Personvern

Denne nettsiden eies av ISIC Norge. Under kan du lese om vår bruk av cookies, samt vår policy på behandling av personlig informasjon.

Nettsidens eier

Hvis du ønsker mer informasjon, kan du henvende deg direkte til: ISIC Nordic and Nederland, c/o KILROY International A / S, Knabrostræde 8, 1210 København K, Danmark. Tlf: +45 33480700 E-post: [email protected]

Cookies

Cookies brukes av de fleste nettsider i dag. Cookies er essensielle for å forbedre brukervennligheten på en nettside, da de trengs både for å kunne levere enkelte funksjoner, men også for å samle statistikk på hvordan besøkende bruker siden, slik at den kan tilpasses til hvordan besøkende bruker siden.

En cookie er en liten informasjonskapsel som nettsiden lagrer på den enheten (PC, smarttelefon, nettbrett osv.) brukeren benytter for å besøke nettsiden.

Cookiene vi bruker på isic.no er ikke skadelige og kan ikke spre virus eller andre ondsinnede programmer.

isic.no bruker vi både såkalte session cookies and persistent cookies. Session cookies, lagres midlertidig og slettes når brukeren lukker nettleseren. Persistent cookies lagres for en lengre periode. Under innstillinger i nettleser din kan du se hvilke cookies som er lagret og hvor lenge de kommer til å være lagret.

ISIC Norge bruker følgende cookies på isic.no

 

__utma, __utmb, __utmc, __utmz, __utmli

Formål: Operasjon og optimaliserings cookies

Host: Google Analytics

Disse cookiene samler all informasjon om trafikk til vår nettside. Statistikken brukes til at forbedre bruken av nettsiden og dens funksjoner.

 

JSESSIONID, NRAGENT

Formål: Operasjon og optimaliserings cookies

Host: beacon-5.newrelic.com

Disse cookiene samler informasjon om trafikk til vår nettside. Statistikken brukes til at forbedre bruken av nettsiden og dens funksjoner.

 

VISITOR_INFO1_LIVE, PREF, YSC

Formål: Operasjon og optimaliserings cookies

Host: YouTube

Disse cookiene brukes av YouTube for å lagre brukerpreferanser, når man ser på sider som inneholder video.


aka_debug, __utma, __utmb, __utmz, player

Formål: Optimaliserings cookies

Host: Vimeo

Vi integrerer videoer fra Vimeo på våre nettsider. Dette innebærer at det kan bli plassert cookies på din enhet dersom du klikker på Vimeos avspiller. Disse cookiene blir brukt til å lagre informasjon om besøkendes videopreferanser.

Consent to use cookies

ISIC Norge bruker cookies på isic.no i de situasjonene som er beskrevet i avsnitt nr. 3. Dersom du har navigert videre in på isic.no ansees dette som at du gir ditt samtykke til at vi kan lagre cookies på din enhet når du besøker isic.no.

Dersom du ønsker å trekke tilbake ditt samtykke om isic.no sin bruk av cookies, kan du gjøre det ved å endre innstillingene i din nettleser. Hvordan dette gjøres er beskrevet under.

Hvordan fjerner jeg cookies?

Du kan alltid fjerne ønskede cookies fra din nettleser. Under finner du linker med en beskrivelse av hvordan du kan fjerne cookies fra din nettleser:

Internet Explorer

http://windows.microsoft.com/nb-no/internet-explorer/delete-manage-cookies#ie=ie-9

Firefox

http://support.mozilla.org/nb-NO/kb/delete-cookies-remove-info-websites-stored?redirectlocale=en-US&redirectslug=Deleting+cookies

Google Chrome

https://support.google.com/chrome/answer/95647?hl=no

Safari

http://support.apple.com/kb/PH11920

Opera

http://help.opera.com/Windows/12.10/en/cookies.html
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Derfor informerer vi deg om vår bruk av cookies

Alle Europeiske nettsider er forpliktet til å informere om hvilke cookies som blir lagret på brukerens utstyr.

 

Privacy Policy

Last updated 04 05 2018

First and foremost, we want you to know that your privacy concerns us, and we take the responsibility you directly or indirectly have entrusted us, seriously. 

This policy explains how the KILROY Group collects customer data, use the data and in which situations and to whom the data is disclosed.

ISIC is part of a European group of companies that operates within travel, educational counselling and student benefits as subsidiaries of KILROY International A/S.

