LEGAL / PRIVACY
Privacy Policy
Last updated: 14 March 2026
1. Data controller
Risør Classic Boat Festival is the data controller for personal data collected via this website.
Risør Classic Boat Festival
Torvet 1, 4950 Risør, Norway
Email: hei@risorclassic.no
Phone: +47 95 10 82 19
2. What personal data do we process?
We process the following personal data:
| Name | First and last name provided at boat registration or when buying a festival pass. |
| Email address | Used for communication, receipts, and account creation. |
| Phone number | Provided at registration. Used for contact during the festival. |
| Boat details | Name, type, year, length, and image of the vessel. Shown publicly in the fleet overview. |
| Payment information | Card payments are handled by Nets/Stripe. We do not store card data ourselves. |
3. Purpose and legal basis
We process personal data for the following purposes:
- Managing registrations — performing a contract (GDPR art. 6 b)
- Festival pass and payment — performing a contract (GDPR art. 6 b)
- Public fleet overview — legitimate interest / consent at registration (GDPR art. 6 f/a)
- Communication — legitimate interest for necessary operational information (GDPR art. 6 f)
4. Cookies and local storage
We do not use traditional cookies for tracking. The site uses the browser's localStorage to store:
| rcbf_access_token | Login token for festival participants. Removed on logout. |
| rcbf_cookie_consent | Stores your consent choice so the banner is not shown again. |
| rcbf_admin_token | Administrator token. Only present for admin users. |
| rcbf_user_name | Optional display name for logged-in users. |
YouTube videos embedded in articles use youtube-nocookie.com, which does not store cookies until you click play.
Manage consent
You can withdraw or change your consent at any time.
5. Sharing with third parties
We share personal data with the following processors:
- Supabase (USA/EU) — database service for storing registrations and content. A data processing agreement is in place.
- Vercel (USA/EU) — hosting and serverless functions. Only processes HTTP request metadata.
- Bunny CDN (EU) — image distribution. No personal data is shared.
- Nets/Stripe — card payments. Processes payment data per their own terms.
We never sell personal data to third parties.
6. Retention period
Personal data related to registrations and festival passes is deleted no later than 12 months after the festival ends, unless longer retention is required for accounting or documentation purposes (5 years per the Norwegian Bookkeeping Act).
7. Your rights
You have the right to:
- Be informed of which data we hold about you
- Request correction of inaccurate data
- Request erasure (the “right to be forgotten”)
- Withdraw consent without affecting processing already carried out
- File a complaint with Datatilsynet (datatilsynet.no) if you believe we are processing your data incorrectly
To exercise your rights, contact us at hei@risorclassic.no. We respond within 30 days.
8. Changes to this privacy policy
We will notify registered users by email of material changes. The current version is always available on this page.
Datatilsynet is the supervisory authority for privacy in Norway. datatilsynet.no →