This is a privacy policy for Merkantilbygg AS’ og Vestlia Resort ( The Hotel ) processing of personal data

related to its guests. The hotel will collect personal data about its guests in order to provide its services.

This privacy policy provides information you are entitled to when your personal data is collected,

including how the Hotel collects and processes personal data. The privacy policy covers all personal data

provided by you, or collected by us as a part of our services. The Hotel is subject to Norwegian law, and

will process your personal data in accordance with applicable personal data regulations.

1 DATA CONTROLLER FOR YOUR PERSONAL DATA

The data controller decides the purposes for and the means by which personal data is processed. For the

purpose of this privacy policy, the Hotel is responsible for the personal data provided by you by

registering as a member on the Hotel’s website; [https://www.vestlia.no] “the Website” or through

renting accommodation.

Contact information for the data controller:

Vestlia Resort

Bakkest lvegen 81, 3580 Geilo

Telephone number: +47 32 08 72 00

Email: mail@vestlia.no

2 THE INFORMATION THE HOTEL COLLECTS FROM YOU

When you register as a user, book a trip or submit a contact form on the Website, the Hotel will collect

and process certain information about you. The type of information the Hotel collects can be sorted into

the following categories:

i) Personal information; i.e. information that can be used to identify an individual person,

including name and surname, age, sex, date of birth, title/position, credit card information or

other financial information, home address or other address, email address, phone number

and other contact information, log of activity on user profile and advertising.

ii) Information collected through your use of the Website; i.e. information collected through

data tracking, for example by use of cookies (see section 3 below) and by use of analytical

tools such as Google Analytics. Information that is collected may include the type of browser

you use, which third party website that connected you to the Website, the search words you

type in on the Website, the specific sites you visit on the Website and the duration of the

visit.

iii) Your IP address and other information about your computer; the Hotel may collect and store

your IP address (the number that identifies your computer on the internet) and other

information about your computer for system administration purposes (e.g. to calculate how

many users that have accessed and used the Website). The IP-address will only be stored for

the duration of the visit on the Website and will thereafter be either deleted or anonymized.

3 COOKIES

The Hotel may use cookies and other information gathering methods to enhance the user experience and

optimize the Website. As a visitor on our Website, you will as a main rule remain anonymous. Note

however that you will be authenticated. Further, location data is stored for the purpose of optimizing the

portal experience. The location data is never linked to the user data.

In order to detect and delete cookies, you can change the settings in your browser. The “Help” function

of your browser can help you configure your browser to prevent cookies or delete existing cookies.

You can also learn how to block all new cookies on your browser and which configuration steps are

required to receive a notification about new cookies. However, please note that if you choose not to

accept cookies, your access to certain functionality on the Website may be restricted.

4 WHERE IS YOUR PERSONAL DATA COLLECTED?

Personal data is collected through your use of the Website, from the form you complete when you

register in a contact form on the Website, or from the information you provide to the Hotel in connection

with the hotel or submitting contact forms.

5 HOW THE HOTEL USE YOUR PERSONAL DATA

The Hotel will use the personal data you provide to us or that the Hotel collects through your use of the

Website for the following purposes:

i) to fulfill an agreement with you, i.e. to offer you ophthalmic consultation or surgery;

ii) to enable you to submit a contact forms directly from the Website;

iii) to improve our services, the content of the Website and other relevant platforms, for

example by collecting and processing data for internal statistical purposes, administration

and marketing of the Hotel This includes identifying general utility models to enable the

Hotel to improve its services and the Website;

iv) to respond to your questions and inquiries;

v) to provide you with information of new and other services offered by the Hotel;

vi) to inform you about amendments of this privacy policy;

vii) for examinations of and protection against breaches of this privacy policy, criminal offenses,

fraud and potential threats against our or other person’s legal rights;

viii) to comply with applicable laws and regulations;

ix) for any other purpose either described in this privacy policy, or for which the Hotel will notify

you specifically at the time of collection or upon obtaining your consent, or as permitted or

required by law, rule, regulation or any other legal process.

