Privacy Policy

Privacy Policy — Vengsøy Rørbuer

Last updated: 5 June 2026

1. Who we are

Vengsøy Rørbuer ("we", "us", "our") operates this website (book.vengsoyrorbuer.com) and provides accommodation and related services on Vengsøy island, Norway. We are the data controller for the personal data described in this policy.

Contact: maria@vengsoyrorbuer.com · +47 902 94 877 · Vengsøy, Tromsø, Norway.

2. What information we collect

When you book a stay or contact us, we collect:

Name, email address and phone number

Billing and address details

Payment information (processed by our payment provider — we do not store full card details)

Arrival and departure dates, number of guests, and any special requests

Communication you send us

When you browse our site we may automatically collect technical data such as IP address, browser type, device information, pages viewed and cookie identifiers.

3. How we use your information

To process and manage your reservation and stay

To communicate with you before, during and after your stay

To comply with legal accounting and tax obligations (e.g. the Norwegian Bookkeeping Act)

To send marketing communications, only with your consent

To improve our website and services

4. Legal basis (GDPR)

We process your personal data on one or more of the following bases:

Performance of the booking contract (Art. 6(1)(b) GDPR)

Compliance with legal obligations (Art. 6(1)(c) GDPR)

Your consent, where required — e.g. for marketing (Art. 6(1)(a) GDPR)

Our legitimate interest in operating and improving our business (Art. 6(1)(f) GDPR)

5. Sharing your information

We share data with selected third parties only where necessary, including:

Our property management system (Hostaway) which powers our booking engine

Our payment processor

Cleaning and operational staff who need information to deliver your stay

Norwegian authorities where required by law (e.g. police, tax authorities)

We do not sell your personal data to third parties.

6. International transfers

Some of our service providers may process data outside the EU/EEA. Where this is the case we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to protect your data.

7. Data retention

We retain booking and transaction data for as long as required by Norwegian accounting law (typically 5 years from the end of the relevant accounting year). Personal data processed for marketing is retained until you withdraw your consent. Other data is deleted when no longer needed.

8. Your rights

Under GDPR you have the right to:

Access the personal data we hold about you

Request correction of inaccurate or incomplete data

Request deletion of your data ("right to be forgotten")

Restrict or object to certain processing

Receive your data in a portable format

Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, email maria@vengsoyrorbuer.com. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet — datatilsynet.no).

9. Cookies

Our website uses cookies that are strictly necessary for the booking engine to function, and — with your consent — cookies for analytics and performance measurement. You can manage cookie preferences via your browser settings or, where shown, via the cookie banner on our site.

10. Security

We take reasonable technical and organisational measures to protect your personal data against loss, misuse and unauthorised access. However, no system can guarantee absolute security.

11. Changes to this policy

We may update this Privacy Policy from time to time. The version published on this page at the time of your booking applies to that booking. Material changes will be communicated where appropriate.

12. Contact

Questions about this policy or about your personal data? Contact Maria at maria@vengsoyrorbuer.com.