Privacy Statement

Norwegian Customs processes your personal data in order to perform such tasks as:

• to ensure that the legislation regulating the import and export of goods to and from Norway is complied with
• customs treatment of goods that are imported or exported to or from Norway
• to help ensure that customs duty on goods being imported or exported are determined correctly
• to contribute to the implementation of European customs cooperation
• to guide residents and businesses
• to handle inquiries
• to archive public documents
• to compile statistics and analyses
• to process alerts from external in whistleblowing cases

When importing and exporting goods, Norwegian Customs assists other cooperating authorities in ascertaining the effectiveness and accuracy of their legislation. We also assist with the compliance with various regulations on behalf of many agencies such as: the Norwegian Food Safety Authority (Mattilsynet), the Norwegian Agriculture Agency (Landbruksforvaltningendirektoratet), the Norwegian Medicines Agency (Legemiddelverket) and the Norwegian Tax Administration (Skatteetaten). This cooperation includes but is not limited to; working on legislation relating to taxes and fees, food and foodstuffs, drugs, alcohol, tobacco, medicines, weapons, dangerous substances, animals, the environment, waste and intellectual property rights. We also cooperate with other countries' customs authorities in these areas.

We also process personal data in cases where other public authorities rely on information from Norwegian Customs in order to carry out their statutory duties, in a safe and sound manner. This is typified by the partnership Norwegian Customs has with Statistics Norway and the Norwegian Tax Administration. Information from all customs declarations is transferred to Statistics Norway for the preparation of trade statistics as well as to the Tax Administration for the calculation and collection of taxes.

We also process personal data, to assess, whether goods entering into the EU/EEA might pose a threat to safety & security, public health, the environment or to consumers.

The Norwegian Customs processes personal data primarily when it is necessary to exercise statutory public authority. This means that as a government entity, Norwegian Customs is performing their legal obligations in accordance with the law. It is mainly the Act relating to the importation and exportation of goods (Movement of Goods Act), Act relating to customs duties (Customs Duty Act) and the Public Administration Act, which is the framework for how the Norwegian Customs performs their work. The two acts also allow for the legal processing of personal data. We are also assigned tasks by way of other legislation, such as the Tax Administration Act, the Road Traffic Act and the Medicines Act

For more information you can refer to the Customs Act available in English here or email us at: post@toll.no for questions about our Customs Act.

Norway has assistance agreements, to ensure mutual assistance in customs matters, with several countries and the EU. Moreover, many of our trade agreements contain confidentiality rules in which the relationship to privacy is also covered. Through a security agreement with the EU, Norway has committed to contributing to the risk assessment of goods entering into the EU/EEA; see fo

Norwegian Customs also has a legitimate interest in ensuring the safety of our employees as well as the public. This is in relation to travel and the execution of controls, as well as safeguarding our buildings. We therefore have surveillance cameras at the various customs stations and in our office buildings.

Norwegian Customs uses information from a variety of sources. Here are some examples:

• Information from importers/exporters/carriers/freight forwarder. When importing or exporting goods, information must be provided to Norwegian Customs in connection with border crossing and during the relevant customs procedure.
• Information from other publics registers, such as the National Register and the Foreign Exchange Register (via the Tax Administration), the Vehicle Register (via the Norwegian Public Roads Administration) and the Brønnøysund Register Center (an agency responsible for several public registers).
• Customs authorities in other countries, with whom we cooperate.
• EU Joint Service for Importation (ICS2 Common Repository), cf. Regulation concerning importation and exportation of goods" (Movement of goods regulation) § 2-1-1.
• NCTS - an electronic system for exchanging transit information between the business sector and the Norwegian Customs; as well as to provide advance notification of goods directly to and from third countries. Additionally, other international registers such as: the EU Corporate Register, EU systems of origin like REX (Registered Exporter System), food safety supervision such as RAPEX (Rapid alert system for dangerous goods) and TRACES (Trade Control and Expert System) etc.
• Tips and alerts from the public
• Information obtained through various control activities carried out by us or in partnership with other government authorities.
• Information from readily available sources such as open web sites
• Information on the cross-border traffic on roads and at ferry terminals from our Automatic Number-Plate Recognition system (ANPR)
• Passenger Information from transport operators
• Camera surveillance from customs stations
• Camera surveillance at our office buildings

The Norwegian Customs processes personal data that is necessary to complete our responsibilities described under section 1. What specific personal information about you that we process depends on the type of task we are performing.