6 CONSENT AND OTHER LEGAL BASIS‘ FOR PROCESSING OF PERSONAL DATA

In order to process your personal data, the Hotel requires your consent or other legal basis. Consent can

be given upon request from the Hotel, or by voluntarily giving the Hotel the information through a

membership application, the Website or other relevant platforms for the Hotel

You can withdraw your consent at any time by sending an email to the Hotel, or you can use the widget

on the webpage where you can administer your data consent.

Other legal basis for processing can be such processing of personal data that is necessary for the Hotel to

comply with all applicable rules and regulations to which the Hotel is subject, e.g. statutory rules related

to storage for accounting purposes.

Your personal data will not be stored for a longer period than necessary for the Hotel to fulfill the above

mentioned purposes.

7 DISCLOSURE TO THIRD PARTIES

The Hotel may disclose your personal data to suppliers and sub-suppliers who perform services for the

Hotel, to enable the Hotel to provide you with services. (the Hotel may for example make use of suppliers

for hosting of the Website, to facilitate contact with customers via email or SMS, payments systems etc.)

Suppliers and sub-suppliers may only use your personal data for the purposes the data was collected for,

and to perform its assignments. Any such disclosing of personal data to suppliers and sub-suppliers will be

governed by, and done in accordance with, a data processor agreement.

The Hotel will not transfer, sell, rent or exchange personally identifiable information with any third party

in a way that is not provided for in this privacy policy without your express consent, unless such obligation

is imposed by law or binding court order, or when necessary in a business transaction.

8 PROTECTION OF YOUR DATA

The Hotel takes the privacy rights of our users seriously and has taken reasonable steps to protect the

user’s privacy, including physical, technical and organizational measures, to prevent loss, alterations, theft

and unauthorized access to information stored and otherwise processed by the Hotel.

9 LINKS TO THIRD PARTY WEBSITES

The Website may include links to other third party sites. These third party sites have their own privacy

policies that determine how the third party site is operated and how personal data is collected and

processed. If you submit personal information to any of these third party sites, your information is

governed by their privacy policies. The Hotel takes no responsibility for such third party sites, how they

are operated and how they process your personal data. The Hotel recommends that you familiarize

yourself with such third party sites’ privacy policies and terms of use when visiting and using such sites.

10 YOUR RIGHTS

You have the right to require access to the personal data the Hotel has collected about you. You have the

right to demand your personal data be deleted at any time. Upon such an inquiry, all your personal data

will be deleted, unless statutory obligations or legitimate interests require continued storage. Anonymized

information, i.e. information that cannot be linked to you, may be subject to continued storage.

If you want to exercise your right to:

i) get information about what personal data the Hotel has registered on you;

ii) change or update the stored data and correct any errors in that data;

iii) request that unnecessary data is erased;

iv) stop receiving emails from us, such as newsletters and similar;

v) withdraw your consent to the collection, processing, use or disclosure of your personal data

to third parties;

vi) request information about your right to data portability, i.e. your right to obtain, reuse and

transfer personal data provided to the Hotel to another IT environment;

you should contact the Hotel via the contact information stipulated above in section 1.

If you believe that our processing of your personal data infringes relevant data protection regulations, you

are entitled to lodge a complaint with the supervisory authority of your habitual residence, place of work

or place of the alleged infringement, or other relevant supervisory authority. In Norway, this is

Datatilsynet.

11 MODIFICATIONS TO THE PRIVACY POLICY

The Hotel reserves the right to modify this privacy policy from time to time. The most recent revision shall

supersede any earlier versions. The current version of the privacy policy will be available at the Website at

all times. The Hotel will notify the user of any changes to the privacy policy that will require your consent.

By using the Hotel’s services, you accept electronic information about and publication of this privacy

policy on the Website, and you consent to that electronic information about and publication of revised

versions of this privacy policy on the Website is valid as a notification to you.