Privacy statement

Last update: 13th of November 2019

This platform is owned and operated by the Norwegian registered company DNV GL AS (“DNV GL” Veritasveien 1, 1363 Høvik, Norway, registration number 945 748 931).



This privacy statement applies to any processing of personal data on which is hereinafter referred to as the “Platform”.

Personal data in this regard shall mean any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

Processing shall mean any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


How we process your personal data

Personal data automatically collected when you browse the Platform

When you visit the Platform for informational reasons, i.e. without being registered, we will automatically gather and store certain information (e.g. device type, the browser used, the date and time of visit, pages visited).

We use such data only to assist us in providing an effective service (e.g., to adapt our Platform to the needs of your end user device or to allow you to log into our Platform). The personal data collected is necessary to provide you with the Platform. The legal basis for this processing activity is Article 6 (1) 1 lit. f of the European General Data Protection Regulation (“GDPR”).


Registration for and use of our services and products

We will process personal data actively provided by you, e.g. when you register with us by setting-up an account on Veracity, sending us requests or questions, prepare offers or place orders or access services. Such personal data may contain inter alia your name, e-mail address, contact details, company affiliation, request and order information.

DNV GL collects and uses personal data only to provide you with the services you requested, to administer your account, identify you at sign-in and to communicate with you. We also interact with you via our general enquiry/support sections or responding to complaints or general feedbacks given by you on our services or because we had or have a contract with you in place. For this, the legal basis is Article 6 (1) 1 lit. b GDPR (i.e., the processing is necessary for entering into or the performance of a contract with you).

As the case may be we may also contact you with regards to your satisfaction with our products and services and may conduct other surveys.

We use the personal data and contact data you provide by registration to inform you directly about our additional products and services. The use of your personal data for directly advertising related products and services is a legitimate interest for us as a provider of this Platform, Article 6 (1) lit. f GDPR.

You can object to the use of your personal data for direct marketing at any time. We will then refrain from any processing to the extent it is related to such purposes. You can inform us about your objection under contact

We process your personal data as far as necessary for compliance with legal obligations to which we as the data controller are subject, in particular the applicable commercial accounting obligations and tax law requirements. The legal basis for this processing activity is Article 6 (1) 1 lit. c GDPR.

Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your user account is used. After deletion of your account, your personal data will be erased once the purpose for keeping it has expired. As the case may be some personal data may be kept for security related purposes. Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.

Usage Reports

We will provide our customers with usage reports to inform them how data is captured, accessed and processed. In order to do so, we will track the activity on a data container, e.g. date and time of access.

Legal basis for this processing is Article 6 (1) 1 lit. f GDPR as it is our and the customer’s legitimate interest to get to know how their data is used.

Content Matching

Veracity is using your preference and usage of the Platform to match you with relevant content. If you do not want us to collect, save and analyse information on your visit and if you do not want to receive information on Veracity in line with your interests you can object to this at any time for the future (opt out).

Log files

Veracity is collecting log files when using the Platform to determine error situations.

Legal basis for this processing is Article 6 (1) 1 lit. f GDPR as it is our and the customer’s legitimate interest to get to know how their data is used.

Informational e-mails

With your email address you can subscribe to our informational e-mails that provide you with the latest news about our products and services like research, analytics, reports and whitepapers if you consent to receiving such e-mails. The legal basis for this processing is Article 6 (1) lit. a GDPR. Your email address will be retained as long as you subscribe to our informational e-mails.

This service is partly provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service. If your subscription is not confirmed we will not send you informational e-mails.

You can unsubscribe from this service by opting out via the link provided in each informational e-mail.

Data collected from third party sources

We may also collect personal data about you such as your name and contact details for providing you with information on products and services, coming from third party resources on trade fairs and webinar vendors we are participating in.

Legal basis for this processing is Article 6 (1) 1 lit. f GDPR as it is our company group’s legitimate interest to maintain our user base, bring new users to the Platform and inform (potential) users about services organized and provided by DNV GL.


Automated decision making

We do not use your personal data for automated decision making which produces legal effects concerning you or similarly significantly affects you.


Recipient of your personal data

Your personal data will be disclosed to the following parties:

Group internal recipient

Within the DNV GL company group, your personal data may be transferred to various entities of the DNV GL Group. DNV GL consists of DNV GL Group AS with subsidiaries [] (“DNV GL”). The legal basis for such transfer is DNV GL Group’s legitimate interest in the provision of a shared custom support, administration and internal IT department as well as our company group’s legitimate interest to guarantee smooth operations between our entities for the purposes set out above. Personal data may be transferred outside of the country in which it was collected for.

