Privacy Policy
This privacy policy is continuously updated and was last updated on 10.02.2026.
It explains why and how Krossbu Turisthytte AS collects and uses personal data, and what your rights are.
This privacy policy applies to Krossbu Turisthytte AS (org. no. 920 275 095).
If you have any questions about this privacy policy or the data we collect, you can contact us at post@krossbu.no
1. General information
Below you will find a simple overview of how your personal data will be processed when you visit our website. The term “personal data” includes all information that can be used to identify you personally. As the operator of this website, Krossbu Turisthytte AS understands the importance of processing your personal data confidentially. We assure you that we comply with all statutory requirements for privacy and data security at all times.
2. Data controller responsible for data recording on the website
Below you will find a simple overview of how your personal data will be processed when you visit our website. The term “personal data” includes all information that can be used to identify you personally. As the operator of this website, Krossbu Turisthytte AS understands the importance of processing your personal data confidentially. We assure you that we comply with all statutory requirements for privacy and data security at all times.
3. Who has access to your personal data?
Data provided via forms on this website and/or in dialogue with us by phone/email is only accessible to employees at Krossbu. We neither sell nor rent the information you have provided to any third party. Information about your usage patterns on the website is tracked and stored in various analytics tools that we use, provided that you have given consent to this. You will find detailed information about these tools and the information collected further down in this privacy policy.
4. How we use your personal data
Some of your information is stored in order to ensure proper and correct delivery of the website. Other data is stored for the purpose of being analyzed to understand your usage patterns.
We process your personal data in accordance with applicable privacy regulations. This means that user data is only processed in the following cases:
- When required by law (pursuant to Article 6(1)(c) of the GDPR).
- When necessary to fulfill a contract (pursuant to Article 6(1)(b) of the GDPR).
- When it is in accordance with our legitimate interests (pursuant to Article 6(1)(f) of the GDPR).
- When the user has given consent (pursuant to Article 6(1)(a) of the GDPR).
We do not record personal data such as name, address, telephone number, or email address unless you voluntarily provide this information, for example by submitting a booking or contact request, submitting a job application, or by contacting us via email or phone.
We will only use this data to contact you regarding your existing customer relationship with us or regarding a specific inquiry from you, for example if you have submitted a booking or contact request or applied for a vacant position. We may also use the data for product-related marketing purposes if you have given your prior consent to this, or if permitted under applicable laws and regulations, unless you have objected.
5. How long we store your data
Unless a more specific retention period is stated in this privacy policy, your personal data will be retained by us until the purpose for which it was collected no longer applies. If you submit a justified request for deletion or withdraw your consent to data processing, your data will be deleted, unless we have other legally permissible grounds for retaining your personal data (for example, retention periods under tax or commercial law); in such cases, deletion will take place when these grounds no longer apply.
6. Legal basis for data processing on this website
If you have given your consent to data processing, we will process your personal data in accordance with applicable data protection legislation, including Article 6(1)(a) GDPR. In the case of specific consent to the transfer of personal data to third countries, processing will also be based on relevant legal provisions, such as Article 49(1)(a) GDPR. If you have given your consent to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing is additionally based on Section 25(1) TTDSG. Your consent may be withdrawn at any time. If your data is necessary to fulfill a contract or to take steps prior to entering into a contract, processing will be in accordance with Article 6(1)(b) GDPR. We will further process your data in accordance with Article 6(1)(c) GDPR if a legal obligation requires such processing. We may also process your data on the basis of our legitimate interests, in accordance with Article 6(1)(f) GDPR. More information about the specific legal bases for data processing will be provided in the relevant sections of this privacy policy.
7. Information about the controller (the responsible data processor)
The party responsible for data processing on this website is:
Krossbu Turisthytte AS
Address: Sognefjellsvegen 4688, 2687 Bøverdalen
Email: post@krossbu.no
8. Your rights regarding your personal data
You have the right to receive information about the origin, recipients, and purposes of the personal data stored about you, without having to pay for this information. You also have the right to request correction or deletion of your data. If you have given consent to the processing of your data, you have the right to withdraw this consent at any time. Such a withdrawal will also affect all future processing of your data. In addition, you have the right to request restriction of the processing of your data if circumstances so require. You also have the right to lodge a complaint with the competent supervisory authority
If you wish to exercise any of the rights above, you can send an email to post@krossbu.no. You can also send a written request to Krossbu Turisthytte AS, Sognefjellsvegen 4688, 2687 Bøverdalen, or you can call us at +47 970 01 267
9. How your personal data is stored
9.1 General
When you visit our website, the browser on your device automatically sends information to our server, which is temporarily stored in a log file. We have no control over this. The following information is automatically recorded and stored until it is deleted:
- The IP address of the device requesting access
- Date and time of access
- The name and URL of the file you visit
- The website/application used to access the site (referrer URL)
- The browser you use and, where applicable, the operating system of your computer, as well as the name of your access provider
The processing of the IP address is based on Article 6(1)(f) GDPR and Section 25(1) TTDSG. Our legitimate interest in collecting this data includes the purposes of ensuring a smooth connection, an optimal user experience, and assessing system security and stability.
