Privacy statement

All processing of personal data at Bane NOR will take place in accordance with Norwegian legislation, including the Norwegian Data Protection Act and other legislation that governs our activities.

On this page:

General information about the processing of personal data at Bane NOR

Bane NOR is responsible for the planning, construction, administration, operation and maintenance of the national rail network, traffic management and administration and development of railway property.

This involves processing personal data relating to our own employees, employees of suppliers and other business associates, tenants and passengers.

All personal data that is processed is necessary for us to deliver the statutory or appropriate services required to fulfil our social mission in an efficient and reliable manner.

Data controller

Bane NOR, represented by the CEO, is the data controller for all personal data processed by Bane NOR.

Legal basis for the processing of personal data

All processing of personal data at Bane NOR is performed pursuant to Norwegian legislation. This could be governed directly through the Norwegian Data Protection Act or other legislation.

As a state-owned company and manager of the national railway infrastructure, our processing of personal data is mostly based on laws and regulations governing railway operations and safety in and adjacent to the railway. 

Personal data security

When Bane NOR processes your personal data, the data is processed securely so that the data is protected against unauthorised access. Your personal data can only be accessed by employees acting in an official capacity.

Data processors and the sharing of personal data

Bane NOR uses third parties, for example to operate several of our central IT systems. When such third parties process personal data on behalf of Bane NOR, we enter into a data processing agreement with the third parties to ensure that the data is not used for anything other than the intended purpose.

All personal data is processed and stored within the EU/EEA.

In some cases, Bane NOR will disclose personal data to third parties. Examples of such third parties include companies that provide assistance to passengers with special needs, the Norwegian Tax Administration or the public authorities.

Retention period

Personal data shall be stored for as long as necessary to fulfil the purposes for which the data was collected or to comply with statutory requirements or legal obligations, including the Norwegian Archives Act and accounting legislation. We also store personal data for as long as necessary to fulfil any agreement we have entered into with you or for reasons of security.

Important processing of personal data at Bane NOR

Here are some of the most important types of processing of personal data that occur at Bane NOR. This overview is not exhaustive.

Rights of data subjects

Anyone whose personal data is registered by Bane NOR has the right to:

  • access to their own personal data
  • correct errors in their own personal data
    restrict Bane NOR’s processing of personal data if such data is incorrect, the data subject wishes to inspect the data or the data subject believes that we can fulfil our obligations by processing less data
  • erase their own personal data if the required purposes are no longer valid and there is no legal requirement/legal basis for continued retention.
  • object to processing in cases where Bane NOR processes personal data for the purpose of pursuing a legitimate interest or in cases where the processing of personal data is necessary to fulfil a task that is in the public interest.

Contact and complaints

Contact us

More information

Please contact us via e-mail if you would like to exercise your rights as a data subject.

Bane NOR’s Data Protection Officer

Complaining to the Norwegian Data Protection Authority

You have the right to complain about our processing of personal data to the Norwegian Data Protection Authority. Please visit the Norwegian Data Protection Authority’s website for further details.

The Norwegian Data Protection Authority(opens in a new tab)