DATAPRIVACYNOTICE FOR EXTERNAL PARTIES
This privacy policy applies to Neuver Maritime AS (hereinafter referred to as“Neuver Maritime”) regarding the collection, use, and processing of personal data. In this privacy policy, Neuver Maritime will be referred to as “we,”“us,” “our,” or “data controller.” In connection with our business activities, we process personal data. The processing of personal data is based on the nature and purpose of our business.Information about the personal data we process about you, the legal basis for processing, the purpose of processing, how long we retain the data, etc., is provided below. If you have any questions or wish to learn more about our processing of personal data, you can contact us – see contact details below.
1. Data controller
Neuver Maritime, represented by the Managing Director, is the data controller, meaning we determine why and how personal data is processed for the purposes described below. Contact details for the data controller:
Address: Årsundvegen 24, 6270 Brattvåg
Email: admin@neuver.com
Phone: +47 482 88 500
Organization number: 933 223612
2. Why we collect personal data and what information we collect
We collect and use personal data for various purposes depending on who you are and how we interact with you. All processing of personal data is carried out in accordance with applicable privacy regulations, including the Personal Data Act and the General DataProtection Regulation (GDPR).
“Personal data” means any information that can be linked to a physical person(hereinafter referred to as “data subject”).
“Processing”means any operation performed on personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
We process personal data for the following purposes:
1. Sending marketing materials, newsletters, and providing information about our business: For this purpose, we collect your name and email address. Processing is based on your consent and/or an existing customer or user relationship, cf. theMarketing Act § 15. The data will be deleted when you withdraw your consent.
2. Communication and contact: We process personal data of individuals who contact us in order to respond to and document the communication and to reach out to others. In such cases, we process names, phone numbers, email addresses, and any personal data that may be included in the inquiry, including history/logs related to the inquiry. Providing personal data in this context is voluntary, but certain information may be necessary for us to assist you with your request. Processing is based on a legitimate interest assessment, cf. GDPR Article 6(1)(f). We have assessed that our legitimate interest in maintaining contact with external parties is part of our business operations, as well as responding to inquiriesand recording such contact. The data will be deleted when we consider the dialogue concluded, normally after one calendar year.
3. Customer Relationships and Contract Execution: In existing customer relationship sand in connection with entering into contracts, we process personal data such as names, phone numbers, email addresses, and any personal data that may arise from the customer relationship. Processing is necessary to fulfill the agreement we have entered with the customer, cf. GDPR Article 6(1)(b).
4. Recruitment for New Positions: During recruitment for new positions, we process information such as CVs, application letters, certificates, references, and notes from interviews. Processing of personal data is based on the consent you have provided and is also necessary to implement measures prior to entering into an employment agreement with the applicant, cf. GDPR Article 6(1)(a) and(b).
If we conduct checks beyond contacting persons listed as references, such as searches for historical information, personal data will be processed based on our legitimate interest in ensuring the right candidate for the position, cf. GDPR Article 6(1)(f). We have assessed that this interest outweighs the individual’s privacy.We encourage you not to include special categories of personal data in your application, such as information about health, religion, political opinions, or trade union membership. Personal datails deleted internally as soon as the recruitment process is completed, unless you have consented to longer retention.
5. Shareholders: In connection with the administration of shareholder relationships, we process personal data such as names, phone numbers, email addresses, residential addresses, and participation in general meetings. Processing is necessary to fulfill shareholder agreements with shareholders, as well as to comply with legal obligations, cf. GDPR Article 6(1)(b) and (c).
6. Board Members:In connection with the administration of board relationships, we process personal data such as names, phone numbers, email addresses, residential addresses, national identification numbers, and bank account numbers.Processing is necessary to fulfill the agreement with the board member, as well as to comply with statutory reporting requirements to public authorities, cf.GDPR Article 6(1)(b) and (c).
7. Cookies: We do not use cookies or store cookies on your device when you visit our websites. To understand how the website is used and to improve the user experience, we use Plausible Analytics. This is a privacy-friendly analytics tool that does not use cookies and does not identify individuals. The data collected is only aggregated and anonymized, such as the number of page views, visit frequency, referring websites, browser, and device type. None of this information can be linked to you as an individual.
3. Retention and Storage (Deletion) of Personal Data
We retain personal data for as long as necessary for the purpose for which the data was collected and delete the information in accordance with regulatory requirements. The duration for which we process each type of data is specified above where the individual processing activities are described.
