Privacy Policy
Privacy Policy — Vengsøy Rørbuer
Last updated: 5 June 2026
1. Who we are
Vengsøy Rørbuer ("we", "us", "our") operates this website (book.vengsoyrorbuer.com) and provides accommodation and related services on Vengsøy island, Norway. We are the data controller for the personal data described in this policy.
Contact: maria@vengsoyrorbuer.com · +47 902 94 877 · Vengsøy, Tromsø, Norway.
2. What information we collect
When you book a stay or contact us, we collect:
Name, email address and phone number
Billing and address details
Payment information (processed by our payment provider — we do not store full card details)
Arrival and departure dates, number of guests, and any special requests
Communication you send us
When you browse our site we may automatically collect technical data such as IP address, browser type, device information, pages viewed and cookie identifiers.
3. How we use your information
To process and manage your reservation and stay
To communicate with you before, during and after your stay
To comply with legal accounting and tax obligations (e.g. the Norwegian Bookkeeping Act)
To send marketing communications, only with your consent
To improve our website and services
4. Legal basis (GDPR)
We process your personal data on one or more of the following bases:
Performance of the booking contract (Art. 6(1)(b) GDPR)
Compliance with legal obligations (Art. 6(1)(c) GDPR)
Your consent, where required — e.g. for marketing (Art. 6(1)(a) GDPR)
Our legitimate interest in operating and improving our business (Art. 6(1)(f) GDPR)
5. Sharing your information
We share data with selected third parties only where necessary, including:
Our property management system (Hostaway) which powers our booking engine
Our payment processor
Cleaning and operational staff who need information to deliver your stay
Norwegian authorities where required by law (e.g. police, tax authorities)
We do not sell your personal data to third parties.
6. International transfers
Some of our service providers may process data outside the EU/EEA. Where this is the case we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to protect your data.
7. Data retention
We retain booking and transaction data for as long as required by Norwegian accounting law (typically 5 years from the end of the relevant accounting year). Personal data processed for marketing is retained until you withdraw your consent. Other data is deleted when no longer needed.
8. Your rights
Under GDPR you have the right to:
Access the personal data we hold about you
Request correction of inaccurate or incomplete data
Request deletion of your data ("right to be forgotten")
Restrict or object to certain processing
Receive your data in a portable format
Withdraw consent at any time, where processing is based on consent
To exercise any of these rights, email maria@vengsoyrorbuer.com. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet — datatilsynet.no).
9. Cookies
Our website uses cookies that are strictly necessary for the booking engine to function, and — with your consent — cookies for analytics and performance measurement. You can manage cookie preferences via your browser settings or, where shown, via the cookie banner on our site.
10. Security
We take reasonable technical and organisational measures to protect your personal data against loss, misuse and unauthorised access. However, no system can guarantee absolute security.
11. Changes to this policy
We may update this Privacy Policy from time to time. The version published on this page at the time of your booking applies to that booking. Material changes will be communicated where appropriate.
12. Contact
Questions about this policy or about your personal data? Contact Maria at maria@vengsoyrorbuer.com.