Privacy Policy

At Nordic Aqua Partners AS (hereinafter referred to as "the Company"), protecting your personal data and ensuring confidentiality are of utmost importance.

This privacy policy outlines how the Company, a publicly listed entity registered on the Oslo Stock Exchange, processes personal data in relation to its operations in land-based salmon farming.

The Company operates globally, with its headquarters in Norway and an administrative division in the Faroe Islands, while its primary farming activities are carried out through its subsidiary in China.

This policy specifically describes how personal data is handled in the Norwegian and Faroese parts of the Company’s operations. The subsidiary in China operates under its own privacy policy.

 

Data Controller

The Company is responsible for ensuring that your personal data is processed securely and in accordance with applicable data protection regulations.

Contact Information:

Faroe Islands                            

Nordic Aqua Partners AS

Bryggjubakki 4, FO-100 Tórshavn

Faroese VAT No.: 672890

Phone: +298 221222

Email: info@nordicaquapartners.com

Norway

Nordic Aqua Partners AS

C. J. Hambros plass 2c, 0164 Oslo, Norway

Norwegian Business Registration No. 928 958 280

Phone: +298 221222

Email: info@nordicaquapartners.com

For questions about this privacy policy or requests related to personal data, you are welcome to contact the Company directly.

Purpose of Processing and Categories of Personal Data

The Company processes personal data for several purposes related to its operations, as detailed below:

Customer and Supplier Data

The Company collects and processes data about customers, suppliers, and business partners to manage contracts, deliver services, and maintain operational efficiency. The following categories of data may be processed:

  • Identity Information: Name, contact details (email address, phone number, and address).
  • Professional Information: Job title, company affiliation, and business relationship details, including contractual details and terms etc.
  • Financial Information: Bank account details, payment records, and tax-related information.

Employee Data

The Company processes personal data of employees to manage:

  • Recruitment and onboarding.
  • Payroll, benefits, and tax reporting.
  • Workplace health, safety, and compliance.

Employee data may include:

  • Identity information (e.g., name, address, and identification number).
  • Employment history and qualifications.
  • Health data, where relevant for workplace safety and legal compliance.

The Company will always require consent from employees before transferring personal data about employees in Norway and the Faroe Islands to our subsidiary in China. Such transfers are rare and only occur when absolutely necessary.

Community Engagement and Events

The Company may process personal data in connection with site visits, events, or other engagement activities, including:

  • Names, contact details, and dietary preferences (for event planning purposes).

Operational Monitoring and Compliance

The Company collects and processes data to monitor operations, ensure compliance with environmental regulations, and fulfill its legal obligations in the aquaculture sector.

Legal Basis for Processing

The Company processes personal data based on the following grounds:

  • Fulfilling Contracts: Data is processed to meet contractual obligations with customers, suppliers, and employees.
  • Compliance with Legal Obligations: Data is processed to comply with national and international regulatory requirements.
  • Legitimate Business Interests: Processing is carried out to improve operations, maintain safety, and ensure effective communication with stakeholders.
  • Consent: Where necessary, explicit consent will be obtained before processing data for specific purposes (e.g., marketing).

Data Transfers

The Company primarily processes data within Norway and the Faroe Islands and inside the EU/EEA area.

If data needs to be transferred outside the EU/EEA, the transfer will be conducted under appropriate safeguards to ensure the security and integrity of the data.

In connection with guest visits to our subsidiary in China, we will always require your consent to transfer your personal data to our subsidiary in China, enabling them to handle the necessary practical arrangements for the visit.

Recipients of Personal Data

The Company may share personal data with:

  • Service Providers: IT systems providers, auditors, and other professional service providers.
  • Authorities: Regulatory bodies, tax authorities, and law enforcement agencies, as required.
  • Partners: External consultants, financial institutions, or other entities involved in fulfilling contractual obligations.

All third-party recipients are required to process data in accordance with the Company’s instructions and applicable data protection regulations.

Retention and Deletion of Personal Data

The Company retains personal data only as long as necessary to fulfill the purposes outlined above or comply with legal obligations. Retention periods include:

  • Data related to financial transactions is retained until the end of the current year plus 5 years to comply with accounting and tax regulations.
  • Employee data is retained during the period of employment and as a general rule, for 2 years thereafter, unless longer retention is necessary due to, for example, legal obligations, the protection of the Company's legal interests in the event of legal disputes, etc.
  • Data collected during community engagement or events is retained for 2 years unless anonymized or deleted sooner, or unless longer retention is necessary due to, for example, legal obligations, the protection of the Company's legal interests in the event of legal disputes, etc.

Once data is no longer needed, it is securely deleted or anonymized.

Cookies and Website Use

The Company’s website uses cookies to enhance functionality and improve user experience. Cookies may include:

  • Necessary - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Statistics - Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
  • Marketing - Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

You can manage your cookie preferences via your browser settings. Refusing cookies may limit certain website features.

