All Sites Norwegian search
search language button
Equinor logo
  • What we do
    • What we do
    • Autumn conference 2020
    • Exploration
    • Fields and platforms
    • Terminals and refineries
    • Crude oil assays
    • Natural gas
    • REMIT
    • Shipping
    • Renewables
    • Offshore wind
    • Solar energy
    • Low carbon solutions
    • Hydrogen
    • H2H Saltend
    • Equinor Ventures
  • Where we are
    • Where we are
    • Algeria
    • Angola
    • Argentina
    • Australia
    • Azerbaijan
    • Bahamas
    • Belgium
    • Brazil
    • Canada
    • China
    • Denmark
    • EU — European Union
    • Germany
    • India
    • Ireland
    • Japan
    • Libya
    • Mexico
    • The Netherlands
    • Nicaragua
    • Nigeria
    • Norway
    • Poland
    • Russia
    • Singapore
    • South Africa
    • South Korea
    • Suriname
    • Tanzania
    • United Arab Emirates
    • United Kingdom
    • United States
    • Venezuela
  • How & why
    • How & why
    • Sustainability
    • Climate
    • ESG Reporting centre
    • Health, safety and security
    • Energy Perspectives
    • Impact assessments
    • Human rights
    • Digitalisation
  • Careers
    • Careers
    • Experienced professionals
    • Students
    • Graduates
    • Apprentices
    • Summer interns
    • What we offer
    • Culture & values
    • Recruitment scams
  • Stories
    • Stories
    • Dogger Bank offshore wind
    • safeguarding our wellbeing
    • Responding to criticism of hydraulic fracturing in the US
    • Hydrogen and Carbon capture
    • Weldar welding robot
    • Breakthrough for digitalisation
    • Hywind Tampen offshore wind farm
    • Greening our shipping
    • Why wind is the future
    • Echo — Equinor’s digital twin
    • IT experts in the Pyrenees
    • Statfjord A 40 years
    • Thorolf Rafto Challenge
    • Why is Johan Sverdrup important?
    • Can artificial intelligence save lives?
    • Is gas good for the environment?
    • Most digital workplace
    • Ocean of opportunities
    • Coding the energy future
    • Carbon capture solutions
    • Digitalisation changing lives
    • Techstars accelerator
    • Cutting CO2 emissions
    • Britain’s declining emissions
    • Lifting a platform
    • Cardiac arrest offshore
    • Battery hybrid supply ship
    • Pioneering Aasta Hansteen
    • Halvor in charge of Hywind
    • Offshore wind radar
    • Drilling with apps
    • Exciting inventions
    • How we cut costs
    • How Hywind was born
    • Building Hywind
    • Broad energy major
    • Living in a fridge
    • Gina Krog points the way
    • CEO Eldar Sætre speaks about the name change
    • Hooking up Mariner
    • Equinor’s new energy apprentices
    • Sætre at CERA week
    • Electrification of platforms
    • Competence transfer
    • Fieldmade 3D printed spare parts
  • About us
    • About us
    • Corporate governance
    • Organisation
    • Corporate Executive Committee
    • Governing bodies
    • Board of Directors
    • Annual General Meeting
    • Ethics and compliance in Equinor
    • Site info
    • Contacting Equinor
    • Heroes of Tomorrow
    • About our name change
    • Dialog: klima og energi
    • Glossary
  • News & media
  • Investors
    • Investors
    • Equity story
    • The Equinor share
    • Our shareholders
    • Annual Reports
    • Our quarterly results
    • Consensus
    • Contacts for investors
  • Suppliers
  • All Sites

Privacy and Data Protection in Equinor

1. Introduction
2. Equinor’s processing of personal data
    2.1 General
    2.2 Procurement and other business relation purposes
    2.3 Integrity Due Diligence
    2.4 Ethics helpline
    2.5 Local grievance mechanisms
    2.6 Screening
    2.7 Communication

    2.8 Recruitment and onboarding
    2.9 Security and emergency response
    2.10 Recordings of certain trading activities
    2.11 Equinor Pension
    ​2.12 Website and cookies
3. Categories and collection of personal data
4. Transfer of personal data
5. How to exercise your rights as a data subject
​6.. Notice to California Residents
7. Changes to this privacy policy

1. Introduction
Privacy and data protection laws protect the integrity and confidentiality of a person’s private information. Equinor is committed to protecting the privacy rights of our employees and everyone with whom we do business. We will only use personal data for appropriate purposes, and personal data will be processed in accordance with applicable data protection regulation and Equinor's Binding Corporate Rules.

