Here you will find the Norwegian Customs' privacy statement. It describes what types of personal data we process and how you can exercise your rights.
About the Privacy Statement
In this privacy statement, you can read about how the Norwegian Customs processes personal data to contribute to the protection of privacy and to facilitate an effective solution to the Norwegian Customs’ societal mission, which is to ensure compliance with laws and regulations for cross-border movement of goods. You can also learn about your rights when you are registered in the Norwegian Customs’ systems and registers.
What is personal data?
Personal data means any information relating to a natural person. The key factor in determining whether information is personal information is whether the information can directly or indirectly identify a specific person, such as a name, address, phone number, email address, or IP address, as well as a photo or vehicle registration number.
Why the Norwegian Customs process personal data
The Norwegian Customs has various obligations in society as stipulated by laws regulating the activities of the Norwegian Customs. To fulfill its purposes, the Norwegian Customs is authorized to collect information about individuals, businesses, and affected parties. This information is obtained from those in contact with the Norwegian Customs, from the customs itself, and from public registers and collaborative partners.
We shall not collect more information about you than necessary, and the information gathered shall only be used for the purpose for which it was collected unless we have a legal basis to use it for other purposes.
Tasks of the Norwegian Customs according to customs legislation
- Ensure accurate and complete information on goods imported and exported, as a basis for calculation of duties and for use in mapping and statistics
- Aid in protecting society from illegal import and export of goods by ensuring compliance with restrictions imposed in consideration of, inter alia, public safety, protection of human life and health, animal welfare, plant conservation and environmental protection.
- Ensure that Norway fulfils its obligations under international treaties on cross-border movement of goods.
- Collaborate with other authorities and organizations both nationally and internationally in tasks related to the Customs Agency's field of operation in accordance with rules prescribed by law or regulations.
- Perform tasks on behalf of other public authorities and collaborators, including the import and export of goods when the Norwegian Customs assists other authorities in controlling their regulations. We verify compliance with regulations on behalf of entities such as the Food Safety Authority, Agriculture Administration, Medicines Agency, and the Tax Administration. This includes legislation related to taxes and duties, food and commodities, narcotics, alcohol, tobacco, medicines, weapons, hazardous substances, animals, environment, waste, and intellectual property rights. In these areas, we also cooperate with customs authorities in other countries.
- We also process personal information in cases where other public authorities depend on information from the Norwegian Customs to carry out their legally mandated tasks in a safe and responsible manner. For example, the Norwegian Customs is obligated to provide information from customs declarations to Statistics Norway for the preparation of trade statistics and to the Tax Administration for the calculation and collection of duties. We also process personal information to assess whether goods to be imported into the EU/EEA pose a threat to security and safety, public health, the environment, or consumers.
Administrative tasks, case processing, inquiries, and administrative responsibilities.
- Case processing
- Guidance for residents and businesses
- Job applications or assignments for the Norwegian Customs
- Visitor registration and participation in events
- Camera surveillance at locations to ensure security
- Handling reports from external sources in whistleblowing cases
Legal Basis and examples
About the Legal Basis for the Norwegian Customs’ processing
The regulations governing how the Norwegian Customs can process personal data depend on the tasks the Norwegian Customs is required to perform and the purpose for which the Norwegian Customs processes the information.
The Norwegian Customs’ processing of personal data has its primary legal basis in law and regulations, such as:
- Movement of Goods Act
- Customs Duty Act
- Public Administration Act
- Freedom of Information Act
- “Skatteforvaltningsloven” (act about tax administration)
- “Vegtrafikkloven” (act about road traffic)
- “Legemiddelloven” (act about pharmaceuticals)
For more information, you can read about the Movement of Goods Act and the Customs Duty Act on “Lovdata”.
Norway has mutual assistance agreements in customs matters with several countries and with the EU. Moreover, many of the trade agreements include rules on confidentiality, which also address the relationship with data protection. Through a security agreement with the EU, Norway has committed to contributing to the risk assessment of goods to be imported into the EU/EEA.
