Choose language:

Privacy Policy

Table of contents

    Table of contents

    About the Privacy Policy

    This privacy policy provides information about when, why and on what legal basis DSB processes personal data, and what rights you have when we process personal data about you.

    What is personal data?

    Personal data is information that can tell us something about a natural person. The information must be able to be linked to a specific person, but it is sufficient that the link is possible, for example through the use of technical aids and additional information. Examples of personal data are a person's contact details, qualifications, interests, health, movements and appearance.

    What is meant by the processing of personal data?

    Processing is used as a catch-all term for everything you do with personal data, such as collecting, storing, analyzing, compiling and disclosing it. One and the same treatment normally consists of several such operations.

    Data Controller

    DSB, represented by the Director, is the data controller for all use of personal data where DSB has determined the purpose of the processing and how it is to take place. As a data controller, you have the legal responsibility to ensure that the processing takes place in accordance with data protection legislation. In this privacy policy, you can read more about which processing activities DSB is the data controller for. 

    The Data Protection Officer at DSB

    DSB has its own data protection officer. The main tasks of the data protection officer are to advise on the obligations DSB has under the data protection legislation and to check whether the company complies with the regulations. The Data Protection Officer has an independent role and cannot receive instructions on the performance of his or her statutory duties.

    You can contact the Data Protection Officer about questions related to DSB's processing of personal data, or to get help in exercising your rights. Read more about your rights under the data protection legislation below.

    DSB's data protection officer, Marie Bakken, can be contacted by e-mail:

    In which cases does DSB process personal data?

    In connection with supervisory tasks and other exercise of public authority

    DSB is the professional, administrative and supervisory authority within the Product Control Act, the Fire and Explosion Protection Act, the Electrical Supervision Act and the Civil Protection Act. In this context, the DSB processes personal data for purposes related to supervision and application processing, reporting and reporting, coordination, advice and the preparation of statistics. The processing of personal data is a prerequisite for the DSB to be able to carry out its social mission.

    The processing has a legal basis in Article 6(1)(e) of the General Data Protection Regulation, which permits the processing of personal data when the processing is necessary for the exercise of official authority. If the data contains special categories of personal data, such as information about health, the processing is based on Article 9(2)(g) of the General Data Protection Regulation.

    Purposes arising from legal obligations

    In various contexts, DSB must process personal data in order to comply with a legal obligation imposed on the enterprise.

    Among other things, the DSB is obliged to keep a publicly available record of all incoming and outgoing case documents, cf. Section 6 of the Freedom of Information Regulations. Other legal obligations that require the processing of personal data are set out in the National Insurance Act, the Accounting Act and the Tax Act, among others. 

    In this context, the legal basis for processing is Article 6(1)(c) of the General Data Protection Regulation, which permits the processing of personal data when the processing is necessary to comply with a legal obligation based on law.

    Processing of personal data in other contexts

    According to a decision made by the Storting, DSB is responsible for Nødnett, with core users within the emergency services fire, police and health. In this connection, personal data about the users' identity and their communication is processed. The processing is necessary for DSB to be able to provide the service.

    In this context, the legal basis for processing is Article 6(1)(e) of the General Data Protection Regulation, which permits the processing of personal data when it is necessary to perform a task in the public interest, and Article 6(1)(b), which permits processing that is necessary for the performance of a contract.

    Personal data is also processed in other contexts, for example in cases where you participate in a course or participate in a voluntary survey. The processing is limited to what is necessary to administer/carry out and possibly charge for the activities in question.

    The legal basis for processing here is Article 6(1)(a) of the General Data Protection Regulation, which permits processing when the data subject has given his or her consent.

    Subscribe to news alerts

    DSB sends out news alerts by e-mail to people who have signed up for our subscription service. The purpose of processing personal data in connection with the news notification is to provide up-to-date information about our work to the right recipient. In order for us to be able to send you news alerts by e-mail, you must register an e-mail address. We do not collect any information about you other than your e-mail address in connection with the dissemination of news alerts, and your e-mail address will not be used for any other purpose. The email address will be deleted when you unsubscribe from the news alert. Our legal basis for processing these e-mail addresses is Article 6 (1) a) of the General Data Protection Regulation, i.e. consent. You can withdraw your consent at any time by unsubscribing from the news alert. Your withdrawal of consent will not affect the lawfulness of the processing of personal data that occurred before you withdrew your consent.

    What categories of personal data are processed?

    The personal data that is processed depends on the purpose of the processing. This will therefore vary. Frequently used personal information is information about identity, such as name, gender and date of birth, and contact information, such as telephone number, email address and residential address.

