property and the safety of those who travel on the property, particularly vulnerable areas are monitored by cameras. In this connection, video images of people who have moved in camera-surveilled zones are processed. The legal basis for the processing is our legitimate interest in safeguarding the property and the safety of those who travel on the property (Article 6(1)(f) of the GDPR).
Access control
In connection with the implementation of access control on the property, the following personal data about those staying in the building is processed: Name and entry and exit passes. The legal basis for the processing is our legitimate interest in ensuring that only employees and residents have access to locked areas, as well as knowing who is on our premises for security reasons (Article 6(1)(f) of the General Data Protection Regulation).
Customer satisfaction
In connection with the implementation of customer satisfaction surveys, the following personal data about those participating in the survey is processed: Name, contact details and satisfaction. The legal basis for the processing is our legitimate interest in investigating customer satisfaction in order to be able to implement measures that provide higher customer satisfaction (Article 6(1)(f) of the General Data Protection Regulation).
Gift card administration
When purchasing a gift card, your payment information is processed. If the gift card is purchased via our website, your name and contact information are also processed. The legal basis for the processing of your personal data is a contract (Article 6(1)(b) of the General Data Protection Regulation).
Administration of tickets and information for events
When purchasing tickets for events organized by Mathallen, the following personal data is processed: Name, contact information and payment information. The legal basis for the processing of your personal data is agreement (General Data Protection Regulation, Article 6, paragraph 1, letter b).
Newsletter
If you wish to subscribe to Mathallen's newsletter, we will process your contact information. The legal basis for the processing of your personal data is consent (Article 6(1)(a) of the General Data Protection Regulation).
Open Wifi
If you choose to use our guest network, you log in by providing your contact information or social media profile. The legal basis for the processing of your personal data is consent (Article 6(1)(a) of the GDPR).
Use of social media
If you follow us on Facebook or Instagram, we process information about your user profile and your comments. The legal basis for processing this information is our legitimate interest in having an effective dialogue with our followers (Article 6(1)(f) of the GDPR).
Website administration
In connection with the operation of our websites, we process your IP address and cookies. See additional information about our use of cookies in our separate cookie statementThe legal basis for the processing of IP addresses is our legitimate interest in having a well-functioning website (GDPR Art. 6 No. 1 Letter f).
Use of cookies
Cookies are linked to our websites. See additional information about this in our separate cookie statement.
Handing out of personal data
Disclosure of personal data will only occur if it is necessary to safeguard
our legal obligations or the purposes described above. This will typically be
to public authorities.
How we protect your information
The protection of personal data and other confidential information is a high priority for us. Our security efforts include physical, technical and administrative measures.
Our security efforts also involve regularly reviewing various factors such as risk exposure, available technology, business needs and legal requirements. This ensures that we have adequate security measures in place at all times to prevent personal data from being compromised.
Use of data processors
We use external data processors to collect, store or otherwise process various types of personal data on our behalf, such as IT providers and website providers. In such cases, a separate agreement is entered into with the relevant data processor to ensure that the processing of the data is in accordance with data protection regulations and our requirements for the processing of personal data.
Data processor is a natural or legal person, public authority, institution or any other body which processes personal data on behalf of the controller. All our subcontractors are located in Europe.
Shelf life
Personal data that we process is only stored for as long as is necessary for the purpose for which it was collected, or until statutory storage requirements cease.
Your rights when processing personal data about you
You may at any time request access to, correction of and, under specific conditions, deletion of the personal data that we process about you. You also have the right to request limited processing, object to processing and request the right to data portability. You can read more about the content of these rights on the Norwegian Data Protection Authority's website: www.datatilsynet.no.
To exercise your rights, or if you have other questions related to our processing of personal data, you can contact our data protection officer.
Handling of personal data breaches
A personal data breach is a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unlawful dissemination of, or access to, personal data that has been transmitted, stored, or otherwise processed. We have clear procedures for handling non-conformities, where our data protection officer must be contacted immediately in the event of a breach or suspected breach. The data protection officer will assess whether or not we are obliged to notify the Norwegian Data Protection Authority.
Complaints
Any complaints about our processing of personal data about you can be directed to the data protection officer.
You can also complain to the Norwegian Data Protection Authority.