Privacy policy and cookies

Finanstilsynet’s privacy statement

Finanstilsynet processes personal data in accordance with the Act relating to the processing of personal data (Personal Data Act), which implements the General Data Protection Regulation (GDPR). This means that privacy is safeguarded in the best possible manner when Finanstilsynet carries out its tasks.

This statement explains how privacy is safeguarded by Finanstilsynet. The statement provides general information about how Finanstilsynet processes personal data (cf. Articles 13 and 14 of the GDPR).

• Personal Data Act

1. Who is responsible for the processing of personal data?

According to the Personal Data Act, the Director General has principal responsibility for the processing of personal data. The department heads are responsible for the processing of data in their respective units. Finanstilsynet’s section heads have the day-to-day responsibility.

2. What is the purpose of processing personal data?

Finanstilsynet processes personal data when performing its statutory supervisory tasks. Relevant legislation:

Financial Supervision Act – the legal basis for Finanstilsynet’s operations. Finanstilsynet’s main responsibilities are set out in Section 3 of the Financial Supervision Act. Furthermore, Finanstilsynet administers a number of special acts that provide the basis for the processing of personal data pursuant to the Personal Data Act.

• Financial Supervision Act

Personal Data Act – the Act shall protect individuals from the infringement of privacy through the processing of personal data and contribute to ensuring that personal data are processed in accordance with fundamental privacy considerations.

• The Personal Data Act 

Public Administration Act – contains rules of procedure for how your case will be handled by Finanstilsynet. As a party to the case, you have special rights, including the right to access the case documents.

• Public Administration Act

Freedom of Information Act – contains rules for when a document is publicly disclosable and when a document can be exempt from public disclosure. Finanstilsynet follows the open government principle, which means that it as far as possible seeks to make documents public.

• Freedom of Information Act

Archives Act – contains rules for how case documents should be processed and stored and how they should be transferred to an archival institution.

• Arkivlova (available in Norwegian only)

3. Which personal data are processed?

Personal data means any information relating to an identified or identifiable natural person, cf. Article 4 of the GDPR. Finanstilsynet processes personal data as part of its supervisory activities (cf. Article 6 (c)* of the GDPR), for example in connection with licence applications, fitness and propriety assessments, reports of own-account trading, customer complaints, etc.

*’Processing is necessary for compliance with a legal obligation to which the controller is subject’.

4. Where is the information collected from?

Finanstilsynet collects personal data from private and public enterprises at home and abroad, private individuals, international organisations and various registers (the National Registry, the Brønnøysund Register Centre (the Central Coordinating Register for Legal Entities), the NAV State Register of Employers and Employees, the Land Register, the Currency Register, etc.) on its own initiative as part of Finanstilsynet’s statutory case processing.

In addition, Finanstilsynet receives enquiries from Norwegian and foreign private individuals and businesses. These may contain personal data.

5. Are data disclosed to third parties?

Finanstilsynet shares personal data with the police and other public authorities, as well as foreign supervisory authorities and international organisations when this is necessary to perform Finanstilsynet’s statutory supervisory tasks and comply with international agreements. See point 3 above with respect to the types of personal data that are disclosed. Personal data are disclosed in accordance with applicable data protection legislation (cf. Chapter V of the GDPR).

• More information about the transfer of personal data to supervisory authorities outside the EEA (available in Norwegian only)

6. How are the data processed (deleted and archived)?

Finanstilsynet‘s case documents are recorded and archived in WebSak Fokus, which is an archive and case processing system from the supplier ACOS. The system follows public standards. The archives manager has day-to-day responsibility for archiving in Finanstilsynet and related procedures. The section heads make sure that the actual case processing is compliant with the procedures. Case documents are registered, filed and stored in WebSak Fokus in accordance with the Archives Act.

Personal data are also stored in Finanstilsynet’s professional systems (Sentralfag and Datavarehuset). Personal data are not stored for longer than necessary. If personal data are not supposed to be stored in accordance with the Archives Act or other legislation, they are deleted.

7. What are the rights of the data subject?

Everyone has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed by Finanstilsynet, cf. Article 15 of the GDPR. As a rule, those registered in Finanstilsynet’s systems are entitled to access their personal data. There are some exceptions to the right of access, cf. Sections 16 and 17 of the Personal Data Act.

The data subjects also have the right to request the rectification, completion or erasure of personal data which are inaccurate or incomplete or which Finanstilsynet is not entitled to process, cf. Articles 16, 17 and 18 of the GDPR.

If you think that our processing of your personal data is not consistent with what we have described here or otherwise violates data protection legislation, you may complain to the Norwegian Data Protection Authority. You can find information about your rights on the Norwegian Data Protection Authority's website.

• More information about your rights

8. How are personal data protected?

Finanstilsynet has established procedures and guidelines to ensure the protection of privacy and compliance with the Personal Data Act/GDPR, and to prevent unauthorised access to registered personal data. Finanstilsynet’s processing of personal data is based on its information security policy. Risk assessments are carried out regularly and when needed.

9. Data protection officer

Finanstilsynet has appointed a data protection officer who has been approved by the Norwegian Data Protection Authority. The data protection officer is:

Rune Grundekjøn
Tel: +47 22 93 98 98
Email: rune.grundekjon@finanstilsynet.no

Requests for right of access should be sent to: innsyn@finanstilsynet.no

Privacy protection at www.finanstilsynet.no

Controller
Finanstilsynet acts as controller for the processing of personal data collected through the use of Finanstilsynet’s website. It is voluntary to provide personal data when using the website. Personal data are processed on the basis of the data subject’s consent.

Use of cookies
Finanstilsynet.no uses cookies. Cookies are small pieces of data stored on the your computer to optimise your user experience. You may decline the storage of cookies at any time, but this may affect functionality.

These cookies are used at finanstilsynet.no:

• ASP.NET_SessionId: Used to identify your session on the server. The session is a site on the server that can be used to store data between HTTP requests.
• _ga and _gat: Used to track the use of the solution and understand users' needs through the Google Analytics statistics tool. We anonymise the user's IP address and send the data encrypted to Google Analytics. It is not possible to identify users based on the statistics.
  
  Read more:
  • Google Analytics’ privacy policy

Cookies used by the news alert solution:

• _RequestVerificationToken: Used to verify that the registration form has not been modified by anyone else or in any other way than intended.
• SAPISID, APISID, CONCENT, HSID, NID, SSID, SID: Used to verify that the user is not a robot (ReCaptcha).

News alerts – data storage
By signing up for news alerts, you agree to Finanstilsynet storing your email address and preferences with our news alert provider Make. This information is used to send you relevant news alerts based on your preferences. You can change your preferences or unsubscribe from the news alerts at any time.

Content sharing
Finanstilsynet.no's content sharing service can be used to share articles from finanstilsynet.no on selected social media. Information about the sharing of content is not logged with us, but is only used there and then to post the tip on the social media platform. However, we cannot guarantee that the social media will not log this information. The use of such services is at your own risk.

How to reject cookies
On Nettvett.no, you can read about how you can set your browser to accept or reject cookies.

See information about this on nettvett.no: How to administer cookies (in Norwegian only)

• Contact information

Privacy protection in Finanstilsynet’s whistleblowing portal

The supplier of Finanstilsynet’s whistleblowing portal uses the ApplicationGatewayAffinity cookie for load balancing of servers.