WML’s privacy notice

1. Brief Presentation of WML and its Responsibility:

WML is a highly specialized organization focusing exclusively on providing secure, cost efficient and on time delivery services to operators in the global marine industry.

The Managing Director of WML AS has the overall responsibility for WML’s hosting and handling of Personal Data according to the EU General Data Protection Regulation (GDPR), the Norwegian “Lov om behandling av personopplysninger” and the Implementation Act of the General Data Protection Regulation in the Netherlands.  WML’s Managing Director, however, has delegated his operational responsibilities to the Chief Financial Officer (CFO) of the company.

2. Who is this Privacy Notice aimed at?

As WML almost exclusively operates on a business-to-business level, this Privacy Notice is primarily aimed at employees of WML’s customers, suppliers and collaborators. However, it also applies for the few private persons that from time to time seek the logistical assistance of WML.

3. What is Personal Data?

Personal Data represents all data that can be tied to you as an individual – directly or indirectly – such as your name, address, e-mail address, IP-address, telephone number, social security number, bank account number etc.

For all practical purposes, one can distinguish between two major categories of Personal Data – General Personal Data and Sensitive Personal Data.

Sensitive Personal Data represent data revealing race or ethnic origin, religious beliefs, political opinions, health, sexual inclination, biometric information, criminal history, membership in labour unions, etc.

All other Personal Data then is by definition classified as General Personal Data.

4. What Personal Data do WML need and why do we need it?

We need your Personal Data in terms of contact information (name, e-mail address and telephone number) for achieving effective interaction with your employer, being one of our customers, suppliers and/or collaborators, and for conducting one or several of the many operational and/or administrative tasks related to our business activities on behalf of or together with your employer.

We only collect and use Personal Data when it is necessary for the performance of specific actions required by our business activities, and we shall neither collect nor use any Personal Data for which there are no legitimate purpose unless you as the owner of the data has given us your consent in writing.

5. What WML do with the Personal Data and where:

Your Personal Data is processed in WML’s offices located in Oslo, Norway and in Rotterdam, the Netherlands. The hosting and storage of your Personal Data takes place in Oslo, Norway by relying on three secure systems – our e-mail system, Sysped and Sharepoint (Microsoft server)

No third-party providers have access to your Personal Data, unless required by the performance of our business activities on behalf of our customers and/or in cooperation with our suppliers and/or collaborators or is specifically required by law.

Our Personal Data Protection Policy governs the use and storage of your personal data. You can see our Personal Data Protection Policy.

6. From where have WML obtained your Personal Data?

We have exclusively obtained your Personal Data – in terms of name, postal address, e-mail address and telephone number – directly from you or from your employer.

7. Legitimate Purposes for Collecting and Processing Personal Data:

There exist six legitimate purposes for our collecting and processing Personal Data:

  • Performance of a signed contractual agreement between the Data Subject and the Data Controller
  • Compliance with legal obligations
  • Fulfillment of legitimate interest – for instance required for execution of a signed contract
  • Processing in the public interest (interest of the authorities etc.)
  • Processing for the protection of vital interest (hospitals, doctors, etc) and if not one of the above…
  • Consent of the data subject

WML’s justification for collecting and processing of your Personal Data is based on fulfillment of legitimate interest, that is, it is required for execution of a signed contract with your employer.

8. Transfer of Personal Data to Third-Parties:

WML, as a controller and processor of Personal Data has the accountability to ensure that the Personal Data collected and processed is protected and that the GDPR-requirements are respected, even if processing is being done by a third party. This means that WML has the obligation to ensure the protection and privacy of your Personal Data when that data is being transferred outside the company,that is, to a third party and / or to another entity within our company.

To this effect, WML has contractually required all its suppliers or business collaborators to provide the level of data protection required by the GDPR.

9. Cross-Border Transfers of Personal Data:

A Cross-Border Data Transfer occurs when Personal Data is processed outside the country in which it was provided. The EU GDPR allows for unrestricted data transfers within the EU/EEA countries, because the protection of data here is considered to be adequate as it is governed by the EU GDPR and the EU Data Protection Directive.

A company may transfer Personal Data to a country outside of the EU/EEA if an adequate level of

data protection can be assured. This assurance can be based on one of the following requirements:

  • Usage of data protection clauses as defined by the data protection authority and approved by the commission.
  • An approved code of conduct as approved by the data protection authority.
  • A certification or seal of protection that is issued by a competent authority.

WML has established both a Cross-Border Personal Data Procedure and signed an agreement with all its handling agents outside the EU/EEA based on the data protection clauses as defined by the Data Protection Agency and approved by the EU Commission.

10. How long do we keep your Personal Data?

We keep your Personal Data for as long as we cooperate with and you are employed by your current employer. After this period, your Personal Data will be irreversibly destroyed/deleted.

11. What are your Rights?

Should you believe that any Personal Data we hold on you is incorrect, inaccurate, outdated or incomplete, you have the right to request to see this information, rectify it or have it deleted. Please contact us by using our Data_Subject_Access_Request_Form.

In the event that you wish to complain about how we have handled your Personal Data, please contact our Chief Financial Officer (CFO) Simen Sjåvik (see 12. Contact Information below). Our CFO will then look into your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact Datatilsynet in Norway and/or Autoriteit Persoonsgegevens in the Netherlands and file a complaint with them (see 12. Contact Information below).

12. Contact Information:

Name of Company: WML AS

E-mail Address: mail@wml.no

Address: Verkseier Furulunds vei 49, 0668 Oslo, Norway

Telephone Number: + 47 21 39 26 60

Fax Number: + 47 21 39 26 67

Managing Director: Morten Hole, +47 913 39 274, morten@wml.no

Person responsible for WML’s GDPR: Chief Financial Officer Simen Sjåvik, + 47 980 95 493, simen.sjavik@wml.no

Datatilsynet (Norway): +47 22 39 69 00, Postboks 450 Sentrum, 0152 Oslo,  postkasse@datatilsynet.no

Autoriteit Persoonsgegevens (The Netherlands): +31 (0)70 888 85 00, Postbus 93374, 2509 AJ Den Haag, info@autoriteitpersoonsgegevens.nl