Processing customers’ personal information
FARA (“we”) are committed to protecting and respecting the privacy of our employees, customers, suppliers, partners and their employees. In this document, we provide information on why and how we handle personal information related to our customers, as well as your rights in connection with this.
1- WHY DO WE PROCESS YOUR PERSONAL INFORMATION?
Personal information about our customers and their employees will primarily be used to administer and manage the customer relationship. This includes communicating to and following up with the customer, carrying out deliveries and any additional fulfilment agreements, invoicing, handling complaints and disputes, as well as investigating customer satisfaction.
Information about the customer’s use of our products can also be used in our work on product and service improvement, plus related statistics. We may also use personal information to send offer information and marketing content, as well as to identify appropriate material and at what time we communicate this to an individual customer.
We also need to process the personal information of the end customer (the traveler) to fulfil agreements with the customer. The handling of this data will be performed in accordance with the data processor agreement.
2- WHAT PERSONAL INFORMATION DO WE PROCESS?
In general, we will only process personal information that is necessary to manage or support the customer relationship. Specifically, this may include processing information about the customer such as name, address, telephone number, employee contact information, employee position and role, employer details, customer relationship history (what has been purchased and when etc.), trade patterns, customer history with our competitors, correspondence with the company’s representatives, login and activity on our webpages, complaints and disputes, payment history and credit check.
We fundamentally do not process sensitive personal information about our customers.
When we act as data processor on behalf of our customers, it is the customer as controller who defines what personal data is stored and the purpose of processing. This will include personal information about the end customer (travelers) such as name, picture, address, phone number, email, date of birth, unique user identifiable ID, travel card ID (card number), purchase history for sales transactions that require customer information and travel history in connection with customer care.
3- HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
The source of the information we have on our customers, including customers’ employees, will usually be the customer itself. The customer itself provides this information either during online registration or via personal contact; when the customer relationship is established or later. Information may also be generated through the customer’s activity in relation to the customer relationship, e.g. when the customer buys something or communicates with us. In certain cases, we may supplement this information with information from external sources, such as in connection with credit checks, obtaining additional information from the internet, etc. We can also obtain lists of potential customers and information about these from market players who offer this.
The source of the information we have about the end customer is what our customers give us access to, according to data processor agreement.
4- WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL INFORMATION?
In some cases, we will obtain the consent from our customers for processing personal data. We will, however, also process information without requesting specific consent when it is necessary to fulfil our agreement with the customer or to act at the customer’s request before an agreement is in place.
5- WHO IN FARA HAS ACCESS TO YOUR PERSONAL INFORMATION?
We will limit access to personal customer information to those persons in FARA who need such access for the purposes mentioned in paragraph 1 above. We may also share this information internally with the FARA Group, with our mother company, Ticketer, with our subcontractors and other collaborators, and in special cases also our advisors, accountants, lawyers, IT consultants and others. In such cases, we will ensure that all information is fully processed in accordance with the purpose and that these parties assume responsibility for safeguarding information security, in accordance with the requirements and rules that apply at any time.
6- DO SUBCONTRACTORS PROCESS YOUR PERSONAL INFORMATION?
We may use subcontractors who assist us in processing personal customer information. This will typically be suppliers of storage services and communications solutions that are part of our customer and supplier systems.
Some of our subcontractors may run their businesses abroad. We may transfer personal information about our customers to the location where the subcontractor is located or where the subcontractor has located their storage services, to countries within the EU/EEA.
The transfer of personal information to foreign countries may also be due to the fact that we are part of Ticketer and the FARA Group and that multiple parts of this multi-national group assist with the processing.
7- HOW AND HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?
Personal information about our customers shall only be retained if required, based on the purpose of processing. This is justified by the current requirements for keeping accounting documentation but is also necessary to safeguard the customer’s interests in connection with possible complaints, as well as the need to have access to the history of contacts and deliveries at the customer’s request.
Personal data we collect in connection with the use of our services are stored mainly unidentified and electronic with data security in local IT. For non-anonymous paper-based personal information, these are stored in locked cabinets, where only those who need access to them to perform their tasks have access. The file cabinets are placed in offices that are locked except during regular working hours.
You may at any time ask us to delete information related to you as a customer, unless it is required by law to keep the information for a certain period of time (e.g. legal requirements, accounting laws, etc.).
8- HOW DO WE USE ENQUIRIES?
We may send different types of enquiries to you as a customer, as long as the customer relationship exists, including marketing requests. Any marketing enquiries sent via e-mail or SMS will provide an opportunity to cancel future enquires via that communication channel.
9- WHAT RIGHTS DO YOU HAVE?
Our customers should be informed about the processing of personal data relating to them. This statement shall therefore be available to customers on our website, and easily accessible on webpages where the customer registers information about themselves or place orders. Customers who are in contact with us otherwise shall be informed that the information about our handling of personal information is available on our website.
If registered you are entitled to:
- contact us if you have any input or questions related to our processing of personal data,
- to receive access to the personal information relating to you,
- to correct or remove incorrect, unnecessary, inadequate or outdated personal information,
- to protest against processing your personal information obtained from direct marketing, as well as knowing about any profiling,
- to withdraw consent for processing the personal information you have provided,
- to receive the personal information about yourself that you have given us and transfer them to another processor (data portability),
- to complain to the Data Inspectorate directly if you believe that processing of your personal information is in violation of applicable law.
10- HOW DO WE SECURE THE PROCESSING OF YOUR PERSONAL INFORMATION?
We have established procedures and measures at different levels to ensure that unauthorized persons do not gain access to our customers’ personal data and that all processing of the information is otherwise in accordance with applicable laws. The actions include regular risk assessments, technical systems and physical procedures to safeguard information security and routines to verify inspection and rectification requests.
11- HOW CAN YOU CONTACT US?
Customers who have questions or requirements regarding our processing of personal information can contact us by using: https://fara.no/contact-us/