In addition, the Norwegian Customs has a legitimate interest in ensuring the safety of employees and the public in connection with travel and control implementation, as well as securing our buildings. Therefore, we have surveillance cameras at customs stations and in our office buildings.
Processing of personal data for the movement of goods
Obligation to notify and provide information upon arrival at the destination in the customs territory, is a process that involves submitting information about the flow of goods and transportation related to the movement of goods to the Norwegian Customs. This information is processed before crossing the border with the purpose of fulfilling the notification and information obligation in accordance with § 2-3 of the Movement of Goods Act and associated regulations. In this context, information about the driver, carrier, customs representative, sender, and recipient, as per the shipping agreement and information provider for the fulfillment of the notification and information obligation, is processed.
The personal information is processed to correctly identify the obligated party for the notification and information obligation. This is necessary, for example, to sanction legal violations (Movement of Goods Act chapter 12). The information is also used to handle border crossings, in accordance with the purpose provision of § 1-1 of the Movement of Goods Act.
With legal basis in Chapter 4 of the Movement of Goods Act and Chapter 6 of the Customs Duty Act, personal data is processed to handle applications for permits and customs exemptions.
§ 8-5 of the Customs Duty Act provides the legal basis for compiling collected personal data, including health data as mentioned in GDPR article 9(1) and personal data as mentioned in GDPR article 10, when necessary for control of customs duties.
Processing of personal data for carrying out control of the movement of goods
Chapter 8 of the Movement of Goods Act contains rules regarding the customs authorities’ collection of information during control, both during inspections of goods entering or leaving the customs territory and during inspections of documents.
The Norwegian Customs have a specific legal basis for collecting and storing information about cross-border traffic on roads and ferry terminals with international traffic, as outlined in § 8-9 of the Movement of Goods Act. We also have the authority to collect information about passengers, as specified in § 8-8.
We are allowed to compile collected personal information and make decisions solely based on automated processing when necessary for the control of the import and export of goods, including intelligence. The control information we gather is compared with information previously collected about goods and similar items in accordance with the rules in the Movement of Goods Act, chapters 2 to 5. The degree of personal identification shall not exceed what is necessary for the intended purpose.
Processing of personal data in connection with administrative tasks
Processing of personal data about employees and others performing tasks for the Norwegian Customs
The Customs Agency processes personal information about those who work for or in the Customs Agency, in accordance with the GDPR Article 6(1)(b) to fulfill the employment contract and Article 6(1)(f) when the processing is necessary for purposes related to our legitimate interests when we do not act as a public authority.
Processing of personal data about job applicants
When job applicants apply for a position in the Norwegian Customs, our legal basis for processing personal data is GDPR Article 6(1)(b).
For applicants who disclose having a disability, gaps in their CV, or an immigrant background, the legal basis is GDPR Article 6(1)(c), stating that the processing is necessary to comply with a legal obligation, and Article 9(2)(b), indicating that the processing is necessary for us to fulfill our obligations in the field of labor law in accordance with the law, which is the legal basis for processing the information.
A SEMAC background check is used for those who are offered a position in the Norwegian Customs, with the legal basis being GDPR Article 6(1)(f), legitimate interest.
Processing of information in connection with procurement
The legal basis for processing personal information in connection with procurement is GDPR Article 6(1)(c), legal obligation. The legal obligation follows from the regulations for public procurement.
In connection with the follow-up of agreements, deliveries and invoicing, the legal basis is GDPR Article 6(1)(b), contract.
Processing of personal data in case handling and guidance
Processing of personal data in connection with the customs’ case handling and guidance:
When the Norwegian Customs has cases to process, such as handling appeals against decisions, we process personal information to fulfill our tasks. The legal basis for this processing is GDPR Article 6(1)(e), which allows us to process information necessary for the exercise of official authority, also referred to in the Public Administration Act §§ 17 and 11.
Processing of personal data in chat and chatbot:
Information about you is processed with the legal basis of your consent, which you provide if you use the chatbot.
- The questions you ask in the chatbot are stored for 30 days.
- The dialogue with answers and choices is not stored.
