Data controller The Managing Director of John Dahle Skipshandel AS is the companys data controller for personal data. The company has delegated some of its data processing to WebBroker AS, business registration number 975941310, Vingveien 2, 4054 Sola, Norway. The scope of the data processing is described in a separate data processing agreement with the company. Storage of personal data Storage of personal data on our customers, suppliers and partners is limited to: Name, department, extension number, address, country, telephone number, email address, role or position, agreed actions concerning meetings, and username and password for accessing website and certificates. The purpose of the processing There are several reasons why we process personal data, including: To be able to fulfil agreements between the company and its customers, suppliers and partners by way of quotations, order confirmations, orders, contracts and correct documentation relating to agreed transactions. We have several systems in operation for storing and processing personal data: An ERP system to manage the production of quotations and orders relating to the business. An email programme for distributing quotations, orders and other information relating to the business. An online documentation system for producing certificates for declarations of conformity, test certificates, detailed original documentation and certificates of thorough examination reports. An online email distribution system with regular mailings of newsletters and information to registered customers. The Windows file structure relating to meetings with customers, suppliers and partners where we store names, roles, emails and in some cases agreed actions for each meeting participant. The basis for the processing The basis for the processing is Article 6 of the new General Data Protection Regulation. The following applies to this privacy policy: The basis for the processing in the ERP system is Art. 6 b). In order to be able to provide quotations, track orders etc. we need to store a minimum of personal data. The basis for the processing in the email programme is Art. 6 b). In order to be able to distribute quotations, order confirmations, orders and technical information etc. we need to store a minimum of personal data. The basis for the processing in the documentation system is Art. 6 b). In order to be able to distribute declarations of conformity, test certificates etc. we need to store a minimum of personal data. We send email updates to our customers. The mailings contain information that is relevant to our customers such as courses, product improvements or new products in our portfolio. Such emails are usually sent at a frequency of more than one month. A special letter is sent to customers once a year. The basis for the processing in respect of this communication is Art. 6 f). We believe that we have a legitimate interest in being able to keep our customers informed. Such mailings are regulated by Section 13 of the Norwegian Marketing Control Act, which permits us to issue emails of this kind. Our emails allow customers to easily opt out of mailings. Each email contains express information to that effect, and the recipient can opt out with one simple “click”. This is regulated by Section 13 of the Norwegian Marketing Control Act. The basis for the processing in respect of meeting activities is Art. 6 b). In order to fulfil a contract or take action prior to contract formation, we need to store contact information and information about the actions in question. In some cases we also store information from the actual meetings even if specific action by one or both parties has not been agreed. The personal data and information can be used for subsequent meetings. The basis for the processing is Art. 6 f). Collecting personal data We primarily collect information about our customers, suppliers and partners directly from the individuals themselves. One exception is company registers in instances where we have received insufficient information about a company’s management. Our website uses cookies to give visitors the best possible customer experience and service. Our use of cookies is strictly limited and subject to the following objectives: language selection and to help the user navigate the documentation system. Cookies are not tracked or shared. Disclosing information to third parties We will never share, sell, transfer or otherwise disclose personal data to others unless obliged to do so by law. The exception is personal data disclosed to customers, suppliers or other partners as an integral part of the company’s operations. Deleting personal data We will normally not be informed when a contact person at one of our customers, suppliers and partners leaves their role. For that reason, personal data is only deleted when we are instructed to do so and provided it is not in breach of regulatory requirements, e.g. as required under the Norwegian Bookkeeping Act. The rights of the data subject We process your personal data in accordance with the Norwegian Personal Data Act and prevailing regulations. Please note that you have the right to access your personal data and demand that it be moved. You may also demand that data be corrected or deleted. You may complain to the Norwegian Data Protection Authority if the processing is in breach of the rules. Data protection ombudsman The company is not a public enterprise, does not process information about convicted persons, and only handles a very limited amount of sensitive information. The company has therefore opted not to appoint a data protection ombudsman. Data security We secure your personal data through dedicated agreements with data processors, access restrictions with both physical and virtual access control, as well as restricted access to file structures where relevant. Contact information Queries about which data has been registered, corrections and deletions can be made in writing to the following addresses: gdpr@john-dahle.no or John Dahle Skipshandel AS, Postboks 87, 4098 Tananger, Norway
