Privacy policy
Find information about our privacy policy.
1. When does the Norwegian Offshore Directorate collect personal information?
Personal information is information that can be linked to you as a person. This could be your name and contact details, but also quite a lot of other information that can be linked to you more indirectly. In this privacy statement you can read about which personal information the Norwegian Offshore Directorate serves as data controller for. It is important for us that you know what type of personal information we process, so that you can safeguard your rights pursuant to personal data protection legislation.
The Director General is the data controller for how the Norwegian Offshore Directorate collects and uses personal information. The fact that the Director General is the data controller means that the Director General has responsibilities and obligations pursuant to the (Norwegian) Personal Data Act. Our processing of personal information must be carried out in accordance with Norwegian statutes and the EU's General Data Protection Regulation. The Director General has delegated authority to other employees with regard to collecting and processing personal information.
The Norwegian Offshore Directorate mainly processes information you have provided to us for one of these reasons:
- General administration (applications, reporting, announcements, guidelines, etc.)
- Access pursuant to the Freedom of Information Act
- Registration for a course or seminar
- Subscription to our newsletter
- Applications for jobs with the Norwegian Offshore Directorate
We can also receive information indirectly, for example if an employee has listed you as next-of-kin, or a job application has listed you as a reference.
2. Our obligations and your rights
We respect your right to protection of your personal information. The confidence of our users is of paramount importance for us.
Our processing shall be fair, transparent and verifiable. Collection and processing of personal information shall be justified. We implement this in a secure and confidence-inspiring manner so the information is only accessible for those who have legitimate access. We shall ensure that no unintended changes are made to the information.
We do not register any more information than that which is necessary to fulfil statutory requirements, agreements, obligations and user requests. In most cases, this will be your name, postal address and telephone number.
We do not use personal information for any other purpose than that which they were collected to fulfil.
We delete information where there is no longer any objective associated with storing the data, and as long as this does not conflict with Norwegian statutes or regulatory provisions relating to filing obligations.
A company that processes data on behalf of the Norwegian Offshore Directorate is called a data processor. When we use data processors, we make sure that we have data processor agreements in place which govern how the data processor can process data and ensure that this is done in accordance with Norwegian legislation.
You can exercise your rights by contacting our Data Protection Officer, or by sending an email to postboks@sodir.no. You are entitled to a response without undue delay, within 30 days at the latest.
Access to own information
You can request a copy of all information we process regarding you.
Correction of personal information
You can request that we correct or supplement information that is incorrect or misleading.
Deleting personal information
In certain situations, you can request that we delete information about you.
Restriction in handling personal information
In some situations, you can also ask us to restrict the handling of personal information about you.
Object to the processing of personal information
If we process information about you on the basis of our tasks, or on a balancing of interests, you have the right to object to our processing of information about you.
Data portability
If we process information about you based on consent or contract, you can request that we transfer the information about you to you or to another person responsible for processing.
You can appeal our processing of personal information
We hope that you will let us know if you believe that we are not complying with the rules in the Personal Data Act. Contact our Data Protection Officer first.
You can also lodge an appeal over our processing of personal information. You do this directly to the Norwegian Offshore Directorate, but the appeal will be forwarded to the Norwegian Data Protection Authority.
3. What information is registered when you use our webpages?
Web analysis
When you visit our website, we use the tools Monsido and Google Analytics to analyse your use of the website. The purpose of this is to develop statistics that we use to improve and develop the information provided on the website. Examples of what the statistics can indicate include how many people have visited various pages, how long the visit lasts, which websites the users come from, which browsers are used and which search words are entered.
The information is processed in anonymised and aggregated form. Anonymised means that we cannot trace the information we collect back to the individual user.
The basis for processing this information is Article 6 (1) (f) of the General Data Protection Regulation, which allows us to process information that is necessary for the purposes of a legitimate interest that carries more weight than consideration for the individual’s privacy. The legitimate interest is to improve our services on sodir.no.
Cookies
Cookies are small text files that are placed on your computer when you download a website. The Norwegian Offshore Directorate uses cookies to ensure that various services on the website function properly. You can read more about the various cookies we use below.
The basis for this is Article 6 (1) (f) of the General Data Protection Regulation, which allows us to process information that is necessary for the purposes of a legitimate interest that carries more weight than consideration for the individual’s privacy. The legitimate interest is to ensure that services on the website function.
Storing of information and processing of information from cookies is not permitted unless the user of the website has both been informed about and has granted consent for such processing. The user must be informed about and approve which information will be processed, the purpose of the processing and who will process the information, cf. Section 2-7b of the Electronic Communications Act. This is done in the user’s browser.
Search engine
The Norwegian Offshore Directorate stores information about which search words users make use of. The purpose of the storage is to improve the information services we offer. The usage pattern for searches is only retained in Google Analytics, and the information is only stored in aggregated form.
