Privacy Policy

Data Controller

NOS Group AS acts as the Data Controller for all processing of personal data within the NOS Group. All group companies process personal data under NOS Group’s governance and data protection framework, in accordance with this Privacy Policy.

Categories of Personal Data

We may collect and store the following personal data about our customers:

• Name
• Address
• Telephone number
• Email address

Information and documentation related to assignments, orders, or service agreements
If you contact us via our website or social media channels, we may also collect information submitted through those platforms.

Purpose of Processing

• Your personal data is processed in order to:
• Fulfill our contractual obligations to you as a customer
• Provide information, offers, and services related to your assignment
• Comply with legal obligations such as accounting and warranty requirements

Legal Basis for Processing

The processing of personal data such as name, address, telephone number, and email address is necessary for the performance of a contract with you, in accordance with Article 6(1)(b) of the GDPR. Processing necessary for compliance with legal obligations (Article 6(1)(c)) may also occur, for example to meet bookkeeping and warranty obligations.

Collection of Personal Data

We only collect and store personal data that you or our employees provide in connection with your purchase, assignment, or communication with us. Personal data is not collected from third parties without your consent.

Disclosure of Personal Data

We do not sell or disclose your personal data to third parties. However, we may use trusted third-party service providers (data processors) for IT systems, accounting, or administrative support. Such partners process data on our behalf under strict data processing agreements and in compliance with applicable data protection laws. Personal data may also be disclosed if required by law or regulatory authorities.

Data Retention

Personal data collected in connection with your purchase or assignment is stored in our active records for 3.5 years, unless circumstances require longer retention. Data we are legally required to retain under the Norwegian Bookkeeping Act will be stored for up to 5 years, in line with statutory requirements. Personal data is deleted or anonymized when it is no longer necessary for the purposes for which it was collected, unless a longer retention period is required by law.

Your Rights as a Data Subject

Under applicable data protection laws, you have the following rights:

• Right of access to the personal data we hold about you
• Right to rectification of inaccurate or incomplete data
• Right to erasure (“right to be forgotten”)
• Right to restriction or objection to processing in certain circumstances
• Right to data portability

Requests for access, correction, or deletion must be submitted in writing (see contact details below). If you believe our processing of your personal data is in breach of data protection regulations, you may lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

Data Protection Officer

NOS Group AS is not required to appoint a Data Protection Officer, as we do not process large-scale or sensitive personal data as defined by Article 37 of the GDPR. Questions regarding data protection and privacy are handled by the group’s management team.

Information Security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, loss, or destruction. Measures include role-based access controls, secure backups, and encryption of stored and transmitted data.

Questions regarding your personal data, requests for access, correction, or deletion may be submitted in writing to:

Email: post@nosas.no

Mailing address:
NOS Group AS
Forusbeen 226
4313 Sandnes
Norway