Introduction

This Privacy Statement describes how NFR Group AS and its subsidiaries (“NFR Group”) collects and uses your personal data. This statement also gives information about your rights and whom you can contact for further information and questions.

In this Privacy Statement, “personal data” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. Personal data also refers to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

In most cases NFR Group is deemed to be data controller. NFR Group is the data controller for the processing of personal data that you provide when you are in contact with us. NFR Group is also a data controller where NFR Group processes personal data of employees and in the recruitment processes.

In some cases NFR Group act as a data processor for our customers. In these cases, it is the data controller who decides what personal data NFR Group shall process.

Collection of personal data

The personal data that we may collect is provided directly by you. Here are some examples of how you may provide personal information to us:

• Searching for content on our websites
• Registering for seminars and other events organized by NFR Group
• Subscribing to publications from NFR Group, such as newsletters
• Responding to survey questions
• Contact us for further information
• Apply for positions with us

We may collect the following personal data:

• Contact Information: Such as your name, email address, phone number, and company details, if you fill out a contact form or subscribe to our newsletter.
• Usage Data: Including IP address, browser type, pages visited, and time spent on our site, collected through cookies or other tracking technologies.
• Communications: Information you provide when you communicate with us via email, chat, or other forms of correspondence

NFR Group collects the minimum personal information that is necessary. We do not collect sensitive information unless we are required by law to do so. If we require additional, optional information, you will be informed of this at the time of collection.

Minors

Our Websites and services are not directed at minors. We do not knowingly collect or maintain personal information about individuals under the age of 18.

Cookies policy

Our Websites uses cookies to enhance user experience. For more details, see our Cookie Statement.

Purpose of processing personal information

We process personal data for the following purposes:

• To respond to your inquiries and provide requested information or services etc.
• Sorting and analyzing data, including data of visitors to our site and site traffic information
• To develop our business areas and services
• To improve our website’s functionality and user experience through analytics.
• To send you relevant updates, newsletters, or promotional materials, if you opt-in.
• To comply with legal and regulatory obligations.
• Any other purpose for which you provided information to NFR Group.

 

Legal Basis for processing personal information

We process your personal data based on the following legal basis:

• Consent: When you voluntarily provide information (e.g., subscribing to a newsletter).
• Legitimate interests: Such as improving our services or ensuring the security of our website.
• Legal Obligations: To comply with applicable laws and regulations.

 

Security

NFR Group has implemented security procedures and routines in order to protect your personal information from loss, misuse, alteration or destruction. Only authorized persons have access to personal information. Persons who have access to your information is obligated to keep it confidential.

Even with security measures in place, we cannot guarantee complete security against all potential threats as the transmission of data over the internet is never completely secure.

Data retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected or as required by law. NFR Group applies criteria to determine the appropriate periods for retaining your personal data depending on its purpose and in accordance with the NFR Group’s retention routines.

Transfer of personal information

We do not sell or rent your personal data. However, we may share data with:

• Service providers: We may transfer the personal data to our service providers that support our internal ancillary processes. This can, for example, be service providers withing IT functions. It is our policy to only use third-party support providers that are bound to maintain appropriate levels of data protection, security and confidentiality in order to process the personal data.
• Cross-border transfers: We may share your personal data with other companies within NFR Group.
• Legal Authorities: When required to comply with legal obligations or protect our legal rights.

Links to other websites

Our websites may include links to third-party websites. We do not control or operate these third-party websites, and their inclusion on our website does not imply endorsement or responsibility for their content, privacy practices, or terms of use. We encourage you to review the privacy policy of every website you visit to understand how they collect, use, and protect your data.

Your rights

There are some specific rights that you have regarding your personal data we process. You have the right to:

• To get a copy of your personal data undergoing processing
• To request rectification or erasure of personal data
• To request restriction of processing of personal data or to object to such processing
• To lodge a complaint with a supervisory authority

It should be noted that the rights can be restricted. We can be subject to a duty of confidentiality that can limit your right to access. We may also be subject to statutory storage obligations that can limit your right to request that personal data about you shall be deleted. If we reject your request to exercise one of your rights, we will always provide a description of the basis for the rejection. Information, communication from us and actions taken by us in response to the request are provided free of charge.  We may, however, charge a fee if permitted by applicable law.

If you wish to exercise these rights, please contact us by one of the ways set out under “Contact us” below. We shall reply to your request without undue delay and within one month from receiving the request. In exceptional cases, like the complexity and number of requests, the reply period could be up to two months. In this case you will be notified that the reply period is extended within one month of receipt of the request.

Contact us

If you have any questions about this Privacy Statement and the way we process your personal data, or if you want to exercise your rights described above, contact us: dataprotection@nfrgroup.no

Please note that you also have the right to lodge a complaint to the relevant national supervisory authority (Datatilsynet in Norway, Integritetsskyddsmyndigheten (IMY) in Sweden).  We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority and would appreciate contacting us in the first instance.

 

Updates to the Privacy Statement

This Privacy Statement was last updated on 30.01.2025.