1. Privacy declaration

This privacy policy provides an overview of how we, HELITRANS AS (corporate ID: 980 313 360), hereafter «Helitrans», process personal data and how we take your privacy into account.

As a provider of services, we are particularly dependent on our customers, business partners, suppliers and, not least, our own employees and co-workers, trusting us when it comes to the processing of customers’ and employees’ personal data.

Helitrans is the data controller for all processing of personal data where Helitrans itself determines the purpose of the processing of the personal data.

1.1 Background and key concepts (click to read)

1.1    Background and key concepts​

 

In 2018, Norway got new privacy regulations. The new Personal Data Act consists of national rules and the EU’s personal data protection regulation (GDPR – General Data Protection Regulation) and basically applies to all processing of personal data, both in the private and public sector, provided that electronic aids are used or that the information is included in a register.

Privacy means a legally mandated protection of privacy and your personal integrity. The protection includes your right to influence the use and dissemination of personal data about you.

By person is meant a living identified or identifiable natural person.

Personal data means information and assessments that can be linked to you as a person. Examples may be name, address, telephone number, e-mail address, IP address, car number, photos, and social security number (both date of birth and social security number). Information about behavior patterns is also considered personal data. This can, for example, be information about what you, which TV series you watch, and where you are. Information about you that tells about your racial or ethnic background, about your political, philosophical or religious beliefs, health conditions, sexual relations, and any information that you have been suspected, charged, prosecuted or convicted of a criminal offence, as well as membership of trade unions , is defined as sensitive personal data.

The processing of personal data means all operations carried out with personal data, such as collection, registration, structuring, storage and dissemination.

By controller is meant the business which is responsible for the processing of personal data, determines the purpose of the processing, and which means are to be used.

Personal data shall only be processed for specific, express, stated and legitimate purposes.

A data processor is a business that processes personal data on behalf of the controller.

A data processor agreement is an agreement between the data processor and the data controller on how personal data is to be processed.

Basis for processing means the statutory basis for processing personal data. The processing is only legal if

the data subject has consented to the processing, cf. the Personal Protection Ordinance art. 6 no. 1 a)
it intends to fulfill an agreement to which the data subject is a party, cf. the Personal Protection Ordinance art. 6 No. 1 b)
it is necessary to fulfill a legal obligation, cf. the Personal Protection Ordinance art. 6 no. 1 c)
it is necessary to protect the data subject’s vital interests, cf. the Personal Protection Ordinance art. 6 no. 1 d)
it is necessary to carry out a task in the public interest or to exercise public authority that the data controller is required to do, cf. the Personal Protection Ordinance art. 6 no. 1 e)
it is necessary for purposes linked to the legitimate interests pursued by the controller or a third party, unless the data subject’s interests or fundamental freedoms take precedence and require the protection of personal data, cf. the personal data protection regulation art. 6 No. 1 f)

 

By consent is meant a voluntary, specific, informed, unequivocal and active declaration from you that you accept the processing of given personal data. A consent can be withdrawn at any time.

Helitrans can process personal data if it is necessary to fulfill an agreement to which you are a party. The same applies where the processing is necessary to carry out measures that you have asked for before concluding the agreement.

Helitrans is required by legal obligations to carry out certain processing of personal data.

Helitrans collects certain personal data if it is necessary to protect a person’s vital interests. This basis for treatment is very narrow. It must be about the processing of personal data in connection with life and death, or danger to health.

Helitrans can process personal data if it is necessary to carry out a task in the public interest. The same applies if the processing is necessary to exercise public authority to which the controller is required.

Helitrans can process personal data if it is necessary to safeguard a legitimate interest that outweighs consideration of the individual’s privacy. Helitrans uses this processing basis only where the intervention in your privacy is very small, and where the advantages are greater than the disadvantages.

Data portability means the ability to move data (content) between different systems and services.

2 How does Helitrans process personal data?​

Helitrans’ basic services are:

  • Passenger transport by helicopter
  • Transport of goods by helicopter

These are services that involve a great deal of responsibility, and which must be carried out with a great degree of accuracy in order to ensure the safety of those involved. Effective and accurate communication is important to ensure safety.

Helitrans has an activity that involves services and in the exercise of this activity, the processing of personal data is necessary in various contexts:

  • Communicating with us
  • Administration
  • Invoicing
  • Appointment

Helitrans will never sell personal data to third parties for financial consideration. It may happen that personal data is shared with third parties to carry out certain operations for Helitrans. For example, sending newsletters, rented customer follow-up system, etc.