Collection and processing of personal data is an unavoidable and necessary part of conducting this kind of business and to fulfill the purposes described in this privacy policy.

ISIC is data-responsible for the processing of personal data for these purposes.


If you have any questions regarding this privacy policy or to our handling of your personal data, the head office address of the KILROY Group is: KILROY International A/S Nytorv 5, DK1450 København K, Denmark.

More information about the processing of customer data at ISIC can also be obtained by writing to [email protected].

1. Protection and safety is important to us

Responsible handling of personal data collected as part of the operation of our business, is crucial to our business objectives and reputation. In this privacy policy we will account for how your personal data is collected and used when you are a customer, supplier or business partner and how you can gain access to you own personal data.

2. What is personal data?

Personal data is any kind of data about an identified or identifiable living individual. An identifiable individual is understood as a person, who directly or indirectly can be identified, among other things, by an identification number or one or more elements, that are particular to a given person’s identity.

3. What type of personal data are we processing and why?

Your personal data will be used for different purposes in relation to your position as customer and the operation of ISIC. The data collected may vary, depending on whether you are a customer, supplier or business partner, but in general it will be data regarding customer administration, supplier administration, direct marketing and data regarding ISIC’s rights and obligations.

Failure to provide personal data on your part, may mean that ISIC is unable to fulfill its obligations towards you as customer or supplier.


As a rule, ISIC only collects and processes regular personal data. In specific cases of booking a trip, it can be necessary for us to a limited extent, to process sensitive personal data (e.g. information regarding special meals or special needs assistance during your trip), as well as information regarding social security numbers (e.g. in connection with collecting passport copy for visa applications), but only when it is necessary for booking the trip and assistance you require.


ISIC will typically gather the following information:

3.1 Information concerning our customers

The information provided to us when booking a trip or creating a customer profile with us, e.g. online via the webpage or by contacting our customer service, including contact details (first name, middle name(s), surname, address, telephone number, email address, title and job position), social security number (for visa applications etc.), passport number, bank details, debit- and credit card details, information you provide regarding special preferences during your trip (e.g. information on dietary restrictions, special needs assistance due to disability or illness, etc.), health information (when booking trips for health- or medical treatments, sports trips, etc.), information regarding your height, weight, clothing and shoe size (for booking equipment on ski trips, sports trips, etc.), purpose of travel, information regarding which languages you speak, citizenship, contact information of your next of kin, requisition (in the case of business- or health trips), information regarding your marketing and communication preferences, along with information you have given us if you contact us with questions, to report a problem or when you contact us with reference to your customer relationship, information regarding student, teacher, youth card issuance photo, place of study (applies only for ISIC), place of work (applies only for ITIC), promotional code, card validity, date of issue, card number, information regarding fees payment (price, type of payment, date, payment confirmation).

3.2 Information concerning our suppliers and business partners

Information you provide when entering a contract or agreement with us, including contact information (job, job title, first name, middle name(s), surnames, addresses, telephone number, email address), information regarding your marketing and communication preferences, as well as information you have given us if you contact us with questions, to report a problem or when you contact us with reference to your customer relationship.

3.3 Information concerning collection of applications for universities and organizations

When you decide to apply for an internship, studies or academic courses via ISIC we act on behalf of the institution providing an internship, studies or academic courses. Thus, ISIC processes the personal data for the purposes stated by the institution – collection of applications. Thus, an institution (university, organization, other institution) processes data as a controller and ISIC processes personal data as a processor on behalf of the institution. For detailed information about your data processing, please read the data privacy policy of the institution you apply to.

4. What do we use your personal data for?

ISIC processes your personal data to fulfill the purposes stated below. Notice, that not all purposes, categories of information, recipients of information and types of procedures are applicable to you in all cases.


ISIC exclusively processes your personal data to the extent necessary for you as customer, supplier or business partner (as specific interests in each case, are taken into account) or in accordance with existing law.

4.1 Customer administration

ISIC processes your personal data when establishing and administering your customer relationship with ISIC, as a part of the operation of our company, including booking trips and delivery of our different products (e.g. visa applications, travel insurance, transfer service, student, teacher, youth card issuance, etc.), maintenance of our customer registers, billing, marketing, statistics, etc. All statistics and analysis are compiled in anonymized form and therefore do not contain information, that can lead directly back to you as a person.