- All numbers in the chatbot are anonymized. This means that if, for example, you enter a social security number, it will be deleted in the chatbot.
In relation to the use and management of activity logs about users (employees and contractors), personal data about other categories of registered individuals may also be included. The personal data was originally collected based on the control authorities in the Movement of Goods Act, and the Customs Duty Act. When using and managing activity logs, the same personal data is processed as a measure to ensure that the Norwegian Customs can prevent and detect unauthorized use without official needs that provide access to personal data. The personal data is further processed to protect the privacy of the registered individuals. This is thus a processing compatible with the purposes for which the personal information was originally collected, cf. GDPR Article 6(4).
In addition to internal users, activity logs capture the activity of two groups of external users who have access to our IT systems:
- Users from the business sector who use the Norwegian Customs’ IT systems to comply with regulatory obligations.
- Users from other public entities who use the IT systems as part of their business operations.
The legal basis for this logging is Article 6(1)(f) "legitimate interest," justified by the Norwegian Customs’ need to safeguard information security, including integrity, availability, and confidentiality.
Processing of personal data
What personal data can the Norwegian Customs process?
The specific personal data needed depends on the task the Norwegian Customs is handling. The Norwegian Customs processes personal data, including but not limited to:
- Identity information (name, date of birth, gender, citizenship) and contact information (postal address, residential address, email address, phone number) and relationships to others (spouse, children, cohabitant, etc.).
- Information from the movement of goods (sender and receiver of goods, value of goods, description of goods, information about goods requiring special permission, e.g., permission to import weapons or carry medicines).
- Information necessary for planning, targeting, and conducting controls (prior violations of customs laws, economic transactions conducted abroad as indicated in the currency register, traffic and behavioral patterns, names and contact information, information about import and export of goods, means of transport, and finances).
- Information about cross-border traffic on roads and ferry terminals (vehicle registration number, vehicle direction, time and location of passage, vehicle owner).
- Images of individuals, vehicle registration numbers, travel patterns, and carried goods, may appear in camera surveillance at customs stations.
- Images of passersby and visitors, along with time and location, may be captured by camera surveillance in our office buildings.
How does the Norwegian Customs obtain personal data?
The Norwegian Customs obtains information from various sources. Here are some examples:
- Information from importers/exporters/transporters/forwarders: When goods are imported or exported, information must be provided to the Norwegian Customs during border crossings and customs processing. This applies to both individuals who have purchased goods from abroad and businesses engaged in commercial import, export, or transportation of goods in and out of the country.
- Information from other public registers, such as the population register and currency register (Norwegian Tax Administration), vehicle register (Norwegian Public Roads Administration), and the Brønnøysund Register Centre.
- Customs authorities in other countries with which we have agreements.
- EU's Common Import Control System (ICS2 Common Repository), Movement of Goods Regulations § 2-1-1.
- NCTS (an electronic system for exchanging transit information between businesses and the Norwegian Customs, and for pre-notification of goods directly to and from third countries) and other international registries such as the EU Business Register, and EU systems for origin, such as REX (Registered Exporter System), food, and market surveillance systems such as RAPEX (Rapid Alert System for Dangerous Goods) and TRACES (Trade Control and Expert System), among others.
- Tips and alerts from the public.
- Information obtained through control activities carried out by the Norwegian Customs itself or other public authorities.
- Information from publicly available sources, such as open websites.
- Information about cross-border traffic on roads and ferry terminals from our license plate recognition system (ANPR).
- Passenger information from transport companies.
- Surveillance camera footage at customs stations.
- Surveillance camera footage in our office buildings.
Where does the Norwegian Customs process personal data?
Personal data is processed in various registers and systems of the Norwegian Customs, such as:
- The declaration processing system TVINN
- The customer register of the Norwegian Customs
- Our archive and case handling system Public360
- Our intelligence and analysis systems.
Reports are processed according to guidelines from the Norwegian Labor Inspection Authority
When necessary for the work of planning, targeting, and conducting control activities, the Norwegian Customs also compiles and analyzes personal data from various sources and information systems that we have access to.
Who has access, and how does the Norwegian Customs safeguard the information?
