1 Introduction

AS PARKS and its subsidiaries, including Skimore AS, TryvannWyller AS, Drammen Skisenter AS, and Kongsberg Skisenter AS (Skimore Oslo, Skimore Drammen, and Skimore Kongsberg), are committed to handling your personal data in a secure and safe manner, in accordance with applicable regulations.

Below you will find information about how Skimore AS, as the data controller, processes personal data collected from users of the Skimore app, as well as from the use and rental of our other services (ski rental, ski school, bike rental, use of climbing parks, etc.).
This statement also covers Skimore’s processing of personal data in partner resorts with which Skimore has entered into agreements at any given time.

2 What personal data do we collect and why?

2.1 Entering into agreements and delivering services

When you enter into a membership agreement with us, or register to use our services, we collect personal data from you in order to complete your order and fulfill our obligations under the agreement. These obligations include providing access to the application, identifying you as a valid member, providing correctly fitted rental equipment, assigning the appropriate skill level for ski school, and contacting you regarding matters related to your membership.

In this context, we process the following personal data:
Name, email, mobile number, user image, date of birth, account details, skill level, size, and height.

For family memberships, a mobile number may also be registered on a child’s profile where required to identify the child during booking or drop-in, and to activate membership benefits such as free sled rental and climbing.

The legal basis for this processing is GDPR Article 6(1)(b) (contract), as the data is necessary to fulfill the agreement with you.

If the order includes individuals who are not of legal age, we also collect their data where necessary to fulfill the agreement. The legal basis is likewise GDPR Article 6(1)(b) (contract).

A mobile number may be registered by a guardian when creating the profile, or later if the child attends to use a membership benefit that requires a mobile number in the booking system. The guardian will be notified via the contact information registered in the membership account.

2.2 Activity registration

We may process information about your visit activity in AS PARKS facilities to ensure that your use complies with what has been agreed. The legal basis is GDPR Article 6(1)(f) (legitimate interest).

We may also process information about your purchase and visit history to tailor the offers we communicate to you. For example, we may offer conversion of a guest pass into a membership at a favorable price, and marketing will then be adapted based on who has purchased a guest pass. The legal basis is the Norwegian Marketing Act § 15 (1) and GDPR Article 6(1)(a) (consent).

Additionally, we may process anonymized activity data for internal business purposes, such as:
(i) allocating revenue between companies within the AS PARKS group
(ii) preparing reports and statistics to improve our services
(iii) other analyses aimed at improving your user experience in the app

Where possible, this processing is based on anonymized data that cannot be traced back to you. This processing is based on GDPR Article 6(1)(f) (legitimate interest).

2.3 Marketing to existing customers and members

Skimore strives to provide members and customers with updated and relevant information about services and developments. From time to time, we will send newsletters and other relevant information via email, push notifications, or SMS. These communications may include information about products and offers related to your membership or purchased services.

This type of marketing is sent without prior consent to existing customers and members. It is sent to the contact details provided when entering into the membership agreement. The legal basis is the Norwegian Marketing Act § 15 (3) and GDPR Article 6(1)(f) (legitimate interest).

If you are not an existing customer or member, such marketing will be based on the Norwegian Marketing Act § 15 (1) and GDPR Article 6(1)(a) (consent).

If you have given consent, we may also send electronic marketing and newsletters containing information about products and services from companies within the same group as Skimore, or from our commercial partners. The legal basis is the Norwegian Marketing Act § 15 (1) and GDPR Article 6(1)(a) (consent).

2.4 Visits to our website – Log data and Cookies

When you visit our services or website, we collect information sent by your browser (log data). This may include: IP address, geolocation, browser version, pages visited, date and time of visits, time spent on pages, and other statistics.

Cookies are small data files used as anonymous unique identifiers. These are sent to your browser and stored on your device.

Our website uses cookies to collect information and improve user experience. The purpose is to gain insight into user interactions through anonymous reporting, measurement, and statistics. The data processed includes cookie ID, device type, browser type, and IP address.

You can delete cookies in your browser. If you choose to refuse cookies, parts of our service may not function properly.

The use of cookies is based on GDPR Article 6(1)(a) (consent).

3 Sharing of personal data

To complete your order, we may need to share your personal data with suppliers and partners. We only share data to the extent necessary, and they only receive the data required to perform their services.

We may also share data with other companies within the same group for internal administrative purposes or to meet governance, control, or reporting requirements. The legal basis is GDPR Article 6(1)(f) (legitimate interest).

We use the following subcontractors:

• Service support: Google Tag Manager, Google Analytics
• Payments and service delivery: Skidata, NETS
• Service-related functions and analytics: MailGun, Firebase, Teletopia
• Internal administration: AS PARKS and subsidiaries, including TryvannWyller AS, Drammen Skisenter AS, Kongsberg Skisenter AS, and other relevant group companies

All subcontractors process data on our behalf and according to our instructions. Data processing agreements have been established in accordance with GDPR Article 28.

4 How long we store your data

We never store personal data longer than necessary to fulfill the membership agreement or provide services. Data no longer needed will be anonymized or securely deleted.

After termination of membership, your data will be deleted after 2 years, or earlier if no longer needed.

Certain data must be stored in accordance with Norwegian law:

• Accounting Act: transaction data stored for 5 years
• Limitation Act: certain data must be retained for legal purposes

5 Your rights

You have rights regarding how your data is used, including:

• The right to object to processing (note: this may prevent purchase or use of services, except guest pass purchases online without registration)
• The right to request deletion or restriction
• The right to request a copy of your data
• The right to correct or update your data
• The right to object to automated decisions (rarely used; you will be informed if applicable)

6 How we store your data

Your data is stored in Skimore’s database and in systems from Skidata, Wintersteiger (Easy Rent), and Walthard (Ski School).
All solutions are secured via Cloudflare CDN, with data stored in Google Cloud, except Wintersteiger and Walthard which are stored locally.

Access is limited to authorized service administrators who have signed data processing agreements.

7 Access and control

You can access and manage your data in the Skimore app under: Profile → Edit Profile.

For questions, exercising your rights, or other inquiries, contact: personvern@skimoreoslo.no

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet), in accordance with GDPR Article 13(2)(d).

Updated: 13 February 2026