Last updated: 15th March 2026
1. Privacy Policy
This Privacy Policy sets out the way in which Ceataec (“we”, “us”, or “our”) collects, uses, stores and discloses your personal information when you access or use the Ceataec inspections System software (“Platform”). The Platform includes a mobile application, named “Inspections: Ceataec Solution”, and a web portal, as well as the backend services and infrastructure used to operate and support them.
If you access or use the Platform under a Software-as-a-Service (“SaaS”) Agreement between Ceataec and you (or your organization), additional contractual terms apply. These terms govern service access, data-processing responsibilities, Customer Data, and obligations between Ceataec and the subscribing customer. Such contractual terms supplement – but do not replace – this Privacy Policy.
Users who have not been provisioned with an active account under a valid SaaS Agreement cannot access or use the Platform’s functionality. For these users, only limited device-level information may be collected when the App is downloaded or installed.
This Privacy Policy applies to all users and explains how Ceataec processes personal data within the Platform, regardless of whether the user accesses the Platform under a SaaS Agreement.
We are committed to protecting your privacy and processing your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act.
This Privacy Policy may be updated from time to time. If practical, we will endeavour to notify you of any updates to our policy (eg through push notifications within our website or software products, or via email).
2. What is Personal Information?
For the purposes of this Privacy Policy, “personal
information” (also referred to as personal data) means any information that
relates to an identified or identifiable natural person. This includes
information that directly identifies you (such as your name or email address)
or information that can be used to identify you when combined with other data
(such as device identifiers or images containing identifiable features).
Personal information does not include data that has been irreversibly anonymised so that it can no longer be linked to an individual.
Where Customer Data under the SaaS Agreement contains personal data, this Privacy Policy applies to Ceataec’s processing of that personal data.
3. Types of personal information we collect
The particular types of personal information that we collect will depend on the way you use our Platform.
We may collect:
a. Your full name, email address and other contact details;
b. Login credentials;
c. If you capture or upload a picture containing any information that directly or indirectly identifies a person, including faces, name badges, unique work areas, or personal items, we may collect and process the image, the likeness of individuals, and any identifiable elements contained in the picture;
d. Information relating to your use of our Platform that allows us to improve or personalise your use of our Platform, such as details about your interactions with the Platform, your account preferences and configuration or support tickets; and
e. Device information, such as your IP address, operating system and hardware specifications.
4. How do we collect personal information?
We collect personal information from:
a. You directly, for example to register an account on our Platform;
b. Content you or other users provide through, or upload to, our Platform;
c. Our suppliers, contractors, related entities, related bodies corporate or associated entities; and
d. From public records or other publicly accessible sources.
5. Anonymity and pseudo-anonymity
Due to the nature of our Platform, it is not practical for us to interact or communicate with you on an anonymous basis or using a pseudonym. We require your personal information in order to provide you access to our Platform, or respond to any questions, concerns or inquiries you may have.
6. Purpose of collecting personal information
6.1 General
We collect, use and hold your personal information for the following purposes:
a. To enable you to register to, and use, our Platform or other products and services within the Platform;
b. To request payments of Platform fees;
c. To carry out statistical analysis and improve or personalise our products and services to you;
d. To optimise device compatibility and security of the Platform;
e. To respond to your comments, requests, and inquiries;
f. For marketing (including direct marketing) and business development activities;
g. To conduct user surveys (such as, user satisfaction and quality assurance surveys);
h. To comply with a law, regulation, court order or other legal process;
i. To investigate or report suspected unlawful activity; and
j. To protect, enforce or defend our rights.
We will not use your sensitive information for direct marketing purposes.
6.2 Direct marketing
If you have provided your consent to receive direct marketing communications or it is otherwise within your reasonable expectation that we send you direct marketing communications in light of your interactions with us, we may use your personal information (but never your sensitive information) to provide you with information about our products or services that we believe may be of interest to you (including any newsletters, updates, offers, promotions or other benefits) via email, post, telephone or other direct contact methods.
If we process your personal data for direct marketing purposes, you have the right to object at any time. If you object, we will stop processing your personal data for direct marketing.
7. Who do we share your personal information with?
We may share or disclose your personal information to:
a. the organisations and individuals who assist us to deliver or support out Platform or services, namely:
i. Related entities, related bodies corporate within our corporate group (Group Entities);
ii. Our service providers and partners (such as IT or cloud storage service providers;
b. Our professional advisers, eq lawyers and accountants; and
c. Law enforcement officers, regulators, courts and government agencies, if permitted or required:
i. By law, regulation, court order or other legal process;
ii. To assist in the prevention or detection of crime;
iii. To improve the safety of our platform;
iv. In order to protect our or any user’s rights; or
v. To prevent a threat to any person’s life, health or safety;
8. Overseas disclosure of personal information
We may disclose your personal information to our service providers, contractors, and group entities located outside of Norway when this is necessary to provide, maintain, or support the Platform These overseas disclosures may occur, for example, when we use internationally hosted cloud infrastructure (such as Azure), global technical support teams, or other specialised service providers.
Where we transfer your personal information outside of Norway or the European Economic Area (EEA), we will ensure that such transfers comply with applicable data protection laws. This includes relying on:
We take reasonable steps to ensure that any overseas recipient of your personal information provides a level of data protection that is substantially similar to that required under Norwegian and EU data protection laws.
We will not transfer your personal information overseas unless:
9. Automated decision/making
We do not use your personal information for any automated decision‑making (including profiling) that produces legal or similarly significant effects about you.
10. Third-party website
The CEATAEC Inspections System does not contain links to any third‑party websites. We do not direct you to external websites or services as part of your use of the Platform.
