All use of personal data is considered as processing of personal information, such as collection, registration, compiling, storage and disclosure or a combination of these. Processing of personal data is governed by the Personal Data Act. Through the Personal Data Act, the General Data Protection Regulation (the “GDPR”) was made Norwegian law.
Havfram processes personal information in connection with the use of our services and products, for the purposes stated in section 3 below. Havfram is the ‘controller’, which primarily means that Havfram is responsible for compliance with the Personal Data Act when handling your personal data.
If Havfram chooses to use another company to process personal information on our behalf, that company is our data processor. We ensure that we have entered into data processing agreements that regulate how the data processor can process data on our behalf, e.g. that they can only process personal information for clearly defined purposes and that they must ensure that the handling complies with certain data security requirements.