Privacy Policy

This Privacy Policy outline how Nor Lines International AS and Nor Lines Norway AS manages the collection, use and handling of personal data. The policy also describes how we collect information via our websites and general information about how this personal data is treated.

Nor Lines AS is the data controller for all personal data that we collect from you or you provide to us.

  1. Personal Data of Customers and Suppliers

Nor Lines manages personal data from our customers and suppliers and any relevant third parties which is necessary to carry out terms of contract. Some of the personal data we collect is the contact information for our customers and suppliers. The personal data is stored in our CRM, operation and financial management systems for up to 5 years after the customer relationship has ended. The legal basis of this process is in accordance with The Personal Data Act § 8.a and EU’s GDPR, Art. 6.1b.

  1. Personal Data and Marketing

Nor Lines AS may use personal data for marketing purposes. Personal data will never be shared with third parties without your consent.

Email subscriptions: You can choose to opt in for Nor Line’s email subscriptions (newsletters, invitations, etc.) which means you will receive regular emails about the subjects you have agreed to. In order to subscribe to emails, users have to register with their email address and contact information. This personal data is stored in our CRM and email systems. The legal basis of this usage is agreed to when registering. You can opt out of email subscriptions whenever you want. Upon doing this, Nor Lines will delete your contact information from the applicable email list.

Information about potential customers: Nor Lines will store potential customer’s contact information. This personal data may be obtained and collected from public sources, e.g. business websites and Brønnøysund Register Centre (public register), or business cards, correspondence with Nor Lines employees/agents, etc. The purpose of this use of personal data is to directly target potential customers with information about our products and services, and the coordination of these marketing activities. If a dialogue between Nor Lines and a potential customer is initiated and this dialogue involves purchasing a product from one of our suppliers, personal data about the client contact person will be shared with the applicable supplier. This is to ensure a more streamlined communication process. The personal data of potential customers will be deleted within 2 years after being entered into our system, unless a contractual relationship is established or consent to further storage is given. The legal basis of this process is in accordance with The Personal Data Act § 8.f and EU’s GDPR, Art. 6.1.f.

  1. Employee Data Management

Nor Lines use personal data for administration of employee data.  The personal data we may use in relation to this is general personal information, salary, appraisals, emergency contacts, education and position level. For applicants, personal data will be stored up to one year after the applicant applied for a position at Nor Lines, unless the applicant is hired. The legal basis of this process is in accordance with The Personal Data Act § 8.a, § 8.b, and EU’s GDPR, Art. 6.1.b and Art. 6.1.c.

  1. Storage and Security

We use external service providers for operation/support of technical and web-based solutions, transport, payment services and audits. Our service providers can manage personal data on our behalf, but only in accordance with terms and conditions of the data processor agreement. If you want more information about our suppliers, please contact personvern@norlines.no.

  1. The Rights of Users

Nor Lines’ processing of personal data is in accordance with The Personal Data Act as well as EU’s GDPR.

Right of access: Users have the right to obtain a copy of their personal data. In addition, they have the right to know how Nor Lines process this data and information about these processes. This information is provided in this Privacy Policy.

Rectification and erasure of incorrect personal data: If Nor Lines is using incorrect or incomplete data, or we are using data we should not have access to, users have the right to have this corrected, completed or deleted, whichever is applicable. To the extent it is possible, these changes should be done with as little impact as possible for the user, e.g. Nor Lines need to notify third parties who has access to the data.

Data portability: Users own their own data and this means that they also have the right to move, copy or transfer personal data easily from one data controller to another. This right only applies to information an individual har provided to a controller themselves. Information or analyses Nor Lines has generated from the personal data does not have to be issued.

  1. Contact Information

If you have any questions regarding our Privacy Policy, you can contact personvern@norlines.no. If you believe that Nor Lines has not acted according to, or breached The Personal Data Act, you can make a complaint by contacting the Data Protection Authority here.

Nor Lines, 20 April 2019