11. Cookies
Our authentication provider (Auth0) uses strictly necessary cookies to enable secure login, maintain user sessions, and support core authentication functionality. These cookies are essential for the operation of the Platform and cannot be disabled without affecting your ability to log in or use the Platform.
12. De-identified data
We may use de-identified data and aggregated forms of information for any purpose, including without limitation, statistical analysis, product or service development or any other commercial purpose. We take reasonable steps to remove or deidentify your personal information so that this data cannot be associated with you.
13. Data retention
We will store your personal information to manage your user subscription to our Platform or as is required for some other purpose for which your information was collected, as set out in this Privacy Policy. This retention applies only to personal data that Ceataec processes.
Where Ceataec processes personal data as part of Customer Data under a SaaS Agreement, retention and deletion of such Customer Data are governed exclusively by the applicable SaaS Agreement. This Privacy Policy does not apply to Customer Data retention.
We will store your personal information for as long as you hold an active subscription to our Platform and for 12 months after your subscription ends, unless a longer retention period is required or permitted by law.
We will promptly remove or de-identify your personal information at the end of the applicable data retention period described above, unless:
a. We still require your personal information to carry out any purpose for which the information was collected:
b. Required by law or for compliance with applicable law;
c. Required for the prevention of fraud; or
d. Required to resolve disputes or for other legitimate purposes.
14. Data security
We maintain appropriate technical and organisational measures to protect personal information. Additional security obligations applicable to contracted customers are set out in the relevant SaaS agreement.
In handling your personal information, we will refer to adequacy decisions of the respective privacy regulator or office, the Standard Contractual Clauses and our inter-company agreements, where appropriate.
However data transfers made over the Internet are never 100% secure and if you send us any information, you acknowledge this is done at your own risk.
8. Access and correction
You may request access to your personal information, or correct any inaccurate or out of date information by contacting us using the details at the end of this Privacy Policy.
No fees apply to making a request for access or correction of your personal information, but we may charge for reasonable administrative costs incurred in providing access.
Before we grant you access to, or correct, your personal information, we will make reasonable efforts to verify your identify.
We may refuse your request to access or correct your personal information for legitimate reasons, including if we believe that granting you access will endanger the life, health or safety of any person, would adversely impact the privacy of other individuals, that the request is frivolous or vexatious, or if your personal information is part of ongoing or pending legal proceedings between you and Ceataec.
Further information related to our processing of personal data and your appurtenant rights is stipulated in our corporate group cookie and privacy policy at https://www.wilhelmsen.com/disclaimer/.
9. GDPR compliance
9.1 Application of GDPR
Because Ceateac is established in Norway, which is part of the European Economic Area (EEA), the EU GDPR applies to all of our processing activities, regardless of where you reside worldwide.
In addition to the other sections of this Privacy Policy, this section 16 applies to our processing of your Personal Data as defined under GDPR. For avoidance of doubt, any reference to “personal information” in this Privacy Policy should be understood as a reference to personal Data within the meaning of the GDPR.
16.2 Definitions
For the purposes of this section 16, and this Privacy Policy generally:
a. “GDPR” means the EU General Dat protection Regulation (Regulation (EU) 2016/679) as incorporated into Norwegian law through the Norwegian personal Data Act.
The terms “Controller”, “Data Subject”, “Personal Data”, “Processing”, and “Supervisory Authority” have the meaning given to those respective terms under the GDPR, and their corresponding terms will be construed accordingly.
16.3 Your rights as a Data Subject
As a Data Subject, you have the following additional rights:
a. Access. You may request access to any Personal Data we hold about you and information regarding our Processing of your Personal Data (including the purpose of processing, data retention period, and categories of data involved).
b. Rectification. You may ask us to correct or update any of the Personal Data we hold about you.
c. Erasure. You may request for the deletion of your Personal Data if we no longer require your data for the purpose for which it was collected, or if you withdraw your consent to Processing of your Personal Data and we have Processed your Personal Data without legitimate grounds.
d. Restriction. You may ask us to restrict the processing of your Personal Data, if:
i. you are contesting the accuracy of the Personal Data and you enable the Controller to verify the accuracy of your data;
ii. the Processing of your Personal Data is unlawful and you oppose the erasure of your data, but request a restriction instead;
iii. the Controller no longer needs to process the Personal Data, but you require the Personal Data for legal proceedings; or
iv. you have objected to Processing pursuant to Article 21(1) of the GDPR;
e. Objection. You may object to our Processing of your Personal Data under certain conditions.
f. Data Portability. You may request for us to:
i. provide you your Personal Data in a machine-readable format; or
ii. transfer any Personal Data we hold about you to you or a nominated third party.
16.4. How to exercise your Data Subject rights
If you wish to exercise any of your Data Subject Rights, please contact us using the details set out at section 18 below.
16.5. Complaints to a Supervisory Authority
If you have any concerns or complaints regarding our Processing of your Personal Data or the exercising of your Data Subject rights, you may contact a Supervisory Authority.
17. Complaints
You should contact us immediately if:
a. someone has gained unauthorised access
to your personal information;
b. you believe we have breached our privacy obligations your privacy rights in
any way; or
c. you wish to discuss any issues regarding our privacy policy or information
handling processes.
You have the right to lodge a complaint with your national data protection supervisory authority, or the Norwegian Data Inspectorate. The contact information for the Norwegian Data Inspectorate is as follows;
Address: Datatilsynet, Postboks 8177 Dep.,
0152 Oslo
Email: postkasse@datatilsynet.no
Tel: +47 22 39 69 00
17. Out contact details
CEATAEC AS
Strandveien 20
1366 Lysaker
+47 67 58 40 00