Privacy policy FerryPay
Skyttel AS manages and operates the payment solution FerryPay on behalf of
the Norwegian Public Roads Administration. This agreement (hereinafter
referred to as «the Agreement») is entered into between the user
(hereinafter referred to as «the Customer» and Skyttel AS (hereinafter
referred to as «the Company»).
The Company will process the Customer's personal data for the purpose
of collecting payment from the Customer for ferry journeys, for the
production of anonymous statistics, as a basis for information to the
Customer about ferry journeys charged to the Customer’s credit/debit
card, and for the implementation and administration of the Agreement
with the Customer.
The processing of personal data is carried out according to the privacy
legislation at the given time.
In accordance with the EU General Data Protection
Regulation (GDPR), the Company has entered into a data processor agreement
with the Norwegian Public Roads Administration. The Norwegian Public Roads
Administration is responsible for processing, while the Company is the data
processor for the payment solution.
Registered data
In connection with ferry journeys, the Company uses the information that
the Customer has provided when creating the Agreement. This regards name,
address, email address, phone number and vehicle registration number, as
well as payment card information to complete payments for ferry journeys.
In order to provide the correct price for each ferry journey, the Company
registers time, place and vehicle length. The company also registers
payment- and travel history.
Contact with the customer service centre
Telephone inquiries (telephone numbers from and to, as well as the time and
length of the call) are logged in our telephone system provided by Zisson.
This log is necessary for the administration and operation of the system,
and is also used as a basis for statistics.
The email platform is Microsoft Office 365. The customer service centre
uses the case management system Pureservice provided by Syscom AS.
Inquiries by email or via the contact form on the customer service website
are stored and processed in this system.
Please note that regular email is unencrypted. We therefore do not
encourage you to send confidential, sensitive or other private information
via email.
Deletion of data
As Customer you have the right to know what data the Company has stored
about you and the right to request that your personal data be corrected,
disclosed or deleted from our systems. Deletion of data is on the condition
that this does not conflict with other legislation, such as the Accounting
Act. Accounting data such as transaction data in connection with ferry
journeys, ledgers, etc. must be stored in accordance with the Accounting
Act, which takes precedence over the EU General Data Protection Regulation
(GDPR).
Cookies
When you visit the Company's website, the Company uses session cookies to
store personal data for a short period of time. Session cookies are stored
anonymously and encrypted in a file that contains reference to- and all
data from your session. After 2 hours, the personal data is deleted.
The purpose of using cookies is, among other things, to improve the user
experience and content. The cookies give the Company insight into the
visitors' usage patterns as well as how many visitors have entered the
site.
Data processors/monitoring used:
-
Azure application insight
-
Communication APIs for SMS, Voice, Video and Authentication by Twilio
Inc.
-
Payment solution by Netaxsept, NETS
-
Telephone system by Zisson AS
-
Email platform by Pureservice
Cookies used:
-
ASP.NET_SessionId: Used to identify the user's session on the server and
is required for the website to work. Generated when the page is loaded and
deleted when the browser is closed.
- ARRAffinity and ARRAffinitySameSite: Used by Microsoft Azure for load
balancing. Saves which server the user was sent to and ensures that the
user is sent to the same server for each query. The cookie is removed when
the user closes the browser.
As Customer you can easily reserve yourself against the use of cookies by
changing the security settings in your browser, or at any time remove
cookies from your browser.
Personal data security
Access to personal data is only granted to persons with work tasks that
require this. All employees have signed a declaration of confidentiality.
All systems have access control with personal ID and password, and all
changes and actions are traceable.
Exchange of personal data to others
In the work of collecting ferry tickets, fulfilling agreement terms and
conditions, and offering a website and self-service solutions, the
Company uses subcontractors and partners. These will be able to process
the Customer’s personal data on behalf of the Company To ensure that
the Customer’s personal data is not used for purposes other than those
described above, the Company enters into data processor agreements with
all its subcontractors and partners.
With the FerryPay agreement, data regarding ferry journeys iare
transferred from the ferry company to the Company, which processes the
individual journey via the FerryPay solution.
In some instances, the Company is required by law to disclose the
Customer’s personal data, for example to the police or tax authorities.
Changes
The Company may over time need to update the Privacy Policy. When
developing the Company’s services or when there are changes in regulations
regarding the processing of personal data, the information provided here
may change. Any changes will be updated on this page.