We also use cookies, tracking tools, and targeting methods on our website. A detailed explanation of the tools, procedures, and how your data is used for these purposes can be found in the sections below regarding online presence, website optimization, and integration of services and third-party content.
9.2 Inquiries
When you share your information with us, for example via a booking or contact form, or another type of inquiry, this information is stored in our booking system, Visbook. This system stores data in accordance with the Personal Data Act and the GDPR.
For various inquiries, we store the following personal data about you:
- Inquiry via contact form:
Name, email, and telephone number. - Email inquiry to our stated email address, including job applications:
Email and other personal data you have provided in the email - Telephone inquiries:
Your telephone number and other personal data you have provided through the conversation. - Bookings via our booking portal:
First name, last name, address, telephone number, email address, country, and possibly company (if the latter is relevant).
10. Marketing and analytics tools
10.1 Google Tag Manager
This website uses Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking technologies and other tools on our website. Google Tag Manager does not create user profiles, does not store cookies, and does not carry out independent analyses. It merely functions as a platform for managing and triggering the integrated tools. Google Tag Manager does, however, collect your IP address, which may also be transferred to Google’s parent company in the USA.
The use of Google Tag Manager is based on Article 6(1)(f) GDPR. As the operator of the website, we have a legitimate interest in the simple and efficient integration and administration of various tools on our website. Where required consent has been obtained, processing is carried out in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act), provided that the consent includes the
storage of cookies or access to information on the user’s device (for example, device fingerprinting). This consent may be withdrawn at any time.
10.2 Google Analytics
We use the Google Analytics service on this website. This is a web analytics tool provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze visitors’ behavior patterns on the website. This includes information such as pages visited, time spent on pages, operating system, and the user’s geographical location. This data is collected and assigned to a unique user ID associated with the visitor’s device.
Google Analytics also allows the recording of mouse clicks, scrolling behavior, and other interactions on the website. To improve data collection and analysis, Google Analytics uses various modeling methods and machine learning technologies.
Google Analytics uses technologies such as cookies or device fingerprinting to identify and analyze user behavior patterns. The information collected by Google is usually transferred to servers in the USA and stored there.
We base our use of Google Analytics on your consent, in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG. This consent may be withdrawn at any time.
The transfer of data to the USA takes place in accordance with the EU Commission’s Standard Contractual Clauses (SCC). You can find details here: https://business.safety.google/adscontrollerterms/sccs/.
10.3 Google Ads
This website uses Google Ads, an online marketing tool from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables ads to be displayed in Google’s search engine or on third-party websites when users search for specific keywords in Google (keyword targeting). Furthermore, it allows targeted advertising based on user data held by Google, such as location data and interests (audience targeting). As the controller, we analyze this data quantitatively, including which keywords resulted in our ads being displayed and the number of clicks on each ad.
The use of these services takes place with your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG. This consent may be withdrawn at any time.
The transfer of data to the USA is based on the EU Commission’s Standard Contractual Clauses (SCC). For details, please see: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
10.4 Google Signals
If you have given consent to cookies for performance and statistics via our consent solution (in accordance with Article 6(1)(a) GDPR), we will also implement the Google Signals extension in Google Analytics. The provider of this service is Google LLC (formerly Google Inc.), headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for providing the service, hereinafter referred to as Google.
Google Signals provides Google Analytics (see the section on Google Analytics above) with additional information, including demographic data and interest categories associated with Google users who have enabled personalized ads in their settings. Google combines this information with its own signals in order to analyze behavior across multiple devices. However, Google Analytics only generates such data in the form of aggregated and anonymized reports. These reports provide insight into general behavioral patterns without the ability to identify individuals.
For this purpose, Google Analytics creates specific audiences (called Google Audiences) that the Google Ads advertising platform can use as a basis for displaying ads across devices. This enables Google to integrate advertising across various platforms, including search engines, YouTube and other Google products, as well as third-party websites.
We use Google Signals to better understand the digital user experience of our users.
If you do not wish to allow the use of Google Signals, you have the option to withdraw any consents you have previously given for marketing purposes in the cookie settings, and to disable personalized ads via your own Google settings: https://adssettings.google.com/
For further information about Google Signals and Google’s privacy practices, please see the following links: https://support.google.com/analytics/answer/7532985 https://policies.google.com/privacy?hl=en
11. Data security
All personal data transmitted by you is secured through the use of the recognized and reliable SSL (Secure Socket Layer) standard. SSL is a well-known and reliable standard, for example used in online banking. Signs of a secure SSL connection include “https://” in the browser’s address bar and the padlock symbol at the bottom of the browser.
This website uses technical and organizational security measures to ensure that all personal data provided is protected against manipulation, loss, or unauthorized access by third parties. Our security protocols are continuously updated in line with technological developments.
