top of page

Privacy Policy

Last updated: 13/09/2025

 

This privacy policy explains how Johs. H. Giæver AS, the company operating www.lyngen-havnnes.no, collects, uses, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR). The website offers booking services and an online shop for products and experiences connected to Havnnes Handelssted.

 

 

1. Controller

 

Johs. H. Giæver AS

Company number: NO 940 315 468 MVA

Mor Lyngs Plass 1, 9159 Havnnes, Norway

Email: office@giaever.net

 

 

2. Data we collect

 

We collect and process the following categories of personal data:

 

  • When making a purchase or booking: name, email, phone number, address, order and payment details.

  • When contacting us: name, email, and the content of your enquiry.

  • Automatically through cookies and technology: IP address, browser type, device details, language settings, and usage patterns on the website.

  • CCTV: video recordings in signposted areas at Havnnes Trading Post (see section 10).

 

 

3. Purposes and legal bases

 

We use personal data for the following purposes:

 

  • To deliver services and manage bookings and orders, including payment and customer support.

    – Legal basis: GDPR Art. 6(1)(b) (contract) and Art. 6(1)(f) (legitimate interests).

  • To comply with legal obligations, such as accounting and tax regulations.

    – Legal basis: GDPR Art. 6(1)(c).

  • For site operation, security, troubleshooting and statistics to improve our website and services.

    – Legal basis: GDPR Art. 6(1)(f) (legitimate interests).

  • For marketing and remarketing through email campaigns, Google Analytics and Facebook Pixel, only with your consent.

    – Legal basis: GDPR Art. 6(1)(a) (consent).

  • For CCTV monitoring to prevent and document accidents, theft and vandalism, and to protect listed buildings.

    – Legal basis: GDPR Art. 6(1)(f) (legitimate interests). A balancing test has been carried out.

 

 

4. Cookies, analytics and tracking

 

Our website uses cookies for essential functionality and, subject to your consent, for analytics and marketing.

 

  • Essential cookies always run for security and proper site operation.

  • Analytics and marketing cookies only run with your explicit consent via our cookie banner (Wix Privacy Centre with “Accept all” / “Decline all”).

 

We use the following third-party tools:

 

  • Google Analytics 4 (GA4):

    – Runs only after consent.

    – IP anonymisation is enabled by default.

    – Features requiring consent (Google Signals, ad personalisation) are off unless you opt in.

  • Meta (Facebook) Pixel:

    – Tracks visits and user interactions on our site for advertising and remarketing purposes.

    – Data is shared with Meta Platforms Ireland Ltd. (processor/controller).

    – Transfers to the US may occur. These are safeguarded through Standard Contractual Clauses (SCCs).

 

You can withdraw or change your cookie choices at any time via Cookie settings.

 

 

5. Recipients and third-party services

 

  • Wix.com Ltd.: provider of the website, booking system and online store (processor).

  • Stripe, Inc.: payment processor (processor) for purchases made directly on our website. Stripe receives the necessary transaction and payment details.

  • Google Ireland Ltd.: provider of Google Analytics (processor).

  • Meta Platforms Ireland Ltd.: provider of Facebook Pixel (joint controller/processor). Data may be transferred to Meta Platforms, Inc. in the US under SCCs.

  • Third-party booking platforms: If you book accommodation or experiences via Booking.com, Expedia or Airbnb, these providers act as independent controllers under their own privacy policies.

  • Public authorities: where required by law.

 

6. Data retention

 

  • Orders and accounting data: stored for at least 5 years in accordance with bookkeeping rules.

  • Customer communications: up to 24 months after your last contact, or shorter if you request deletion.

  • Accounts/inactive users: deleted or anonymised after 12 months, unless legal obligations require longer storage.

  • CCTV recordings: event-based only. Where no motion or people are detected, recordings are deleted immediately. Footage linked to incidents is kept only as long as necessary and may be shared with police or insurers if lawfully required.

 

 

7. Your rights

 

You have the right to:

 

  • Request access to the data we hold about you.

  • Have incorrect or incomplete data rectified.

  • Request deletion (“right to be forgotten”).

  • Request restriction of processing or object to processing.

  • Receive your data in a portable format.

  • Withdraw consent, for example for marketing or cookies.

 

Requests should be sent to office@giaever.net.

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (www.datatilsynet.no).

 

 

8. Security

 

We protect your data with technical and organisational measures, including HTTPS encryption, access controls and data processing agreements with our service providers. In the event of a data breach that poses a risk to your rights, we will notify both you and the relevant authorities as required by GDPR.

 

 

9. Children

 

Our services are not directed at children under 13, and we do not knowingly collect personal data about children.

 

 

10. CCTV at Havnnes

 

As a safety measure, CCTV is used in selected areas at Havnnes Trading Post.

 

  • Scope: only signposted areas with higher risk (e.g., quay, technical installations).

  • Operation: event-based recording only. If no motion or people are detected, recordings are deleted immediately.

  • Retention: incident recordings are kept only as long as necessary.

  • Access: limited to authorised staff. Footage is disclosed only on lawful grounds (e.g., police or insurers).

  • Technology/vendor: TP-Link Tapo cameras. See the TP-Link Tapo Privacy Policy for details on device/telemetry data and optional cloud services.

  • Rights: you can request access to footage concerning you. Provide date, time and location to help us locate clips. Third parties will be masked where appropriate.

 

Legal basis: GDPR Art. 6(1)(f) (legitimate interests). A balancing test has been carried out, and signage is in place.

 

 

11. Changes

 

We may update this Privacy Policy when necessary. Material changes will be published on the website, and you will be notified where legally required.

 

 

12. Contact

 

For questions or requests regarding your data:

Johs. H. Giæver AS

Email: office@giaever.net

PO Box 1, 9159 Havnnes, Norway

Only the Norwegian version of this privacy policy is legally binding. This English version is provided for informational purposes only.

bottom of page