Privacy policy
This privacy policy outlines how Dyreparken processes your personal information. The Dyreparken app, websites, online store, and booking services are owned by Kristiansand Dyrepark AS, Dyreparkveien 1, 4609 Kardemomme by, organization number 920165931. The company is a wholly-owned subsidiary of Dyreparken Utvikling AS. Throughout, Dyreparken is used to refer to the entire group.
Last updated: August 14th 2024
The privacy policy is divided into various headings/chapters to make it easier for you to find what you are looking for. Click on the heading to open that chapter.
Please note that this document has been translated from Norwegian to English by ChatGPT, and the translation may not be completely accurate.
Roles and contact information
If you disagree with how we handle your personal information or have questions about the processing, you can send an inquiry to us, describing the nature of the matter. Please use the contact form at the bottom of the page.
Under the Personal Data Act, Kristiansand Dyrepark AS is the data controller for visitors in the parks and on the website, as well as for users of the online store, booking, and the app.
Kristiansand Dyrepark AS will also act as the data controller for the personal information we obtain through our fan page on Facebook, which we process for our own purposes.
When booking accommodation and related products, your personal information is transferred to Dyreparken Overnatting AS, which will assume the role of data controller in these cases. If information about you is disclosed to other partners, the partner will be responsible for the processing of this information. See the section «Who do we share information with» below for more information.
Dyreparken is the data controller for the personal information obtained through our fan page on Facebook, which we process for our own purposes. Facebook has its own guidelines for the processing it does with your personal information for Facebook’s own purposes. You can find Facebook’s privacy policy here.
Dyreparken has its own Data Protection Officer, whose task, among others, is to safeguard your rights as a data subject. It is this person or those authorized by them who will handle your questions/inquiries. Use our contact form to get in touch – you can find the link at the bottom of the page.
If you are dissatisfied with how Dyreparken handles your information, you can file a complaint with the Norwegian Data Protection Authority: Email: postkasse@datatilsynet.no, Phone: 22 39 69 00.
Basis for data processing
We only process personal information if it is necessary to fulfill our agreement with you, if we have a legitimate interest in the processing, if the processing is required by law, or if another legal basis exists. Our legitimate interest is to secure our properties, provide you with the best possible service and to market our services and products.
Any processing beyond this requires your consent. You can withdraw your consent at any time without affecting the legality of processing based on the consent before it is withdrawn. This does not prevent us from using data processors to process personal information on our behalf (in accordance with a data processing agreement).
Norwegian law applies.
Purpose of collecting personal information
The purpose of the websites, app, and other electronic platforms is to provide information about Dyreparken, facilitate the purchase of goods and services, offer personalized communication, benefits, and promotions, and to build general knowledge about purchasing trends and how we can improve our services based on their usage. Please refer to the terms you accept when making purchases from us.
The processing of your information is based on the consent(s) you have provided and other legal grounds, and it is conducted in accordance with the Personal Data Act, the Bookkeeping Act, and any other relevant laws.
We have surveillance cameras on our properties, and the purpose of this is to ensure the safety of employees, visitors, and property. The surveillance aims to prevent crime and to document incidents in case of unwanted situations.
What information is collected?
Dyreparken processes the personal information you provide, such as name, address, email, and phone number. We also process information from your purchases, including the amount spent, products purchased, date/time of the transaction, and the location of the purchase. Usage of products (where applicable) is also recorded with date/time stamps. This information is collected both during account creation and purchases made through our online booking, online store, and app.
In connection with annual passes, photos are also collected to identify and verify ownership of the annual pass.
We also collect your responses to general campaigns, customized coupons/messages (in the app), email and SMS communications, logged activity on the website and in the app, as well as location/movement data (in the app). The latter is immediately anonymized. The app also retrieves location data in the background as long as you permit it, to notify you while moving through the parks.
When you contact us via Messenger, X, email, or a contact form, these messages are also recorded and processed. This applies even when you contact us by phone regarding overnight stays.