4.2 Administration of supplier and business partner relationships

ISIC processes your information when co-administrating supplier and business partner relations, where you are the supplier or business partner, or contact person with a supplier or business partner, which ISIC is working with as a part of the operation of our company, including maintenance of our CRM-registry with information about our contact with each supplier and business partner.

4.3 Compliance with current laws and regulations

ISIC processes your personal data in compliance with the laws and regulations that ISIC is subject to with respect to the operation of the business or for filing different liability and disclosure requirements in accordance with applicable laws and regulations.

ISIC does not use your personal data to make decisions, that are solely based on automatic processing, except for profiling.
Profiling is a form of automated processing of your personal data. We use profiling and data modelling e.g. to be able to offer you specific services and products that meet your preferences for marketing purposes.

ISIC strives to guarantee that all personal data we process is correct and up to date. We therefore always ask you to inform us regarding possible changes in your personal details (e.g. change of address, name, phone number or payment) so that we can guarantee that your personal data is always correct and up to date. You should update your personal data immediately in case of changes.

5. Legal base for processing your personal data

ISIC essentially processes your information on the following grounds: (1) Your consent (2) Entering into and fulfilling contractual agreements with ISIC, (3) Consideration for the legitimate interests of ISIC, as described above, (4) Fulfilment of legal duties that ISIC is required to meet, (5) Protection of your or another physical individual’s vital interests, (6) the processing is necessary, in order for a legal claim to be established, enforced or defended, and (7) The processing is necessary to comply with ISIC’s or your employment, health and social rights, that arise from national law or EU law. In addition, there may be situations where we treat your personal data for the sake of third parties' legitimate interests with regard to the purposes described above, unless consideration for your interests is deemed more important.

6. Sharing of Personal Data

ISIC only discloses data to the extent necessary for the operation of our business, including to provide your trip and the other products you have purchased with us in connection therewith.

ISIC will typically pass personal data to the following recipients when booking a trip and related products:

6.1 Global Distribution System (GDS)

A GDS is an IT network system owned or operated by a company that allows transactions between the travel industry's service providers, mainly airlines, hotels, car rental companies and travel agents. A GDS connects services, prices and booking by consolidating products across the three travel sectors, i.e. flight reservations, hotel reservations and car rental.

6.2 Airlines

ISIC discloses personal data to airlines when booking your trips. For the purpose of booking your flight, we will typically provide details of first name, middle name(s), surname, departure airport, destination, departure and return dates, bonus card number, special requests regarding your trip, including booking special meals during flights and necessary special needs assistance on the plane or at the airport for the chosen airline.

With respect to trips to special destinations, we can also provide information about your passport number to the airline.

6.3 Hotels

ISIC passes personal data to the hotels that you intend to use during your trip. For the purpose of booking your hotel accommodation, we will typically provide information about first name, middle name(s), surname, destination, date of arrival and departure, room category, bonus card number, special requests for your trip, including dietary restrictions or special needs assistance due to disability or illness, during your stay at the given hotel.

6.4 Car rental services

ISIC discloses personal data to car rental companies if you require a vehicle during your trip. For the purpose of booking your rental car, we will typically provide information about your first name, middle name(s), surname, pickup location, rental period, vehicle category, bonus card number, special needs in connection with rental of the vehicle, including special requirements relating to disability or illness, child seats etc.

6.5 Bus operators

ISIC discloses personal data to bus companies if a bus trip is part of your trip (e.g. for day trips to tourist attractions, etc.). For the purpose of booking your bus trip, we will typically provide information about first name, middle name(s), surname, pickup location, date and time of bus, destination and special requests during the bus trip, including booking special meals and necessary special requirements or assistance relating to disability or illness.

6.6 Shipping companies

ISIC discloses personal data to shipping companies if you are going on a ship trip as part of your trip (e.g. for day trips to tourist attractions, cruises, etc.). For the purpose of booking your ship trip, we will typically provide information about first name, middle name(s), surname, destination, itinerary, date and time of departure and return as well as special requests during sailing, including booking special meals and necessary special requirements or assistance relating to disability or illness and information about travel documents.

6.7 Bedbanks

A bedbank is an IT network system owned or operated by a company that allows transactions between travel industry service providers, mainly hotels and travel agencies or end customers. ISIC discloses personal data to bedbanks to book the hotels that you will use on your trip. For the purpose of booking your hotel accommodation through a bedbank, we will typically provide information about first name, middle name(s), surname, destination, date of arrival and departure, room category, bonus card number, as well as special requests, including booking special meals during the hotel stay and necessary special requirements or assistance relating to disability or illness.