Within the Equinor Group, the data controller will be Equinor ASA and/or the Equinor company(ies) you have your relationship with. Equinor ASA operates equinor.com and morgendagenshelter.no and is the controller for the processing of personal data generated from using the site, as well as a number of the processes described in clause 2 below. The local Equinor entities are the controller of personal data processed to provide local processes and local websites.

2. Equinor’s processing of personal data
2.1. General

Equinor processes personal data about employees and external consultants working from Equinor premises or in Equinor systems. Equinor also processes personal data about data subjects who are not employed or engaged by Equinor, to whom this privacy policy is primarily aimed. The main categories of personal data processed is described in section 3 below.

Equinor will always process personal data fairly and lawfully, and only for a specified, explicit and legitimate purpose or as required by law. Equinor will therefore only process personal data when such processing is necessary for us to manage our operations, provide services or other legitimate business interests, comply with legal or contractual obligations or after receiving consent (the latter which can be withdrawn at any time). Withdrawing consent will not affect the lawfulness of the processing based on the consent prior to withdrawing it. Further information on specific legal basis is provided below.

Equinor will ensure appropriate information security related to confidentiality, integrity and availability. Personal data will be retained only for the period that is required to serve the legitimate purpose.

Third party service providers may process personal data on behalf of Equinor within various areas. Equinor has implemented adequate safeguards in accordance with applicable law to protect your personal data processed by third party service providers.

Equinor processes personal data about data subjects that are not employed or engaged by Equinor for these various purposes:

2.2 Procurement and other business relation purposes
Equinor processes personal data necessary to procure goods and services from suppliers and contractors, for contract management and for human rights verifications. The data processed for such purposes include contact information and human resources information. The legal basis is Equinor’s legitimate interest in ensuring good management of and support of our suppliers, partners and customers.

2.3. Integrity Due Diligence
Equinor has established an extensive Integrity Due Diligence (IDD) process. The IDD process includes collecting information to help us understand who our counterparties are, their values and how their business is conducted. In some instances, the IDD may also include the processing of personal data. More information about IDD can be found here. The personal data processed for this purpose may include contact information and IDD specific necessary information, such as position, possible political position and roles, possible sanction listings, personal relations, contracts, relevant memberships, references, legal claims and reputational issues. The legal basis is to comply with legal obligations, pursue our legitimate interests and to establish, exercise or defend legal claims. 

2.4. Ethics Helpline
Equinor has set up an Ethics Helpline where employees and external third parties interacting with us can raise concerns or report any suspected or potential breaches of law or the Equinor Code of Conduct. More information about the Ethics Helpline can be found here. Due to the nature of the Ethics Helpline, the processing may include all categories of personal data, also special categories. The legal basis is legitimate interest or processing necessary for the purposes of performing the obligations and exercising the rights of Equinor in the field of employment, social security and social protection law, or for the establishment, exercise or defense of legal claims.

2.5. Local grievance mechanisms
In some countries, Equinor has established local grievance mechanisms in order to receive, investigate and respond to grievances from individuals, communities, or their representatives about Equinor or its contractors’ activities adverse impact on communities or individuals. The personal data processed includes contact information and other data necessary for performing the grievance-processes. The legal basis is performance of a task carried out in the public interest or legitimate interest.

2.6. Screening
To ensure regulatory compliance with Norwegian and international regulations on sanctions, as well as ensuring compliance with anti-money-laundering regulation, Equinor may perform a screening of external third parties with whom Equinor has relations. More information about sanctions can be found here. The personal data processed is contact information, position and results from the screening activity. The legal basis is legitimate interest, legal obligation or performing the obligations and exercising the rights of Equinor in the field of employment, social security and social protection law.

2.7. Communication
Equinor communicates externally and internally with the general public, specific target groups and individual persons. Examples of communication activities performed by Equinor or third parties are distribution of newsletters, press releases, company reports, optimising websites, organising events, handling user-initiated dialogue, providing information to public authorities, conducting surveys, and communicating in social media networks. The personal data processed includes contact information and communication-related information. Please see our Guidelines for social media. The legal basis is legitimate interest in providing information and ensuring good management of and support for our customers, suppliers and partners, or your consent. 

2.8 Recruitment and onboarding
Equinor processes personal data for recruitment purposes to ensure that Equinor recruits qualified candidates. The personal data processed include contact information, recruitment and human resources information. The legal basis Equinor rely on for processing your personal data relates to processing necessary to perform a contract or to take steps at your request, before entering a contract, or your consent to being included in the CV-database.

Equinor also processes personal data to cater for onboarding of external personnel into the Equinor organization based on mergers and/or acquisitions and/or transfer of an undertaking. The personal data processed include contact information, recruitment and human resources information. The legal basis Equinor relies on in these circumstances is legal obligation or legitimate interest.

