Privacy Policy

Privacy Policy - Stiftelsen Det Norske Veritas

Last updated: 3 March 2026

The website https://www.detnorskeveritas.com is owned by the Norwegian Stiftelsen Det Norske Veritas (Veritasveien 1, 1363 Høvik, Norway, organisation number 911 177 781).

Stiftelsen Det Norske Veritas (hereafter “the Foundation”) is committed to protecting the privacy and security of your personal data in accordance with applicable data protection law, including the EU General Data Protection Regulation (“GDPR”).

This Privacy Policy describes what personal data the Foundation collects, when and why we collect it, how we use it for specific purposes, and what rights you have regarding your personal data.

  1. Controller and contact person

Stiftelsen Det Norske Veritas is the data controller, meaning we are responsible for the collection and processing of your personal data.

For any questions or concerns, please contact:

Stiftelsen Det Norske Veritas
Veritasveien 1
P.O. Box 300
1322 Høvik, Norway
Dataprotection@dnv.com

You can also reach our Global Data Protection Officer under dataprotection@dnv.com

  1. What is processing of personal data?

Personal data refers to any information that can identify an individual, either directly (such as name or ID number) or indirectly (such as location, online identifiers, or other details specific to that person), in particular by reference to an identifier such as a name, and identification number, location data, an online identifier or to one or more factors specific to that individual.  

Anonymous data falls outside the scope of personal data because it cannot be used to identify an individual, either directly or indirectly 

Processing means any operation or a set of operations which is performed on personal data. This includes among others collection, recording, organisation, storage, adaption, alteration, retrieval, use or disclosure by transmission.

  1. How and why we use your personal data

    • Website

When you visit our website for informational purposes we will automatically collect and store certain technical data. This includes information such as your IP address, device type, browser, date and time of access, and the pages you visit. This is to provide an effective online service and improve website functionality.

The legal basis for the processing is Art. 6(1)(f) GDPR. We pursue legitimate interests in ensuring the efficient operation and continuous improvement of our web services. 

  • Handling enquiries and communications

For the purpose of handling enquiries and maintaining communication with you, we process the personal data you actively provide when contacting the Foundation. This typically includes your name, email address, company affiliation, country/region, and the content of your enquiry. You may also choose to provide additional information, such as your job title, telephone number, or areas of interest. Depending on the nature of your request, we may ask you to submit further personal data in order to provide appropriate assistance and respond adequately to your enquiry.

The legal basis for this processing is our legitimate interests in ensuring effective communication (Article 6(1)(f) GDPR).

  • Managing subscriptions and research funding updates

We may send you information and updates about research funding opportunities and related Foundation activities in the forms of newsletters. For this purpose, we will process your email address.

In some cases, the Foundation may receive personal data from third party sources, such as event organisers, conference partners, or similar stakeholders, for the purpose of providing information about research funding opportunities or related activities to you. Such personal data may include your name, contact details, and organisational affiliation.

The legal basis for processing personal data for direct marketing is consent (Article 6 (1)(a) GDPR).

You may withdraw your consent or object to the use of personal data for direct marketing at any time by using the unsubscribe link in our newsletter. Where processing is based on consent, please note that the withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal. We delete your personal data used for direct marketing once you withdraw you consent or object to such use.

  1. How long do we store your data

Unless specific retention periods are set out elsewhere in this policy, we retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Where applicable, we may retain personal data for a longer period in order to comply with legal obligations.

The retention period is determined based on the nature of the personal data, the purpose of the processing, and applicable legal and regulatory requirements.

  1. Recipients and transfers outside the EU/EEA

We may share your personal data with:

  • DNV Group AS and group companies
  • providers of technical, administrative, or operational support, including IT systems, platforms and tools used for subscriptions, applications, evaluations, and related administration;
  • service providers supporting website operation, application handling, and grant administration; and
  • external experts, reviewers, or advisors involved in the evaluation of grant applications.

Where such parties process personal data on behalf of the Foundation, they act as data processors under contractual obligations to process personal data only in accordance with the Foundation’s instructions and applicable data protection law. Data Processing Agreements are in place where required.

Subject to local legislation, the Foundation may be legally obliged to disclose personal data to government authorities and law enforcement agencies. The Foundation does not share, sell, transfer or otherwise disclose personal data to others unless we are legally obliged to do so.

If the recipient of your personal data is outside of the EEA, we will ensure that the transfer is subject to adequate safeguards in accordance with Chapter V of the GDPR. These safeguards include either an Adequacy Decision issued by the European Commission or the use of EU Standard Contractual Clauses (“EU SCCs”).

  1. Your rights

With regard to your personal data processed by us, you have certain rights by law. Please note that these rights are not all absolute and may be subject to certain conditions. You have the right to (contact person): 

  • Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it (Art. 15 GDPR)
  • Request correction of the personal data we hold about you to fix any incomplete or inaccurate information (Art. 16 GDPR).
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data (unless we are legally justified or obliged to retain the personal data). You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below) (Art. 17 GDPR).
  • Object to processing of your personal data where we are relying on legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground (Art. 21 GDPR).
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (Art. 18 GPDR).
  • Receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent or on a contract, and the processing is carried out by automated means pursuant to the GDPR. You also have the right to transmit this data directly to another controller, where technically feasible.
  • Withdrawing your consent at any time when processing of personal data is based on your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Lodge a complaint with the competent supervisory authority and to take legal action against any potential breach of your rights regarding the processing of your personal data.

  1. Changes to this privacy policy

We may update this privacy policy from time to time. The latest version will always be available on our website and will take effect upon publication.