1. General Privacy Information
When you visit us on social media or our website, send us inquiries, or act as a contact person for one of our clients, we process personal data about you. Below you will find general information on how we collect and process your personal information on how we collect and process your personal data, why we do this, and the rights you have.
NOFO is the data controller when processing your personal data in the situations described in this privacy policy. This means that NOFO is responsible for ensuring that the processing occurs within safe and legal frameworks.
Personal data refers to any form of information about individuals - hereafter referred to as the data subjects. This includes, among other things, names, email addresses, phone numbers, and assessments that can be linked to identified individuals.
We will periodically and as needed review this privacy policy to ensure that it is up-to-date and comprehensive. You will find the date of the last revision along with our contact information at the bottom of section 10.
2. Legal Basis and Purpose of Processing
NOFO can only process your personal data when we have a legal basis for doing so. The relevant legal basis varies depending on the purpose of the specific processing. We will never process your personal data in a way that is incompatible with the purposes that originally justified the collection of your personal information.
3. Personal Data We Collect
We process various personal data about you depending on who you are and how you come in contact with us. This may involve the processing of the following personal data:
- Name
- Phone number
- Address
- IP address
- Photo and video
- Personal data you share with us.
You will find more detailed information on how we process personal information below.
4. How We Collect Personal Data
Your personal data may be voluntarily shared with us when you interact with us on social media or our website, or when you contact us through other channels. We may also process
your personal information if you act as a representative for one of our customers or partners.
We also collect personal data through the use of cookies installed on the website. We do this to enhance the user experience on our website. You can read more about this below.
5. Processing of Personal Data
5.1 Representatives of Our Business Partners
If you act as a representative for one of our suppliers, member companies, or collaborators, we may process your personal data in various relationships. This may involve direct communication with you via email, billing your employer with you as the recipient, or you signing an agreement with us on behalf of your employer.
This processing is based on the General Data Protection Regulation (GDPR) Article 6(1)(f) as the processing is necessary for us to communicate with you and enter into agreements with suppliers and relevant collaborators.
NOFO will only process your personal data for as long as necessary to achieve the purpose of collecting your personal data. This means that your personal data will be deleted as soon as it is no longer necessary. The duration of the processing will therefore vary from case to case. If you would like more precise information about this, we ask that you contact us using the contact information at the bottom of this privacy policy.
5.2 Agreements with Individuals
If we have entered into agreement with you as an individual, we will process your personal data to the extent necessary to comply with the rights and obligations in the agreement. This means that we will process the personal data included in the contractual documents and the communication we have with you.
This processing is based on the GDPR Article 6(1)(b) as the processing is necessary to fulfill the agreement we have entered into with you.
NOFO will only process your personal data for as long as necessary to achieve the purpose of collecting your personal data. This means that your personal data will be deleted as soon as it is no longer necessary. The duration of the processing will therefore vary from case to case. If you would like more precise information about this, we ask that you contact us using the contact information at the bottom of this privacy policy.
5.3 Participants in Courses, Training or Exercises
NOFO conducts courses, training sessions and exercises for employees associated with our member companies, crew and vessels, as well as other stakeholders involved in oil spill response on the Norwegian continental shelf. This means that NOFO processes personal data about participants. There is a range of personal data that we ask participants to share with us in relation to courses, training and exercises. This may include names, roles, date/place of birth, nationality, passport number/issuance/, passport validity, safety training (STCW) validity, health certificate validity, contact information for the nearest relatives, employer/affiliation, competence and certificates,
attendance, participation, evaluation, and any deviations or incidents involving the participating individuals, role in the duty team or resource pool. In relation to catering, there will be questions about allergies.
The basis for this processing is the GDPR Article 6(1)(f), as NOFO has a legitimate interest in beekeeping track of who participates in their various activities organized by NOFO.
Since it is important to have an overview of who has the ability to participate in actions from an emergency preparedness perspective, NOFO will retain necessary information even after the course, training or exercise has ended. The duration of the processing varies from case to case. If you would like more precise information about this, please contact us using the contact information provided at the bottom of this privacy policy. In addition, all registered individuals can oppose this, see section 9.
5.4 Direct Inquiries
If you contact us directly, we will process personal data about you, including your phone number or email address, depending on how you contact us. We will also process any personal data you share with us. Therefore, we ask you to limit the information to what is necessary for us to respond to your inquiry and take appropriate measures.
The basis for this processing is the GDPR Article 6(1)(f), as NOFO has a legitimate interest in providing excellent customer service and responding to inquiries we receive.
For these purposes, NOFO will process your personal data until we have responded to your inquiry and implemented any necessary measures. The duration of the processing depends on the relationship you have with us, the nature and complexity of your inquiry, and the measures we need to implement.
5.5 Job Applicants
If you apply for a job at NOFO, we will process the personal data included in the application and any attachments you share with us, such as a cover letter, CV and certificates.