Employees of the Norwegian Customs process your personal data only when necessary for the customs to perform its tasks.
Our IT systems are access-controlled based on the principle that each employee should have a work-related need for access to the stored information, and we protect the information in our IT systems through firewalls.
All employees in the Norwegian Customs and entities performing tasks on behalf of the customs are bound by confidentiality regarding financial and income-related matters, as well as other economic, business-related, and personal matters they may access through their work.
We continuously work to ensure that existing IT systems have robust information security and function as intended.
Use of data processors
Some of the personal data for which the Norwegian Customs is responsible is processed by external entities on behalf of us. These external entities are data processors for the Norwegian Customs. When using data processors, agreements are made with them, and we are responsible for verifying that data processors handle the information in accordance with regulations and agreements. Our suppliers cannot use the information for purposes other than those for which it was collected and clarified with us.
Who can the Norwegian Customs disclose personal data to?
The Norwegian Customs only discloses personal data when there is a valid legal basis. This includes, among others, disclosure to:
- Other public authorities, such as the Norwegian Tax Administration, agricultural authorities, the police, or the Norwegian Labour and Welfare Administration (NAV).
- EU control bodies and supervisory authorities when regulated by a regulation or directive incorporated into the EEA Agreement, including the EU's Common Import Control System (ICS2 - Import Control System 2 - Common Repository) and the Customs Agency's electronic transit system (NCTS).
- Foreign customs authorities with whom we have an agreement.
- Research and statistical organizations, such as Statistics Norway (SSB).
- The National Archives under the Archives Act.
- The Norwegian Customs uses external suppliers for the operation and maintenance of our IT services, including case processing/archiving and video conferencing solutions. Infrastructure and data are located within the EU/EEA or countries that achieve an adequate level of protection according to the EU Commission's adequacy decision.
- In certain cases, the Norwegian CUstoms may disclose personal information to data processors located in the United States, provided they are certified participants in the EU-US Data Privacy Framework or utilize Standard Contractual Clauses (SCC) supplemented by adequate protective measures (encryption).
How long can the Norwegian Customs store personal data?
The Norwegian Customs retains your personal data for as long as necessary to perform our legally mandated tasks and in accordance with applicable legislation.
The specific need for storing personal data will depend on the type of information and the tasks we need to accomplish. As a general rule, personal data will be deleted or anonymized when the need for storage ceases, unless we have a legal obligation to retain them under other regulations, such as the Archives Act.
Personal data obtained through the license plate recognition system is specifically regulated in the Movement of Goods Act, which states that this information can be stored for up to 6 months after collection.
The Norwegian Customs receives information and tips about illegal import and export of goods. In such cases, we must verify whether unverified personal data is correct and relevant within 4 months.
Recordings from camera surveillance at customs stations are automatically deleted after 7 days but may be stored for up to 30 days in exceptional cases if it is likely that the recording will be handed over to the police in connection with criminal activities or accidents.
Responsibility for the processing of personal data
The Director of Customs is the data controller for all processing of personal information that takes place within the Norwegian Customs. This responsibility includes ensuring that personal information is used and processed in accordance with the regulations.
Data Processing Agreements
The Norwegian Customs enters into data processing agreements with all entities that process personal information on our behalf. They are not allowed to process the personal information in ways other than agreed upon with us, and they are bound by confidentiality for the information they access.
Rights relating to the processing of personal data
Right to access
You can request more information about how we process your personal data, such as the specific personal data we have registered about you, the purposes for which they are used, where they were obtained from, and whether they have been disclosed to a third party. You can also request a copy of the personal data.
However, in certain cases, we may deny access if it is necessary and the conditions for denial are met, for example, for the purpose of uncovering violations of customs legislation or for the protection of other individuals.
Read more about the right to access | European Comission Site
Right to rectification
You can ask us to correct or supplement information about you that is incorrect or misleading.
Read more about the right to rectification | European Comission Site
Right to erasure
In certain situations, you can ask us to delete information about yourself.
Read more about the right to erasure | European Comission Site
Right to restriction
In some situations, you can also ask us to restrict the processing of data about you.
