Privacy | Expa Travel

Privacy

Privacy | Expa Travel

Privacy

Privacy | Expa Travel

Privacy

Privacy Policy Expa Travel

Privacy is important to us at Expa AS, and we are committed to safeguarding the integrity, availability, and confidentiality of your personal data. This policy explains what information we collect, why we do it, how we process it, and what rights you have.

Data Controller

Expa Travel AS is the data controller for the personal data processed in connection with the use of the website expatravel.com and our services.

Legal Basis for Processing

We process personal data based on the following grounds:

  • Consent: When signing up for newsletters and campaigns

  • Agreement: When purchasing trips and services

  • Legal obligation: To comply with requirements in the accounting and bookkeeping legislation

  • Legitimate interest: To improve our services, customize communication, and maintain internal statistics

What Information We Process

  • Name, address, telephone number, and email address

  • Information you provide upon purchase or registration

  • Usage data from the website (IP address, device type, browser, visited pages, etc.)

Purpose of Processing

  • To deliver ordered services and administer customer relationships

  • To provide support and improve the user experience

  • To send relevant information and marketing

  • To perform accounting and legally required documentation

Information Security

We use appropriate technical and organizational measures to protect your data, such as access control, encryption, and regular security assessments. Although we do everything we can to protect your data, we cannot guarantee 100% security for transmissions over the Internet.

Payment Information

We only store what is necessary to ensure correct invoicing and the handling of any payment errors. All payment information is processed in accordance with the Accounting Act.

Use of Cookies

We use cookies to improve the user experience and analyze traffic. Some are necessary, while others are used for analysis and marketing (Google, Facebook).

You can change your preferences at any time via your browser settings.

Electronic Marketing

If you have an active customer relationship with us, we may send you information and offers about similar services. You can easily opt-out via the link in the emails or by contacting us directly.

Use of Data Processors

We use subcontractors (data processors) for technical operations, support, and marketing. All data processors have signed data processor agreements with us.

We do not transfer personal data to countries outside the EU/EEA.

Storage Period

We store personal data for as long as necessary to fulfill the purpose, or in accordance with statutory requirements.

For example, payment and billing information is stored in accordance with the requirements of the Accounting Act for up to 5 years.

Your Rights

You have the right to:

  • Request access to the information we have stored about you

  • Have incorrect or incomplete information corrected

  • Request the erasure of your data (unless we are required by law to keep it)

  • Object to direct marketing

  • Request restriction of processing

  • Request data portability

  • Lodge a complaint with the Data Protection Authority (Datatilsynet) if you believe we are not processing your data in line with regulations

Contact

For questions, access, or inquiries regarding privacy:

Changes to the Privacy Policy

This policy may be updated as needed. In the event of material changes, we will notify you on the website at least 14 days before the changes take effect.