Privacy Policy for Arctic Safe Travel

Last updated: 12th of May 2026

This privacy policy explains how Arctic Safe Travel AS (org. no. 935 493 757) collects and processes personal data in connection with the provision of digital courses and the use of our website and other digital services. We are committed to protecting your privacy and process personal data in accordance with applicable legislation, including the Norwegian Personal Data Act, the General Data Protection Regulation (GDPR) and the Norwegian Electronic Communications Act (ekomloven).

Arctic Safe Travel AS is the data controller for the processing of personal data described in this document. If you have any questions about how we process personal data, or if you wish to exercise your rights, you can contact us by email at: support@arcticsafetravel.com or support@arcticsafetravel.no.

Information we collect

The information we collect depends on which services you use.

When you use our digital courses and other online services, we typically process contact information such as your name, email address and phone number. In addition, we may process information related to your user account. This may include your username and login credentials (with passwords stored in encrypted form), information about which courses you are enrolled in, your course progress, which modules you have completed, and the time of login and activity within the service.

We also process payment and transaction data in connection with the purchase of services and courses. This includes information about which products or services have been purchased, the date and amount of the transaction, and a transaction reference. The actual payment details, such as card numbers, are handled by our payment providers (for example Vipps, Stripe or equivalent) and are not stored by us, other than what is necessary to document the purchase.

When you communicate with us, for example via a contact form on our website or by email, we process the information you provide in your enquiry, together with your contact details and any notes necessary to follow up your case. We may also store feedback, evaluations and complaints in order to improve our services and to document the customer relationship.

When you use our websites and digital platforms, we collect technical information and usage data. This may include your IP address, information about the device and browser you are using, language settings and how you navigate on the website. Such information is mainly collected through cookies and analytics tools. As a general rule, we do not process special categories of personal data (sensitive data). If this should be necessary in specific cases, we will provide separate information and ensure an appropriate legal basis and additional security measures.

Purpose of the processing

We process personal data in order to deliver the services you have requested and to operate and further develop our offerings in a safe and responsible manner.

For digital courses and platforms, we use personal data to give you access to course content, keep track of your progress and completed modules, and to administer your user account. We also process information in order to communicate with you before, during and after a course, for example when we respond to enquiries, provide customer support or inform you about changes and important matters relating to the services you use.

Furthermore, we process personal data to carry out payments and fulfil our legal obligations, including bookkeeping and accounting requirements. In addition, we use data to analyse how our services are used, so that we can improve content, functionality and user experience. Such analyses are performed, as far as possible, on anonymised or aggregated data.

If you have given your consent, or if we have another legal basis, we may use your contact information to send you newsletters, information about new courses and offers, and other relevant marketing. You may at any time opt out of such communications.

Legal basis

The processing of personal data is carried out in accordance with Article 6 of the GDPR. When we enter into an agreement with you, for example when you purchase a course, the processing of personal data is based on the fact that it is necessary for the performance of the contract with you. This includes processing for handling course orders, delivering services, operating your user account and providing customer support.

Some processing activities are based on your consent, for example the sending of newsletters and certain types of marketing, as well as the use of non-essential cookies. You may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

In other cases, we are legally obliged to process personal data, for example to fulfil requirements under bookkeeping and accounting legislation or obligations towards public authorities. This processing is based on legal obligations.

We also process personal data where we have a legitimate interest that we consider not to be overridden by your privacy interests. This may include improving our services, ensuring stable and secure operation, preventing misuse and fraud, and internal administration. Before relying on legitimate interests as a legal basis, we assess specific measures and perform a balancing test.

Sharing of personal data

We share personal data with other entities when this is necessary to deliver our services, to comply with legal requirements, or to operate our systems.

In connection with the execution of payments, certain information will be shared with payment providers that handle the transaction.

We also use external providers for the operation and maintenance of IT systems, websites, course platforms, email and customer support. These providers process personal data on our behalf as data processors and are bound by data processing agreements that regulate how the data shall be processed, secured and deleted. Data processors are not permitted to use the personal data for their own purposes.

