Privacy Policy
1. Data Controller
This privacy policy explains how we collect and use (process) personal data in our business. BLUE TRUMPET PRODUCTIONS AS, represented by the General Manager, is the data controller for this processing.
Contact information: BLUE TRUMPET PRODUCTIONS AS
Email: bluetrumpetprod@gmail.com
2. Your Rights
Please contact us if you have any questions about or wish to exercise your rights. You are entitled to a response no later than within 30 days.
Access and rectification: You may request a copy of all information we process about you and ask us to correct any inaccurate data.
Erasure or restriction: In certain situations, you may ask us to delete and/or restrict the processing of your personal data; however, we cannot delete data we are legally required to retain.
Objection: If we process your data based on legitimate interests, you have the right to object to such processing.
Data portability: If we process your data based on consent or a contract, you may ask us to transfer your data to yourself or another data controller.
You also have the right to withdraw your consent at any time. If you are not satisfied with how we process your data, you may file a complaint with the Norwegian Data Protection Authority.
3. Who We Process Personal Data About
We process personal data about:
- Customers
- Potential customers
- Visitors to our website
4. How We Collect Personal Data
It is voluntary to provide personal data to us; however, in order to complete a purchase, we require certain information from you.
We use automated decisions or profiling in processing your personal data for personalization and improvement of our services. We process personal data when you:
- Purchase our products or services
- Contact us via phone, SMS, our website, email, or social media
- Use our website
5. Purpose, Legal Basis, and Retention
Under Article 6(1) of the GDPR, personal data may be processed based on your consent, a contract, a legal obligation, or a legitimate interest.
Personal data shall not be processed or stored longer than necessary to fulfil the purpose of the processing. Accounting records are retained for up to 5 years in accordance with the Norwegian Bookkeeping Act.
6. How We Process Personal Data
When you purchase our products and services
We process personal data such as your name, contact details, order and payment information, and purchase history. For logged-in customers, we also store interaction data, conversation history, and any other data you choose to share with us. The purpose is to provide products and services according to your order/purchase and to administer the customer relationship.
Marketing within existing customer relationships
If you are an existing customer, we may send you marketing by email or SMS in accordance with Section 15 of the Norwegian Marketing Act. You may unsubscribe at any time.
When you use our website
When you use our website, we process personal data in accordance with our cookie policy. The purpose is to administer our website, promote our company, and respond to inquiries from visitors.
7. Who We Share Personal Data With
To operate our business efficiently and securely, we may need to share your personal data with data processors, professional advisors, IT and administrative support providers, and public authorities we are legally required to report to.
We require all parties with whom we share your data to protect it in accordance with good information security practices and GDPR requirements. For security reasons, we have not listed processors by name — please contact us if you wish to know more.
8. Transfer of Personal Data Outside the EU/EEA
In some cases, your personal data may be transferred outside the EU/EEA. Transfers are only permitted to countries approved by the European Commission, or under necessary safeguards in accordance with the GDPR — such as the EU Standard Contractual Clauses (SCCs).
9. Security
We take information security seriously and use strong passwords, data encryption, access control, backups, and two-factor authentication to protect your personal data from unauthorized access, alteration, or deletion.