Privacy and GDPR related to the use of electronic logbooks is something we at Zeekit take very seriously, and we know that we have an important responsibility both as a data processor for our customers, but also of course as a data controller for personal data we process about our own. In both cases, there are strict requirements placed on us, requirements that we must always ensure we comply with.
GDPR:
It was decided in the European Parliament and the Council of the European Union that from 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 will apply, including to Norway. This EU regulation is what we commonly refer to as GDPR, an abbreviation for "General Data Protection Regulation". The GDPR regulations are largely similar to the current regulations, Act of 14 April 2000 No. 31 on the processing of personal data (Personal Data Act) and Regulation of 15 December 2000 No. 1265 (Personal Data Regulations), but also have some important regulations that we must take into account. Zeekit has therefore developed its internal control systems to meet the requirements and regulations of the GDPR so that we are in line with the new regulations.
ZEEKIT AS DATA CONTROLLER:
Zeekit is by definition a data controller for data collected from its own personnel (privately owned vehicles) and its own vehicles, as well as data concerning employees and contractors necessary to fulfil its employer's responsibility. This means that the Personal Data Act or GDPR's regulations for data controllers apply to Zeekit for the processing of this type of personal data.
ZEEKIT AS DATA PROCESSOR:
Zeekit is by definition a data processor for data collected from Zeekit's customers. According to the definition of the Norwegian Personal Data Protection Act or GDPR, the customer is the data controller, while Zeekit, which processes data on behalf of the data controller, is the data processor, which shall be regulated through a data processing agreement. For most of Zeekit's customer relationships, the data processing agreement is included in the commercial purchase agreement between Zeekit and the customer.
DATA PROCESSOR AGREEMENT:
Zeekit shall always regulate the processing of data on behalf of its customers through a data processing agreement accepted and signed by both parties. The data processing agreement regulates, among other things, the obligations and rights of both the customer as data controller and Zeekit as data processor. Zeekit has its own template for the data processing agreement, prepared in accordance with the requirements of GDPR Article 28, Section 3.
DATA PROTECTION OFFICER:
Zeekit has chosen to be part of the Norwegian Data Protection Authority's scheme for data protection officers. As previously mentioned, data protection is something Zeekit takes very seriously, and we therefore support the Norwegian Data Protection Authority in their recommendation regarding this scheme. For Zeekit, the following have been appointed and approved as data protection officers:
Malin Hilling
Mobile 915 90 534
Email: malin.helling@zeekit.no
If you have any questions about privacy, please contact our privacy officer directly.