Name and contact information

As an example, we process personal data and national register information, which contains details about people residing in Norway and abroad. Which is to say that we have access to, among other things, details regarding identity (name, date of birth, gender, citizenship), contact information (postal address, place of residence, e-mail address and telephone number) and familial relationships (spouse, children, cohabitant/partner, etc.).

Information from the movement of goods

Controlling the movement of goods to and from Norway is a key duty for the Customs Authority. We therefore collect a considerable amount of information about goods that are imported or exported, including personal data. As an example, we record information about the sender and recipient, the value, as well as a description of the goods. In cases where the import of a product is subject to a special permit, we also record information about it, e.g., whether the necessary permits are in place to import weapons or to carry medicines.

Information that is necessary for planning, targeting and executing searches and controls

Norwegian Customs also records and processes personal data in connection with the planning and targeting of tactical operations. This may include information about past customs legislation violations, financial transactions made to and abroad found in the currency register, or information on traffic and behavioral patterns. When carrying out inspections, we make use of a wide range of information such as names / contact information, information on the import & export of goods, means of transport, finances and other information that may be pertinent and essential in a customs inspection.

Using the Automatic Number-Plate Recognition System (ANPR), Norwegian Customs controls cross-border traffic on highways and at ferry terminals. The information we collect includes: the car's registration number, vehicle direction as well as the time and place of passage. In addition, a picture is taken of the vehicle. The image is automatically censored so that it is not possible to recognize the people in the photo or how many passengers the vehicle carries. The registration number of everyone passing the border is compared to different lists of vehicles. This applies to vehicles that are petitioned for license plate removal, reported stolen, or marked as interesting by the Norwegian customs control for various reasons. Based on the vehicle registration number, we are able obtain information about who owns the vehicle when such information is necessary.

Camera surveillance at customs stations

Camera surveillance at customs stations entails that we process pictures of the data subjects, registration numbers of vehicles, travel patterns, as well as the goods brought by the data subjects.

Camera surveillance of our office buildings

To secure our office buildings, Norwegian Customs has established camera surveillance. This entails that we process pictures of both passers-by and visitors. The photos are stored with time and location information.

Personal data is processed in Norwegian Customs' various registers and systems. This can be everything from our declaration processing system TVINN, our customer register, our archive and case management system Public360, to our intelligence and analysis systems. Any whistleblowing alerts are processed by the following guidelines .

When it is necessary for us to plan, target and carry out tactical operations, the Norwegian Customs also compiles and analyzes personal data from various sources and information systems that we have access to.

Norwegian Customs' employees only process your personal data when this is necessary for the agency to be able to carry out its duties.

Access to our IT-systems is regulated by our core principle; that an employee must have a work responsibility that necessitates accessing any stored personal data.

All employees in Norwegian Customs, and those who carry out assignments on our behalf, have a duty of confidentiality regarding wealth and income matters. This includes other financial, business, and personal matters that they may have access to through their work.

Use of data processors

Norwegian Customs operates and manages the major core systems used to carry out our duties. For some services and solutions, we use different external suppliers, these suppliers are the Norwegian Customs' data processors. We are required to enter into separate agreements (data processing agreements) with our data processing suppliers in order to ensure that they process the personal data in accordance with the specifications from the Norwegian Customs. Our suppliers may only process the personal data to the extent necessary to fulfill their obligations.