DNV GL is a Binding Corporate Rules (Controller) certified company and therewith personal data transferred to a third country outside the European Union / European Economic Area is subject to these.


Third party recipients

We engage third party companies and individuals who assist us in providing the services and products we offer through this Platform or support us with certain functions related to this Platform. Your personal data will be e. g. shared with the following  third parties and partly their sub-processors based also outside EU/EEA:

  • Microsoft Corporation
  • Avanade Inc. (United States)
  • Accenture Solutions Private Limited (India)
  • Accenture Inc. (Philippines)
  • Sarl.
  • Stripe Payments Europe Ltd

Moreover, when you purchase a service on Veracity from any Service Provider we share  the following basic set of personal data (e.g. username, name, company affiliation, email, service subscription, login ID)for the purpose of enabling the service provider to verify that you are registered as a user of Veracity and to allow you to experience usage of Veracity in a more convenient way. We require these Service Providers to comply with relevant personal data protection laws.

Our Service Providers will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with the requests.

We may disclose your personal data if legally entitled or required to do so (for example if required by law or by a court order). The legal basis for this processing is Art. 6 (1) 1 lit. c GDPR.  

Payment service provider

We use Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2 to process payments. When you purchase services on the Platform your transaction information, including your payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase will directly be collected by Stripe. We do not retain any financial information such as credit card numbers. Stripe only provides the order information (i.a. order, name, company, amount) to us.

Stripe may process some of your data for its own purposes in its capacity as data controller to comply with legal obligations and requirements. This data processing falls within the sole responsibility of Stripe. For more information on the data processing by Stripe please see their privacy policy:

The legal basis for the data transfer and processing activities of data processors is Art. 28 GDPR in conjunction with the data processing agreements we concluded with respective third party companies.

International data transfer

Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the European Union) which may have different data protection standards than your country of residence. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures to keep up an adequate level of data protection also when sharing your personal data with such countries.

In the case of a transfer outside of the European Union, this transfer is safeguarded by  the EU Standard Contractual Clauses. You can find further information about the aforementioned safeguards under:


Retention periods

We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.


How we use cookies

The Platform uses cookies. A cookie is a small file of letters and numbers that we put on your computer. These cookies allow us to distinguish you from other users of the Platform which helps us to provide you with a good experience when you browse our Platform, and to improve our Platform.

A cookie can be classified by its lifespan and the domain to which it belongs. By lifespan, a cookie is either a:

  • session cookie which is erased when the user closes the browser or
  • persistent cookie which remains on the user's computer/device for a pre-defined period of time.

As for the domain to which it belongs, there are either:

  • first-party cookies which are set by the web server of the visited page and share the same domain
  • third-party cookies are stored by a different domain to the visited page's domain. This can happen when the webpage references a file, such as JavaScript, located outside its domain.

The cookies we use allow us to see:

  • The Internet domain and Internet Protocol (IP) address from which you access our Platform;
  • The type of Internet browser and the operating system of the computer you use to access our Platform;
  • The date and time you visit our Platform;
  • The pages you visit on our Platform;
  • The pages you shared on social media and to which social media network;
  • If you linked to our Platform from another Platform, the address of that Platform; and

If you were referred to our Platform from a search engine, the address of that Platform and the search term you used to find us.

Cookies used on Veracity is grouped into the following categories:

  • Common: cookies which are used on all the four pages (tabs) in Veracity
  • Home: cookies used on this page.
  • My Services: cookies used on this page.
  • Marketplace: cookies used on this page.
  • My Data: cookies used on this page.






This cookie contains a Globally Unique Identifier (GUID) a randomly generate strings of characters and numbers that is used to identify visitors to our site. 



This cookie gets dropped automatically and simply contains the value ‘OK’. 



Contains a generated session identifier for the user session. 



Contains a generated user identifier for tracking activities by user. 



The Web App on Azure uses this cookie to ensure the user is always routed to the same instance of the web application. 


_ga and _gid 

Set and used by Google Analytics to track user activity and interactions with a unique identifier. 



The browser sends this cookie with requests to Google’s websites. It contains the unique ID that Google uses to remember your preferences. 



Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown. 



Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in. 



Hotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site. 



Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in. 



Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels. 



Hotjar cookie. This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show. 



Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. 



Used to facilitate authentication. 

My Services 


Google advertising cookie used for user tracking and ad targeting purposes. 



