Privacy Policy for NordPote Kattesenter

1. Introduction and company information

This privacy policy explains how NordPote Kattesenter collects, uses, stores, shares, and protects personal data when you visit our premises, contact us, use our services, or otherwise interact with us. We are committed to handling personal data in a lawful, fair, transparent, and secure manner.

Data controller: NordPote Kattesenter

Address: Storgata 12, 0155 Oslo, Norway

Email: [email protected]

Phone: +47 21 58 74 36

This policy applies to personal data relating to customers, potential customers, visitors, cat owners, suppliers, and other individuals who contact or use the services of NordPote Kattesenter.

2. Data collection and processing

We may collect and process the following categories of personal data:

• Contact information: name, address, email address, telephone number, and other contact details.
• Customer and booking information: reservation details, service preferences, visit history, and communication history.
• Payment information: billing details and transaction records. Payment card data is typically processed by our payment service providers and is not stored by us unless necessary and permitted.
• Cat-related information: information about your cat(s) that is necessary for our services, such as name, age, health-related care instructions, vaccination status, feeding routines, temperament, and emergency contact details.
• Communication data: emails, phone calls, messages, feedback, complaints, and other correspondence.
• Technical data: IP address, browser type, device information, and usage data if you interact with our website or digital services.
• Security data: CCTV footage or access logs, where applicable, for safety and security purposes.

We generally collect personal data directly from you, but may also receive data from third parties where necessary for service delivery, such as payment providers, booking systems, or veterinary contacts provided by you.

3. Purpose of data processing

We process personal data for the following purposes:

• To provide and manage our cat-related services, including boarding, care, and related customer support.
• To handle bookings, confirmations, cancellations, and service administration.
• To communicate with you about your inquiries, appointments, and service updates.
• To ensure the health, safety, and welfare of cats in our care.
• To process payments, invoicing, and accounting obligations.
• To maintain business records and meet legal and regulatory requirements.
• To improve our services, customer experience, and internal operations.
• To protect our premises, staff, customers, and animals, including through security measures.
• To handle disputes, claims, and legal matters.

4. Legal basis for processing

We process personal data only where we have a valid legal basis. Depending on the context, our processing may be based on one or more of the following:

• Performance of a contract: when processing is necessary to provide services you have requested or to take steps before entering into a contract.
• Legal obligation: when we must process data to comply with applicable laws, including accounting, tax, and record-keeping requirements.
• Legitimate interests: when processing is necessary for our legitimate interests, such as running and securing our business, improving services, preventing fraud, and managing customer relations, provided your interests and fundamental rights do not override those interests.
• Consent: where you have given us clear consent for specific processing activities, such as certain marketing communications or optional data collection.
• Vital interests: in rare cases, when processing is necessary to protect the vital interests of a person or animal, such as in an emergency involving a cat in our care.

Where we process special categories of personal data, such as health-related information about a cat owner or other sensitive information that may be necessary in a specific case, we do so only where permitted by law and with appropriate safeguards.

5. Data sharing and third parties

We may share personal data with third parties only when necessary and appropriate for the purposes described in this policy. Such third parties may include:

• Payment service providers for processing payments and refunds.
• IT and hosting providers that support our website, email, storage, and business systems.
• Booking and administrative service providers used to manage appointments and customer records.
• Accounting, audit, and legal advisors where needed for compliance and professional support.
• Veterinary professionals or emergency contacts, where necessary for the health and safety of a cat in our care and where permitted by law or authorized by you.
• Public authorities when required by law, regulation, or a lawful request.

We require third parties that process personal data on our behalf to protect the data and to use it only for the purposes we specify.

6. Data transfer to third countries

In some cases, personal data may be transferred to or accessed from countries outside Norway or the European Economic Area (EEA), for example where we use international service providers. When such transfers occur, we take appropriate measures to ensure an adequate level of protection in accordance with applicable privacy laws.

These measures may include:

• transfers to countries recognized as providing an adequate level of protection;
• standard contractual clauses or equivalent safeguards;
• additional technical and organizational measures where necessary.

7. Storage duration

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

• Customer and booking data: retained for the duration of the customer relationship and thereafter as needed for follow-up, accounting, and legal purposes.
• Accounting and tax records: retained for the period required by applicable law.
• Communication records: retained for a reasonable period to handle inquiries, service issues, and disputes.
• Security records: retained only as long as necessary for safety, incident handling, and legal purposes.
• Consent-based data: retained until consent is withdrawn or the data is no longer needed.

When personal data is no longer needed, we delete, anonymize, or securely archive it in accordance with our retention procedures.

8. User rights

Subject to applicable law, you may have the following rights regarding your personal data:

• Access: the right to know whether we process your personal data and to receive a copy of it.
• Rectification: the right to request correction of inaccurate or incomplete data.
• Erasure: the right to request deletion of your data in certain circumstances.
• Restriction: the right to request that we limit processing in certain situations.
• Data portability: the right to receive certain data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller.
• Objection: the right to object to processing based on legitimate interests or for direct marketing purposes.

To exercise your rights, please contact us using the details provided below. We may need to verify your identity before responding. We will respond within the time limits required by applicable law.

9. Withdrawal of consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

You may withdraw consent by contacting NordPote Kattesenter at [email protected] or by phone at +47 21 58 74 36. If you withdraw consent, we may no longer be able to provide certain optional services or communications.

10. Right to complain

If you believe that our processing of personal data does not comply with applicable privacy laws, you have the right to lodge a complaint with the relevant supervisory authority.

In Norway, this is typically the Norwegian Data Protection Authority (Datatilsynet). We encourage you to contact us first so that we can try to resolve your concern directly and promptly.

11. Data security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include:

• access controls and role-based permissions;
• secure storage and encryption where appropriate;
• regular backups and system monitoring;
• staff confidentiality obligations and training;
• physical security measures at our premises;
• procedures for handling incidents and suspected data breaches.

While we take reasonable steps to protect personal data, no method of transmission or storage is completely secure. We therefore cannot guarantee absolute security.

12. Contact information

If you have questions about this privacy policy or our processing of personal data, or if you wish to exercise your rights, please contact:

NordPote Kattesenter
Storgata 12, 0155 Oslo, Norway
Email: [email protected]
Phone: +47 21 58 74 36

13. Changes to privacy policy

We may update this privacy policy from time to time to reflect changes in our practices, services, legal requirements, or other operational needs. The updated version will be published when applicable, and the revised policy will take effect upon publication unless otherwise stated.

We encourage you to review this privacy policy periodically to stay informed about how NordPote Kattesenter processes personal data.