In some cases, we may be required to disclose information to public authorities or other third parties if this follows from law or from orders issued by authorities. We do not sell personal data, and we do not make personal data available to third parties for their own marketing purposes.

Transfers to countries outside the EU/EEA

Some of our service providers may be established in, or store data in, countries outside the EU/EEA. If personal data is transferred to countries outside the EU/EEA, we ensure that this is done in compliance with applicable data protection legislation. This means that transfers only take place to countries that the European Commission has recognised as providing an adequate level of protection, or that the transfer is regulated by the European Commission’s Standard Contractual Clauses or other valid transfer mechanisms. We assess the security of such transfers and implement appropriate measures to protect the data.

Use of cookies

When you visit our website, we use cookies and similar technologies to ensure that the site functions properly, to enhance your user experience and to collect statistics about the use of the site. Some cookies are necessary for the website to function, for example for login, delivery of courses and storage of technical preferences. Other cookies are used for analytics and statistics, for example via tools such as Google Analytics, and possibly to tailor content and marketing.

The use of necessary cookies is based on our legitimate interest in providing a functioning and secure service. For cookies that are not strictly necessary, we obtain your consent via a cookie banner on the website. You can change or withdraw your consent at any time through the settings in the cookie banner or in your browser. Please note that some features of the website may not function properly if you block cookies.

Retention and deletion

We store personal data only for as long as necessary for the purposes for which the data was collected, or for as long as we are required by law to retain it. Information related to courses and transactions is normally retained for up to five years, or for as long as required by bookkeeping legislation. Communication with customers, such as emails and enquiries via contact forms, is generally stored for up to twelve months after the case has been closed, unless there is a need for longer retention in connection with, for example, complaints or disputes.

Information related to user accounts for digital courses is stored for as long as the account is active. If you close your account, we will as a main rule delete or anonymise associated personal data, unless we have another legal basis for further retention, for example documentation of purchases. For recipients of newsletters and marketing communications, personal data is stored until you withdraw your consent or opt out of marketing, unless we are legally obliged to retain certain information for a longer period.

When personal data is no longer necessary for the purposes for which it was collected, we will delete or anonymise it in a secure and appropriate manner.

Security

We take information security seriously and have implemented technical and organisational measures to protect personal data against unauthorised access, alteration, loss or destruction. These measures include access control and limiting who has access to personal data, the use of encryption where appropriate, up-to-date security solutions and procedures for handling security incidents. We regularly review our routines and systems to maintain an adequate level of security. Even with good security measures, we cannot guarantee complete protection against all possible incidents.

Your rights

As a data subject, you have several rights under the GDPR. You have the right to request access to the personal data we hold about you and information about how this data is processed. If you discover that the information is incorrect or incomplete, you may request that it be corrected or updated. In certain cases, you may also request that data be deleted, for example when it is no longer necessary for the purpose for which it was collected, or when processing is based on consent which you withdraw.

You also have the right to request restriction of processing in specific situations, for example if you have objected to the processing and we need to assess this objection. For data that you have provided to us, and which is processed based on consent or a contract, you may have the right to data portability. This means that you can request to receive the data in a structured, commonly used and machine-readable format, and, in some cases, have it transmitted to another data controller.

If we process personal data based on legitimate interests, you have the right to object to such processing. We will then reassess whether our interests override your privacy interests. Where processing is based on your consent, you may withdraw your consent at any time.

To exercise your rights, you can contact us at support@arcticsafetravel.com or support@arcticsafetravel.no. We will respond to your enquiry as soon as possible and no later than within the deadlines set by law.

Complaints to the Data Protection Authority

If you believe that our processing of personal data is in breach of data protection legislation, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet). Information on how to proceed can be found on Datatilsynet’s website: www.datatilsynet.no. We encourage you to contact us first, so that we can try to resolve the matter directly with you.

Changes to this privacy policy

We may update this privacy policy when necessary, for example due to changes in our services, technical solutions or applicable legislation. The latest version will always be available on our website. In the case of significant changes, we will, where practically possible, inform you through the service or by email.