1. General information

1.1 Scope of this Privacy Policy

This privacy notice in accordance with Art. 13 GDPR applies to the processing of your personal data when you visit our website including its subpages.

1.2 Responsible for the processing of your personal data

Unless otherwise explicitly regulated in this privacy notice, the person responsible for the processing of your personal data is responsible under the Data Protection Act:

Rutebileiernes Standardiseringsaksjeselskap
Øvre Eikervei 77
3048 Drammen
E-mail: info@rsa.no

1.3 Definitions

This privacy notice is based on the following key privacy-related concepts, which we have presented below for easier understanding:

- GDPR means the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC).

- Recipient is a natural or legal person, authority, institution or other entity to which personal data is disclosed.

- Personal data is any information relating to an identified or identifiable natural person ("data subject"). A natural person is considered to be identifiable if, directly or indirectly, in particular by means of identifiers such as name, identification number, location data, an online identifier or one or more special characteristics, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person can be identified.

- Controller is the natural or legal person, public authority, institution or other entity which alone or jointly with others determines the purposes and means of the processing of personal data.

- Processing of personal data. data processing is any process carried out with or without the aid of automated procedures or a series of such processes in relation to personal data such as collection, recording, organization, structuring, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or otherwise making available, comparison or linking, restriction, erasure or destruction.

2. Processing of your personal data

The following information describes our processing of your personal data (including data, legal basis, recipient, categories, etc.) in situations and for purposes that (may) arise during your visit and use of our website.

2.1 Information use of our website

2.1.1 Accessibility/Security of the website
Processed data (categories):

Purpose and legal basis:

  • Making our website available (legal basis: Art. 6 para. 1, sentence 1, lit. b) GDPR).
  • Ensuring IT security (legal basis Art. 6 Para. 1 S. 1 lit. f) GDPR).

Storage duration:

Server logs are stored in the operating system for a maximum of 7 days. Any log files still contained in the backup systems are deleted after 6 months.

Recipient (categories):

Hosting provider of our website.

2.1.2 Use of Google Fonts

We have integrated Google Fonts on our website. The use of Google Fonts allows us to display our website correctly in all browsers and to implement its typographic design in an appealing way. The integration of Google Fonts takes place locally, i.e. no data is transferred to Google in connection with this.

Purpose and legal basis:

Attractive presentation of the website (legal basis Art. 6 Abs. 1 S. 1 lit. b) and lit. f) GDPR)

2.2 Handling of inquiries

When you fill out a form on one of RSA's websites or via Facebook leads, the inquiry will be stored in RSA's system for handling contact inquiries.

2.2.1 Contact form

Processed data (Categories):

  • Name
  • email
  • Date, subject and text filled in upon request
  • Metadata (can be campaign name and source)

Storage period: 12 months. Resellers are encouraged to delete the inquiry as soon as it has been answered.

Recipient (Categories):

  • Facebook
  • Authorized employees and suppliers who have access to RSA's leads system
  • The dealer that the user has chosen to contact.

Purpose and legal basis:

Answering your request (legal basis: Art. 6 Para. 1 Sentence 1 letter b); Art. 6 para. 1 sentence 1 letter f) GDPR).

2.2.2 Facebook Lead ads

Processed data (Categories):

  • Name
  • email
  • Date, subject and text filled in upon request
  • Metadata (can be campaign name and source)

Storage period: 12 months. Resellers are encouraged to delete the inquiry as soon as it has been answered.

Recipient (Categories):

  • Facebook
  • Authorized employees and suppliers who have access to RSA's leads system
  • The dealer that the user has chosen to contact.

Purpose and legal basis:

Answering your request (legal basis: Art. 6 Para. 1 Sentence 1 letter b); Art. 6 para. 1 sentence 1 letter f) GDPR).

3. Analytics, statistics and plugins

3.1 Website analysis and statistics

General information:

We use Matomo on our website. Matomo does not use cookies and has anonymized IP.

Processed data categories:

IP address (use of the IP address anonymization function "anonymizeIP", where IP addresses are only stored in abbreviated form in Matomo)

Data about usage patterns on the website (e.g. visits, length of stay, etc.)

Purpose and legal basis:

Creation of general, non-personal statistics on the use of our website in order to continuously improve it (legal basis: Art. 6 Abs. 1. S. 1 lit. f) GDPR).

Storage duration:

14 months.

Recipient(s):

- InnoCraft Ltd (NZBN 6106769)

- While 100% of your data and backups are stored securely in Europe, our company is based in New Zealand. New Zealand is one of the few countries the EU considers to have an adequate level of data protection.

- Because no personal data is transferred to third countries, no SCCs are required. This means Matomo Cloud is safe to use in the EU and fully GDPR compliant.

3.2 Use of Mapbox

We offer a map function on our website. Mapbox is integrated into our website for this purpose. The map function is disabled by default, i.e. no data is transferred to Mapbox. If you want to use the map function, you must first activate Google Maps and accept Google's terms of use. This also represents consent under the Data Protection Act to the associated data collection by Google.

Processed data (categories):

- Identifiers

- Commercial information IP address and any other data mentioned in section 2.1.1

- IP

- Location data

Purpose and legal basis:

Provision of the desired map function (legal basis: consent pursuant to § 25 Para. 1 TTDSG; Art. 6 Para. 1 S. 1 lit. b) GDPR for further processing of data).

Storage duration:

There is no storage of data in our area of responsibility. Regarding data storage at Mapbox, please refer to Mapbox's terms of use and privacy notice linked below.

Recipient(s):

Mapbox Inc.

More info:

Mapbox privacy policy

4. Your privacy rights in relation to us

You can exercise the rights described below against us.

4.1 Rights to information, rectification, erasure, restriction of processing and portability of your personal data

In accordance with GDPR, you can ask us to:

- provide you with information about your personal data that we process (Art. 15 GDPR),

- rectify personal data concerning you that is inaccurate (Art. 16 GDPR),

- delete your personal data stored by us (Art. 17 GDPR), restrict the processing (Art. 18 GDPR) and/or release or transfer it (Art. 20 GDPR).

4.2 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data on the basis of our legitimate interests in accordance with Article 6 (1) sentence 1 (f) GDPR.

We will then no longer process your data for this/these purpose(s), unless our legitimate interests prevail or the processing serves to assert, exercise or defend legal claims.

4.3 Enforcing your rights

To exercise the above-mentioned data protection rights towards us, please direct your inquiry, stating your first name and surname, either by email to info@rsa.no or by post to RSA, Øvre Eikervei 77 3048 Drammen.

If you exercise your rights vis-à-vis us, we will again process your personal data collected in this context in order to respond to your request. This data processing is necessary to fulfill legal obligations (legal basis: Art. 6 Para. 1 S. 1 lit. c) GDPR).

5. Complaint to the data protection supervisory authority

Notwithstanding the rights you have just described to us, you may complain to the competent supervisory authority for data protection (Datatilsynet) if you believe that the processing of your personal data by us violates the GDPR (Article 77 GDPR).

Visit: Øvre Eikervei 77, 3048 Drammen
Post: PO Box 4004, 3005 Drammen
TLF: +47 32 21 88 90 90
E-mail: info@rsa.no
2024 RSA. All rights reserved.