If we receive an application from you, we consider this a request for us to evaluate your application and any attachments. Therefore, the processing is carried out under the GDPR Article 6(1)(b).
NOFO’s hiring process may be organized through a third party. Therefore, NOFO does not retain personal information about you during the hiring process except for a link with information sent from a third party. The link is time-limited so that NOFO does not retain your personal data longer than necessary.
5.6 Cookies
NOFO uses Google Analytics 4 to track how you use our website. Google Analytics 4 uses cookies to collect and process your personal data. Cookies are small text files stored on your device that contain information about your device, settings, pages you visit on our website and how you navigate between them. This means that your personal data is stored in the United States, and Google Analytics 4 has access to the personal data.
We only use temporary cookies, which are deleted immediately when you close the browser window after visiting our website. No data is stored locally or elsewhere because of the use of the temporary cookies.
Regarding Google Analytics, we want to inform you that data stored in our Google Analytics account is retained for 26 months. We use Google Analytics to continuously improve the user experience on our website. To ensure the best possible privacy, we actively use the “annonymizeIP” function from Google Analytics, which anonymizes IP addresses before storing the information.
The personal data is used to compile reports on website activity and to provide other services related to website activity. Google Analytics 4 may transfer your personal data to third parties if the law requires it or the third party is a data processor processing personal data on behalf of Google Analytics 4.
This processing is based on the consent you have given us under the GDPR Article 6(1)(a) and Norwegian e-komloven § 2-7 b. If you want to withdraw your consent or adjust your settings, you can use the hyperlink at the bottom of our website marked “Cookie Statement”. If you need assistance with this, you can contact us using the contact information provided at the bottom of this privacy policy.
5.7 Photos and videos
NOFO wishes to document and share some of the exciting activities that occur within our organization, such as courses, exercises, events, and other initiatives. Therefore, we may take photos or videos of participants during these activities. We will inform about this in advance where anyone who wishes can opt out of the processing. You can also withdraw your consent at any time during and after the activities, according to section 9 of this policy.
We use the images and videos to promote our services and offers on social media and our own website. We do not use the images or videos for any other purposes.
6. Storage Period
We will always limit the processing of your personal data to what is necessary. However, please note that the storage period is determined by the communication we have had with you and the duration of any agreements you have entered into with us. The Norwegian Bokføringslov also requires us to store accounting material for five years, three years or six months, according to § 13 first and second paragraph.
7. Sharing of Personal Data
NOFO will only share personal data with third parties if the third parties is engaged as a data processor to perform specified tasks on behalf of NOFO, or if the sharing is necessary to provide our services.
NOFO will only transfer your personal data out of the EU/EEA if it is necessary to provide a user-friendly and satisfactory website, or if other reasons necessitate it. In all such cases, NOFO will ensure that adequate security guarantees are provided and that the recipient is subject to the same
or equivalent obligations as those within the EU/EEA. This includes ensuring that we have secured a valid transfer basis and that your rights are adequately protected. This will normally be because:
· The EU Commission has made an adequacy decision, confirming that the recipient country ensures an adequate level of protection, cf. GDPR Article 45, or
· We have entered into an agreement with the recipient of your personal data containing the EU Commission's standard data protection clauses, cf. GDPR Article 46(2)(c).
If you want to know more about this, you can contact us using the contact information provided at the bottom of this privacy policy.
8. Information Security and Storage
NOFO has implemented necessary technical and organizational measures to ensure that your personal data is processed in a secure manner that respects the requirements for integrity, confidentiality, and availability. This includes, among other things, that NOFO practices the principle of data minimization and has implemented procedures to ensure that your personal data is deleted when the purpose of the collection ceases.
9. Your Rights
When NOFO processes personal data, you have several rights under Chapter III of the GDPR. This means that:
· You have the right to receive confirmation as to whether NOFO processes personal data about you and to access this personal data, as well as the purpose of the processing.
· You have the right to verify and, if necessary, correct inaccurate personal data we process about you and supplement any incomplete personal data.
· You have the right to limit processing of your personal data in some cases.
· You have the right to object to the processing of your personal data and withdraw any consents you have given. However, we inform you that withdrawing consent will not affect the lawfulness of processing already carried out.
· You have the right to have your personal data deleted unless NOFO has another legal basis or is otherwise obligated to continue processing.
If you wish to assert any of these rights or have questions, we ask you to contact us using the contact information below.
10. Contact Information
If you suspect that we are processing your personal data differently than described in this privacy policy or that we are violating any privacy laws, you can complain to the Norwegian Data Protection Authority (Datatilsynet). However, we ask that you contact us first so that we can clarify the matter to avoid any misunderstandings.
Our contact information:
Name: Sonja Samsonsen
Role: Senior advisor HR
Address: Vassbotnen 1, 4313 SANDNES, Norway
Email: ssa@nofo.no
Phone: +47 913 01 585
This Privacy Policy was last updated 19.01.2024