Social Media Engagement

The Company maintains profiles on social media platforms, including LinkedIn and Facebook, to share updates about its operations and engage with the community. When you interact with the Company on social media, your data (e.g., reactions, comments, or shares) may be processed.

The Company and the social media platform provider may act as joint data controllers for certain types of processing. You can read more about joint data controllership, responsibility allocation, processing, etc. with LinkedIn here: https://legal.linkedin.com/pages-joint-controller-addendum and with Facebook here: https://www.facebook.com/legal/terms/page_controller_addendum

Information on social media is usually deleted when the Company deletes a post, or when you delete your comment, share, reaction, or stop "liking" or following the Company on social media.

Your Rights

As an individual, you have specific rights concerning your personal data, and the Company is committed to ensuring these rights are respected. Below is a detailed description of your rights and how to exercise them:

Right of Access

You have the right to request access to the personal data the Company processes about you. This includes information on:

  • The categories of personal data being processed.
  • The purposes for which your personal data is processed.
  • The recipients or categories of recipients to whom your data has been or will be disclosed, including any recipients in third countries.
  • The expected period your data will be stored, or the criteria used to determine this period.
  • You may also request a copy of the personal data the Company holds about you.

Right to Rectification

If any of the information the Company processes about you is inaccurate or incomplete, you have the right to request corrections or updates. This ensures that the data the Company holds is accurate and current.

Right to Erasure (Right to be Forgotten)

You can request that the Company deletes your personal data under the following circumstances:

  • The data is no longer necessary for the purposes for which it was collected or processed.
  • You withdraw your consent, and there is no other legal basis for processing.
  • You object to the processing, and there are no overriding legitimate grounds for continuing the processing.
  • The personal data has been unlawfully processed.
  • The personal data must be erased to comply with a legal obligation.

Please note that the Company may not always be able to comply with a request for erasure if there is a legal basis or obligation to retain the data, such as compliance with accounting or regulatory requirements.

Right to Restriction of Processing

You can request that the Company restricts the processing of your personal data in the following cases:

  • You contest the accuracy of the personal data. Processing will be restricted until the accuracy is verified.
  • The processing is unlawful, but you oppose erasure and request restriction instead.
  • The Company no longer needs the data for processing purposes, but you need it to establish, exercise, or defend legal claims.
  • You have objected to processing, and verification is pending regarding whether the Company’s legitimate grounds override your rights.

When processing is restricted, your personal data will only be stored and not processed further, unless you provide consent or the processing is necessary for legal claims or public interest.

Right to Data Portability

Where processing is based on your consent or the performance of a contract, and where processing is carried out by automated means, you have the right to:

  • Receive your personal data in a structured, commonly used, and machine-readable format.
  • Request that the Company transmits your data directly to another data controller, where technically feasible.

This right is intended to make it easier for you to transfer your data between service providers.

Right to Object

You have the right to object to the processing of your personal data when the processing is based on the Company’s legitimate interests. This includes:

  • Objecting to direct marketing, including profiling related to such marketing.
  • Objecting to processing for research or statistical purposes, unless the processing is necessary for public interest.

If you object, the Company will cease processing your personal data unless it can demonstrate compelling legitimate grounds that override your rights and interests or if the processing is necessary for legal claims.

Right to Withdraw Consent

If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. You can do this by contacting the Company using the contact information provided in this policy. Once consent is withdrawn, the Company will stop processing your data unless there is another legal basis to do so.

Please note that withdrawing consent does not affect the lawfulness of processing carried out prior to the withdrawal.

How to Exercise Your Rights

To exercise your rights, contact the Company at info@nordicaquapartners.com or via the contact information provided in this privacy policy. When submitting a request, please provide sufficient information to enable the Company to identify you, such as:

  • Your full name.
  • Contact details (e.g., email address or phone number).
  • A description of the right you wish to exercise and any relevant context.

The Company will respond to your request without undue delay and no later than one month after receiving it. In complex cases, the response time may be extended by an additional two months, but you will be informed of this extension and the reasons for it.

Right to Lodge a Complaint

If you disagree with how the Company processes your personal data or handles your requests, you have the right to lodge a complaint with the relevant supervisory authority:

Norwegian Data Protection Authority (Datatilsynet):        

Postboks 458 Sentrum, 0105 Oslo                                 

Email: postkasse@datatilsynet.no                                  

Phone: (+47) 22 39 69 00                                            

Faroese Data Protection Authority (Dátueftirlitið):

Heiðavegur 25, FO-600 Saltangará

Email: dat@dat.fo

Phone: (+298) 309100

The Company encourages you to contact it first to resolve any issues or concerns you may have.

 

Security Measures

The Company takes appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, and misuse. Measures are regularly reviewed and updated to ensure data security.

Changes to the Privacy Policy

This privacy policy is reviewed regularly to reflect changes in operations, legal requirements, or industry best practices. Updates will be communicated on the Company’s website or other appropriate channels.

Effective Date: January 7th, 2025

Last Updated: January 7th, 2025

For further information, contact info@nordicaquapartners.com with "Privacy Policy Inquiry" in the subject line.