This means, for example, that personal data processed on the basis of your consent will be deleted if you withdraw your consent. Personal data processed to fulfill an agreement with you will be deleted when the agreement has been fulfilled and all obligations arising from the contractual relationship have been met, such as statutory obligations related to accounting, follow-up of user and customer relationships, etc. Personal data processed due to a legal obligation will be deleted as soon as we are no longer required to retain the information. See also section 2 above for our deletion routines.
4. Disclosure of Personal Data to Others
We do not share your personal data with others unless there is a lawful basis for doing so. Examples of such a basis typically include an agreement with you or a legal obligation requiring us to disclose the information. For example, we may need to share your personal data with distributors as part of certain aspects of our services. We use data processors to collect, store, or otherwise process personal data on our behalf. In such cases, we have entered into agreements to ensure information security at all stages of processing. Scroll to bottom to see our current data processors.
5. Security of Processing
All processing of personal data is secured with the required technical and organizational measures.
We handle information so that it is accurate, available, and managed according to the sensitivity of the data. We also use a range of security technologies and information security procedures to protect personal data from unauthorized access, use, or disclosure. Risk assessments are carried out for the processingof personal data.
We have entered into data processing agreements with all our suppliers who process personal data, ensuring they maintain the same level of security as we do for our own processing.
We limit access to personal data to personnel or third parties who process the data on our behalf. These parties are subject to confidentiality obligations.
Procedures have been established for handling information security breaches and incidents(privacy breaches). If a breach occurs that poses a risk to the privacy of the affected personal data, we will notify the Data Protection Authority as soon as possible and no later than 72 hours after the breach was discovered. If the breach is likely to result in a high risk to the privacy of the affected individuals, we will also notify those individuals.
6. Your Rights When We Process Personal Data About You
Below are your rights regarding the processing of personal data. To exercise your rights, please contact us using the contact information provided in section 1.
We will respond to your inquiry as soon as possible and no later than one month. If it takes longer than one month, you will be notified.
We may ask you to confirm your identity or provide additional information before allowing you to exercise your rights. This is to ensure that we only grant access to your personal data to you—and not to anyone pretending to be you.
Information
You have the right to receive information about the personal data we process about you. Through this statement, we inform you about our processing of personal data. You may also contact us if you would like more information.
Access
You have the right to request access to the personal data processed about you. Please contact us if you wish to exercise this right.
Rectification and Deletion
You may also ask us to correct inaccurate information we hold about you or request that we delete personal data. We will accommodate such requests as far as possible, but we cannot do so if we still need the data
Processing Based on Consent
If we process personal data based on your consent, you may withdraw your consent at any time. The easiest way to do this is to use the method provided when you gave your consent or contact us directly.
Right to Restrict or Object to Processing
You have the right to restrict processing in certain cases, see GDPR Article 21, such as:
a) You contest the accuracy of the personal data—the processing will be paused for a period that allows us to verify the accuracy of the data.
b) The processing is unlawful, and you oppose deletion of the personal data and instead request that its use be restricted.
c) We no longer need the personal data for the purpose of processing, but you require it to establish, exercise, or defend legal claims.
You may also object to processing under GDPR Article 21(1) pending verification of whether our legitimate interests override your privacy.
Right to Data Portability
For data you have provided to us that is necessary to fulfill an agreement with us and is processed automatically (i.e., not manually), you may request to receive your personal data or have it transferred to another provider in a structured, commonly used, and machine-readable format (data portability).
AutomatedProcessing, Including Profiling
There will be no automated processing, including profiling, based on your personal data that produces legal effects or significantly affects you, cf. GDPR Article22(1) and (4).
7. Complaints
If you believe that our processing of personal data does not comply with what we have described here or otherwise violate privacy legislation, we encourage you to contact us using the contact information in section 1. Please note that you may also lodge a complaint with the Data Protection Authority.You can find information about your rights and how to contact the Authority on their website: www.datatilsynet.no.
8. Changes
If there are changes to our services or to the regulations on processing personal data, this may result in changes to the information provided here. If we have your contact details, we will notify you of such changes. Otherwise, updated information will be available on our website.
Doc ID: NM-FORM-0014
Revision: 11/25/2025
Latest version date: 11/26/2025
Neuver Maritime
HQ Aalesund
Aarsundvegen 24
6270 Brattvåg
