Data protection statement – Norwegian Maritime Authority

  • Changed: 15/05/2020

This data protection statement describes how the Norwegian Maritime Authority (NMA) collects and uses personal data. The statement includes information you are entitled to when collecting data from our website and general information about how we process personal data.

Contact information – data controller and data protection officer

The NMA’s data controller
Director General of Shipping and Navigation, Olav Akselsen: ola@sdir.no

The NMA's data protection officer
Elisabeth Hynne: ehy@sdir.no

Types of personal data being processed

The NMA processes many types of personal data for administrative purposes. The largest volume is linked to applications and the issuing of personal certificates.

In such cases, the NMA needs information about the seafarer which is relevant for legislative compliance with the requirements for the respective certificate. This includes required medical information submitted by the seafarer’s doctor.

In matters concerning external customer relations or marketing, the NMA mainly handles contact information for relevant parties in order to inform about coming events, conduct surveys, distribute the periodical Navigare to registered subscribers, etc.

Purpose of and basis for the processing of personal data

The purpose of the processing of personal data depends on the type of processing and the type of data. The same applies to the basis for processing: In most cases, the NMA is either carrying out a task required by an individual or the NMA has been assigned to carry out a task as a public authority. Thus, the basis for processing is either consent (cf. GDPR Article 6(1)(a)) or carrying out a task in the public interest (GDPR Article 6(1)(e)).

In cases where consent forms the basis for processing, it can be withdrawn at any time.

Personal data shall not be used for purposes other than those for which the personal data were initially collected when there is no new consent or information to the data subject regarding other purposes and other necessary information in this respect.

Here you will find a list of different types of processing. This list is not exhaustive.

Processing of certificate applications and issue of certificates

Purpose: issuing certificates
Basis for processing: GDPR Article 6(1)(e) (Task in Public Interest)

News feed, etc.

Purpose: alert recipients of news from the NMA at their request
Basis for processing: GDPR Article 6(1)(a) (Consent)

Surveys, etc.

Purpose: investigate customer satisfaction with the NMA’s services
Basis for processing: GDPR Article 6(1)(a) (Consent)

To whom the personal data is disclosed

Personal data will not be disclosed to others, except in cases where the NMA has a duty to report to other authorities.

How long the data will be retained

The NMA is a public authority pursuant to the Norwegian Archives Act. This means that we must comply with the requirements of this Act regarding to archiving and storage.

All documents related to case processing are subject to journalling and archiving.

The obligation to archive precedes the obligation to erase in the Personal Data Act.

The requirement for long-term storage and the prohibition against erasure stipulated in the Norwegian Archives Act is compensated for by access control.

Beyond this, information will not be stored longer than necessary in order to achieve its purpose.

Right to access information, rectification, erasure, data relocation, restriction of processing and opposing certain forms of processing

The data subject has the right to request information on whether the NMA processes personal data about him/her, the type of information involved and the purposes of the processing.

The data subject will also receive information regarding any disclosure to third parties, expected storage time, possibilities for erasure, rectifications or restrictions in cases where the Norwegian Archives Act is not a hindrance to doing so, the right to complain, the data source, if not collected from the data subject, as well as data on the occurrence of automated decision-making.

The data subject may be granted a copy of his/her personal data being processed, as long as it does not affect the rights and liberties of other individuals.

Please also check the information of this data protection statement, as well as GDPR Articles 15 to 22.

More information on the use of cookies at www.sdir.no

Note: By using www.sdir.no, you consent to our sending cookies to your browser.

Cookies information

Cookies or small information files are standard technology used by most web pages today.

A cookie is a small text file that is added to your browser’s internal memory and provides statistics that allow us to make our website better for our users.

Most modern browsers (such as Google Chrome, Firefox, Internet Explorer, Safari, Opera, etc.) are set to accept cookies automatically. However, you can choose to change the settings to block cookies.

Please note that if you do block cookies, some website functionalities will not work properly.

Collection of information

As most other websites, data is collected automatically. We use Google Analytics for these purposes.

The data we collect will be used to analyse trends. This way we can make our website better for those who visit it regularly. 

The data will only be used for internal purposes and not be disclosed to any third party. 

We will never store information that may identify you.

For each web page shown, the following data is stored:

  • which page you are visiting
  • date and time of access
  • your browser
  • your IP address

The NMA has chosen to add a script which removes the last digits of your IP address before the data is stored by Google Analytics.
This way, the analytic tool may estimate the user’s geographical position. However, it is not possible to use the address to identify the user.

At www.sdir.no you will find the following cookies used:

  • ASP.NET_SessionId: A cookie used to control how content is shown and maintain data of the current user session It will expire when you close the browser.
  • EPi:NumberOfVisits: A cookie used to allow personalisation of content (Visitor Groups) to give targeted content to the user.
  • EpiserverFormsCookie: A cookie used to allow partially form submissions.
  • alert-box: A cookie used to check if the user has read/closed the latest service messages.

Google Analytics cookies:

  • __utmz keeps track of where you came from (search engine, keyword, link, etc.) when you accessed our website. We use Google Analytics internally on our website.
  • __utma keeps track of how many times you accessed our site. This way we can see how many users are accessing for the first time and how many users are accessing the pages more often.
  • __utmb and __utmc work together to calculate how long a visit to our site takes. The cookies will expire when you leave the site.

Searches

The NMA stores information about keywords used by our users. The purpose is to improve our information services.
We may, for example, find out which keywords that provide matches and which search results are clicked on.
The usage pattern for searches will be stored in a separate database and are only stored in an aggregated format.
Only the keyword is saved, and it cannot be linked to other data about the users, such as IP addresses.

Complaints to the Norwegian Data Protection Authority

If our processing violates the regulations, the data subject has the right to make a complaint to the Norwegian Data Protection Authority.

 

 

Did you find what you where looking for?

NB! Do not enter personal information here.

We do not respond to inquiries.

The feedback given here is only used to improve the website.

Back to top