The protection of your personal data is of the utmost importance to us. We collect and use your personal data strictly within the legal limits of the data protection law of the Kingdom of Norway and the EU General Data Protection Regulation no. 2016/679 (GDPR) as incorporated in Norwegian law. When we use terms like "personal data", "processing", "data controller" and "data processor", they have the meaning as laid out in the data protection law.
When you visit our website or deal with us as a professional or submit a job application, we may process personal data about you as described below. Our services also includes Offshore Energy Manager (“OSEM”), and if you are a user of the OSEM system without working for a specific project, we may act as a controller for part of the information you provide while using the system as further described below.
If you want to exercise your rights as a data subject or you have any other requests regarding our processing of your personal data, you may contact us as explained below.
2. What data, for what purpose and on what basis?
2.1 Users of our Offshore Energy Manage System (OSEM)
Offshore Energy Manager (“OSEM”) is an online system that enables users to manage the information they need to share with companies involved in the construction and operation of offshore energy infrastructure (“Projects”) in order to work on these Projects. OSEM also enables Projects to efficiently manage the certification and movement of users.
If you have registered in the OSEM, Vissim acts as data processor or a data controller as set out in the system description accepted by you prior to subscription. You have full control of the personal data you enter into Offshore Energy Manager and can amend and delete it at any point, with the exception of certain operational data collected by the Projects that you chose to share your data with.
Normally, the company that you work for or the company that controls the project will be your data controller, and you will then direct any requests to that company (the "Project Owner"). When you are registered on a Project, you share personal information in agreement with the Project Specific Terms set out by the Project and accepted by you. Vissim will then act as the data processor in accordance with a specific data processing agreement with the Project Owner its subcontractor.
However, if you chose to use the OSEM without being registered on a specific project, your relationship will be directly with us. Vissim will then be data controller for the personal data relating to administrating your subscription of the OSEM, limited to; name, email, date and place of birth, nationality, and gender. The legal basis for the processing of such data is that it is necessary for the provision of the service directly to you. All processing of data you share with us is also subject to your consent to use the service and share such data, and you may withdraw your consent by ending the subscription. If you do not provide this information or wish to withdraw your consent for the processing of the information, Vissim will not be able to provide you with access to the OSEM system.
The OSEM allows you to upload content into the system such as certifications and medical conditions and training records. You fully control this content through the OSEM system, and Vissim will act as your data processor for the content you may upload into OSEM, according to the Data Processing Terms accepted by you upon registration in the OSEM.
2.2 Job application
If you file job application to us, we may process the data you send us such as your application, CV and information provided by your references. Under certain situations, we may collect such information from third parties, such as recruitment companies your references. All processing is based on our legitimate interest in processing the application you have sent, or your consent. All personal data is deleted after the recruitment process or if you withdraw your application, unless you are hired by Vissim or you explicitly consent to our processing for possible recruitment in the future.
2.3 Other purposes
We also process personal data that you provide voluntarily, e.g. when you make an inquiry or online appointment, or when you order information material or newsletters. The legal basis for this processing is that it is necessary to provide the service to you directly, and because we have a legitimate interest in providing the service to you or handling your request. The data processed by us in this context include the data of name, customers, emails and phone number to the extent necessary for the purposes of fulfilling the agreement with you or the legitimate interest in question.
In as far as we process your data as described above for the purpose of accepting and processing your inquiry, appointment, or (newsletter) order, we are unable to process your request without the data.
We may also send you marketing material by e-mail if you have consented to such marketing. Where you have given your consent to the processing of personal data (cf. Art. 6 (1) lit. a GDPR) or marketing, you can withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent up to the time of withdrawal of consent.
3. Third party recipients OF your personal data
We use trusted third parties who may have access to your personal data. This includes our service partners such as the provider of hosting services for our platform and our software development and service partners.
We may only share your personal information with public authorities and other third parties when required by law.You control which Projects have access to your personal data.
4. Location of your data
We store your personal data on servers securely located within the EU/EEA/UK area. We do not transfer your personal data outside the EU/EEA and all our data processors are subject to strict confidentiality obligations regarding your personal data.
We have implemented appropriate security measures to protect your data. In addition, we limit access to your personal data to those employees, agents, contractors and other third party data processors to a need-to-know basis. Such persons will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. Retention and deletion
Vissim will delete personal data when all purposes of processing of the personal data in question have been fulfilled and when deletion is allowed pursuant to applicable laws and regulations. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Within the OSEM system, you can close your account for specific Projects or Companies. Also, if you have been inactive on a Project for a longer period, the Project, or the Company you are working for, can decide to close your account for this Project in order to not store personal data unnecessarily. If you close your account for all Projects and Companies, your personal information in OSEM will not be accessible to anyone but yourself. One exception is the recordings of your historical offshore activity in Projects. In Historical Project Manifests, Project Reports and similar, your Name, Company, Profession and Site ID will still be visible for the Project, unless nothing else is stated in the Project Privacy Terms, for a period of 12 months after your account has been closed.
7. Your rights
You are entitled, upon request, to disclosure regarding your personal data that we are storing or are otherwise processing as a data controller. You are also entitled to have any incorrect personal data corrected and rights to blocking or deletion of your personal data.
Under certain conditions, you have the right to object to processing of your personal data, you may ask to receive your personal data in a structured and commonly used format so that it can easily be transferred to you or another data controller you appoint (this is known as “data portability”).
If you have any complaints regarding our processing of your personal data, we encourage you to contact us. We also inform you that you are entitled by law to file a complaint with the Norwegian Data Inspectorate or the data inspectorate of the EEA member state where you reside.
Procedures are reviewed regularly to ensure that the policies are followed. Any non-conformance regarding the policies will be corrected without unnecessary delay.
9. Updates and changes.
10. Contact information