Privacy statement for Aker ASA

Privacy statement for Aker ASA

This privacy statement represents the privacy policy applicable to Aker ASA and any legal entity directly or indirectly owned by more than 50% of Aker ASA (hereinafter referred to as “Aker”, “we” or “us”), unless such legal entity has its own privacy statement. This privacy statement also applies to akerasa.com.

When you are in contact with us it may be necessary for us to process personal data about you. We care about your privacy and take this seriously. We have therefore prepared this privacy statement to provide you with information on how we process your personal data and your privacy rights.

1. Who is the controller?

Aker ASA is the controller and therefore responsible for the personal data that is processed when you are in contact with Aker ASA. Similarly, each Aker legal entity is responsible for the personal data that is processed when you are in contact with such Aker legal entity.

Our contact information:

Business registration no.: 886 581 432
Address: Oksenøyveien 10, 1366 Lysaker, Norway
E-mail: gdpr-privacy@akerasa.com
Telephone: 24 13 01 00

Aker ASA is an investment company but still consists of multiple business areas. Each of these business areas may have websites and services that necessitate further specification beyond that which emerges in this privacy statement. In such cases, specific privacy statements will come in addition to this privacy statement. Where this is relevant, you will be informed.

Aker ASA have a separate privacy statement regarding handling of personal data for employees in Aker ASA.

2. Our processing of personal data

Which personal data we collect, the purpose, and the legal basis for such processing depend on our relationship to you and your contact with us. An overview of our processing in the various situations is found below.

We do not undertake profiling or fully automated processing of your personal data.

2.1 If you contact us

When you contact us, for example in relation to media, through our website or in other ways, we will process personal data about you.

The personal data we collect will typically be contact information such as name, email address and other information you share with us, and which is necessary to collect to respond to your inquiry.

Our legitimate interest is the basis for this processing. The legitimate interest is our need to be able to respond to your inquiry.

2.2 Our business activity

It may be necessary for us to process personal data about you if you are employed with one of our partners, suppliers, or customers, or if we are contacted regarding our investment activity or financing.

The personal data we process in this context will most often be contact information such as your name, email address and telephone number, as well as information about your employer and your position. Furthermore, we will process other information which you provide to us, or which emerges from our contact with you, to the this is necessary for the specific process.

The basis for this processing is our legitimate interest in being able to perform tasks linked to our business activity, including for example enabling a cooperation with your employer.

2.3 Legal obligations

We are required by law to process personal data in certain cases, for instance to document compliance with obligations within tax, accounting or legal processes. In this connection, it may be necessary to process personal data about you. This could, for example, be necessary if your name is listed on an invoice or contract subject to retention obligations.

The legal basis for such processing is the legal obligation to which we are subject.

The information will be deleted when the purpose of the processing is fulfilled, such as for example where the reporting obligation is fulfilled, or we are no longer required to retain the information.

2.4 Due diligence

In connection with our business activity, we may perform a due diligence process (company review) of other companies (business partners). This work will include obtaining personal statements, non-disclosure agreements and background checks and security assessments of employees in the relevant company.

In connection with the due diligence process we may also process personal data such as name, gender, position, and information available to the public which we consider necessary for the completion of the due diligence process.

The legal basis for our processing of personal data in a due diligence process is our legitimate interest in verifying our business partners and maintaining the necessary levels of quality and security in our processes, services, deliveries, and premises.

If the necessary processing is of such a character that it cannot be warranted by our legitimate interest, we will obtain your consent.

2.5 In connection with job applications

When you apply for a job with us, we will collect the personal data that you share with us. This is normally name, contact information, competence, experience, and photo. During the recruitment process we will also collect information about what country you live in, work- and residence permit, information about salary and the references you provide to us, including the information they share with us.

The purpose of the processing is to assess whether to offer you employment with us. Our basis for processing personal data about you is that this is necessary for us to enter into a potential agreement with you concerning a permanent or temporary employment.

As regards candidates who are not hired, the CV and application will be deleted when a person is employed in the position for which you applied, and at latest within three months. If we wish to retain your CV and application, we will specifically request your consent for this, and these documents will then be stored in our internal systems for assessment in relation to other relevant positions that may be of interest later. Your personal data will be stored for up to 3 years if you want your application to be available in our system.

2.6 Whistleblowing service

If you use our integrity channel on www.akerasa.com to report issues of concern in conflict with our core values, we will process the personal data you disclose in the report. You can state your name, email address and telephone number. The personal data you disclose will only be used to process the report.

Our basis for processing personal data you choose to disclose in the report is our legitimate interest in responding to the inquiry and investigating the reported circumstances. This also applies to personal data concerning potential other persons that is disclosed in the report. We are also under a legal obligation to ensure that matters which falls within the scope of the working environment act chapter 2 A on whistleblowing is adequately investigated within a reasonable time,

You can choose to remain anonymous when reporting the concern. Please note that potential investigations and follow-up activities will be easier to implement and will most likely be more successful if you disclose your identity.