6.8 Travel Agents

If you, as a part of your trip, participate in excursions or need transfer, ISIC may pass personal data to travel agents. The travel agent’s responsibility is to organize the excursion or transfer, when booking a given service from a local supplier at the destination. For booking your excursions, transfers, etc. we typically provide information about first name, middle name(s), surname, date and time of arrival and departure, type of vehicle, destination, as well as special requests, including booking special meals during the hotel stay and necessary special requirements or assistance relating to disability or illness.

6.9 Insurance companies

As part of the booking of your trip with us, you can purchase a travel and/or cancellation insurance. If you wish to purchase this insurance, we will disclose personal data to the insurance company for the purpose of taking out the insurance with them. For the purpose of taking out a travel and/or cancellation insurance, we typically provide information to the insurance company about first name, middle name(s), surname, e-mail address, destination, departure and return date, and travel type.

6.10 Equipment Rental Companies

As part of the booking of your trip with us, you can rent any equipment that you may need on your trip, e.g. ski equipment, diving equipment, etc. If you wish to rent such equipment, we will disclose the information to the company at your destination from which you will be renting the equipment. For equipment rental we typically provide information to the rental company about first name, middle name(s), surname, type of equipment, pick-up location, rental period and information about height, weight, clothes and shoe size.

6.11 Tour operators

ISIC discloses personal data to tour companies if you are going on a tour as part of your trip (e.g. for a day tour to tourist attractions, scubadiving, etc.). For the purpose of booking your tour, we will typically provide information about your first name, middle name(s), surname, tour, itinerary, date and time of tour as well as special requests during the tour, including booking special meals and necessary special requirements or assistance relating to disability or illness, information about travel document (only if needed).

6.12 ISIC

When ordering a student, teacher or youth card ISIC passes personal data to ISIC Global Office BV, Keizersgracht 174, Amsterdam, 1016 DW The Netherlands. This is where ISIC Global Office BV stores cardholder data for all active student, teacher or youth cards globally. The purpose of the data provision is to prove student, teacher or youth card validity globally. The following data is provided: first name, surname, birth date, place of study, photo, place of work (applies only for ITIC), email address, address, C/O-address, card number.

6.13 Specially regarding qualified offers

When you choose ISIC, you have the opportunity to get a qualified offer on a trip. A qualified offer is a type of offer, in which a preliminary reservation of the desired trip is made for you when preparing the offer. This allows you to reserve space on the desired departures for up to three days before deciding whether a ticket should be issued for the preliminary reservation or it should be annulled.

In order to create a qualified offer, we provide information about you and the requested reservation to a GDS (as mentioned above), which makes the preliminary reservation at the airline, the hotel, etc. As a part of obtaining a qualified offer, personal data is passed on to several new independent data controllers (GDS, airlines, hotels, etc.), your information may be retained by these recipients after the expiry of the offer - also in case the offer is annulled.

 

Furthermore, ISIC may disclose your personal data to other suppliers and service providers as a part of normal operation of the company, e.g. in connection with external administration of our IT systems, analysis reports, marketing, debt collection, credit rating, audit, legal assistance, etc.


For further information regarding our suppliers’ and partners' processing and protection of your personal data, please refer to their privacy policies and terms of use.

ISIC strives to limit the disclosure of personal data in personally identifiable format to the maximum extent possible, thereby limiting the cases where information can lead back to you personally.

ISIC does not disclose your personal data unless it is necessary to perform our business or meet your needs.

7. International transfers of your personal data

Due to the nature of ISIC’s business, your personal data may be transferred to countries outside the EU / EEA when booking a trip with us. In order to be able to deliver our services to you, we have to use partners and suppliers outside the EU/EEA in certain cases.

Without the possibility of transferring your information to recipients outside the EU / EEA, ISIC will be unable to deliver certain travel arrangements. This applies if booking your trip requires that information is sent to recipients outside the EU/EEA, for example, to book flights, hotels, etc. at your travel destination.

Data protection legislation in these countries may be more lenient than it is in Denmark and in the rest of the EU/EEA, as in most cases there will be countries where the EU Commission has assessed that the data protection level is not at par with the data protection level within the EU/EEA.

