Privacy policy

  1. Purpose
    This Data Protection Policy explains how Nordic Energy Research processes personal data,
    the terms and conditions that apply when we process your information, and your rights
    under the EU General Data Protection Regulation (GDPR).
    Protecting your privacy is important to us. We aim to handle personal data securely,
    transparently, and responsibly so that you feel safe when using our services.
    If you have any questions or comments about this policy, or about how your data is
    processed, please contact us (see contact details below).
  2. Who we are
    Nordic Energy Research is the Nordic institution for joint energy research and researchbased policy development, under the Nordic Council of Ministers.
    As part of our work, we may collect and process certain personal data if you contact us, use
    our website, participate in events, subscribe to our newsletters, or enter into agreements
    with us.
  3. Data Controller and Data Protection Officer (DPO)
    Nordic Energy Research is the data controller for the processing of personal data described
    in this policy.
    Data Protection Officer (DPO):
    – Name: Mikael Heimonen
    – Email: [email protected]
    – Phone: +47 481 28 436
    – Address: Nordic Energy Research, Stensberggata 25, 5th floor, NO-0170 Oslo,
    Norway
    You may contact our DPO with any questions or to exercise your rights under GDPR.
  4. What is personal data?
    Personal data means any information that can identify you as an individual. Examples
    include your name, address, telephone number, email address, image files, and IP address.
  5. How we collect personal data
    We may collect personal data in the following ways:
    – When you use our website.
    – When you download publications.
    – When you subscribe to our newsletters.
    – When you provide information directly to us (by email, phone, etc.).
    – When you enter into a contract with us.
    – When you participate in online meetings or webinars hosted by Nordic Energy
    Research.
  6. Purposes and legal bases for processing
    We collect and process your data for specific purposes and only where we have a legal basis
    under GDPR:
    – Providing services:To follow up on your enquiries, deliver requested services,
    register you for events, or send you newsletters and updates (based on consent or
    contract).
    – Legal obligations: To comply with requirements under accounting and taxation laws
    (e.g. the Norwegian Accounting Act, Bokføringsloven), or other applicable
    legislation.
    – Legitimate interests:To conduct internal statistics, improve our services, and
    maintain communication with stakeholders, provided these interests are not
    overridden by your rights and freedoms.
    – Website functionality:To ensure the website functions properly and to analyse
    usage patterns (cookies, IP addresses).
    We will not use your data for purposes that are incompatible with the original reason for
    collection.
  7. Categories of data processed
    – Necessary data for services – such as name, address, telephone number, email, and
    other identification and contact details.
    – Usage and technical data – such as IP addresses and cookies, used to improve
    services and website functionality.
  8. Retention of data
    We retain personal data only as long as necessary for the purposes for which it was
    collected, unless a longer period is required by law. Specifically:
    – Newsletter subscriptions: retained until you unsubscribe; deleted within 30 days
    thereafter.
    – Event registrations: retained for the duration of the event and up to 12 months
    afterwards for reporting and follow-up.
    – Contracts and financial data: retained for five years in accordance with applicable
    accounting and auditing legislation.
    – Website analytics and cookies: retained for a maximum of 14 months.
    Other personal data collected as part of Nordic Council of Ministers’ activities may be
    archived as part of official records and cannot always be deleted once the case has been
    completed.
  9. Sharing and transfers of data
    We do not share your data with others unless:
    – It is necessary to comply with a legal obligation.
    – You have given your consent.
    – We use trusted data processors within the EU/EEA or in countries that provide
    adequate safeguards.

    When personal data is transferred outside the EU/EEA, we ensure adequate protection in
    line with GDPR – for example, by using the European Commission’s Standard Contractual
    Clauses (SCCs).
    We do not transfer data to countries lacking adequate protection unless such safeguards are
    in place.
    We may also share data to protect or enforce our legal rights, e.g. to prevent fraud or
    criminal activity.
  10. Cookies and tracking
    We use cookies and similar technologies to improve the functionality of our website and to
    analyse visitor traffic. Cookies may store information such as IP addresses, browser type,
    and usage patterns.
    You can choose to disable cookies in your browser settings.
  11. Your rights
    Under GDPR, you have the following rights regarding your personal data:
    – Right of access: to know whether we process your data, including the categories of
    personal data, its source, the purposes of processing, and the retention period. You
    may request a copy of your data.
    – Right to rectification: to correct inaccurate or incomplete data.
    – Right to erasure (“right to be forgotten”): to request deletion of your data when it
    is no longer necessary or lawful for us to keep it.
    – Right to restriction of processing: to request limited use of your data under certain
    circumstances.
    – Right to data portability: to receive your data in a structured, commonly used, and
    machine-readable format.
    – Right to object: to object at any time to processing based on our legitimate interest.
    – Right not to be subject to automated decision-making or profiling: Nordic Energy
    Research does not use personal data for automated decisions or profiling.

    If you wish to exercise these rights, please contact us (see section 3).
  12. Right to lodge a complaint
    If you believe that Nordic Energy Research’s processing of your personal data does not
    comply with applicable data protection laws, you have the right to lodge a complaint with
    your national supervisory authority. In Norway, this is Datatilsynet, www.datatilsynet.no.
  13. Security of processing
    We are committed to protecting your personal data.

    – Organisational measures: Access to data is restricted to employees who require it.
    Staff are trained regularly in correct procedures for handling data.
    – Technical measures: Our systems are protected by up-to-date IT security solutions.
    – Incident response: If a personal data breach occurs that is likely to pose a risk to
    your rights and freedoms, we will notify you without undue delay and report the
    breach to the relevant supervisory authority.
  14. Updates to this policy
    We may update this Data Protection Policy from time to time. The latest version will always
    be available on our website.

Stay updated

Do you want to learn more? Subscribe to our newsletter and follow us on LinkedIn.

Nordic Energy Research

Org. nr.: 984809255

Contact

Visiting address

Stensberggata 27, 5th floor
NO-0170 Oslo, Norway

View Map

Postal address

Stensberggata 25,
NO-0170 Oslo, Norway

Interact with us

LinkedIn

Youtube

An institution under the Nordic Council of Ministers

Privacy Policy

© Nordic Energy Research. All rights reserved.