Read more about the right to restriction | European Comission Site
Right to object
In some cases, you have the right to object to our processing of data about you.
Read more about the right to object | European Comission Site
Right to lodge a complaint
If you believe that the Norwegian Customs is not processing your personal data in accordance with applicable law, you can complain to the Data Protection Authority in Norway.
You can contact the Norwegian Customs by using this contact form. For the sake of your privacy, do not send special categories of personal data, such as health information, in this form.
Contact the Data Protection Officer
You can also contact the Norwegian Customs’ data protection officer for advice and guidance on our processing of personal data in general. The data protection officer will be able to help you safeguard your privacy interests, including how to exercise your rights. You can contact the officer at firstname.lastname@example.org.
Norwegian Customs processes your personal data in order to perform such tasks as:
- to ensure that the legislation regulating the import and export of goods to and from Norway is complied with
- customs treatment of goods that are imported or exported to or from Norway
- to help ensure that customs duty on goods being imported or exported are determined correctly
- to contribute to the implementation of European customs cooperation
- to guide residents and businesses
- to handle inquiries
- to archive public documents
- to compile statistics and analyses
- to process alerts from external in whistleblowing cases
When importing and exporting goods, Norwegian Customs assists other cooperating authorities in ascertaining the effectiveness and accuracy of their legislation. We also assist with the compliance with various regulations on behalf of many agencies such as: the Norwegian Food Safety Authority (Mattilsynet), the Norwegian Agriculture Agency (Landbruksforvaltningendirektoratet), the Norwegian Medicines Agency (Legemiddelverket) and the Norwegian Tax Administration (Skatteetaten). This cooperation includes but is not limited to; working on legislation relating to taxes and fees, food and foodstuffs, drugs, alcohol, tobacco, medicines, weapons, dangerous substances, animals, the environment, waste and intellectual property rights. We also cooperate with other countries' customs authorities in these areas.
We also process personal data in cases where other public authorities rely on information from Norwegian Customs in order to carry out their statutory duties, in a safe and sound manner. This is typified by the partnership Norwegian Customs has with Statistics Norway and the Norwegian Tax Administration. Information from all customs declarations is transferred to Statistics Norway for the preparation of trade statistics as well as to the Tax Administration for the calculation and collection of taxes.
We also process personal data, to assess, whether goods entering into the EU/EEA might pose a threat to safety & security, public health, the environment or to consumers.
The Norwegian Customs processes personal data primarily when it is necessary to exercise statutory public authority. This means that as a government entity, Norwegian Customs is performing their legal obligations in accordance with the law. It is mainly the Act relating to the importation and exportation of goods (Movement of Goods Act), Act relating to customs duties (Customs Duty Act) and the Public Administration Act, which is the framework for how the Norwegian Customs performs their work. The two acts also allow for the legal processing of personal data. We are also assigned tasks by way of other legislation, such as the Tax Administration Act, the Road Traffic Act and the Medicines Act
Norway has assistance agreements, to ensure mutual assistance in customs matters, with several countries and the EU. Moreover, many of our trade agreements contain confidentiality rules in which the relationship to privacy is also covered. Through a security agreement with the EU, Norway has committed to contributing to the risk assessment of goods entering into the EU/EEA; see fo
Norwegian Customs also has a legitimate interest in ensuring the safety of our employees as well as the public. This is in relation to travel and the execution of controls, as well as safeguarding our buildings. We therefore have surveillance cameras at the various customs stations and in our office buildings.
Norwegian Customs uses information from a variety of sources. Here are some examples:
- Information from importers/exporters/carriers/freight forwarder. When importing or exporting goods, information must be provided to Norwegian Customs in connection with border crossing and during the relevant customs procedure.
- Information from other publics registers, such as the National Register and the Foreign Exchange Register (via the Tax Administration), the Vehicle Register (via the Norwegian Public Roads Administration) and the Brønnøysund Register Center (an agency responsible for several public registers).
- Customs authorities in other countries, with whom we cooperate.