Norwegian Customs only discloses personal information when there is a valid legal basis. This includes:

• delivering to other public authorities (for example: The Tax Administration, the Agriculture Agency, the Police or the Norwegian Labor and Welfare Administration)
• EU supervisory bodies and supervision where this is regulated by a regulation or directive included in the EEA Agreement, including the EU Joint Service for Import Control System 2- Common Repository and the Norwegian Customs Electronic Transit System (NCTS).
• foreign customs authorities with whom we have an agreement with; this may also include authorities outside the EU / EEA area
• research and statistics organizations, such as Statistics Norway
• the National Archives according to the Archives Act

Norwegian Customs must comply with the Act relating to the importation and exportation of goods (Movement of Goods Act), Act relating to customs duties (Customs Duty Act), the Personal Data Act, the Public Administration Act, the Archives Act and the Freedom of Information Act. We are therefore responsible for ensuring that all personal data is processed in a proper, correct and secure manner.

Norwegian Customs manages large amounts of personal information and therefore strict requirements are imposed on us with regards to information security. We protect the information in our IT systems in various ways, such as through firewalls, and by controlling who has access to our systems and buildings. We are constantly striving to ensure that our IT systems have good information security and function properly.

Norwegian Customs keeps your personal information for as long as it is necessary for us to carry out our statutory duties (see section 1), and in accordance with current legislation. Our need to retain your personal data will depend on the type of information in question as well as what duties we will be performing.

As a general rule, personal data will be deleted or anonymized when the need for retention is gone. An exception is if we have a statutory duty to keep the data in accordance with other regulations, such as the Archives Act.

Personal information obtained using Automatic Number-Plate Recognition (ANPR) systems is specifically regulated in the Act relating to the importation and exportation of goods (Movement of Goods Act). It states that these data elements can be stored for up to 6 months from the time in which they were obtained.

Norwegian Customs receives information and tips on illegal import and export of goods. In such cases, we must verify the veracity and relevance of the information within 4 months.

Footage from the surveillance cameras at our customs stations is automatically deleted after 7 days. However, in the event of an extraordinary case, this could require a storage time of up to 30 days. This is done to ensure that the recording(s) can be provided to the police in connection with criminal offences or incidents.

If you are registered in our systems, you have these rights under the General Data Protection Regulation:

Right to access

You can request further information on how we process your personal information. We can provide details on what personal information we have about you, the purposes of the processing activities involving your personal data, where it was collected from and whether it was disclosed to a third party. You can also request a copy of your personal information.

However, in some cases we may deny you access if the situation necessitates it and the conditions for it are fulfilled. An example of this could be that the information is being used for the purpose of uncovering breaches of customs legislation or for the protection of other people.

• Read more about the right of access (European Commission site)

If you would like to request access to your personal data used by the Norwegian Customs, you can use this form and send it to us using our contact form.

Right of rectification

You can ask us to correct or supplement information about you that is incorrect or misleading.

• Read more about the right to correct or supplement information (European Commission site)

Right to erasure

In certain situations, you can ask us to delete information about yourself.

• Read more about the right to delete (European Commission site)

Right to restriction of processing

In some situations, you may also ask us to restrict the processing of information about you.

• Read more about the right to restriction (European Commission site)

Right to object

In some cases, you have the right to object to our processing of information about you.

• Read more about the right to object (European Commission site)

Opportunity to complain

If you believe that the Customs Administration does not process your personal data in accordance with current legislation, you can appeal to the Norwegian Data Protection Authority.

Information on how to proceed in English can be located here (European Data Protection Board page), otherwise you are able to contact Datatilsynet (Norwegian Data Protection Authority page).

You can contact us using this contact form. You can contact us with inquiries about accessing your information as well as exercising your other rights. For us to better safeguard your privacy, please do NOT submit sensitive personal information in this form.

Contact our Data Protection Officer (DPO)

You can also contact our Data Protection Officer, for advice and guidance on Norwegian Customs' processing of personal data. The Data Protection Officer will help safeguard your privacy interests, including helping you to determine how you can proceed in exercising your rights. Our Data Protection Officer can be reached here.