Privacy Policy

Last Updated: May 22, 2026

Booking Map is a service provided by Gashi Solutions (org.nr: 937 756 631), Enkeltpersonforetak ("we", "us", or "our"). We are the data controller for personal data processed through our Services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our resource booking platform and services ("Services") in accordance with the General Data Protection Regulation (GDPR) and Norwegian data protection legislation (personopplysningsloven).

Information We Collect

We collect information about you in various ways when you use our Services:

Personal Information

We collect personal information that you voluntarily provide to us when you register for an account, make a booking, or contact us. This may include your name, email address, company name, phone number, and payment information.

Usage Data

We automatically collect certain information about your device and how you interact with our Services. This may include your IP address, browser type, operating system, referring URLs, pages viewed, time spent on pages, and other diagnostic data.

Booking Information

When you make bookings through our Services, we collect information about the resources you book, booking dates and times, and any notes or comments you provide.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Services and store certain information. Analytics cookies are only activated with your explicit consent. For more information, please see our Cookie Policy.

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Contract (Art. 6(1)(b)): Processing necessary to provide the Service — account creation, booking management, subscription handling, and customer support.
  • Legitimate interest (Art. 6(1)(f)): Improving our Services, analyzing usage patterns, preventing fraud, and ensuring security. Our legitimate interests do not override your fundamental rights.
  • Consent (Art. 6(1)(a)): Analytics cookies (Google Analytics) and marketing communications. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): Compliance with tax laws, accounting requirements, and responding to lawful requests from authorities.

How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing, maintaining, and improving our Services
  • Processing and managing your bookings
  • Creating and managing your account
  • Sending you notifications about your bookings and account
  • Responding to your comments, questions, and customer service requests
  • Analyzing usage trends and preferences to improve user experience (with consent)
  • Detecting, preventing, and addressing technical issues and security threats
  • Complying with legal obligations and enforcing our terms and policies

Sub-processors and Third-Party Services

We use the following third-party service providers (sub-processors) to deliver our Services. All sub-processors are bound by data processing agreements:

  • Vercel Inc. (USA) — Hosting and deployment. Data may be processed in the EU and US. Transfers secured by EU-US Data Privacy Framework.
  • Stripe, Inc. (USA) — Payment processing. Stripe is PCI DSS compliant. Transfers secured by EU-US Data Privacy Framework.
  • Google LLC (USA) — Analytics (Google Analytics). Only activated with your consent. Transfers secured by EU-US Data Privacy Framework.
  • Mailgun Technologies, Inc. (USA) — Transactional email delivery. Transfers secured by Standard Contractual Clauses (SCCs).
  • Prisma Data, Inc. (USA) — Database acceleration (Prisma Accelerate). Transfers secured by Standard Contractual Clauses (SCCs).

How We Share Your Information

Beyond the sub-processors listed above, we may share your information in the following circumstances:

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), or to protect our rights, property, or safety, or that of our users or others.

With Your Consent

We may share your information for any other purpose with your explicit consent.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Specifically: account data is retained while your account is active and for up to 12 months after deletion; booking data is retained for 5 years for accounting compliance (bokføringsloven); payment records are retained as required by Norwegian tax law. When we no longer need your personal information, we will securely delete or anonymize it.

International Data Transfers

Some of our sub-processors are located in the United States. We ensure adequate protection for these transfers through: the EU-US Data Privacy Framework (where the recipient is certified), Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms. You can request a copy of the relevant safeguards by contacting us.

Security of Your Information

We use administrative, technical, and physical security measures to protect your personal information, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

Your Privacy Rights (GDPR Articles 15-22)

Under the GDPR, you have the following rights regarding your personal information:

  • Right of access (Art. 15): You can request access to the personal data we hold about you and receive a copy.
  • Right to rectification (Art. 16): You can request that we correct inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): You can request that we delete your personal data, subject to legal retention requirements.
  • Right to restriction (Art. 18): You can request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability (Art. 20): You can request a copy of your personal data in a structured, machine-readable format (JSON or CSV).
  • Right to object (Art. 21): You can object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to withdraw consent (Art. 7): Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, contact us at the details below. We will respond within 30 days as required by GDPR. If you are not satisfied with our response, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

Supervisory Authority

The Norwegian Data Protection Authority (Datatilsynet) is the supervisory authority for data protection in Norway. You have the right to lodge a complaint with Datatilsynet if you believe your personal data has been processed in violation of the GDPR.

Datatilsynet, Postboks 458 Sentrum, 0105 Oslo, Norway. Phone: +47 22 39 69 00. Website: www.datatilsynet.no

Children's Privacy

Our Services are not intended for children under the age of 16 (the age of digital consent in Norway per personopplysningsloven § 5). We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the 'Last Updated' date. For significant changes that affect your rights, we will also notify you via email. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data processing practices, please contact us at:

Gashi Solutions (org.nr: 937 756 631)
Data Controller: Ylli Gashi
Email: hei@bookingmap.no
Website: https://ylligashi.com
Address: Maridalsveien 307, Oslo, Norway