The purpose of this notice is to be transparent about how and why we use your personal data and to ensure that you are aware of your rights under data protection legislation (General Data Protection Regulation (EU 2016/679 (GDPR)), Personal Data Act, Marketing Control Act).
We are Global Maritime Group AS and we are the data controller. Our correspondence address is PO Box 343, 4067 Stavanger, Norway. You can contact us at email@example.com
The purpose for processing your data and our basis for doing so.
We process personal data so we can engage with prospective clients, maintain our relationship with existing clients, administer our contracts, collect payment and pay suppliers. In processing your data, we must establish our legal basis for doing so and the legal basis can be different depending on the purpose we use it for.
If you are a prospective corporate client and the relevant contact person, we will process personal data, such as name and contact details so we can maintain a dialogue. We may also wish you send you material relevant to your business including our newsletter or marketing materials, or process data for the purposes of developing new products or enhancing existing products and services.
We may also collect and use personal data such as name and billing address to provide you with the services you requested, to administer your contact record, identify you and to communicate with you. We also interact with you via our general enquiry sections or responding to complaints or general feedback given by you on our services or because we had or have a contract with you in place. The lawful basis for doing this is Article 6.1.f - processing is necessary in our legitimate interests to maintain a client and supplier relationship.
How Personal Data is collected.
We and our service providers collect Personal Data in a variety of ways, including:
- We collect Personal Data through our Services, for example, when you sign up for a newsletter, or register an account to access the Services.
- We collect Personal Data from you offline, e.g., attend one of our trade shows, or correspond with us by phone or otherwise.
From Other Sources
- We receive your Personal Data from other sources, for example:
- publicly available databases
- joint marketing partners when they share the information with us.
- If you connect your social media account, you will share certain Personal Data from your social media account with us, for example, your name, email address, photo, list of social media contacts, and any other information that may be or you make accessible to us when you connect your social media account to your Services account.
Recipients of your data.
As a general principle, we will not transfer your personal data to other recipients without your permission. There are some exceptions to this:
- We will share your data with sub-contractors so we can deliver the contracted services. Our lawful basis for doing this is Article 6.1.b – performance of a contract.
- If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. Our lawful basis for doing this is Article 6.1.f - we have a legitimate interest to pursue money owed to us.
- It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other legal requirement. Our lawful basis for doing this is Article 6.1.c - Legal Obligation
- In the event of a sale, reorganisation, merger or joint venture, we may need to disclose or transfer your Personal Data to a third party. Our lawful basis for sharing this is Article 6.1.f - legitimate interest.
Data processed by third parties on our behalf.
We use the services of other organisations in the processing your data. We use cloud-based platforms for email, document storage, accounting and video conferencing purposes. We have outsourced IT support and cloud based data backup.
Those organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the GDPR. This ensures that your data is handled in accordance with the GDPR.
Transferring your data outside of the EEA.
Your personal data is stored in data centres in Norway.
We will retain your data only for the time we require it for the purposes stated and / or where we have a legal obligation or other legitimate purpose.
If you are a client then we will keep your contact data for all the time you are a customer and for 7 years following for our accounting purposes.
If you are a prospective client, we will keep your information for 2 years from the last contact you made, unless you have asked us to stop contacting you.
The GDPR provides you with several rights in relation to the data we process. The rights relevant to our activities are:
- You have the right to get access to and copies of your personal data.
- You can ask us to rectify any inaccurate information we may be holding.
- You can object to us processing your data where it is conducted under a legitimate interest basis.
- You can restrict our processing of your data
- You have the right to request erasure of your personal data but please note this is not an absolute right.
- You have the right of data portability.
We do not conduct any automated decision making or profiling.
If you want to exercise any of these rights, contact us on the above email address.
You also have the right to lodge a complaint about our processing with the supervisory authority whose contact details are:
The Data Protection Authority
Trelastgata 3, 0191 Oslo, Norway
P.O. Box 458 Sentrum, NO-0105 Oslo, Norway