PRIVACY STATEMENT - GDPR

NorRisk takes privacy very seriously. All personal data is processed in accordance with current personal data legislation. All such information shall be treated confidentially and utilized to the intended purpose. All staff members can process such information and have a declaration of confidentiality.

 

We may process the following personal information:

• Name

• Position

• Birth and Social Security number

• Payment

• Address

• E-mail address

• Phone no

• Certificates

• Registration nuber

 

We can also process (disseminate) sensitive personal information that is linked to injury reports in connection with personal insurance schemes to our customers, including membership in trade union.

Such information will only be processed if consent has been obtained in accordance with the GDPR art. 9, paragraph 2a. and the Personal Data Act §9. The information will be deleted when it is no longer relevant to the object to save it.

 

Our basis and purpose in processing personal data.

In order for us to carry out our assignments for our customers, we must process personal data. Our legal basis for the processing of personal data is laid down in Articles 6 and 9. of the GDPR Directive. We can handle personal data as a result of taking on assignments as an insurance broker or adviser. In connection with tenders, we will disseminate information to insurance providers that they depend on to respond to the offer. In injury cases, too, we can come into the situation when we provide such information.

 

Storage and transfer

Storing of Personal Information can occur both on paper and electronically. Information on paper is stored in a locked archive. Electronic information has been stored on secure password protected server protected with firewalls and antivirus software. Sensitive personal information is transmitted in a protected (encrypted) message in Office365.

 

Risk assessment.

A risk assessment has been made of unfortunate incidents linked to our processing of personal data. Based on this, necessary measures have been taken to ensure that we have sufficient privacy protection.

 

It registered its forensics.

The data subject has the right to, and at any time, request access, rectification, deletion and extradition / transfer. By secure identification, the data subject can, by contacting us, be informed of all relevant matters regarding how this information has been processed and disseminated.

The registered person can at any time contact us by e-mail or telephone provided on these websites.

 

 

Appeals

The task of the Data Protection Authority is to check that the regulations are being followed. If you experience anything that you believe is a violation of the regulations, you can contact the Data Inspectorate. You can find them at www.datatilsynet.no.

 

treatment coordinator

Oceanin has defined ourselves as the controller, since we believe that, based on our role as a consultant and broker, we have a self-contained object in the processing of personal data.

We also refer to Finans Norge who asks its members and their business customers to enter into data processing agreements under normal customer conditions.