Search website:

  

 

Data Protection Policy

Spabogruppen takes data protection seriously and all personal data shall be secure with us.Here you will find information about what data we process about you,including how and why we collect and use the data, as well as how we safeguard security, your rights and the rules contained in the data protection legislation.Spabogruppen is a group of legal entities that crosses national borders. We provide products and services to private and public enterprises in several countries. Spabogruppen’s head office is located in Oslo and Spabogruppen is subject to European data protection legislation. This data protection policy was last updated on April, 2025.

1. INFORMATION ABOUT DATA PROTECTION LEGISLATION
All processing of personal data is governed by the EU’s data protection regulation,the General Data Protection Regulation (GDPR), which has been implemented in all EEA countries.Personal Datais information and assessments that may be linked to or identifiedwith a natural person, e.g. name, telephone number, home address and e-mail address, IP address, photos or an identification number.The legislation sets strict standards for the processing of personal data. To process personal data requires, among other things, a clearly defined purpose and a lawful basis for the processing (for example that the processing is necessary to fulfil an agreement with you or that you have consented to the processing). There are also requirements relating to confidentiality and security, built-in data protection,assessment of data protection consequences and requirements for us as a company to comply with your rights.According to the data protection regulations the data controller is the entity that determines what the purpose should be for the processing of personal data and what means should be used. In some cases it is also possible to be a joint data controller with third parties where the parties jointly determine the processing framework. A data processor is the entity that processes personal data on behalf of the data controller and there must then be an agreement between the parties about the processing framework. The local Data Protection Authority oversees GDPR and supplementary national
legislation.

For more information about data protection, such as guidelines and contact information for the supervisory authorities that have the greatest relevance or the Spabogruppen companies, please refer to:
Norway; Sweden, Denmark