2.Purposes

Personal information is used for customer and course administration, billing, and marketing, and for OComp to deliver the products and services customers have ordered, to the extent and to the extent that we have a legal basis for processing. To ensure your certificates and competencies are up to date, we will use your personal information to remind you to renew your previous courses or participate in others if regulations change. You will be able to opt-out of this service by contacting the OComp customer center.

Personal information collected from contact forms is used to process you as a customer, collaborator, or stakeholder. We need this information to maintain contact, identify your needs, and schedule meetings and any offers.

We use your email to send emails and newsletters to our customers, utilizing the HubSpot service for this, where we can see if you have opened the email and clicked on links. This is useful for determining which content is of interest to our followers. In all our newsletters, we include a link for unsubscribing. Additionally, HubSpot stores cookies in your browser that identify you to link information about your activities on our website to your profile.

You can withdraw your consent to receive emails at any time by clicking "Unsubscribe" at the bottom of an email you have received from OComp. Consent for tracking using cookies on our website is given through the cookie information displayed on your first visit, and it can be changed on our cookie information page.

In addition, we use information on how visitors navigate our websites to measure interest in various course and product areas and generally improve the websites.

3. Legal Basis for Processing

OComp processes personal information primarily based on the following legal bases:

• Contract: We process contact information, billing information, and other information necessary to enter into and fulfill contracts with course participants who contract directly with us. For course participants who have entered into an agreement to create a My User profile, we process course history to fulfill our obligations to course participants in accordance with the terms of use.
• Legitimate interests: We process contact information about contacts at our customers (employers) because it is necessary for purposes related to OComp's legitimate interests, which are to establish and manage customer relationships. This includes processing course participants' email addresses to provide access to our e-learning portal. We may also send newsletters or marketing communications to contacts at our customers and to course participants who use the My User profile, regarding, for example, new courses or the need to renew previously completed courses. The basis for this is our legitimate interest in following up on existing customer relationships. We also store course history, course certificates, and contact information (name, date of birth, and mobile phone number) because it is necessary for purposes related to legitimate interests in issuing new course certificates (in case of loss), verifying course information when necessary (and verifying the course participant's identity), and assessing any qualification requirements to take courses (e.g., in cases where it is a requirement to have passed other courses).
• Consent: If the course requires good physical health and a self-declaration for health, we will process this health information based on the course participant's consent.
• Legal obligation: We process personal information to fulfill our legal obligations. For example, we store accounting material subject to retention for five years after the end of the fiscal year because we are required to do so under the Accounting Act.

4.Types of Personal Information

OComp AS collects the following personal information about our customers: Personal details (name, company, position, date of birth), contact information (address, mobile/telephone number, and email address), self-declarations about health for courses that require good physical health, information about course purchases and payments, status of enrolled courses, course history (course certificates), and communication with the customer.

5.Where OComp Collects Data From

OComp AS collects information about our users through our websites - course registration for individuals, our booking system (via direct access or through integration with the customer's personnel system), our course events, or directly through contact with the customer and/or course participant. In connection with customer surveys, which are primarily conducted in pseudonymized form, personal information such as name, contact information, and position may be collected if voluntarily provided. The information is then used for analytical purposes and to provide any offers.

6. Use of the Internet

Bruk av Internett og IP-adresser

Use of the Internet and IP Addresses

Internet users leave electronic traces showing which pages they have visited. On OComp's websites, the server automatically logs visitors' IP addresses. An IP address is a unique number automatically assigned to the device by the Internet service provider when using the Internet.

Cookies and Web Analytics

To create a user-friendly website, we examine the usage patterns of those who use our websites using the Google Analytics analysis tool.

Google Analytics uses cookies (small text files that the website stores on the user's computer), which record users' IP addresses and information about the user's movements online. We look at how many people visit various pages, how long the visit lasts, which websites users come from, and which browsers are used. The information collected through Google Analytics is subject to Google's privacy policies.

Cookies are also used in the Booking System to maintain logged-in sessions.

Internet users can set their browser preferences to reject all cookies, but this may delay or prevent access to parts of the websites. For more information on how to do this, see here.

Secure Data Transfer

Traffic on the website is encrypted using SSL (Secure Socket Layer) to secure personal information during course booking and payment.

7. Exchange of Information with Third Parties

OComp is responsible for the processing of your personal information and ensuring that the personal information we process is not misused or disclosed.

We may share necessary personal information with our approved training centers that work as subcontractors for us or to whom we refer courses. When we do this, through our own agreement, we ensure that your personal information is not used for purposes other than delivering the service agreed with us. We do not sell, and will not sell, your data to third parties. Your personal information is stored on servers within the EU/EEA.

OComp uses several third-party providers to perform services such as course delivery, website administration and hosting, e-commerce, credit card processing, and email communication.

We may share your course certificate with public authorities as needed. This particularly applies to the Norwegian Maritime Authority, the Petroleum Safety Authority Norway, the Norwegian Labour Inspection Authority, and the Norwegian Coastal Administration. In addition, there may be a need to share your personal information with public authorities during port state controls or other inspections of maritime vessels and crew. In such cases, we do not share your information directly with the public authority but with the shipping company or employer you are employed by. Our sharing of personal information is based on our legitimate interest in providing such information when requested by the course participant or when we have a legal obligation to provide such information to public authorities. We only share personal information that is necessary.

8. Data Protection

We are committed to protecting your personal information. We have implemented necessary physical, technical, and administrative measures to secure and protect your personal information.

9. Data Retention

Personal information is deleted when it is no longer necessary for the purpose for which it was collected or processed. To help course participants keep track of course history, verify course participation, and issue new course certificates, we store contact information (name, date of birth, and mobile phone number) and course certificates as described below.

The retention period for personal information related to courses depends on the following:

• For course participants using the MyComp portal, personal information is stored until the course participant deletes the portal account.
• For course participants who do not use the MyComp portal, course participant's personal information is stored as long as it is necessary so that OComp can issue new course certificates in case of loss, verify course information when necessary, and assist the course participant in assessing any qualification requirements to take courses.

Note that course participants can request at any time that we delete information about course participation, including course certificates.

As mentioned above, we store accounting material subject to retention for five years after the end of the fiscal year because we are required to do so under the Accounting Act.

10. Changes to the Privacy Statement

OComp may change or update this statement as necessary to reflect feedback from customers and changes in our products and services. We therefore ask you to read it regularly (see the date under "Last updated" at the top of the statement).

11. Contact Information

If you have any questions regarding how OComp processes personal information, you can contact our customer center.

Visiting address: Gravdalsveien 262, 5165 Laksevåg

Phone number: +47 95 02 26 22

Email: booking@ocomp.co

Organization number: 984 058 330