Wellesley Petroleum AS is an independent Norwegian oil & gas exploration and production company.
The privacy notice applies to the use of the individual data gathered through our website, or supplied to us by other methods, and is meant to provide a clear explanation of what individual data we gather and how it is utilised.
We will just hold information about you that is required for specific purposes and will not ask for any extra details which are not needed for those purposes. When we mention processing under GDPR this means anything that is done to or with individual data (including simply collecting, storing or deleting this information).
Much of the individual information we hold will have been provided directly by you, such as when you have sent an enquiry. Other details will have been gathered from your browsing, for example, cookies or an IP address.
Cookies
When you use our website, like other companies, we use small files called cookies in order to make the site work properly and help us personalise your experience when browsing the site. It also offers us the information about the use of our website.
Cookies are actually small text files that are saved by the browser on your computer or a mobile device. They enable websites to store things like user preferences, it is almost like a memory of your browsing so that you can be recognised if you use the website again. Basically, it is making your next visit more intuitive, and the site becomes more useful to you.
The law specifies that we can store cookies on your device or a gadget where they are essential for the operation of the site, for instance, to enable you to use different categories of the website and use its features. For other non-essential ones, we need your permission. You can remove your permission for non-essential cookies at any point. However, disabling these might have an unfavorable effect on how the website works for you.
Where we use non-essential cookies, we do so in order to get helpful knowledge about how the website is used, which pages are browsed and how often, etc. We utilize this information to ensure our website works effectively for our users. We do not utilize these cookies to track or recognise individual users.
Enquiries
Our website makes it possible for users to contact us through an online form. When you contact us, we utilize your details only to respond to your enquiry. We will not share this information with any third parties.
Job applications
When recruiting we can use recruitment firms. When you send your application to them, they will process your individual information on our behalf for recruitment purposes only. We will also use and keep the information you send to us for recruitment related processes only. Recruitment firms may additionally want to maintain and use your individual data for their own purposes. When they do, they are the data controller and as such are obliged to inform you about this data processing directly and where appropriate, seek your consent.
Employees of suppliers & JV partners
In our day-to-day business operations, we need to stay connected with our suppliers and JV partners regularly. So, we utilize contact information sent by our suppliers and JV partners. We only use this information in order to conduct agreed business activities.
In some cases, we need additional information from our suppliers for billing purposes, such as time sheets and invoices. These will contain a limited amount of individual data related to employees or sub-contractors of our suppliers. These details are only used for the purpose of meeting our business and contractual obligation to the suppliers.
Where employees or sub-contractors of our suppliers are offering services offshore, we might need to pass some individual data to third parties who offer local services such as transport to offshore installations. This information might include a percentage of Special Categories of individual data. This information is needed to ensure the safety and well-being of these individuals when taking a trip to and from our offshore installations, and while located on these installations. We will only ask you for this information if it is absolutely vital and only the minimum amount of required information is provided for these purposes.
Also, where employees or sub-contractors of our suppliers are providing services outside of the EU, we might also require passing some individual data to third parties who offer similar local services. This information might also include small portions of Special Categories of individual data. This information is needed to ensure the safety and well-being of these individuals when taking a trip to and from our offshore installations, and while located on these installations. We will only ask you for this information if it is essential, and again, only the minimum amount of required information is passed for these purposes.
Where we have to utilize third parties, we take care to make sure only the necessary information is shared and that the right safeguards are in place to protect your individual information at all times. If you would like more details, please use the Contact Us section.
Business travel
Sometimes we need individuals, such as employees or subcontractors of our suppliers or employment candidates, to undertake business travel on our behalf. Where appropriate we are going to use the services of a travel management company to make the travel arrangements.
To book travel for you, we need to share some of your individual data with our travel management provider. Your name, address, date of birth, next of kin, passport details and visa information might be required for this. We might also need some Special Categories of individual data such as travel vaccination records, or where the traveler may have some special requirements, for example, dietary requirements for health or religious reasons, or require additional support during a trip. Our travel management provider will also have to share part of your individual information with specific service providers, such as airlines, rail companies, hotels and other travel providers.
