Vestfold Marine Cargo Survey AS
Privacy Policy — Vestfold Marine Cargo Survey AS
Vestfold Marine Cargo Survey AS

Privacy Policy

This Privacy Policy explains how Vestfold Marine Cargo Survey AS (VMCS-AS) collects, uses, stores, and protects personal data — in compliance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven).

Effective from01.01.2022
Version1.0
Org. No.927 457 881 MVA
Registered officeMuseumsgata 47, 3210 Sandefjord

VMCS-AS is the data controller for the personal data described in this policy. We are committed to handling your personal data lawfully, transparently, and only for the purposes stated below. If you have any questions about how we handle your data, please contact us at [email protected].

1Who We Are

1.1 Vestfold Marine Cargo Survey AS ("VMCS-AS", "we", "us", "our") is a Norwegian limited company providing independent marine, cargo, vessel, damage, and related survey and inspection services across Norway and internationally.

1.2 Our company details:

CompanyVestfold Marine Cargo Survey AS
Org. No.927 457 881 MVA
AddressMuseumsgata 47, 3210 Sandefjord, Norway
Email[email protected]
Phone+47 411 11 604
Websitewww.vmcs-as.com

1.3 For the purposes of GDPR, VMCS-AS is the data controller — meaning we determine why and how your personal data is processed.

2What Personal Data We Collect

2.1 We collect personal data in the following situations:

(a) When you contact us via our website, email, or phone:

  • Name and job title
  • Company name
  • Email address
  • Phone number
  • Country / location
  • The content of your enquiry or message

(b) When you instruct us to perform an Assignment (survey, inspection, or related service):

  • All of the above
  • Billing address and VAT / tax registration details
  • Bank account information for invoice settlement
  • Names and contact details of vessel masters, crew, terminal operators, or other personnel relevant to the Assignment
  • Vessel data (IMO number, flag, owner / charterer details, port of call)
  • Cargo data (type, quantity, origin, destination)
  • Photographic evidence taken during the Assignment, which may include identifiable individuals where unavoidable

(c) When you visit our website:

  • Approximate location (country / city level, derived from IP address)
  • Browser type, device type, and operating system
  • Pages visited, time on page, and basic navigation patterns
  • Referring website (the website you arrived from)

2.2 We do not knowingly collect personal data from individuals under 18 years of age. Our services are directed exclusively at commercial and professional clients.

3Why We Collect This Data and Our Lawful Basis

3.1 Under GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:

ContractProcessing necessary to perform an Assignment for you (Article 6(1)(b) GDPR) — for example, contacting you, attending the survey, producing the Report, and invoicing.
Legal obligationProcessing required by Norwegian law (Article 6(1)(c) GDPR) — for example, retaining accounting records and reports for the legally mandated period.
Legitimate interestProcessing necessary for our legitimate business interests (Article 6(1)(f) GDPR) — for example, responding to enquiries, defending against legal claims, and basic website analytics.
ConsentWhere you have given specific consent (Article 6(1)(a) GDPR) — for example, if we send you marketing communications, which you can withdraw at any time.

4How We Use Your Data

4.1 We use your personal data only for the following purposes:

  • To respond to enquiries and provide quotations
  • To perform Assignments and produce Reports
  • To communicate with you about ongoing or completed work
  • To issue invoices and process payments
  • To maintain our business records as required by Norwegian law
  • To comply with regulatory obligations (Sjøfartsdirektoratet, MARPOL Annex II reporting, etc.)
  • To defend or pursue legal claims, where necessary
  • To improve our website and services through aggregated, non-identifying analytics

4.2 We do not use your personal data for:

  • Selling or renting to third parties
  • Automated decision-making or profiling that produces legal effects on you
  • Marketing communications without your consent
  • Any purpose unrelated to our professional services

5Who We Share Your Data With

5.1 We share personal data only when necessary, and only with the following categories of recipients:

(a) Service providers (data processors) acting on our behalf:

DurableWebsite hosting and management. Contact form submissions, basic visitor analytics. Provider: Durable Inc., USA. GDPR-compliant Data Processing Agreement in place.
FormspreeProcessing of contact and quote form submissions. Provider: Formspree, USA. GDPR-compliant.
Email providerStorage and transmission of email correspondence (Microsoft Outlook / Gmail / equivalent). GDPR-compliant.
Cloud storageStorage of survey reports, photographs, and supporting evidence (Google Drive / Dropbox / OneDrive or equivalent). GDPR-compliant.
AccountingInvoice generation, bookkeeping, and Norwegian tax reporting. Provider varies; all are Norwegian-licensed accounting platforms.
BankingNorwegian bank for invoice settlement and payment processing.