2.1 Communicating with us

We process your personal data in one form or another when you visit our websites, social networks, subscribe to/unsubscribe from our newsletter, place orders, when we provide our services, when we invoice for our services and not least when we process job applications and hire new employees.

Purpose

Helitrans processes your personal data for:

  • to deliver the services to you as a customer
  • when customers involve you in the delivery of our services
  • in order to be able to contact you for security reasons
  • to various platforms, so that we can communicate with you and that our communication platforms appear in an effective, intentional and
  • predictable way for you as an audience.
  • to be able to adapt the services and information flow to you, your user habits and interests
  • to be able to learn about the use of, and further develop the services for the best for you and other users.
  • to identify you, create and maintain a user account for you in our online platform and online store. This gives you, for example, the opportunity
  • to manage your user profile, and gives us the opportunity to inform you about matters of importance for your user account or for your use of the services.

2.2 Administration

As part of daily operations, Helitrans processes personal data when handling and planning orders

Purpose

The overall purposes of processing personal data about you as part of our daily operations are to:

  • ensure a safe and efficient execution of our customers’ orders
  • follow-up and information of our customers before, during or after implementation of our services
  • inform our customers directly or indirectly about services, offers, services and more

 

3 Personal data processed, basis and purpose

3.1 General when visiting our online services

3.1.1 Collection of visitor data

When you use the Services, we collect information about, for example, the name of the manufacturer of your computer, mobile phone or smart TV, which operating system the device has, which browser version or e-mail client is used, as well as information about the connection to the Services, such as IP address. The purpose of collecting this information is to give you and other users a better user experience, and to prevent misuse of the Services.

The processing basis for our use of personal data for this purpose is legitimate interest. The legitimate interest is to improve and further develop the Services for the benefit of you and other users.

3.1.2 Geographical position

When ordering transport services, you may be asked about your location. This is to simplify the ordering process so that you can start from your local area and the nearest helicopter base.

The processing basis for our use of personal data for this purpose is legitimate interest, so that use of the service will be as simple as possible.

3.1.3 Search engines

The website stores information about which keywords you use in our search tools. The keywords are stored in a separate database, and they are only stored in aggregated form. Only the search is saved and it cannot be linked to other personal data.

The processing basis for our use of personal data for this purpose is legitimate interest. The legitimate interest is to improve and further develop the Services for the benefit of you and other users.

3.1.4 Comment field

Helitrans’ online services do not normally use comment fields. And does not store comments or personal data related to this either.

If a comment field is exceptionally used, it will be necessary to log in with a username and password in order to leave a comment.

The processing basis for our use of personal data for this purpose is legitimate interest. The legitimate interest is to avoid misuse of the comment fields for, for example, spam and harassment.

3.1.5 Analysis and statistics

We analyze and compile information that you choose to give us in connection with surveys and similar data collections that we carry out in order to improve the offer to the public. The processing basis for this is your consent.

We analyze the use of and interaction with the Services. The analysis is created on the basis of actions performed on your device.

The statistics include, for example, which pages or news items you have visited, when and how long these are visited, which TV or radio programs are started, stopped or interrupted, actions in quizzes, games and voting.

The statistics are not used to link information back to individuals.

The processing basis for our use of personal data for this purpose is legitimate interest. The legitimate interest is to improve and further develop the Services for the benefit of you and other users.

Data that is exclusively collected for analysis and statistical purposes and that is not linked to identifiable individuals is stored indefinitely. Data relating to logged-in users is deleted after 12 months of inactivity.

3.1.6 Cookies

If you are wondering how Helitrans uses cookies, you can read more about it in the article Information cookies (cookies). The purpose of cookies is to give you a better user experience and improve the Services. The processing basis for our use of personal data for this purpose is your consent and legitimate interest.

3.1.7 Logged in user

If you register and act as a logged-in user of the Services, or in other ways establish a customer relationship with Helitrans via the Services, in addition to mandatory fields such as name and e-mail address, we process the personal data you provide yourself, such as, for example, year of birth, postcode, gender, interests and photo.

Logged-in users will receive a personalized service. In order to be able to offer you this service, Helitrans analyzes your usage pattern to be able to uncover behavior and preferences in order to be able to provide recommendations and content that are relevant to you. Your personal data tells us something about how, when, if you consume content across devices and platforms and how often you use our content. All your interaction with the Services may affect this result.

The processing basis for our use of personal data for this purpose is agreement.

Data relating to logged-in users is deleted after 12 months of inactivity.
The information is deleted when you as a user delete your user account.