You can also choose to remain anonymous vis-à-vis Aker ASA, and only disclose your identity to our independent third party, KPMG. In such cases, KPMG will be the party responsible for processing the personal data you choose to disclose.

The personal data you disclose by utilising our reporting service will be deleted when processing of the report case is completed, or the personal data will be deleted continuously when no longer necessary to process the report. The result from the processing of the report will not be deleted.

2.7 When you register to receive our newsletter and stock exchange notices

When you register to receive our newsletters and stock exchange notices, we will register your email address so that we can send you the information you wish to subscribe for.

The purpose of this process is so that we can send you the newsletters and stock exchange notices, or other information you have requested/signed up to receive. The basis for this processing is the consent you give when you sign up to receive the newsletters.

You can revoke your consent at any time by following the procedure described at the bottom of all our newsletters. When you revoke your consent, we will remove you from the list of recipients.

2.8 When you participate in our events

If you sign up for any of our events, we can register personal data such as your name, contact information and, if you so desire, preferences related to implementation, food and beverage, travel, and accommodation.

The basis for processing this information is your consent. will request your consent for this.

The information will be deleted after the event is completed unless we have some other legal basis for retaining the information longer.

3. Sharing personal data

3.1 Data processors

Your personal data will be available for those of our suppliers who process personal data on our behalf. To safeguard your rights, we have entered into data protection agreements with these suppliers that amongst others entails that your personal data cannot be used for any other purpose. Our suppliers have a corresponding duty to enter into data processing agreements with their suppliers that imposes the same obligations as imposed on our suppliers. Some of our suppliers are located in countries outside the EU/EEA. This means that personal data may be transferred to a country with regulations that do not provide the same degree of protection of personal data as the rules in Norway. To ensure your privacy, such transfers will take place in accordance with the prevailing data protection legislation, for example via conclusion of EU’s standard agreement (Standard Contractual Clauses for International Transfers) with the supplier.

3.2 Other third parties

We do not pass on your personal data to others unless there is a lawful basis for such disclosure of data. Examples of such a basis will typically be your consent or a legal basis that gives us the right to, or obligates us, to disclose the information.

Disclosure of personal data may entail that your personal data is transferred to third parties located in countries outside the EU/EEA. To ensure your privacy, such transfers will take place in accordance with the applicable data protection legislation.

3.3 Other Aker companies

We cooperate with other Aker companies, and it may be necessary to share personal data with these companies from time to time. This could be necessary to respond to your inquiry, because we cooperate to deliver a service, or because we share IT systems.

In cases where the other Aker company acts as our data processor, we will process your personal data as described above under “data processors”, and where other Aker companies act as the party responsible for processing, the item under “other third parties” will be followed.

3.4 Cookies

We do not use any cookies to collect / store information about visits to this website (www.akerasa.com)


4. Securing our IT services and solutions

Aker’s IT services are based on a hybrid solution with both on-premises technology and cloud solutions. Our IT services and information is secured through a zero-trust security model

4.1 Deleting personal data

We delete personal data when it is no longer necessary to store this data to fulfil the purpose for which the personal data was collected. We determine the storage time based on an assessment of the purpose of the processing, statutory storage obligations, the risk for future claims, statute of limitations and business needs.

If the processing is based on your consent, we will delete the personal data if you revoke your consent, unless there is some other valid basis for continuing to process the personal data.

5. Your rights

With certain reservations, you have the right to demand access, correction, or deletion of the personal data we process concerning you. You also have the right to demand restricted processing, lodge an objection against the processing and the right to demand data portability if certain conditions are fulfilled.

If our basis for processing rests on your consent, consent is voluntary, and you can revoke such consent at any time.

You can read more about what your rights entail and when they apply, see the (Norwegian) Data Protection Authority’s website: www.datatilsynet.no.

Note that demands for deletion of data may be restricted due to our statutory obligations, for example because of the Accounting Act and the Bookkeeping Act, or if this can come at the expense of other persons’ rights to privacy.

If you wish to assert one or more of your rights, contact us as described below under “contact information”.

5.1 Appeal concerning processing of information

If you believe that we are processing information unlawfully, you have the right to appeal to the Data Protection Authority. See www.datatilsynet.no. We hope that you will contact us first, so that we can assess your objections and clear up any misunderstandings.

6. Contact information

If you have any questions or comments, or if you wish to exercise your rights or complain regarding how we process your information, you may contact us by sending an e-mail to gdpr-privacy@akerasa.com.

7. Changes in the privacy statement

We may update the privacy statement from time to time if, for example, we change our guidelines, or in connection with changes in legislation. You can always find the latest version of our privacy statement on our website, www.akerasa.com.

Last updated: 28 June 2023