Last updated: 11 March 2026
1. Who I am
This website, Northbound Adventure (“the Site”), is operated by Stefan Hoffmann.
If you have any questions about this Privacy Policy or about how your personal data is handled, you can contact me at:
Email: stefan(at)northboundadventures.com
2. What this Privacy Policy covers
This Privacy Policy explains how I collect, use, and protect personal data when you visit this Site, leave a comment, subscribe to the newsletter, or otherwise interact with the Site.
Personal data means any information that can identify you directly or indirectly, such as your name, email address, IP address, browser data, or information connected to your activity on this Site.
3. Server logs and basic website operation
When you visit the Site, certain technical information may be processed automatically in order to display the website, ensure stability, protect against abuse, and maintain security. This may include information such as your IP address, browser type, device information, date and time of access, requested pages, and technical log data.
I process this data because it is necessary to operate and secure the Site.
Legal basis: legitimate interests in operating, maintaining, and securing the Site.
4. Comments
If you leave a comment on the Site, I collect the information shown in the comment form, such as your name, email address, website URL (if provided), and the content of your comment. I may also process your IP address and browser user agent string to help detect spam and protect the Site from abuse. WordPress also uses comment-related cookies if you choose to save your details for future comments.
If your comment is approved, your name and comment will be publicly visible on the Site. Please do not include personal or sensitive information in your comment that you would not want to be visible to others.
Legal basis: legitimate interests in running the Site, moderating discussions, preventing spam, and protecting the Site against misuse.
Retention: Comments and related metadata may be stored indefinitely unless I remove them or you ask for deletion, unless I need to retain certain information for legal, administrative, or security reasons.
5. Newsletter and MailPoet
If you subscribe to the newsletter, I collect the information you submit in the signup form, typically your email address and, if requested, your name.
This Site uses MailPoet to manage newsletter subscriptions and send emails. MailPoet states that subscriber-related data can include subscription status, signup date and time, confirmation status, signup source, and IP address, especially where this is used to document consent and manage the mailing list. MailPoet also recommends that site owners publish a privacy notice page and ask for explicit consent in signup forms.
I use this information to send you newsletters, updates, and other content you have asked to receive.
Legal basis: your consent.
You can withdraw your consent at any time by clicking the unsubscribe link in any newsletter email or by contacting me directly. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Retention: I keep your newsletter data until you unsubscribe, ask me to delete it, or until I discontinue the newsletter. I may retain limited information where necessary to document consent, maintain suppression lists, or comply with legal obligations.
If newsletters are sent using MailPoet Sending Service or another email delivery provider, subscriber data may also be processed by that provider for email delivery, mailing list management, security, and compliance purposes. MailPoet says it offers a Data Processing Agreement and recommends informing subscribers that MailPoet delivers the email, where applicable.
6. Visitor statistics and analytics
This Site uses a WordPress visitor statistics plugin to measure traffic and better understand how the Site is used. According to the plugin description, this may include statistics such as visits, browsers, operating systems, referring sources, and GeoIP-based visitor location data. The plugin also advertises support for hashing IP addresses and claims GDPR-focused settings.
Analytics data is used to understand traffic patterns, improve content, monitor site performance, and maintain security.
Legal basis: Your consent, where analytics cookies or non-essential tracking are used.
7. Cookies and similar technologies
This Site uses cookies and similar technologies.
Some cookies are necessary for the Site to function properly, for example for technical operation, security, or storing your cookie preferences. Other cookies may be used for comments, newsletter forms, or analytics, depending on how the Site is configured. WordPress comment functionality can use cookies, and MailPoet documents cookies for dismissed popup forms and, in certain configurations, engagement or WooCommerce-related tracking.
You can manage cookies through your browser settings and, where available, through the cookie settings on this Site.
8. Cookie types that may be used
Depending on the Site configuration, cookies may include:
- Necessary cookies for technical operation, security, and saving your consent preferences
- Comment cookies to remember your name, email address, and website details if you choose that option when leaving a comment
- MailPoet form cookies such as a popup dismissal cookie
- Analytics/statistics cookies
Please also refer to the separate Cookie Policy page for more detailed information about the cookies used on this Site.
9. Who I share your data with
I do not sell your personal data.
I may share personal data with service providers only where necessary to operate the Site and provide its features. Depending on the tools enabled on the Site, this may include:
- the website hosting provider
- MailPoet, for newsletter signup, mailing list management, and email delivery
- providers involved in security, spam prevention, or maintenance
- providers involved in visitor statistics or analytics, if applicable
- public authorities or professional advisers where I am legally required or permitted to do so.
10. International data transfers
Some service providers used on this Site may process personal data outside the EEA.
Where that happens, I will take reasonable steps to ensure that personal data is protected by appropriate safeguards in accordance with applicable data protection law, for example through an adequacy decision or appropriate contractual safeguards.
11. How long I keep your data
I keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
In general:
- comment data may be kept indefinitely
- newsletter subscriber data is kept until you unsubscribe or request deletion, subject to any limited records needed for compliance or suppression purposes
- technical logs and security-related records are kept only for as long as reasonably necessary for security, troubleshooting, and administration
- analytics/statistics data is kept only for as long as necessary for reporting, troubleshooting, and site improvement
12. Your rights
Depending on applicable law, you may have the right to:
- request access to the personal data I hold about you
- request correction of inaccurate or incomplete data
- request deletion of your personal data
- request restriction of processing
- object to certain processing based on legitimate interests
- withdraw consent at any time where processing is based on consent
- receive the personal data you provided in a structured, commonly used format, where applicable
- lodge a complaint with a supervisory authority
If you want to exercise any of these rights, please contact me at stefan(at)northboundadventure.com.
If you are in Norway, you may also contact the Norwegian Data Protection Authority (Datatilsynet) if you believe your personal data has been handled unlawfully.
13. Data security
I take reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or method of electronic storage is completely secure, so I cannot guarantee absolute security.
14. Children’s privacy
This Site is not intended for children, and I do not knowingly collect personal data from children in a way that requires parental consent under applicable law.
15. Changes to this Privacy Policy
I may update this Privacy Policy from time to time to reflect changes to the Site, legal requirements, or the services I use. The latest version will always be published on this page with the updated date shown at the top.
If I add new features that involve additional processing of personal data, such as live location sharing, new embedded services, or additional analytics tools, this Privacy Policy will be updated accordingly before or when those features are activated.