Agreement on data processing in connection with registration of membership in Torucon (GDPR)
Updated May 31, 2025
Use of individual words
This agreement is about personal data, but for simplicity we will use words such as "information", "information", or "data". Read about personal data on the Norwegian Data Protection Authority's pages.
For those under 15
If you are under 15 years of age, you cannot consent to us storing information about you on your own. In that case, you must have your parents, foster parents, or similar person read through the agreement and approve it on your behalf.
Data controller
The data controller (Torucon) is the one who decides what data is collected and what it is used for. To contact us regarding privacy issues, please send an email to our contact person, or send us a letter to the address provided.
Contact person
Mali Grimstad
mali.grimstad@torucon.no
Business
Torucon
Org. no. 997 804 996
Postal address
Torucon v/ Eirin Ellingsen
Høvdingvegen 82
7725 STEINKJER
About the treatment
What information is collected
E-mail address
Phone number
Name
Date of birth
Address
The purpose of collecting the data
Torucon is a member of the umbrella organization Hyperion, which distributes money to its sub-organizations each year based on the number of members. We use the information to register members and verify that they are real people. Hyperion may use the information to verify that members signed up voluntarily and of their own free will.
The basis for processing the data
If you request to become a member to support Torucon, we are required to collect the information mentioned above. This is also the basis for processing your information.
How long the data is stored
Hyperion needs to store information to prove that you want to become a member. It will therefore be necessary to store the information until the relevant authorities have confirmed the information, and for as long as they are required by law to store it. We will also keep a copy of the information in case it becomes necessary to correct the information in the Hyperion membership system. When this function has ceased, the data will be deleted or pseudonymized/anonymized.
You can of course also request that your information be deleted if you no longer wish to be a member, and this will then happen as soon as practically possible, and no later than one month after you requested the deletion.
Data processors
The following organizations are involved in the processing of your data. This means collection, storage, transfer, etc. of the data. We have entered into a separate data processing agreement for each organization, which states that they cannot use the data for anything other than what we have agreed. For those organizations that are located in countries outside the EEA, or that are multinational companies with branches outside the EEA, we have also entered into extra strict agreements to ensure that the data is transferred safely if it needs to be sent outside the EEA.
To gain access to the agreements, you can contact us by email or post. Data processors are also obliged to provide access to the information they have stored about you and to correct or delete it upon request.
Hoopla ticketing system
Hoopla AS
Org. no.: 997 312 368
+47 22 55 21 00
support@hoopla.no
https://www.hoopla.no/
Purpose
Collection and storage of data from forms completed at ticket purchase, on behalf of Torucon.
Hyperion
HYPERION - NORWEGIAN ASSOCIATION FOR FANTASTIC LEISURE INTERESTS
Org. no.: 984 302 320
+47 22 99 37 45
n4f@n4f.no
http://n4f.no/
Purpose
Reports membership lists to Hyperion to confirm membership numbers. This is the basis for Hyperion receiving money that is distributed to, among others, Torucon.
HyperSys
UNICORNIS AS
Org. no.: 992 838 728
+47 22 99 37 40
mailbox@unicornis.no
https://hypersys.no/
Purpose
Storage of membership lists on behalf of Torucon and Hyperion.
Google Workspace
Google
+47 800 30 103
https://workspace.google.com/
Purpose
Storage of data on behalf of Torucon. This includes image and video material, information about volunteers and competition participants, emails, etc.
Third country
This data processor is located in a country outside the EEA, or has branches both inside and outside the EEA, and is subject to additional requirements to guarantee that all data is processed securely and in accordance with EU and Norwegian data protection rules.
Your rights
We are obliged to follow up on your rights. If you wish to exercise any of the rights described here, please send us an email or letter.
Right of access
You have the right to know, among other things, why and how we process data about you and what data we have stored. At the same time, there are some exceptions, for example if the access would violate the rights and freedoms of others.
You should receive the information you request as soon as possible, and within one month at the latest.
Read more about the right of access on the Norwegian Data Protection Authority's website.
Right to rectification
If you notice that we have stored information that is incorrect, you have the right to request that we correct the information. However, there are many cases where rectification is not practically possible, for example.
We will correct your information as soon as possible, and within one month at the latest.
Read more about the right to rectification on the Danish Data Protection Agency's website.
Right to erasure
In some cases, you can demand that your data be deleted. This applies, for example, if we have obtained your consent to collect your data and you withdraw your consent.
We will delete your data as soon as possible, and no later than within one month.
Right to restriction
For example, if you have requested rectification of your data, you also have the right to stop all use of your data while we are working on the corrections. Your data will still be stored, but we cannot use it for anything without your permission. When a restriction is lifted, you will always be notified first.
We will ensure that your data is restricted as soon as possible, and within one month at the latest.
Read more about the right to restriction on the Danish Data Protection Agency's website.
Right to protest
Sometimes we will process data about you without asking for your consent. In these cases, we will provide another legal justification for the processing, for example, that the data is necessary to perform the service you wish to use. In other cases, we may be required by law to process the data.
Apart from this, you have the right to object to the processing. If you object, we can no longer use your data. If the data is not also used in other contexts, it will also be deleted. You also always have the right to object to the use of your data for direct marketing purposes.
We will respond to your protest as soon as possible, and within one month at the latest.
Read more about the right to object on the Danish Data Protection Agency's website.
Right to data portability
You have the right to receive your data in a format that makes it easy to read by another system, so that you can easily get an overview or transfer the data to another service provider.
The data must be transferred encrypted and we must be able to confirm who you are before we disclose the data. This right only applies to data collected directly from you, such as information from a user account. We must deliver your data as soon as possible, but no later than within one month.
Read more about the right to data portability on the Norwegian Data Protection Authority's website.
Right to information
You have the right to receive easy-to-understand information about how we use your data and your rights. We have done our best to write as briefly and simply as possible, but if something is still difficult to understand, you can send us an email, contact us on Facebook, or send us a letter. We'll do our best to explain what you're wondering about!