    Other personal data that is processed may be letters, emails and other communication, information about violations of the law, certification, working conditions and health.

    You can request access to your own personal data at any time, see more about this below.

    Where is the data collected from and with whom is it shared?

    Normally, the personal data is collected directly from you, but may also originate from other public authorities or publicly available registers.

    Sometimes the personal data is shared with others, usually with other public authorities, but not limited to this. The recipients must have their own legal basis for processing the personal data.

    How long is the personal data stored?

    Personal data shall normally not be stored beyond what is necessary to achieve one or more specific purposes. Personal data that is no longer needed will therefore be deleted, unless otherwise stipulated by other regulations.

    As a public authority, DSB is subject to an extensive archiving obligation. Case documents and other information that are subject to the archiving obligation will therefore be stored in accordance with the Archives Act and regulations, and can therefore not be deleted in the usual way.

    Information about jobseekers

    If you apply for a position at DSB, we will collect and process a number of personal data about you, such as name and contact information, application, CV, and other information that is important for the assessment of the application.

    The above is a necessary prerequisite for entering into a possible employment contract with you. The legal basis for processing is Article 6(1)(b) of the General Data Protection Regulation, which permits processing that is necessary to enter into a contract or fulfil measures at the data subject's request prior to entering into a contract.

    Information about employees in DSB

    DSB processes personal data about its own employees in order to administer and facilitate the employment relationship, and to fulfil other obligations under the employment contract. The processing includes, among other things, names and contact information, CV, employment contract, salary and payment information, tax deduction cards, holiday and absence overview, trade union membership, information about next of kin, number of children and their names, any warnings, as well as health information within the framework of the Working Environment Act.

    Processing of the above data is necessary for the performance of the employment contract with the employee. The legal basis for this is Article 6(1)(b) of the General Data Protection Regulation. Where the processing involves special categories of data, the basis for processing follows from Article 9 (2 b).

    DSB also processes information about employees' registration in and out of the workplace. As a result of the camera surveillance at some selected places such as the building's entrances, employees' movements in these places will be filmed. The processing is carried out on the basis of a balancing of interests pursuant to Article 6(1)(f) of the General Data Protection Regulation, as consideration for the employer's need for security and control of the building, and the information stored in the building, weighs heaviest.

    Personal data about the employees is further processed in cases where the processing is necessary to comply with legal obligations that follow from, among other things, the National Insurance Act, the Accounting Act and the Tax Act. In this context, the legal basis for processing is Article 6(1)(c) of the General Data Protection Regulation.

    Your rights

    You have the right to know what personal data DSB processes about you and to receive a copy of the personal data. You can also request information about why we process the personal data, the names of any recipients, information about how long the data is expected to be processed and where the personal data originates.

    Correction of personal data

    If your personal data is incorrect or incomplete, you can request that the data be corrected or supplemented with additional information.

    Deletion of personal data

    In some cases, you can demand that DSB deletes personal data about you. However, as a result of, among other things, the archiving obligation under the Archives Act and regulations, this right will be somewhat limited in the public sector.

    Right to withdraw consent

    In cases where the processing takes place on the basis of your consent, you have the opportunity to withdraw your consent at any time. The treatment will then normally have to be stopped. However, this does not affect the lawfulness of the processing that has already taken place.

    It should be as easy to withdraw as to give consent.

    Limitation of processing

    In certain cases, you can demand that the processing be restricted. This applies where you have contested the accuracy of the personal data, where the processing is unlawful or no longer necessary, or where you have objected to the processing in question.

    Protest against treatment

    In some cases, you may object to a treatment. This is limited to cases where DSB processes your personal data as part of the exercise of public authority, cf. Article 6(1)(e) of the General Data Protection Regulation, or when the processing takes place on the basis of a balancing of interests pursuant to Article 6(1)(f) of the General Data Protection Regulation.

    The protest must be justified in your particular situation. It will then be up to the DSB to decide whether the processing can continue.

    Data portability

    If DSB processes your personal data on the basis of your consent or an agreement with you, you can request to have the data transferred to another data controller, if there is a genuine choice between several service providers/data controllers.

    Right to complain

    If you object to the way we process your personal data, you have the right to complain to the Norwegian Data Protection Authority. We hope that you will first contact DSB, so that we can assess your objections and clear up any misunderstandings.

    Do you want more information about your rights or have questions about exercising rights? On the Norwegian Data Protection Authority's website, you can read more about your rights.

    If you have any questions about how your personal data is processed or wish to exercise your rights, you can contact us by e-mail: , or send a letter to:

    Directorate for Civil Protection and Emergency Planning (DSB), P.O. Box 2014, 3103 Tønsberg