3.2 What personal data is processed when you contact us?

3.2.1 When ordering services

We process the following personal data about everyone who uses our services in order to be in contact in connection with the delivery of the service:
• Name
• Telephone number
• Email
In addition, the following information for these locations will be stored as part of the service assignment:
• Address
• Position data

3.2.2 What personal data is processed when you have requested to receive news / newsletters from us?

In order to be able to send out information letters (newsletters), we collect the following information with the recipient’s authorization:
• Name
• E-mail address
• Industry
• Region
• Channel (what type of information you want)

3.2.3 What personal data is processed when you contact us via a form on e-mail or via our website?

When you send us an e-mail or contact us via online form, your inquiry will be processed in one of our follow-up systems. The information that we are not obliged to record or archive will be deleted according to Helitrans’ established deletion routines.
When you contact us electronically, we will be able to receive and store from the service:
• Name
• Telephone number / email or username / identifier of the service we are contacted via.
• If you use a service that has a profile, profile information such as photos and other information will also be stored by the service
• IP adress
• Messages and information that have been sent and that must be seen as part of the contact.

Our IT solutions can store this information automatically as part of your profile in our customer follow-up system.
Which personal data is processed when services have been ordered from us and they are carried out.

In addition to our customer follow-up system, your information will be stored in the flight operation system as well as our accounting and invoicing system.
For the information we process to process your inquiry, our basis for processing is legitimate interest. The legitimate interest is to provide good customer service.

Our email solution supports TLS encryption to secure our email communications. Your email communication with Helitrans will be protected if your email provider supports this. Emails sent to Helitrans where TLS encryption is not used will not be rejected by our email solution.
Our service provider scans all incoming and outgoing e-mail for viruses and malware.

The processing basis for our use of personal data for this purpose is legitimate interest. The legitimate interest is to secure Helitrans’ ICT infrastructure.

3.2.4 What personal data is processed when you follow us on social media.

When you follow us or contact us on social media, we will be able to receive and store from the service:
• Name
• Username / identifier
• Profile information such as picture and other stored by the service
Our IT solutions can store this information as part of your profile in our customer follow-up system.

3.2.5 What personal data is processed when you contact us by telephone

When you contact us by telephone, we will obtain your telephone number, from which our computer systems can look up your name and, if you are a former customer, your previous activities with us:
• Telephone number

If you call us, your name and telephone number will be stored together with information about when you called our call centre, and on the devices to which the call was connected. Names are looked up in the online telephone directory and our customer follow-up system.

The processing basis for our use of personal data for this purpose is legitimate interest. The legitimate interest is to safeguard the safety of Helitrans employees and what is recorded when you visit our premises.

Helitrans has scattered locations with bases around Norway. The head office at Værnes and several of the bases are located at airports where Avinor is responsible for security and visitor control. On these, visitors will be registered by Avinor in their solutions due to security.

The processing basis for our use of personal data for this purpose is legitimate interest. The legitimate interest is to secure access to the airports and Helitrans premises.

3.2.6 Invoicing / payment of services?

When invoicing and/or payment, the following information will be stored about the person who is to receive the invoice:
• Name of invoice recipient
• Address
• Telephone
• E-mail address

Helitrans performs the invoicing of services and in this connection will handle personal data relating to the customer and the service. In some situations, customers pay for the service with payment services. Then the customer’s personal data will also be handled.

Helitrans uses a factoring partner and personal data can be shared with this third party.

When paying by credit card, credit card information will be handled against 3rd party services, such as VIPPS and iZettle, but credit card information or bank information will never be stored by Helitrans.

The exception will be if a repayment has to be made, then we will have to separately request bank information for this purpose in order to carry out a bank transaction. This information will then be stored and archived as part of accounting data according to own rules and laws.

3.2.7 Job applications and employment

If you apply for a job at Helitrans, we need to process information about you to assess your application.
Information is processed to the extent necessary to enter into or prepare to enter into an employment agreement. To the extent that your application contains sensitive (special categories) personal data, the legal basis is our Personal Data Act § 6 (processing of special categories of personal data in order to carry out employment law obligations or rights.)

Application documents typically contain:
• Name
• Address
• Telephone
• Email
• Date of birth as well as social security number

Social security numbers are particularly sensitive personal data that can be misused and special considerations are taken when such information is stored, and the information is destroyed when it is no longer required.

Helitrans does not use and does not store social security numbers other than in connection with employment.

Employees will be stored in our HR and payroll system.

4 Access routines, department division and level division

Helitrans uses access control so that outsiders do not gain access to customer information, including personal data.
In addition, efforts are being made to divide departments and levels so that detailed customer information is only available to those who must have access to this information.

