Last updated 16.01.20
Ferde has updated its handling of personal data in accordance with the EU General Data Protection Regulations which were introduced in the summer of 2018. The data protection regulations are designed to be a common framework for privacy protection legislation in the EU, as well as to clarify the rules pertaining to transparency in respect of how companies process personal data. The new Norwegian Personal Privacy Protection Act will incorporate the new requirements.
The purpose of the Personal Data Act is to protect against the violation of personal privacy.
Privacy Protection Statement
This statement applies to Ferde AS. The purpose of this statement is to inform you of why we process personal data, the type of data that we process, who is responsible for our processing, how we protect your personal privacy and your legal rights as a data subject in respect of these personal data.
The statement uses the term “agreement customers” for customers with an AutoPass agreement.
The privacy protection statement applies to the use of our products and services, as well as visits on our website effective from 20.07.2018.
Why do we process personal data?
Ferde AS is assigned the right to collect road tolls by Norwegian Public Roads Admission which has its assignment from the Ministry of Transport and Communications. The right to collect road tolls is established in the Roads Act, section 27, first paragraph.
Ferde AS processes personal data on the foundation of the General Data Protection Regulation (GDPR), article 6 (1) (c); processing is necessary for compliance with legal obligation to which the controller is subject. The foundation for personal data processing applies to all activities regarding collection of road toll, and also applies to our contractors. In some cases Ferde transfers personal data (a picture of the vehicles registration plate) to third countries outside the EEA. In these cases, the EU standard contractual clauses for data transfer between EU and non-EU countries are used to ensure the necessary guaranties for a sufficient level of protection of personal data according to the GDPR article 46 (2).
Ferde’s Data Controller
The CEO of Ferde AS is responsible for ensuring that the company’s processing of personal data is carried out in accordance with applicable laws and regulations.
What are your rights as a customer?
As a registered customer, you are entitled to know what data we have stored about you and you are entitled to require that incorrect data is corrected or supplemented. You are also entitled to require that your personal data should be disclosed or deleted. Deletion of data is conditional upon it not being in conflict with other legislation, such as requirements to storage of accounting data.
What kind of information is registered?
In order to collect road tolls, all vehicles that pass Ferde’s toll stations are registered. Vehicles with an agreement are registered in accordance with the terms of the agreement. Vehicles without an agreement are registered with a video photo of the vehicle’s registration number.
In order to calculate the correct price of each passing, we register the time and place of the passing and collect the vehicle’s environmental characteristics from the Environmental Register owned by the Norwegian Public Roads Administration.
We process data about the vehicle’s owner in order to send an invoice. If you are an agreement customer with Ferde AS, or an agreement customer with one of the road toll companies on behalf of which Ferde collects road tolls, we use the information that you have given us. If you do not have an agreement, we collect this information from the Motor Vehicle Register which is owned by the Norwegian Public Roads Administration. In both cases, this would be your name, address and date of birth. Agreement customers may also register their e-mail address and phone number.
Foreign vehicles without an agreement are invoiced via Euro Parking Collection (EPC), which has an agreement with the Norwegian Public Roads Administration.
In order to carry out collection efficiently, we register payments, payment history, invoice history, agreement form and information relating to chat, phone and e-mail enquiries to customer service.
- information in connection with the use of services. This includes localisation- and traffic data, for example, by using activity logs and basic information about what type of device you use when you visit our website. Examples of the information we collect are: date and time, the type of operating system and browser you use, IP addresses, screen size and the like.
Should any other information be collected, we will inform you of this and request your consent. You will then be given specific information about what information we collect and what it might be used for.
- Service development: Cookies help us to monitor the use of our digital services. We use this information to improve our services. The type of information we collect includes which websites are visited the most, whether the user comes from a link outside our website, if they click through, as well as how long users stay on our website. The time you spend on our website is logged, but you are anonymous to us. We also monitor how far you scroll down the page, as well as where you point and click with your mouse cursor.
Cookies and scripts are used through the following third parties:
- Google Analytics
- Hot Jar.
How can you opt out of cookies?
Are your personal data disclosed to third parties?
Ferde makes use of subcontractors and partners for the collection of road tolls, in order to meet terms of service and to offer websites and self-service solutions. These could process your personal data on behalf of Ferde. To ensure that your personal data is not used for purposes other than those described above, Ferde enters into a data processing agreement with all of its subcontractors and partners. Manual reading of passage images is handled by persons outside the EEA.
In some cases, we are legally required to disclose your personal data, for example, to the Police or tax authorities.
How is personal data secured?
Access to personal data is given only to people with work tasks that require this. All employees have signed a confidentiality declaration. All systems have access control with a personal ID and password. All changes and actions are traceable.
How is personal data archived and deleted?
Passing information is deleted according to fixed criteria depending on whether the passage has been paid for or not. Passages are transferred to the AutoPASS central system and are deleted according to applicable rules established by the Norwegian Public Roads Administration. Personal data that are collected are stored as long as the data controllers need them for collection of road tolls and to handle complaints, manage the ICT system and prepare aggregate statistics for road tolls (statistics without personal data). Personal data that has a statutory accounting obligation is stored in accordance with section 13 of the Accounting Act.
Personal data collected from cookies and scripts on our websites:
Anonymized data will be stored in our own, or a third party’s, systems throughout the lifetime of the service. This means that for example generic information about the use of such websites and newsletters is stored until such time as the website or newsletter is closed down. This is information that cannot be linked to you as an individual. Cookies are saved for as long as you want. This is controlled through your web browser. You can remove cookies from your browser at any time.
Access, disclosure and deletion of personal data
If you wish to obtain access to the personal data that Ferde holds about you, or wish to have any of your personal data corrected, disclosed or deleted, please login to My Page: https://minside.autopass.no/, or contact us using this contact form.
How can I obtain information about changes to our Personal Privacy Statement?
We may need to update our Personal Privacy Statement from time to time. We do this as our operations and services develop, at the same time that we are also obliged to adhere to the rules of the Norwegian Data Protection Authority. We encourage you to check regularly whether any updates have been made to this page.