Very often visa is required when traveling to certain countries. When processing visa applications on your behalf we might need to share some of your information with third parties. This might be our travel management provider, a specialist travel visa provider, consulates or JV partners.
By managing business travel in this way we can be confident that the most efficient and cost-effective travel is purchased, also that all travel meets our health and safety requirements and provide our travelers 24/7 travel support.
When we have to use third parties, we make sure only the most vital information is shared and that the most effective safeguards are in place to protect your individual data. If you would like further information, please use the Contact Us section.
Third party processing
When you use our website, you can be sure that no personal information about you is shared with the third parties.
Only a limited number of third parties are used to support our offshore activities, business travel and shareholder management. These conditions are described in the Employees of Suppliers and JV Partners, Business Travel and Shareholders sections.
As part of our daily business activities we also use the services of secure data-room providers to host and share individual data of both employee and external parties as part of our operations projects. We are also likely to use these services in the future if we are engaged in any mergers or acquisitions activities.
Where we have to use third parties, we make sure we can ensure only the required information is shared, and that the needed safeguards are in place to always protect your individual data. If you need more information, please use the Contact Us section.
Transferring data outside the EU
Individual information provided to us via our website is not transferred outside of the EU.
As an organization, which operates internationally, in limited and necessary cases your information might be transferred outside of the EU.
A limited number of third parties are used to support our offshore operations, business travel and shareholder management. These cases are detailed in the Employees of Suppliers and JV Partners, Business Travel and Shareholders sections. At times these require us to share individual data outside of the EU.
As part of our daily business activities we also use the services of secure data-room providers to host and share individual data of both employee and external parties as part of our operations projects. We are also likely to use these services in the future if we are engaged in any mergers or acquisitions activities. Sometimes these activities require us to share individual data outside of the EU.
When we need to transfer individual data outside of the EU, we only do so when there are corresponding technical and organisational safeguards in place to make sure the security of the data is on the highest level. In addition to that where we have to use third parties, we make sure we can ensure that only the needed information is shared and that the corresponding safeguards are in place to always protect this data. If you would like to receive more information, please use the Contact Us section.
Data retention
We only keep your individual data for the length of time we need for stated processing purposes. When we no longer need it, the information is deleted from our databases.
Security
We use reasonable technical, organisational and administrative measures to protect our website and any individual information we might collect with the help of it. Internet is an unsecure environment, and it is easy to become a victim of computer viruses, malware and adware, so, it’s also important that you take appropriate steps to secure yourself when using the internet, like keeping your device software up to date and having anti-virus software on all devices.
Future processing
If we plan to change how we approach your individual information, such as changing the cookies we use on the website, we will inform you in advance before we make the changes and will publish the newer policy on our website.
Your rights
Under the General Data Protection Regulation (GDPR) you have a number of rights relating to the collection, processing and storing of your individual and personal information. In relation to using our website, including contacting us via the website contact form, or where you provide individual data to us by other means, you have the rights to:
Be informed about specific aspects of our processing of your individual data
- Request access to a copy of your individual and personal data
- Request that any individual and personal data that is inaccurate or incomplete is rectified
- Request to delete your individual data in certain cases (also known as the right to be forgotten)
- Restrict the processing of your individual data in certain cases
- Object to the processing of your individual data in certain cases
In addition, where the processing is being performed on the basis of your consent you have the right to withdraw this consent at any time. This withdrawal will not affect the lawfulness of the processing carried out before consent was withdrawn.
If you believe that we have not complied with the requirements of GDPR in terms of processing your individual data you have the right to submit a complaint to the relevant supervisory authority. In the UK, this is the Information Commissioners’ Office (www.ico.org.uk) and in Norway it is the Data Protection Authority (https://www.datatilsynet.no/en/).
Data protection contracts
Data Privacy Coordinator
GDPR@wellesley.no
Wellesley Petroleum AS
Reidar Berges gate 9
4013 Stavanger