5 Data processors and third parties

In order to deliver the Services to you, Helitrans uses several external service providers. Some of these are data processors who process personal data on behalf of Helitrans, while others are third parties who process personal data on their own behalf.
Helitrans uses several data processors that give us insight into the public’s usage patterns and interaction with our Services. Examples of such data processors are Google Analytics, Hotjar, Bitrix24 and Mailchimp.

When data processors process personal data on behalf of Helitran, this is regulated in data processor agreements or through other mechanisms that ensure secure processing of your personal data. If the use of data processors involves the transfer of personal data to countries outside the EEA, Heitrans will ensure that suitable guarantees are in place, for example by entering into the EU’s standard transfer agreements.

In order to adapt and further develop the Services, Helitrans uses third-party services such as elements from Google, Facebook, Twitter, YouTube, Snapchat or Instagram, where you as a user can have your own user account with the third-party service that is built-in.

Helitrans will then, among other things, be able to see aggregate information (including age, gender and location), get statistics on how many people have been to the page and seen the posts, how many have responded with clicks and reactions, etc.

Third party services available through our services are subject to the third party’s privacy policy. We encourage you to familiarize yourself with these.

Helitrans has agreements with a number of data processors who process personal data related to daily operations. This is to be able to handle, for example, salaries and telephone subscriptions for employees, and physical security for employees and visitors.

6 Your rights and how you can exercise them

6.1 Privacy representative

 
If you have any questions about Helitrans’ processing of your personal data or about your rights under the privacy legislation, contact Helitrans’s privacy representative at [email protected]
You are entitled to a response without undue delay, and within 30 days at the latest.
 

6.2 Withdrawal of consent

 
If you have given consent for Heilitrans to process your personal data, you can withdraw your consent at any time by contacting us.
 

6.3 Access to own information

 
You can request access to the personal data Helitrans processes about you. See Insight for more information and contact details.
 

6.4 Correction of personal data

 
You can ask us to correct or supplement information about you that is incorrect or misleading. If you have created a user profile in the Helitrans website, you have the opportunity to go in and make the changes on My page.
 

6.5 Deletion of personal data

 
In certain situations, you can ask us to delete information about yourself. Read more about the right to erasure on the Norwegian Data Protection Authority’s website.
 

6.6 Data Portability

 
You have the right to receive and have personal data transferred that you have provided yourself by consent or agreement to Helitrans (data portability). If you wish to have your personal data transferred, you will receive the information in a structured and machine-readable format so that it can be easily transferred to the new business. You can also ask Helitrans to transfer your personal data directly to the new business if it is technically possible. Before we disclose information about you, we must establish your identity.
 

6.7 Limited processing

 
You have the right to demand limited processing of your personal data. In this case, personal data will be stored but not used.
 
When the processing of personal data is limited, the business must store the data, but not use it for anything without your consent. There are a few exceptions, including if the business needs the information to establish, enforce or defend a legal claim or to protect another person’s rights. It may also be necessary to process the personal data for important, public interests, but this type of processing will usually be authorized by law.
 

6.8 Stop using personal data in connection with advertising

 
You have the right to demand that the use of your personal data is stopped in connection with advertising. In this case, personal data will be stored, but not used for marketing purposes.
 

6.9 Other rights

 
If you believe that we have registered the wrong personal data about you, you wish to object to the processing of personal data, or you have experienced something that you believe is a breach of the data protection regulations, we ask that you contact our data protection officer at [email protected]. You can also complain about our processing of personal data to the Norwegian Data Protection Authority. You can also complain about our processing of personal data to the Norwegian Data Protection Authority.
 
You can limit the amount of information that is processed by using the private mode settings on your device. This means, for example, that you can block cookies in your browser, or prevent the browser from logging your browsing and the websites you visit from tracking you, by setting the browser to private mode. The quality of the Services may be affected by such measures.

7 Other contact information

 
Inquiries should be directed to HELITRANS AS (organisation number 980 313 360). For contact information, see Contact Us.

8 Information security

 
Helitrans’s overall basic principles for information security apply to all users, systems and services in Helitrans. Measures for compliance with information security also apply to securing personal data that is used for journalistic purposes.
The basic principles shall contribute to ensuring that Helitrans’ information values are secured in a systematic and satisfactory manner. The basic principles are used as a basis for planning, organizing and implementing all projects that deal with information systems.

Also see the Cookie Declaration and the Transport Terms (coming soon)

Who we are

Suggested text: Our website address is: https://www.helitrans.store.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select «Remember Me», your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Suggested text: Visitor comments may be checked through an automated spam detection service.

Who we are

Our website address is: https://moments.wpin4.1prod.one.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select «Remember Me», your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements