BOOKING01 — Introduction
29|2 Aurland ("we", "us", or "our") is committed to protecting the personal information of our guests and website visitors. This Privacy Policy explains what data we collect, how we use it, and your rights under applicable law — including the EU General Data Protection Regulation (GDPR) and Norwegian privacy legislation.By visiting our website at www.292aurland.com or making a reservation with us, you agree to the practices described in this policy.
02 — Data controller
29|2 Aurland ASTokvamsvegen 12, 5745 Aurland, Norway
booking@292aurland.com — +47 489 94 913
03 — What We Collect
We collect only the data necessary to provide our services and fulfil our legal obligations:
Booking data: Name, email, phone number, postal address, nationality, arrival/departure dates, payment information.
Preferences: Room preferences, dietary requirements, accessibility needs, special requests.
Correspondence: Messages sent via email or our contact form.
Website data: IP address, browser type, pages visited, session duration — collected via cookies and analytics tools (see section 06).
We do not collect sensitive personal data unless you voluntarily provide it in connection with specific accessibility requests.
04 — Legal Basis & Purpose
Contract: To fulfil your reservation, manage your stay, and process payment.
Legal obligation: Norwegian law (including the Hotels Act) requires us to register guest information. We also retain financial records as required by accounting law.
Legitimate interest: To respond to enquiries, maintain security, and improve our services.
Consent: To send marketing communications or personalised offers — only where you have explicitly opted in. You may withdraw consent at any time.
05 — Retention
Booking records: 5 years (accounting law)
Guest register: 2 years (Hotels Act)
Marketing consent: Until withdrawn
Website analytics: Typically 14 months (Google Analytics/GTM default)
06 — Cookies & Analytics
Our website uses Google Tag Manager (GTM) and associated tools, which may include Google Analytics, to understand how visitors use our site and to improve the user experience.
Essential cookies are required for the website to function. Analytics cookies are only activated with your consent, which you may provide or withdraw via our cookie banner.
Data collected through analytics tools may be transferred to servers outside the EEA. Google provides appropriate safeguards under EU Standard Contractual Clauses.
You can manage or delete cookies at any time through your browser settings.
07 — Sharing Your Data
We do not sell or rent your personal data. We may share data with trusted third parties where necessary:
Payment processors (for secure transactions)
Booking platforms or channel managers (if your reservation was made via a third party)
IT and hosting providers (operating under data processing agreements)
Authorities, if required by Norwegian law
All processors are contractually obligated to handle your data in accordance with GDPR.
08 — Your Rights
Under GDPR, you have the right to: access your data, have inaccuracies corrected, request deletion, restrict processing, receive your data in portable format, object to processing based on legitimate interests, and withdraw consent at any time.
To exercise any of these rights, contact us at booking@292aurland.com.
You also have the right to lodge a complaint with the Norwegian Data Protection Authority: www.datatilsynet.no09 — Security
We implement appropriate technical and organisational measures to protect your data. Our website is served over HTTPS and access to guest records is restricted to authorised staff. In the event of a data breach, we will notify affected individuals and relevant authorities as required by law.
10 — Changes
We may update this policy periodically. The date at the top of this page always reflects the most recent revision.