This Policy describes the rules for the processing of personal data on websites maintained in the domain. The data administrator is Joanna John an owner of KISS THE FROG Joanna John – booking, events and promotion agency registered in Tromsø, Norway.

In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide individual services offered, as well as information about the User’s activity on the Website. The detailed rules and purposes of processing Personal Data collected while using the Website by the User are described below.

Why we process data?
Users’ personal data may be processed by the Administrator for the following purposes:

  • related to ensuring the safety of users and the stability of the services provided by the Administrator – the legal basis for processing is the Administrator’s legitimate interest consisting and ensuring the security of the solutions used;
  • possible determination and pursuit of claims of defense against them – the legal basis for processing is the Administrator’s legitimate interest consisting in the protection of her rights;
  • fulfillment of the Administrator’s public-law obligations;
  • marketing – these activities may include the presentation of general marketing content, newsletter as well as content tailored to individual preferences and interests (with the User’s additional consent);
  • creating analyzes and statistics for our internal needs of the Administrator, such as marketing research;
  • detecting and preventing abuse – these data will be processed for the period if limitation of claims and the duration of any proceedings (legal basis: legitimate interest of the Administrator); Personal data provided by Users and obtained automatically while using the Website may also be used to ensure the security of the Administrator’s and Users’ websites.

These data may also be used to prevent fraud and other activities dangerous for the Website and / or Users. In order to avoid fraud cases, the Administrator collects and uses data using cookies and tracking technologies to determine what end device the User uses. The collected IP addresses are anonymized. Data on devices from which fraudulent attempts have been made is stored in the database for fraud prevention purposes. The Administrator may access this data as soon as the User starts using the Website.


What is a cookie, what is it for and what are its advantages:
Cookies are small text files sent and stored on your computer, smartphone or other device from which you connect to the Internet.
Cookies are downloaded via a web browser when you first access the website. Cookies do not change the configuration of the device you are using, the files help to adapt the content of the website to your expectations, facilitate navigation on the pages and ensure the effectiveness of security procedures. Cookies allow us to assess what are the preferences and ratings of our users, as well as how we can improve the website, adjust Internet communication for the user. The cookies used on our websites do not collect information that personally identifies you.

We want Users to enjoy using our Website and our products and services. So that you can find interesting products and that we can design our website to be user-friendly, we analyze your usage
behavior anonymously or pseudo anonymously.
On our website we use cookies from Google Analytics by Google Inc. (“Google”). These files are used to present interest-based advertising to website visitors within the Google advertising network. On these pages, the visitor may then be presented with advertisements relating to content previously accessed by the visitor on websites that use Google tools. Google does not collect any personal data during this process.
If you do not want to use these Google functions, you can always deactivate them by making the appropriate settings there.
Google’s data protection statements can be found there.

Automated decision making
When using the domain, decisions will not be made in an automated manner.

Data storage period
As a rule, the period of personal data processing by the Administrator depends on the type of purpose of processing, including:

  • data processed for the implementation of the Administrator’s legitimate interest will be processed until it expires or until an effective objection to their processing is submitted;
  • data processed on the basis of the consent expressed by the User, will be processed until its withdrawal (i.e. consent to marketing).
  • the period of data processing may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law.
  • after the expiry of the processing period, the data is irreversibly deleted or anonymized.

Data recipients

In connection with the activities described in this policy, personal data may be disclosed to external entities that are service providers to the Administrator, primarily entities responsible for websites, postal operators or couriers. The Administrator reserves the right to disclose selected information about the User only to state authorities or third parties who submit a request for such information, based on an appropriate legal
basis and in accordance with applicable law. The level of protection of Personal Data outside the European Economic Area (“EEA”) differs from
that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when it is necessary and with an adequate level of protection, primarily through:

  • cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
  • application of standard contractual clauses issued by the European Commission;
  • application of binding corporate rules approved by the competent supervisory authority.

User rights
The user has the following rights:

  • access to the content of the data, including the right to obtain a copy of the data – that is, to obtain information about the purpose and method of processing personal data, categories of personal data being processed, about recipients or categories of recipients to whom personal data have been or will be disclosed, the planned period of personal data storage, or right to request the Administrator to rectify, delete or limit the processing of personal data, the right to submit a complaint to the supervisory body, and a copy of the data;
  • demand their rectification – that is, correct personal data when they are incorrect, changed or become obsolete and requests to supplement incomplete personal data;
  • demand their deletion – that is, deletion of data processed without any legitimate legal grounds;
  • processing restrictions – that is, data processing restrictions in cases where:
  • the data subject questions the accuracy of the personal data,
  • the processing is unlawful and the data subject objects to the erasure of personal data,
  • the controller no longer needs personal data for the purposes of processing, but they are
  • needed by a person to establish, assert or defend claims,
  • the person has objected to the processing – until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for the objection of the person;
  • the right to transfer data – that is, to obtain your personal data that you have provided to us or to indicate another administrator to whom we should provide it, if technically possible;
  • the right to object – an objection may be raised only against the processing of data based on the legitimate interest of the Administrator (eg contact purpose). The administrator will cease processing data for these purposes, unless there are other overriding legitimate grounds for processing;
  • the right to withdraw consent – you can withdraw your consent at any time
  • the right to lodge a complaint with the supervisory body dealing with the protection of personal data.

The right not to be subjected to the process of automated decision making, including profiling, if such activities have legal effects on you or otherwise significantly affect you. However, we may use an automated decision-making process when such a decision is permitted on the basis of separate legal provisions or takes place after you have given your consent.
In the event that you will be subjected to the process of automated decision-making, including profiling, you have the right to receive the intervention of our employee who will additionally verify your situation and the decision made, you can present your position or question the decision made.Ways of exercising the User’s rights

The User may exercise his rights by submitting the content of the request in the following way:

  • by sending en e-mail to the following address:
  • by phone: +47 46232139
  • via snail mail:
    KISS THE FROG Joanna John, Brinkvegen 30D, 9012 Tromsø, Norway

If the Administrator is not able to identify the User on the basis of the submitted request, he will ask for additional information. Providing such data is not obligatory, but failure to provide it will result in the refusal to fulfill the request.