The basis for processing this information is Article 6 (1) (f) of the General Data Protection Regulation, which allows us to process information that is necessary for the purposes of a legitimate interest that carries more weight than consideration for the individual’s privacy. The legitimate interest is to help our services on sodir.no function.
Tools to streamline reporting, applications and statements from the industry
We register personal information in connection with access to and use of reporting, application processes and statements from the industry. This primarily applies to names, e-mail addresses and telephone numbers.
This information is stored in the ServiceNow tool, and is retained for as long as necessary in relation to administrative processing.
Reporting system for geophysical surveys
In the reporting system for geophysical surveys, the following information is registered about the users of the system: name, organizational affiliation, telephone number, e-mail address.
The purpose of registering personal data is to be able to process cases, inform and notify in an efficient and secure manner.
The legal basis is Article 6 (1) (f) of the Privacy Regulation. This allows us to process information that is necessary to safeguard an interest that outweighs the consideration of the individual's privacy. This ensures efficient and secure case processing between agreed parties in the case processing.
The personal information is available to persons who hold roles on behalf of the parties in the case processing.
If you wish to delete the personal data, you can no longer use the geophysical survey reporting system. Historical information about your actions will not be deleted.
4. What is registered when you contact us?
Telephone
When you call us, your telephone number will be stored in our telephone exchange along with information about when you called and how long the call lasted. This log is necessary for administration and operation of the system. Employees also have an overview of the most recent calls on their telephones. If a telephone call relates to a specific issue, a memo may be written and logged in a journal after the call. There is no other systematic registration of phone calls where the caller can be identified.
The basis for processing this information is Article 6 (1) (f) of the General Data Protection Regulation, which allows us to process information that is necessary for the purposes of a legitimate interest that carries more weight than consideration for the individual’s privacy. The legitimate interest is to manage and operate the telephone system.
We use TLS encryption to secure our e-mail communication. Most webmail services support this, and your email communication with us will thus be secure. Nevertheless, we ask that you do not send sensitive personal information or information that should be protected via email, as we cannot guarantee that your email provider supports TLS.
We scan all incoming and outgoing email for viruses and malware.
The basis for processing this information is Article 6 (1) (f) of the General Data Protection Regulation, which allows us to process information that is necessary for the purposes of a legitimate interest that carries more weight than consideration for the individual’s privacy. The legitimate interest is to secure the Norwegian Offshore Directorate's ICT infrastructure.
Visitors to our offices
Visitors to the Norwegian Offshore Directorate must register in the reception. The visitor’s name and company are printed on a visitor’s badge which the visitor must wear in plain sight while in the building. Some of this information is printed on a badge which the visitor must carry and be visible during the visit. The badge must be returned to the reception when the visit ends.
The basis for processing this information is Article 6 (1) (f) of the General Data Protection Regulation, which allows us to process information that is necessary for the purposes of a legitimate interest that carries more weight than consideration for the individual’s privacy. The legitimate interest is to secure access to the Norwegian Offshore Directorate's offices.
Camera surveillance
Camera surveillance is established in the Norwegian Offshore Directorate's offices. The system was set up as part of the effort to prevent undesirable or unintentional incidents inside the Norwegian Offshore Directorate's part of the building. Cameras monitors movements in the transition from outer to inner zone, and in certain corridors outside working hours.
No data is recorded regarding the persons.
The basis for processing this information is Article 6 (1) (f) of the General Data Protection Regulation, which allows us to process information that is necessary for the purposes of a legitimate interest that carries more weight than consideration for the individual’s privacy. The legitimate interest is to secure access to the Norwegian Offshore Directorate's offices.
5. Processing information when you contact us
Inquiries to the Norwegian Offshore Directorate
When you contact us, we process information in order to respond to your inquiry. We store information that is necessary in order to answer your query. If you call us, we will store your telephone number and the time of the call. If you contact us by email, we will store your inquiry, our reply and your e-mail address.
The information is retained for two years after the matter is closed. If the matter is subject to a recordkeeping obligation, the information will be retained for 25 years.
The basis for processing this information is Article 6 (1) (e) of the General Data Protection Regulation, which allows us to process information that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority. If your inquiry contains certain categories of personal information, the basis for processing this information is Article 9 (2) (g) of the General Data Protection Regulation.
Subscribing to our newsletter
The Norwegian Offshore Directorate sends out newsletters via e-mail to those who are interested.
In order for us to send you newsletters by e-mail, you must register your e-mail address. The email address will only be used to send out newsletters.
The email address is retained in a separate database, is not shared with others and is deleted when you unsubscribe from the newsletter. You can unsubscribe by clicking on the appropriate link in the newsletter, or by contacting us.
