Privacy Policy

Our BCR is sent in for approval by the Norwegian data protection authority (Datatilsynet) and is currently under review. This version of the BCR shall be considered a draft version (subject to changes) until it is approved by the authorities. The BCR were published on the 25th of May 2018 to fulfil our legal obligation (General Data Protection Regulation) on informing individuals subject to our personal data processing activities and is the Wallenius Wilhelmsen group’s internal global privacy policy. Any individuals’ rights and our obligations due to the General Data Protection Regulation is valid regardless of the BCR application process.

The term “processing” means handling of personal data. For example collecting, storing, sending or in other ways using it. The BCR imposes strict rules regarding any processing of personal data. The main rule is that the processing need to have a legitimate purpose, never be excessive and always be necessary. If personal data is collected, the individual will need to be made aware. The Wallenius Wilhelmsen group will only process sensitive personal data if it’s absolutely necessary.

Below we provide a short brief of which group of individuals we regularly process personal data about.

Through our BCR we commit to follow the data protection principles not only in Europe, but also in other countries where we operate. The legal term ‘data subject’ is used throughout the BCR, which means a person which data is processed by the Wallenius Wilhelmsen group. A data subject may exercise his or her personal rights according to the BCR or GDPR depending on where his or her data is processed. You have several rights according to the GDPR, and the BCR (section 7,8) describes this in a more easily understandable language. You have several rights, directly or indirectly, including (but not limited to):

• Remedies for breaches of the data protection principles.
• Remedies for breaches of legal basis for processing.
• Right to access and information regarding what we process about you.
• Right to restriction and objection of further processing.
• Right to rectification and erasure.
• Right not to be subject to decisions based solely on automated processing, including profiling.
• Right to complain through our internal complaints mechanism.

If you want to exercise your personal rights regarding data privacy, please read the relevant BCR sections and ensure that you prove that you are you. If you do not prove your identity, we cannot give any information regarding your personal data.