Through Facebook Insight, Dyreparken receives anonymized information about, among other things, gender, age, location, language, etc. We can also see how many people have visited our pages (Dyreparken) and how many have been reached through posts in a selected time period.
The legal basis for the anonymized processing is legitimate interest under GDPR Article 6, letter f. The anonymized target groups help Dyreparken receive genuine and specific feedback on how our information and marketing on our Facebook fan pages are received by followers and Facebook users. This way, we can better understand our customer base and improve, without compromising your privacy.
Dyreparken will also process personal information related to likes, shares, and followers on our pages and our page activities. The processing of this is based on your consent, and you can remove your own likes, shares, and stop following our fan pages at any time. You can choose which marketing you want to be exposed to on Facebook’s pages here.
Facebook primarily has its servers in the EU, but when transferring personal information to a server outside the EU, this will be done based on other legal grounds for transferring personal information outside the EU and Switzerland, such as EU’s model contract clauses or the Privacy Shield framework.
Dyreparken uses cookies on our websites. These do not contain personal information, except for the login cookie. Read here for more information on the use of cookies.
How Dyreparken uses your information
Dyreparken utilizes the information you have registered yourself, as well as details arising from purchases, to deliver the goods and services you have acquired from us. This includes validating the authenticity of purchased ticket products. This is done by recording the use of products to ensure they are not used beyond the allowed limits and by verifying ownership of annual passes through photos and birthdates.
Dyreparken uses the information to provide you with offers, communication, surveys, and important messages in line with your purchases and the consents you have given or based on our legitimate interests. We analyze purchase history to offer you relevant promotions and suggestions for shopping lists with frequently purchased products.
In the app, we send out messages related to your visit to Dyreparken, if you have given consent for it. These may include notifications about activities and experiences, commercial offers, or requests for feedback on experiences. We tailor these messages based on location (where you are in the park and which areas you have visited), ticket purchases, and favorite activities stored in the app. Location data can also be used for retargeting and marketing in digital channels. You can opt out of this by adjusting settings under «Preferences» in the app.
Dyreparken uses purchase history and movement history to analyze trends and responses to campaigns, and to optimize the assortment and operation of Dyreparken, our websites, online store, and booking services. Non-identifiable personal information is used for these purposes.
Who do we share information with (disclosure and data processors)
Personal information about you will not be disclosed to others unless there is a legal basis for such disclosure, such as if the disclosure is necessary to fulfill agreements with you.
Examples of this include:
- Dyreparken Overnatting AS (Dyreparken Safari Hotel, Abra Havn, Juliusskogen, Dyreparken Safaricamp, Kardemomme by and Roligheden Camping) in cases where you have booked accommodation. In such cases, Kristiansand Dyrepark AS transfers personal information such as name, address, contact information, what you have purchased, and what you have paid.
- Riverty in cases where you have chosen to pay by invoice. In these cases, we transfer personal information such as social security number, name, address, contact information, and what you have purchased. You can find Riverty’s privacy policy here.
- Sparebanken Sør in cases where you have ordered tickets for Gulle-dagen. In these cases, we transfer personal information such as name, email address, and the number of tickets that have been collected.
- Å Energi AS in cases where you have ordered tickets for Å-dagen. In these cases, we transfer personal information such as name, email address, and the number of tickets that have been collected.
In some cases, data processors (subcontractors) are used to process data on our behalf. In such cases, data processing agreements have been entered into that set the framework for how the data processor should process personal information on our behalf. We have data processors in hosting, operations, system providers (e.g., customer support systems, SMS and email distribution systems).
In most cases, the processing of personal information about you takes place within the EU/EEA area. In cases where a data processor established outside this area is used, the data processor has provided sufficient guarantees for the processing of personal information.
In certain cases, regulated by legislation, Dyreparken may also disclose information to the authorities.
Security measures
The protection of your personal information is a top priority for us. Dyreparken continuously works to safeguard your personal information and other confidential data through a combination of physical, technical, and administrative measures.