You will receive more detailed information about the two types of processing and the legal basis when entering the recruitment process or you are being part of the onboarding process.

2.9 Security and emergency response
Equinor has implemented various security measures that requires processing of personal data. This is to safeguard against illegal or unauthorized access to areas, buildings, rooms, systems, processes or equipment. For example, Equinor premises can have activity logs, camera surveillance, controls of delivery vehicles, the drivers, visitor and employee access control. The categories of personal data we collect and use, depend on the security measures in question. It includes a variety of images and videos, contact information and place of employment, date and time of access to premises and information about vehicles.

Equinor’s operations entail a certain level of risk, both for Norwegian and international operations. The purpose of the processing is to secure personnel support during an emergency response situation (ensure personnel emergency preparedness). The personal data processed may include all relevant data about the personnel in an emergency incident; contact information, date of birth, next-of-kin, contact person for employer and contractor. The purpose is to comply with legal obligations within different jurisdictions concerning emergency preparedness. The legal basis for such processing of personal data is our legitimate interests in safeguarding of our business and any applicable legal requirements relating to this.

2.10 Recordings of certain trading activities
For certain trading activities, Equinor processes contact information and the full content of commercial conversations on telephone and IM to document negotiations, trading and agreements as well as to ensure compliance to regulatory requirements for documentation. The legal basis is to comply with legal obligations and our legitimate interest.

2.11 Equinor Pension
Equinor processes personal data for handling pension. For further information related to your Equinor-pension rights, contact pensjon@equinor.com.

2.12 Website and cookies
Please see our global Cookie Policy.  Local Cookie Policies are available in the footer of each site.

3. Categories and collection of personal data
For easier understanding of this privacy policy we have set up the following categories. This does not mean or entail that the processing will always entail all the examples of personal information included in the categories.

The categories of personal data Equinor may collect and hold about data subjects include:

  • Contact information, such as names and addresses, telephone numbers and email addresses, titles etc.
  • Recruitment information, such as application, CV, references, background checks, interviews and assessments, immigration and relocation information, exit surveys
  • Human resources information such as details about an individual’s work experience and qualifications, date of birth, identification documentation, driver’s license details; national identity, social security number, employee number, position, organization, bank account, next of kin, union membership, location, salary and leader
  • Communication-related information, such as public political relations, positions, preferences related to marketing and events (including allergies/diets restrictions when provided by participants), and information related to user behavior in own communication-channels (including IP-addresses).

Personal data may be collected in several ways, including:

  • directly by Equinor staff when establishing a business relationship or through operational dealings; 
  • from a third-party service provider or agent, from a source of publicly available information (e.g. websites) or from an employer (e.g. where a supplier or contractor provides personal data about their employees); 
  • through use of Equinor's website; or
  • data provided directly by you.

4. Transfer of personal data
Equinor has established Binding Corporate rules (BCR) to provide Equinor with a legal basis for transfer of personal data within the Equinor group to Equinor companies outside of EU/EEA. The BCRs will apply to all personal data, within the Equinor group, which are protected by applicable EU data protection law. You can find a summary of the BCRs here and a list of members of the BCR here.

Equinor will ensure that the European rules on trans-border data flows are complied with when personal data are transferred to external processors (outside of the Equinor group) located outside of EU/EEA or located in a country that is not recognised by the EU Commission as ensuring an adequate level of protection. Examples of such safeguards are Binding Corporate Rules, EU Standard Contractual Clauses or other applicable legal mechanisms.

5. How to exercise your rights as a data subject
National and international data protection gives rights to data subjects. The data subjects have, under some circumstances and subject to the laws of the particular jurisdiction, the right to request access, rectification, erasure and/or restriction to processing of their data.

If you have questions or want to exercise your rights as a data subject, please contact the Data Protection Officer in Equinor (email address: gm_dataprotection@equinor.com ). You have a right to complain to the Norwegian or local Data Protection Authority if you consider that we have breached the data protection legislation, but we encourage you to first contact our Data Protection Officer, before filing such complaint.

6. Notice to California Residents
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our Privacy Notice for California Residents.

7. Changes to this privacy policy
We may update this privacy policy from time to time. If such updates are not material, we may make such alterations without posting a specific notice on our website. If the changes are material and affects your rights or the way we process personal data, we will provide a specific notice on our website. Please review this privacy policy from time to time.

Last updated: 28.09.2020

  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • LinkedIn
  • Terms and conditions
  • Privacy policy
  • Site info
  • Contact us
  • RSS
  • Cookie policy
Copyright © 2021 Equinor ASA