MHWirth Privacy Notification

1  Introduction

This privacy notification is meant to help you understand how we protect personal data collected from you. We explain below what information we collect, why we collect it, and how you can request your data is updated, request a copy of your data, or request your data is deleted.

MHWirth is a 100% owned subsidiary of Akastor ASA, and has implemented a set of legally binding rules which provide principles for processing of personal data throughout the Akastor group of companies. As such, MHWirth has implemented data protection procedures which set out how MHWirth shall operate in order to comply with such binding corporate rules (“BCR”).

2  What Personal Data We Collect

We collect data from our employees, suppliers, and customers. As both our suppliers and customers are companies, we generally only collect contact information from their employees (e.g. name, address, email address, phone number, picture etc.). We also collect competency related information when this is needed.

Most of the personal data collected belongs to our employees, and we collect the following as part of our employer-employee contractual relationship:

  • General contact information: (e.g. name, address, email address, phone number, etc.)
  • Sensitive information:
    • Information regarding union membership
    • Records of sick leave and coverage of sick leave costs from authorities, absences, maternity leave and other paid leave of absence
    • Other employee data for statistical purposes: (e.g. gender, nationality, age)
    • In some jurisdictions, we also collect criminal records before hiring as part of the standard recruitment process
  • Other information:
    • Key information necessary for the employment management, e.g. employee number, salary information, CV, picture, date of birth, education level, performance reviews, recruitment information, bank account number, details of next of kin, national identity number, etc.)
    • Health related information for employees working offshore (regulatory requirement)
    • Registration of hours worked, holiday, overtime
    • Records of compulsory training, e-learning, and safety certificates
    • Employment history within Akastor: e.g. start date, company and corporate seniority, job grade, position, organizational unit (department), immediate superior, contract details, employee type, job location, leaving date, performance reviews, retirement time etc.
  • IT-related information (IP address, electronic logs regarding person’s use of IT-resources, user profile/account information/emails etc.)

3  How We Collect Personal Data

We collect personal data from our employees in the hiring process. Although much of the information is available in the CVs and resumes received during the recruitment process, the actual data entered into our systems comes from internal forms filled out by new employees, and the information is updated by information from the employees as an on-going process during the employment period.

Personal data from customers and suppliers is collected directly from the customer and supplier as part of the qualification process and establishment of the contractual relationship. Contact information is updated continuously, and deleted when no longer relevant. Competency related information is collected mainly from suppliers by email for specific project related activities, and is stored with the project documentation in a restricted area where limited personnel has access.

4  Why We Collect Personal Data

We collect and process personal data mainly as part of a contractual relationship with an employee, supplier, or customer. We process more personal data belonging to employees, as the contractual relationship and obligations are more complex than it is with a supplier or customer. For instance, as part of our employer-employee relationship, we require a various personal data for daily operations, as well as to process payroll and meet our other obligations related to each employee. We mainly use personal data in form of contact information from suppliers and customers to allow direct and efficient communication, but also to receive feedback regarding our services and how to improve them.

We also process data as part of regulatory requirements, or to mitigate the risk of breaching regulatory requirements. For instance, we are required to verify that employees are eligible to work in the country in question.

In some cases, we process data due to a legitimate interest, which could include keeping your information on file even after you have left the company or after the project has been completed. This could be due to a need to document a process, or it could be due to personal data being a part of permanent documentation that we cannot change (such as signatures on drawings and other equipment documentation).

We do not share your personal data with third parties, with the following exceptions:

  • For external processing by service providers assisting us with typical shared services that are outsourced rather than managing it internally
  • For legal reasons to meet regulatory requirement, a legal process, an enforceable governmental request, or to detect, prevent, or otherwise address fraud or other illegal activities

5  How to Request an Update of or Delete Your Personal Data

If your personal data has changed, you should alert us as soon as possible so we can make the changes needed to ensure your personal data is current. If you are an employee, you can access your personal data in SAP at any time to check what personal data we have in your personal file, and you can contact your local HR representative if any of the information is incorrect. Some of the personal data of employees is necessary to keep on file even after the employee leaves. The employment agreement is an example of this. You can request that any other information is deleted, and you can request to be provided a copy of your personal data in your personnel file, if your employment agreement is terminated by you or MHWirth. If you are a customer or supplier, you can reach out to your MHWirth contact person to receive a copy of the information we have on file for you, and you can submit a request for change or removal of your personal data to that same person.

6  How We Protect Your Information

All departments and locations in MHWirth have participated in a mapping exercise to identify all use of personal data in our company. As part of the mapping exercise, we have:

  • Updated our internal processes involving personal data and implemented a more rigorous data protection framework, which is followed up as part of our quality management system
  • Centralized storage of personal data to restrict access to personal data other than contact information
  • Instructed all employees to remove personal data other than contact information from their email accounts and personal storage areas
  • Instructed all employees acting as the closest contact person to a customer or a supplier to evaluate whether there is any transfer of personal data between MHWirth and the third party, and if so, put in place a data processing or data transfer agreement to ensure the third party has implemented adequate security measures and appropriate processes for handling of personal data.
  • Implemented encryption and password protection when transferring personal data other than contact information

7  How to Contact Us with Questions or Concerns

If you have questions regarding our handling of your personal data, you should contact the local HR department if you are an employee, and your MHWirth contact person if you are a supplier or customer.

If you have concerns regarding our handling of your personal data, you can contact:

Bård Olsen
Vice President Global Compliance
Mob: +47 41 04 19 73