- EU Joint Service for Importation (ICS2 Common Repository), cf. Regulation concerning importation and exportation of goods" (Movement of goods regulation) § 2-1-1.
- NCTS - an electronic system for exchanging transit information between the business sector and the Norwegian Customs; as well as to provide advance notification of goods directly to and from third countries. Additionally, other international registers such as: the EU Corporate Register, EU systems of origin like REX (Registered Exporter System), food safety supervision such as RAPEX (Rapid alert system for dangerous goods) and TRACES (Trade Control and Expert System) etc.
- Tips and alerts from the public
- Information obtained through various control activities carried out by us or in partnership with other government authorities.
- Information from readily available sources such as open web sites
- Information on the cross-border traffic on roads and at ferry terminals from our Automatic Number-Plate Recognition system (ANPR)
- Passenger Information from transport operators
- Camera surveillance from customs stations
- Camera surveillance at our office buildings
The Norwegian Customs processes personal data that is necessary to complete our responsibilities described under section 1. What specific personal information about you that we process depends on the type of task we are performing.
Name and contact information
As an example, we process personal data and national register information, which contains details about people residing in Norway and abroad. Which is to say that we have access to, among other things, details regarding identity (name, date of birth, gender, citizenship), contact information (postal address, place of residence, e-mail address and telephone number) and familial relationships (spouse, children, cohabitant/partner, etc.).
Information from the movement of goods
Controlling the movement of goods to and from Norway is a key duty for the Customs Authority. We therefore collect a considerable amount of information about goods that are imported or exported, including personal data. As an example, we record information about the sender and recipient, the value, as well as a description of the goods. In cases where the import of a product is subject to a special permit, we also record information about it, e.g., whether the necessary permits are in place to import weapons or to carry medicines.
Information that is necessary for planning, targeting and executing searches and controls
Norwegian Customs also records and processes personal data in connection with the planning and targeting of tactical operations. This may include information about past customs legislation violations, financial transactions made to and abroad found in the currency register, or information on traffic and behavioral patterns. When carrying out inspections, we make use of a wide range of information such as names / contact information, information on the import & export of goods, means of transport, finances and other information that may be pertinent and essential in a customs inspection.
Using the Automatic Number-Plate Recognition System (ANPR), Norwegian Customs controls cross-border traffic on highways and at ferry terminals. The information we collect includes: the car's registration number, vehicle direction as well as the time and place of passage. In addition, a picture is taken of the vehicle. The image is automatically censored so that it is not possible to recognize the people in the photo or how many passengers the vehicle carries. The registration number of everyone passing the border is compared to different lists of vehicles. This applies to vehicles that are petitioned for license plate removal, reported stolen, or marked as interesting by the Norwegian customs control for various reasons. Based on the vehicle registration number, we are able obtain information about who owns the vehicle when such information is necessary.
Camera surveillance at customs stations
Camera surveillance at customs stations entails that we process pictures of the data subjects, registration numbers of vehicles, travel patterns, as well as the goods brought by the data subjects.
Camera surveillance of our office buildings
To secure our office buildings, Norwegian Customs has established camera surveillance. This entails that we process pictures of both passers-by and visitors. The photos are stored with time and location information.
Personal data is processed in Norwegian Customs' various registers and systems. This can be everything from our declaration processing system TVINN, our customer register, our archive and case management system Public360, to our intelligence and analysis systems. Any whistleblowing alerts are processed by the following guidelines .
When it is necessary for us to plan, target and carry out tactical operations, the Norwegian Customs also compiles and analyzes personal data from various sources and information systems that we have access to.
Norwegian Customs' employees only process your personal data when this is necessary for the agency to be able to carry out its duties.
Access to our IT-systems is regulated by our core principle; that an employee must have a work responsibility that necessitates accessing any stored personal data.
All employees in Norwegian Customs, and those who carry out assignments on our behalf, have a duty of confidentiality regarding wealth and income matters. This includes other financial, business, and personal matters that they may have access to through their work.