In the event that it is practically possible for us, the transfer of your personal data will be based on the standard transfer contracts developed by the European Commission, which are specially prepared for this purpose. As far as transfers to the United States are concerned, they will as far as possible be done on the basis of Privacy Shield. Privacy Shield is an agreement between the EU and the United States, which establishes a strong set of data protection rules and security measures that US companies, who have joined the agreement, are obliged to comply with when processing personal data.

However, in certain cases it may not be practical for ISIC to enter into a standard transfer contract or use Privacy Shield as a legal transfer basis. In such cases, the transfer of the information will be carried out pursuant to Article 49.1(b) of the Data Protection Regulation, as the transfer of your personal data to a certain country is necessary for the purpose of fulfilling the contract between you and ISIC (the booking of your trip) or for the purpose of executing measures at your request prior to entering such a contract (e.g. in the case of a qualified offer as mentioned in section 6.13).

 

It is therefore important that you are aware that transferring your personal data to countries outside the EU/EEA when booking a trip with ISIC means that your personal data will not enjoy the same protection as when subject to Danish or EU laws and regulations.

When transferring data there is a potential risk that there are no clear, precise and accessible laws and regulations in the country in question regarding access to personal data by the authorities of the country; that there are no laws and regulations that the access of a country's authorities to your information, must be necessary and proportionate; that the country does not have an independent and effective supervisory authority and that the country has no available and effective legal remedies for the registered.


If you do not wish that ISIC sends your personal data to recipients outside of the EU/EEA, please advise us at the latest when booking your trip.


ISIC does not, in any case, pass your personal data to recipients outside of the EU/EEA, unless this is necessary to carry out our business and meet your needs e.g. by delivering the requested trip.

8. Data integrity and security

Personal data will be stored no longer than necessary in order to fulfill the purpose for which they have been collected, unless the storage is required to comply with national legal requirements, including statutory storage periods in connection with bookkeeping, etc.

It is ISIC’s policy to protect personal data by taking adequate technical and organizational security measures. When your personal data is no longer needed, we will ensure that they are deleted in a safe manner.

9. Your rights

You are entitled to access to any personal data we have registered and use, information on where it comes from and what we use it for. You can obtain information about how long we store your data, who receives data about you and to what extent we disclose data in Denmark and abroad. Your right of access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for our business and practices. Our know-how, business secrets as well as internal assessments and material may also be exempt from the right of access.

In certain circumstances, you have the right to object to our processing your personal data. This is the case for example when the processing is based on our legitimate interests.


Objection to direct marketing. You have the right to object to our use of your personal data for direct marketing purposes, including profiling that is related to this purpose.

If the data is incorrect, incomplete or irrelevant, you are entitled to have the data corrected or erased with the restrictions that follow from existing legislation and rights to process data. These rights are known as the “right to rectification”, “right to erasure” or “right to be forgotten”.

If you believe that the data we have registered about you is incorrect, or if you have objected to the use of the data, you may demand that we restrict the use of these data to storage. Use will be restricted to storage only until the correctness of the data can be established, or it can be checked whether our legitimate interests outweigh your interests.

If you are entitled to have the data we have registered about you erased, you may instead request us to restrict the use of these data to storage. If we need to use the data we have registered about you solely to assert a legal claim, you may also demand that other use of these data be restricted to storage. We may, however, be entitled to other use to assert a legal claim or if you have granted your consent to this.


You can withdraw your consent at any given time. Please note that if you withdraw your consent, we may not be able to offer you specific services or products. Note also that we will continue to use your personal data, for example, to fulfil an agreement we have made with you or if we are required to do so by law.

If we use data based on your consent or as a result of an agreement, and the data processing is automated, you have a right to receive a copy of the data you have provided in an electronic machine-readable format.

If you wish to claim one or more of your rights, please contact us at [email protected] Your request will be processed in accordance with the data protection legislation currently in force.


Complaint about the processing of your personal data by ISIC can be made to:
Datatilsynet Visitor address: Tollbugata 3, 0152 Oslo Postal address: P.O. Box 8177 Dep., 0152 Oslo Organization number: 974 761 467 [email protected] + 47 22 39 69 00

10. Updates

ISIC regularly evaluates and updates this privacy policy. Therefore, please regularly check this privacy policy for any changes that may affect our processing of your personal data.