Privacy policy FerryPay

Skyttel AS manages and operates the payment solution FerryPay on behalf of the Norwegian Public Roads Administration. This agreement (hereinafter referred to as «the Agreement») is entered into between the user (hereinafter referred to as «the Customer» and Skyttel AS (hereinafter referred to as «the Company»).

The Company will process the Customer's personal data for the purpose of collecting payment from the Customer for ferry journeys, for the production of anonymous statistics, as a basis for information to the Customer about ferry journeys charged to the Customer’s credit/debit card, and for the implementation and administration of the Agreement with the Customer. The processing of personal data is carried out according to the privacy legislation at the given time.

In accordance with the EU General Data Protection Regulation (GDPR), the Company has entered into a data processor agreement with the Norwegian Public Roads Administration. The Norwegian Public Roads Administration is responsible for processing, while the Company is the data processor for the payment solution.

Registered data

In connection with ferry journeys, the Company uses the information that the Customer has provided when creating the Agreement. This regards name, address, email address, phone number and vehicle registration number, as well as payment card information to complete payments for ferry journeys.

In order to provide the correct price for each ferry journey, the Company registers time, place and vehicle length. The company also registers payment- and travel history.

Contact with the customer service centre

Telephone inquiries (telephone numbers from and to, as well as the time and length of the call) are logged in our telephone system provided by Zisson. This log is necessary for the administration and operation of the system, and is also used as a basis for statistics.

The email platform is Microsoft Office 365. The customer service centre uses the case management system Pureservice provided by Syscom AS. Inquiries by email or via the contact form on the customer service website are stored and processed in this system.

Please note that regular email is unencrypted. We therefore do not encourage you to send confidential, sensitive or other private information via email.

Deletion of data

As Customer you have the right to know what data the Company has stored about you and the right to request that your personal data be corrected, disclosed or deleted from our systems. Deletion of data is on the condition that this does not conflict with other legislation, such as the Accounting Act. Accounting data such as transaction data in connection with ferry journeys, ledgers, etc. must be stored in accordance with the Accounting Act, which takes precedence over the EU General Data Protection Regulation (GDPR).

Cookies

When you visit the Company's website, the Company uses session cookies to store personal data for a short period of time. Session cookies are stored anonymously and encrypted in a file that contains reference to- and all data from your session. After 2 hours, the personal data is deleted.

The purpose of using cookies is, among other things, to improve the user experience and content. The cookies give the Company insight into the visitors' usage patterns as well as how many visitors have entered the site.

Data processors/monitoring used:

• Azure application insight
• Communication APIs for SMS, Voice, Video and Authentication by Twilio Inc.
• Payment solution by Netaxsept, NETS
• Telephone system by Zisson AS
• Email platform by Pureservice

Cookies used:

• ASP.NET_SessionId: Used to identify the user's session on the server and is required for the website to work. Generated when the page is loaded and deleted when the browser is closed.
• ARRAffinity and ARRAffinitySameSite: Used by Microsoft Azure for load balancing. Saves which server the user was sent to and ensures that the user is sent to the same server for each query. The cookie is removed when the user closes the browser.

As Customer you can easily reserve yourself against the use of cookies by changing the security settings in your browser, or at any time remove cookies from your browser.

Personal data security

Access to personal data is only granted to persons with work tasks that require this. All employees have signed a declaration of confidentiality. All systems have access control with personal ID and password, and all changes and actions are traceable.

Exchange of personal data to others

In the work of collecting ferry tickets, fulfilling agreement terms and conditions, and offering a website and self-service solutions, the Company uses subcontractors and partners. These will be able to process the Customer’s personal data on behalf of the Company To ensure that the Customer’s personal data is not used for purposes other than those described above, the Company enters into data processor agreements with all its subcontractors and partners.

With the FerryPay agreement, data regarding ferry journeys iare transferred from the ferry company to the Company, which processes the individual journey via the FerryPay solution.

In some instances, the Company is required by law to disclose the Customer’s personal data, for example to the police or tax authorities.

Changes

The Company may over time need to update the Privacy Policy. When developing the Company’s services or when there are changes in regulations regarding the processing of personal data, the information provided here may change. Any changes will be updated on this page.