Privacy Policy - Skanpass – Payment Kiosk

Skanpass is an access and ticketing system specifically designed to maintain flow and control of traffic in private and/or restricted areas where payment is required for access or other permissions related to the area.

With the use of license plate recognition, the license plate on your car is automatically read by cameras as you enter the privately-owned area without having to stop at the toll gate. Skanpass allows you to handle the payment as soon as possible after passing thru the gate. For more information regarding the Skanpass-solution, please refer to

Skanpass takes care of your privacy as a Skanpass user. In this Privacy Policy, we provide information about when, why, and how your personal information is processed in the Skanpass system. We also inform you of the rights you as a user (registered) have in connection with this.

1. Purpose

The purpose of processing personal information in Skanpass is as follows:

  1. To provide the visitor with a tool to pay for his stay or to get other permissions related to the privately-owned area.
  2. To provide landowners with a tool for collecting and managing payments from visitors in their area.

Personal information about our users will be primarily used to manage the customer relationship, including communicating with and following up with the customer, completing deliveries, or otherwise fulfilling agreements with the customer, billing the customer, handling complaints and disputes, as well as investigating customer satisfaction.

The landowner in the area where you traveled (hereafter referred to as the “Controller”) is responsible for the personal information collected for the Skanpass system upon entering the area and when paying.

Skanpass is provided by WTW AS (hereafter referred to as the “data processor”), which processes your personal information on behalf of the data controller in accordance with a separate data processing agreement, ref. item 5.

2. Legal basis

It is voluntary for you to enter and use privately-owned areas, hence using the Skanpass solution.

Necessary to fulfill the agreement
Processing of your personal information is necessary in order to fulfill the agreement between you and the Controller as you choose to enter the privately-owned area. The Controller is responsible for ensuring that the required signage is set up in the appropriate areas before passing the toll gate so that you are adequately informed before driving.

3. Personal data

For this solution, the following general personal information about you is processed:

Vehicle registration number: The photo taken by the toll gate cameras contains information about the registration number on your vehicle. This information is further used to link payments to the relevant passing of the gate.

Sales documents: – All sales documents are kept in according with the Norwegian Bookkeeping Act. The travel information stored in your payment history is only retrieved as personal information when initiated by the registrant (for example by complaint), or related to other inquiries which necessitate looking into all details relating to a particular purchase.

Email address or mobile number for receipts: It is optional to enter your email address or mobile number for receipts. Email or mobile number is only required if you wish to receive your purchase receipts.

Technical information: When you use the Skanpass payment kiosk, the, timing of request, info about which kiosk is used and language selection is stored into an application log. This information is required in order for the solution to work and is stored to ensure that the service functions as intended. This also provides us with necessary information to solve any issues if an error occurs.

Information about payment methods: In the Skanpass system, only the first six and the last four digits of the card number are stored, as well as the date of expiry. This is required in order to generate the necessary details that should be on a receipt and to effectively enforce the customer´s potential right to a refund.

4. Statistics

Information used for statistics is in an unidentified form and therefore cannot be linked to a user. Statistics are used to improve and to further develop services offered to our customers. Examples of what the statistics provide is how many people visit different locations at what time, and the amount of payments per payment option. The travel information stored in your sales document will not be used with personal information to produce statistics.

5. Data Processor

WTW AS, the supplier of Skanpass, acts as data processor on behalf of the landowners or landowner´s representative. A data processing agreement has been established between WTW AS and all Controllers. The data processing agreement ensures that WTW processes all personal data in accordance to what is stated by the Controller in this Privacy Policy. The Controllers and WTW AS treat personal data in accordance with Norwegian Law, including the Personal Data Act and relevant accounting legislation.

6. Other data processors associated with Skanpass

The image taken at the toll gate/checkpoint is processed by the system provider of the image recognition system, which collects the registration number on the passing vehicle. The Image Recognition System Provider is an independent data processor for such information based on agreement with the Coordinator.

If you do not choose to pay via the payment kiosk or SMS within 48 hours of passing the toll gate, you will receive an invoice by mail. If payment is made via invoice, information with your registration number is sent to the billing company.

The personal data stored on is not processed in any system belonging to other subcontractors other than WTW and the payment service(s) you have chosen to use.

7. Access to personal data

If payment for passing toll gate is completed via invoice, information from toll gate is forwarded to the billing company to ensure the correct billing address. All other personal information processed in connection with Skanpass is filed or generated by yourself.

8. Access to personal data

Access to personal data will only be available to authorized personnel with the official needs of the Controller and their subcontractors. No information is disclosed to external third parties, either in Norway or abroad, which are not mentioned in this Privacy Policy.

9. Rights and requests for information

You must be informed about how your personal data is processed. This Privacy Policy is therefore available from the Skanpass payment kiosk. As a Skanpass user, you are entitled to:

  • gain access to the personal data being processed,
  • claim that incorrect personal information be corrected or removed,
  • receive a copy of the personal data that you have disclosed and transfer it to another data controller (data portability),
  • contact the data controller if you wish to provide feedback or ask questions about the processing of your personal data,
  • complain directly to the Norwegian Data Protection Authority if you feel that the processing of your personal data is in breach of prevailing legislation.

10. Storage and deletion

All data is stored in WTW´s server center in Norway. The servers are operated by authorized personnel in Norway. All data stored in the back-end system is kept in accordance with prevailing legislation. Your personal data will not be stored for longer than is necessary to fulfill the communications purposes for which the solution is intended. Both the data controller and service developer, WTW AS, have put in place information security measures and internal procedures to ensure that no personal data goes astray or is used for purposes other than those described in this Privacy Policy.

Photo of vehicle registration number: Photos are stored in the system until your payment is approved.

Transaction history and sales documents: All sales documents are kept for 5 years after the end of the accounting year, in accordance with the Bookkeeping Act and associated regulations.

Technical information and application log: Various selections of the application log are kept for a sufficient amount of time to ensure that the service is functioning as intended, and that customers receive the service they are entitled to. As a rule, all application logs will be deleted after 104 days. In the event of a complaint about a fault with service, for instance, the relevant application log may be kept for longer to enable it to monitor the time period in question and complete the processing of the complaint.

11. Security

All access to the system via the web is encrypted. All data transfer internally between different components of the system are also encrypted. Access to retrieve data can only be done via APIs that are encrypted and secured with access keys. Access to data though the landowner´s administration interface is role-based with incident logging to ensure traceability.

12. Contact information

If you require further information about how your personal data is processed, please contact the software developer at

We note that this Privacy Policy will be updated as changes are made to the system. Updated Privacy Policy will always be available on, allowing you to keep up-to-date with how your personal data is processed.

Published: 29.06.18
Updated: 29.06.18