(b) Other parties only when required:

  • Subcontractors or laboratories engaged for specific Assignments (with the Client's awareness)
  • Norwegian authorities (Sjøfartsdirektoratet, Skatteetaten, Datatilsynet, courts) where required by law
  • Insurers, P&I Clubs, or law firms when the Report is used in claims or legal proceedings
  • Professional advisers (lawyers, auditors) when necessary for our business or legal defence

5.2 We do not sell, rent, or trade your personal data to any third party for marketing or commercial gain.

6International Data Transfers

6.1 Some of our service providers (such as Durable, Formspree, and certain cloud platforms) are based outside Norway and the European Economic Area (EEA), including the United States.

6.2 When personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Provider participation in the EU–US Data Privacy Framework where applicable

6.3 You may request a copy of the safeguards in place by contacting us at [email protected].

7How Long We Keep Your Data

7.1 We retain personal data only for as long as necessary for the purposes for which it was collected, and to comply with Norwegian legal obligations.

EnquiriesRetained for up to 12 months if no Assignment results, then deleted.
Survey reportsRetained for a minimum of 7 years from the Assignment date, in accordance with Norwegian commercial record-keeping obligations (bokføringsloven).
Accounting recordsRetained for a minimum of 5 years (primary documents) and 3.5 years (supporting documents) per Norwegian tax law.
Email correspondenceRetained for as long as the business relationship is active, plus 3 years for routine matters or 7 years where the email forms part of an Assignment record.
Website analyticsAggregated, non-identifying data may be retained indefinitely. Identifying data (IP addresses) is deleted within 14 months.

7.2 When the retention period ends, we securely delete or anonymise the data, unless we are required to retain it longer for legal or regulatory reasons.

8Your Rights Under GDPR

8.1 As a data subject, you have the following rights:

Right of Access

You can request a copy of the personal data we hold about you, free of charge.

Right of Rectification

You can request that we correct inaccurate or incomplete data we hold about you.

Right to Erasure ("Right to be Forgotten")

You can request that we delete your personal data, where there is no legal obligation for us to retain it.

Right to Restrict Processing

You can request that we limit how we use your data while a query or correction is being resolved.

Right to Data Portability

You can request that we provide your data in a structured, machine-readable format, or transfer it directly to another service.

Right to Object

You can object to processing based on legitimate interests, including direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.

8.2 To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

8.3 If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.

9Cookies and Website Tracking

9.1 Our website (www.vmcs-as.com) uses a small number of cookies and similar technologies to function correctly and to understand how visitors use the site.

9.2 We use the following types:

  • Strictly necessary cookies — required for the website to function (e.g., remembering your cookie preference). These do not require consent.
  • Analytics cookies — provided by our website platform (Durable) for basic visitor statistics. No personally identifying information is shared with third-party advertisers.

9.3 We do not use advertising cookies, social media tracking pixels, or behavioural advertising trackers.

9.4 You can control cookies through your browser settings. Disabling cookies may affect some website functionality.

10Data Security

10.1 We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it from unauthorised access, alteration, disclosure, or destruction.

10.2 Our security measures include:

  • Encrypted email communication where possible
  • Strong, unique passwords on all systems and accounts
  • Two-factor authentication (2FA) on critical accounts
  • Encrypted cloud storage for survey reports and supporting evidence
  • Restricted access to data on a need-to-know basis
  • Regular software updates and security patches
  • Backup procedures to prevent data loss

10.3 Despite these measures, no system can be guaranteed 100% secure. In the event of a personal data breach affecting your rights and freedoms, we will notify you and the Norwegian Data Protection Authority within the timeframes required by GDPR.

11Children's Privacy

11.1 Our services are directed exclusively at commercial and professional clients. We do not knowingly collect personal data from individuals under the age of 18.

11.2 If we become aware that we have inadvertently collected data from a minor, we will delete it immediately.

12Changes to This Privacy Policy

12.1 We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

12.2 The current version is always published at www.vmcs-as.com/privacy-policy. The "Effective from" date at the top of the policy indicates when the most recent version came into effect.

12.3 Material changes will be communicated to existing clients by email where reasonably practicable.

Contact Us About Your Data

If you have any questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your personal data, please contact us:

📧 [email protected]

📞 +47 411 11 604

📍 Museumsgata 47, 3210 Sandefjord, Norway

For independent oversight, you may also contact the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.

Vestfold Marine Cargo Survey AS

Museumsgata 47, 3210 Sandefjord, Norway · Org. No. 927 457 881 MVA
[email protected] · +47 411 11 604 · www.vmcs-as.com

This website uses cookies