Text size adjustment

Hold down the Ctrl key (PC) or Cmd key (MAC) and press "+" to enlarge or "-" to reduce the text size.

Data protection strategy

Introduction

This data protection strategy describes how the Norwegian Petroleum Directorate (NPD) collects, processes and protects your personal data when you use the NPD’s services. It is a fundamental strategic document, most recently approved on 16 April 2018.

Pursuant to Article 4 of the EU’s General Data Protection Regulation, personal data is: “any information relating to an identified or identifiable natural person ('the data subject')”. This can be names, email addresses, telephone numbers, identification numbers, etc., or combinations of these, that enable identification of a person. All use of personal data is considered to be processing of personal data; for example collecting, registering, comparing, storing and disclosing, or a combination thereof.

Responsible for processing

The Director General is responsible for how the NPD collects and uses personal data. The fact that the Director General is responsible for processing entails that the Director General has responsibilities and obligations pursuant to the (Norwegian) Personal Data Act. Our processing of personal data shall take place in accordance with Norwegian statutes and the EU’s General Data Protection Regulation. The Director General has delegated authority to other employees as regards collection and processing of personal data. This delegation comprises tasks, not responsibility.

Data processing

The NPD collects little personal data. Collection and use of personal data is not our core activity. Most of the information we receive is provided when you contact us and give us information, for example through written or verbal inquiries, or when you visit our offices or our website.

We offer a few user services that you can subscribe to on a voluntary basis. In these cases, you must consent to our use of a few items of personal information so that we can reach you to give you our specific offers. We respect your right to protect your personal data. The confidence of our users is of utmost importance for us.

Everyone who is registered with personal data in the NPD must be aware that they are registered.

We have specific written privacy statements for data processing that may occur when you use us as an administrative agency. These statements can be found on the NPD’s website.

Our data processing shall be equitable, transparent and verifiable. Collection and processing of personal data shall be justified. We conduct such processing in a secure manner, to ensure confidence that this information is only available to those who have authorised access. We shall ensure that this data is not accidentally altered.

We will not collect or store more data than what is necessary to fulfil statutory requirements, agreements, obligations and wishes on the part of the users. In most cases, this will be your name, email address and telephone number.

We will not use personal data for any other purpose than the purpose for which it was collected.

We want to delete information immediately if there is no longer any objective linked to the data storage and if this does not violate filing obligation provisions in Norwegian statutes or regulations.

A company that processes data on behalf of the NPD is called a data processor. When we use data processors, we make sure that we have data processing agreements that govern how the data processor can process data, and to ensure that this takes place in accordance with Norwegian legislation.

Data protection officer

The Norwegian Petroleum Directorate has appointed a dedicated data protection officer. You can contact the data protection officer if you have questions or claims with regard to your personal data. You can request access, correction and deletion via the data protection officer.

Contact information: Gunnar Mån Østebø, email: personvernombud@npd.no, tel. +47 51876587.

Appeals

You can appeal our processing of personal data to the Norwegian Data Protection Authority, cf. Article 13 (2) (d) of the General Data Protection Regulation. The address of the Norwegian Data Protection Authority and information regarding the process can be found here.

Changes

The NPD will update this data protection strategy when changes take place in our organisation, as the agency responsible for handling personal data.

Updated: 14/03/2019