The basis for processing your email address in connection with our newsletter is Article 6 (1) (a) of the General Data Protection Regulation, i.e. consent.
Ordering publications
You can order publications from the Norwegian Offshore Directorate on the website. The purpose of processing personal information is to be able to send you the publication, and we will then process information about the enterprise, including email address, as well as name and e-mail address of contact persons.
Personal information that we obtain in connection with ordering publications will not be used for any other purpose than completing the order. After the order is sent, all information, except for number and enterprise will be deleted. This information will be used to prepare statistics.
The basis for processing this information is Article 6 (1) (b) of the General Data Protection Regulation, and this processing is necessary for the performance of a contract to which the data subject is party.
Post journal and access
The Norwegian Offshore Directorate keeps a systematic and continuous overview of all incoming and outgoing case documents. The journal is available on 'eInnsyn' (digital public records portal). The journal contains information about sender, recipient and title of the case document. First names are redacted from the journal when the entry is more than one year old.
The basis for processing this information is Article 6 (1) (c) of the General Data Protection Regulation, and this processing is necessary for compliance with a legal obligation, cf. Section 6 of the Freedom of Information Regulations.
Requests for access via eInnsyn are archived. All demands for access from eInnsyn are registered and signed for on a separate form. The form is logged in the journal at year-end.
6. For enterprises
Supervision
When the Norwegian Offshore Directorate conducts supervision, we process information so that we can carry out our statutory tasks. This includes information about the contact person in the enterprise, information about other employees and other information that is necessary to process the case.
The information is retained for as long as the case is ongoing, and if the case is subject to a recordkeeping obligation, the information will be retained for 25 years.
The basis for processing this information is Article 6 (1) (e) of the General Data Protection Regulation, which allows us to process information that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority. If your inquiry contains special categories of personal information, the basis for our processing is Article 9 (2) (g) of the General Data Protection Regulation.
7. Information about employees and job applicants
Employees
The Norwegian Offshore Directorate processes information about employees and for administration of wages and working conditions. Necessary information is registered for disbursement of wages, such as basic data, wage level, time recording, tax rate, tax municipality and trade union affiliation. Other information about employees is linked to the individual’s work instructions and organisation of the individual’s work.
The basis for processing this information is Article 6 (1) (b) of the General Data Protection Regulation, and this processing is necessary for the performance of a contract to which the data subject is party.
Information is also registered in connection with key administration of entries and exits, and information related to access control in the IT system. This information is obtained from the employees themselves. The information is only surrendered in connection with payment of wages and other statutory disclosures. Routines for deleting personal information follow the Accounting Act and the Archives Act. Information regarding name, position and work area is considered to be public information, which can be published on our website.
All former and current employees have an employee file in our archives. Among other things, the job application is filed/retained here. Employee files shall be retained (that means that the job application is not deleted or destroyed). Personnel files are reviewed at the end of the employment relationship. Personnel files shall be delivered to the National Archival Services of Norway. Access is restricted to official needs.
Job applicants
If you apply for a job with the Norwegian Offshore Directorate, we need to process information about you in order to evaluate your application.
The basis for processing this information is Article 6 (1) (b) of the General Data Protection Regulation –, and this processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. If your application contains special categories of personal information, the basis for our processing is Article 9 (2) (b) and (h) of the General Data Protection Regulation.
All job applications are recorded in the Norwegian Offshore Directorate's post journal. These are retained in our electronic archives for approximately one year, before they are destroyed. All other documents, such as lists of applicants and recommendations, as well as all job applications at director level, are retained.
8. Information security and data processors in the Norwegian Offshore Directorate
Logging
The Norwegian Offshore Directorate has basic security logs in the technical systems. The employees' use of the technical system is recorded here, and the Norwegian Offshore Directorate has a dedicated procedure for what is to be logged.
The basis for processing this information is Article 6 (1) (f) of the General Data Protection Regulation, which allows us to process information that is necessary for the purposes of a legitimate interest that carries more weight than consideration for the individual’s privacy. The legitimate interest is to secure the Norwegian Offshore Directorate's IT infrastructure.
The Norwegian Offshore Directorate's use of data processors
The Norwegian Offshore Directorate currently has an ICT operations model in which we operate large parts of our systems ourselves, but where we have also turned over operation of some systems to external parties. In cases where we operate ourselves, we also use external consultants.
We have a local server farm with a virtual server environment that we operate ourselves, with the assistance of external consultants (Evry, Atea and DatabaseForum).
For the wages and time recording system, we use services from the Norwegian Government Agency for Financial Management (DFØ) which run on their servers.
The Norwegian Offshore Directorate's website is hosted in-house. The website is also operated in-house, with assistance from an external company. Our technical/archive system is Elements.
Updated: 20/11/2024