Use of data processors
Norwegian Customs operates and manages the major core systems used to carry out our duties. For some services and solutions, we use different external suppliers, these suppliers are the Norwegian Customs' data processors. We are required to enter into separate agreements (data processing agreements) with our data processing suppliers in order to ensure that they process the personal data in accordance with the specifications from the Norwegian Customs. Our suppliers may only process the personal data to the extent necessary to fulfill their obligations.
Norwegian Customs only discloses personal information when there is a valid legal basis. This includes:
- delivering to other public authorities (for example: The Tax Administration, the Agriculture Agency, the Police or the Norwegian Labor and Welfare Administration)
- EU supervisory bodies and supervision where this is regulated by a regulation or directive included in the EEA Agreement, including the EU Joint Service for Import Control System 2- Common Repository and the Norwegian Customs Electronic Transit System (NCTS).
- foreign customs authorities with whom we have an agreement with; this may also include authorities outside the EU / EEA area
- research and statistics organizations, such as Statistics Norway
- the National Archives according to the Archives Act
Norwegian Customs must comply with the Act relating to the importation and exportation of goods (Movement of Goods Act), Act relating to customs duties (Customs Duty Act), the Personal Data Act, the Public Administration Act, the Archives Act and the Freedom of Information Act. We are therefore responsible for ensuring that all personal data is processed in a proper, correct and secure manner.
Norwegian Customs manages large amounts of personal information and therefore strict requirements are imposed on us with regards to information security. We protect the information in our IT systems in various ways, such as through firewalls, and by controlling who has access to our systems and buildings. We are constantly striving to ensure that our IT systems have good information security and function properly.
Norwegian Customs keeps your personal information for as long as it is necessary for us to carry out our statutory duties (see section 1), and in accordance with current legislation. Our need to retain your personal data will depend on the type of information in question as well as what duties we will be performing.
As a general rule, personal data will be deleted or anonymized when the need for retention is gone. An exception is if we have a statutory duty to keep the data in accordance with other regulations, such as the Archives Act.
Personal information obtained using Automatic Number-Plate Recognition (ANPR) systems is specifically regulated in the Act relating to the importation and exportation of goods (Movement of Goods Act). It states that these data elements can be stored for up to 6 months from the time in which they were obtained.
Norwegian Customs receives information and tips on illegal import and export of goods. In such cases, we must verify the veracity and relevance of the information within 4 months.
Footage from the surveillance cameras at our customs stations is automatically deleted after 7 days. However, in the event of an extraordinary case, this could require a storage time of up to 30 days. This is done to ensure that the recording(s) can be provided to the police in connection with criminal offences or incidents.
If you are registered in our systems, you have these rights under the General Data Protection Regulation:
Right to access
You can request further information on how we process your personal information. We can provide details on what personal information we have about you, the purposes of the processing activities involving your personal data, where it was collected from and whether it was disclosed to a third party. You can also request a copy of your personal information.
However, in some cases we may deny you access if the situation necessitates it and the conditions for it are fulfilled. An example of this could be that the information is being used for the purpose of uncovering breaches of customs legislation or for the protection of other people.
Right of rectification
You can ask us to correct or supplement information about you that is incorrect or misleading.
Right to erasure
In certain situations, you can ask us to delete information about yourself.
Right to restriction of processing
In some situations, you may also ask us to restrict the processing of information about you.
Right to object
In some cases, you have the right to object to our processing of information about you.
Opportunity to complain
If you believe that the Customs Administration does not process your personal data in accordance with current legislation, you can appeal to the Norwegian Data Protection Authority.
Information on how to proceed in English can be located here (European Data Protection Board page), otherwise you are able to contact Datatilsynet (Norwegian Data Protection Authority page).
You can contact us using this contact form. You can contact us with inquiries about accessing your information as well as exercising your other rights. For us to better safeguard your privacy, please do NOT submit sensitive personal information in this form.
Contact our Data Protection Officer (DPO)
You can also contact our Data Protection Officer, for advice and guidance on Norwegian Customs' processing of personal data. The Data Protection Officer will help safeguard your privacy interests, including helping you to determine how you can proceed in exercising your rights. Our Data Protection Officer can be reached here.