GDPR COMPLIANCE FILE
Please read the below information, where we have summarised our GDPR procedures. The below information is included in our terms and service and privacy policy. We refer to this documentation as our GDPR compliance file, for our company group including but not limited to the following:
The Adventure Cook
Eventyrkokken
When using our services, we communicate via our brand name “The Adventure Cook” and “Eventyrkokken” with the domain: www.theadventurecook.com & www.eventyrkokken.no
To help service you as a customer in the best way possible, and to comply with local regulation in the countries we operate, we may ask for, and gather any or all of the below example data categories. In certain occasions, where necessary the information we gather includes, but is not limited to the summarised list below:
– Address, phone number, email address, age, gender, product preferences, travel budgets, salary levels, location data, DOB information.
In addition we may display marketing materials in various online platforms, to provide information about our products that are relevant to you, depending on what intent or interest that has been shown on our site. We do have “retargeting pixels” or “cookies” on our website and do remarket to some or all of our users in digital platforms, including but not limited to; facebook, instagram, google, youtube and various partner networks connected to these platforms.
Your information is stored with us in GDPR compliant platforms, that may include but not be limited to Wix, and Google Suite softwares and apps.
We may store your data for up to a maximum of 5 years after your last point of contact, but we have no intention to store your data longer than necessary. Within a 5 year timeframe we will ensure to review our stored data and delete any data within the shortest time possible. We may store your data for longer if the purpose of such storage seems necessary to provide you with a continuous service, but only when you have shown direct interest in our products or been in contact with us, such as a returning customer year after year. At any time we will care for the safety of your data, and you can always request your data to be transfered or deleted as of the procedures following in this documentation. Decisions to store or delete data are made on a yearly basis during GDPR compliance policy review on 1st of July each year.
You as an individual have the right to request any of the following information, and we as a company will comply by providing all the requested information about your personal data, and take the action required to either inform, delete or transfer your personal data upon request.
The right to access – We provide individuals that use our service the right to request and access their personal data, and that we provide information about how the individuals data is used after it has been gathered. On request, we provide this data free of charge.
If you request access to your data, we will ask for proof of your ID, and we may request any of the following identification as a minimum, and in some instances request further information or that identification is secured by a solicitor if the identification process is not completed in full.
Proof of ID: (POI Documentation)
Current valid passport
The passport must be valid (showing holder’s signature).
The passport must not be expired.
The First and Last name must exactly match the provided ones.
The Date of Birth must match the applicant’s provided one.
The passport’s date of issues and expiry date must match the provided ones.
The passport’s number must match the provided one.
The passport must contain a clear face picture of the Customer.
The Machine Readable Zone (bottom barcode) must be legible and complete.
The uploaded copy must contain a full photo ID page, the page with Customer’s signature and be in good quality.
Current valid government issued identity card
The First and Last name must exactly match the provided ones.
The Date of Birth must match the applicant’s provided one.
The document’s date of issues and expiry date must match the provided ones.
The document number must match the provided one.
The document must contain a clear face picture of the Customer.
The document must not be expired.
We can not accept Electoral Identity Cards.
Proof of Address – in addition to the above we will request that a proof of address to be provided. (POA documentation.
Some examples of POA documentation:
A bank / credit card or mortgage statement
A utility (water, gas or electricity), landline, broadband or TV bill
A council tax bill
When identification has been secured, we will comply with your request within 30 days.
Some of the information that you as an individual can request from us;
The categories of their personal data you process
The purposes for which you process it
To whom you disclose their data
The source of the data
The existence of other rights
How long the data is retained
If automated decision making around your data is made
Any request for data will be sent out to you, after a completed identification process, via a secured encrypted way of communication, that is compliant with GDPR regulations.
The right to be forgotten – if you are no longer customers of ours, or if you want to withdraw your consent from our company(ies) to use their personal data, then you always have the right to have your data deleted.
If a request to be forgotten is sent to us, we will provide a summary report of all the data categories that have been stored and confirm that it has been securely deleted.’
The right to data portability – Individuals using our services have a right to transfer their data from one service provider to another. If this request is made, it will be done in a commonly used and machine readable format, compliant with GDPR regulations.
The right to be informed – When using our services we refer to this our terms of service where a policy of our GDPR processes are displayed. We may in addition ask for your consent when using our site to ensure that you are aware that we may have collected data to promote relevant content to you after you leave your site, commonly referred to as “cookies”.
The right to have information corrected – We ensure that upon request we will help individuals to have their data updated if it is out of date or incomplete or incorrect.
The right to restrict processing – We ensure that we will restrict the processing of Individuals data. In these instances, the record of the data can remain in place, but not be used.
The right to object – We ensure that we will comply if an individual objects to the processing of their data for direct marketing.
The right to be notified – If there has been a data breach which compromises your individual personal data, you as an individual have a right to be informed within 72 hours of our organisation first having become aware of the breach.
Consent policy
When using our website we will ask for your consent to ensure you as a user are aware that we use cookies on our website. You can at any time withdraw your consent by contacting us.
Data retention policy
We may store your data for up to a maximum of 5 years after your last point of contact. We may store your data for longer if the purpose of such storage seems necessary to provide you with a better service, but only when you have shown direct interest in our products or been in contact with us.
Data destruction policy
At the point of the destruction of personal data stored for marketing or other purposes, we will carry the responsibility to ensure the data is destroyed at the scheduled time of data destruction.
For any further information about our GDPR processes please contact us at kit @ theadventurecook.com (Please note our e-mail has a space before and after the @ sign in this privacy policy, please delete these when sending the e-mail)