Personvernerklæring

Nordlys Danseatelier

Privacy Policy

1. Introduction and Company Information

This Privacy Policy explains how Nordlys Danseatelier collects, uses, stores, shares, and protects personal data when you visit our website, contact us, register for classes, purchase services, or otherwise interact with us.

Data controller: Nordlys Danseatelier

Address: Torggata 12, 0181 Oslo, Norway

Email: [email protected]

Phone: +47 23 45 78 61

Nordlys Danseatelier is a dance business offering classes, workshops, events, and related services. We process personal data in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and Norwegian data protection rules.

2. Data Collection and Processing

We may collect and process the following categories of personal data:

  • Identification data: name, date of birth, and contact details.
  • Contact information: email address, phone number, postal address.
  • Registration and booking data: class selections, attendance records, membership details, payment status, and communication regarding bookings.
  • Payment data: transaction information and billing details. Payment card information is typically processed by our payment service providers and is not stored by us unless necessary.
  • Health-related information: limited information you voluntarily provide that is relevant to safe participation in dance activities, such as injuries, mobility limitations, or other special considerations.
  • Technical data: IP address, browser type, device information, and website usage data collected through cookies or similar technologies.
  • Communication data: messages, inquiries, feedback, and correspondence with us.
  • Image and video data: photographs or recordings taken during classes, performances, or events, where applicable and subject to consent or other legal basis.

We generally collect personal data directly from you, but we may also receive data from payment providers, booking systems, event platforms, or other third parties where necessary for our services.

3. Purpose of Data Processing

We process personal data for the following purposes:

  • to register you for classes, workshops, and events;
  • to manage memberships, bookings, and attendance;
  • to communicate with you about our services, schedules, changes, and customer support;
  • to process payments, invoices, and refunds;
  • to ensure safe participation in dance activities and adapt services where appropriate;
  • to maintain internal administration, accounting, and record-keeping;
  • to improve our services, website, and customer experience;
  • to send marketing communications where permitted by law and, where required, with your consent;
  • to comply with legal obligations and respond to lawful requests from authorities;
  • to protect our rights, prevent fraud, and ensure security.

4. Legal Basis for Processing

We process personal data only when we have a valid legal basis. Depending on the situation, our legal bases may include:

  • Performance of a contract: when processing is necessary to provide classes, memberships, bookings, or related services.
  • Legal obligation: when processing is required to comply with accounting, tax, consumer, or other legal requirements.
  • Legitimate interests: when processing is necessary for our legitimate business interests, such as administration, security, service improvement, and limited direct communication, provided that your interests and rights do not override those interests.
  • Consent: when we rely on your consent, for example for certain marketing communications, cookies where required, or the use of images and videos in specific contexts.
  • Vital interests: in rare cases, where processing is necessary to protect someone’s vital interests, such as in an emergency during an activity.
  • Special category data: if we process health-related information, we do so only when necessary and on an appropriate legal basis, such as your explicit consent or another lawful ground under applicable law.

5. Data Sharing and Third Parties

We may share personal data with third parties only when necessary and in accordance with applicable law. These may include:

  • Payment service providers for processing transactions;
  • Booking and scheduling platforms used to manage registrations and attendance;
  • IT and hosting providers that support our website, email, and data storage;
  • Accounting and auditing providers for financial administration;
  • Marketing and communication tools used to send newsletters or service updates, where permitted;
  • Professional advisers such as lawyers, accountants, or insurers;
  • Public authorities where disclosure is required by law or lawful request.

We require third parties that process personal data on our behalf to protect it appropriately and to use it only for the agreed purposes.

6. Data Transfer to Third Countries

Some of our service providers may process personal data outside Norway or the European Economic Area (EEA). If personal data is transferred to a country outside the EEA, we will ensure that appropriate safeguards are in place, such as:

  • an adequacy decision by the European Commission;
  • Standard Contractual Clauses or equivalent approved transfer mechanisms;
  • additional technical and organizational measures where necessary.

You may contact us for more information about international transfers and the safeguards used.

7. Storage Duration

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

  • Customer and booking data: retained for the duration of the service relationship and for a reasonable period thereafter.
  • Accounting and tax records: retained for the period required by applicable law.
  • Communication records: retained as needed to handle inquiries, disputes, or follow-up.
  • Marketing data: retained until you withdraw consent or object, or until it is no longer needed.
  • Health-related or safety information: retained only as long as necessary for safe participation and related obligations.
  • Image and video material: retained according to the purpose for which it was collected and any applicable consent terms.

When data is no longer needed, we delete it securely or anonymize it.

8. User Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Right of access: you may request confirmation of whether we process your data and obtain a copy of it.
  • Right to rectification: you may request correction of inaccurate or incomplete data.
  • Right to erasure: you may request deletion of your data in certain circumstances.
  • Right to restriction: you may request that we limit processing in certain situations.
  • Right to data portability: you may request to receive certain data in a structured, commonly used, machine-readable format and, where technically feasible, have it transmitted to another controller.
  • Right to object: you may object to processing based on legitimate interests and to direct marketing at any time.

To exercise your rights, please contact us using the details provided below. We may need to verify your identity before responding.

9. Withdrawal of Consent

Where we rely on your consent to process personal data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

If you withdraw consent, we will stop processing the relevant data for that purpose unless another lawful basis applies.

10. Right to Complain

If you believe that our processing of your personal data violates applicable privacy laws, you have the right to lodge a complaint with the competent supervisory authority.

In Norway, this is the Norwegian Data Protection Authority (Datatilsynet).

We encourage you to contact us first so that we can try to resolve your concern directly.

11. Data Security

We take appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include:

  • access controls and role-based permissions;
  • secure storage and encryption where appropriate;
  • regular software updates and security monitoring;
  • staff confidentiality obligations and privacy awareness;
  • backup and recovery procedures;
  • data minimization and retention controls.

While we work to protect your data, no method of transmission or storage is completely secure.

12. Contact Information

If you have questions about this Privacy Policy or how we process personal data, please contact us:

Nordlys Danseatelier
Torggata 12, 0181 Oslo, Norway
Email: [email protected]
Phone: +47 23 45 78 61

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or other operational reasons.

The updated version will be published on our website with a revised effective date where appropriate. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

4/9/2026 Hjem