Our employees and consultants receive training and guidance on handling personal information securely. We implement procedures and access controls to prevent unauthorized loss or disclosure of your personal information. Additionally, we have measures and procedures in place to prevent the loss and destruction of systems that store personal information. We ensure that the processing of personal information is done correctly and securely, and that the processing is protected against malware.
We take steps to ensure that personal information is protected during both internal and external transfers. We ensure that any external party handling the data meets a satisfactory level of security. Any threats to data security are effectively addressed, as security and protection of your personal information are integral to our daily operations. We adhere to the requirements for the protection and security of personal information as stipulated by applicable data privacy laws.
Any breaches of our security procedures are documented, and we have procedures and capabilities to detect and handle security breaches. If a security breach is discovered, it will be reported to management, the risk of the security breach will be assessed, and the Data Protection Authority will be notified if necessary. You will also be notified as a user if the security breach poses a risk to you and your rights.
Storage period
Personal information about you is only stored for as long as there is a legitimate need to use the information. The storage period will therefore depend on the type of information and the purpose of processing. When information is deleted depends on factors such as the type of information and the purpose of processing:
- Some information may be deleted shortly after collection, while others are deleted after your visit, and some are deleted a certain time after your visit. Anonymized data does not have a deletion deadline.
Here are some criteria considered when determining how long personal information should be retained:
- Whether further processing of the information after your visit will be necessary due to any claims, objections, or other types of disputes. Normally deleted within 13 months after the inquiry and annually assessed if there is a need to retain it longer.
- Whether we are obligated to retain the information under applicable laws, such as the Accounting Act. Under the Accounting Act, we are obliged to keep certain types of information for up to 5 years after the end of the fiscal year.
- Some information is deleted or anonymized shortly after collection because there is no longer a need for the information. Examples of such information include logs from IT systems and social security numbers collected for credit checks when choosing invoice payment.
Dyreparken has developed more detailed procedures for storage and deletion for each system that processes personal information.
Your rights
You have, among others:
- The right to access your personal information (Personal Data Act §1, cf. GDPR Article 15) – read more in the article on this at datatilsynet.no
- The right to receive your personal information (Personal Data Act §1, cf. GDPR Article 20) – read more in the article on this at datatilsynet.no
- The right to request correction of information (Personal Data Act §1, cf. GDPR Article 16) – read more in the article on this at datatilsynet.no
- The right to have your personal information deleted (Personal Data Act §1, cf. GDPR Article 17) – read more in the article on this at datatilsynet.no
- The right to limit the processing of your personal information (Personal Data Act §1, cf. GDPR Article 18) – read more in the article on this at datatilsynet.no
- The right to object to the processing of your personal information (Personal Data Act §1, cf. GDPR Article 21) – read more in the article on this at datatilsynet.no
You can manage your consents and choices when logged in at dyreparken.no and in the app. When logged in at dyreparken.no, you also have access to your personal information and your purchase history (date, product, usage status, amount) made online. Other stored information can be obtained by contacting us (you can find a link to the contact form at the bottom of the page). We should also be contacted if you demand changes to information that you cannot change yourself by logging in at dyreparken.no/minside, or if you have other claims within your rights.
If you delete your user account, all information about you will be deleted beyond what the Accounting Act requires to be stored. If your user account has been inactive for three years, all personal information will also be deleted beyond what the Accounting Act requires. When the storage requirements of the Accounting Act have expired, all information about you will be deleted, unless you still have an active user account with us.
You are entitled to a response from us as soon as possible and no later than 30 days after we have received the necessary information from you.
Changes to consent and privacy policy
Dyreparken may change the terms of consent and the privacy policy to comply with new legal requirements and due to changes in our own practices for the collection and processing of personal information. In the case of changes that require consent, you will be asked to consent to the new terms when logging into the relevant service. Information about other changes will be provided on dyreparken.no/personvern (Dyreparken’s privacy page).