Managing sessions to ensure user requests are routed consistently to the correct server 



Contains a unique code to determine which advertisements have been shown on a device, on behalf of Google Inc. Allows monitoring of the effectiveness of the ads and make the ads more relevant to the user. 



Marketing cookie which optimizes ads based on someone’s past visit to the website. 



Stores your cookie consent session for our site. 


FedAuth (x 5) 

The FedAuth cookie is a cookie for the user's session. Also inside the FedAuth cookie is a reference to the SAML token stored in SharePoint's token cache (i.e. on the server). This reference is so SharePoint can keep track of who the user is and what they can access.  



Tracks if the Policy is checked by the user. 



The language chosen by user (e.g.: en-US). 






Stores session data during a website visit, issued by Microsoft's ASP.NET Application. 

My Data 


Stores the sessionID in the browser.  



This provides protection from cross-site request forgery (CSRF) attacks. 


Any data processing that occur while using cookies used for the sole purpose of carrying out the transmission of a communication and/or strictly necessary to perform the services you required is based on Article 6 (1) lit. b GDPR.

In case personal data is processed in the course of using cookies and/or similar technologies that are used for other purposes, e.g. improving our Platform or marketing purposes, the processing is based on Article 6 (1) lit. f GDPR and represents our legitimate interest in maintaining our user base, bringing new users to the Platform and informing (potential) users about services organized and provided by DNV GL.

You can control and/or delete cookies as you wish – for details, see You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit the Platform and some services and functionalities may not work.

Please note that Service Providers might be using their own Cookies.

Google Analytics

This Platform uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyse how users use the site. The information generated by the cookie about your use of the Platform (including your IP address) will be transmitted to and stored by Google on servers in the United States.

The Platform uses Google Analytic’s IP anonymisation function. Google will truncate/anonymise the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On our behalf, Google will use this information for the purpose of evaluating your use of the Platform, compiling reports on Platform activity and providing other services relating to Platform activity and internet usage to us. Google will not associate your IP address with any other data held by Google.

Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under An opt-out cookie will be set to prevent the future collection of your information when you visit this Platform.

Further information can be found under Google reCAPTCHA

The Platform uses “Google reCAPTCHA” provided by Google.

reCAPTCHA is used to check whether the data entered on the Platform has been entered by a human or by an automated program. Therefore reCAPTCHA analyzes the behavior of the Platform visitor. This analysis starts automatically as soon as you enter the Platform. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the Platform, or mouse movements made by the user).  The data collected during the analysis will be forwarded to Google.

Data processing is based on Article 6 (1) 1 lit. f GDPR. DNV GL has a legitimate interest in protecting its site from abusive automated crawling and spam.

For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: and


LinkedIN Insight Tag

The Platform uses “LinkedIn Insight Tag” provided by LinkedIN.

LinkedIN Insight will create a cookie, that will capture the following personal data: metadata such as IP address, timestamp, and page events (like page views). This data is, according to LinkedIN encrypted, the IP addresses are truncated, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining, pseudonymized data is then deleted within 90 days. LinkedIN will not share the personal data with us.

With the help of the LinkedIn Insight Tag we are able to analyse the success of our campaigns within the LinkedIn platform or determine target groups for them based on the interaction of the users with the Platform.  

Data processing is based on Article 6 (1) 1 lit. f GDPR we have a legitimate interest in displaying personalized advertising and evaluate the use of our Platform. For more information on the privacy settings see here:


The Platform uses Hotjar.

Hotjar is a technology service that helps DNV GL to better understand how you use the Platform (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Therefore, according to Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our Platform According to Hotjar, this information is stored in a pseudonymized user profile. Neither Hotjar nor DNV GL will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

Data processing is based on Article 6 (1) 1 lit. f GDPR we have a legitimate interest in displaying personalized advertising and evaluate the use of our Platform.



  • Security of personal data is our highest concern. We apply strict security measures to protect confidentiality and integrity of your personal data when transferring, storing or processing it.
  • We use physical, administrative and technical security measures to reduce the risk of loss, misuse or unauthorized access, disclosure or modification of your personal data.
  • Your personal data is stored using industry best practices on secure servers at fully classed data centers
  • All traffic is transmitted over secured communication protocols (TLS/SSL)
  • All access to our systems is implemented using industry best practices
  • Our systems are continuously monitored
  • Our systems are penetration tested by third party companies
  • Our systems are continuously scanned for vulnerabilities
  • Our systems and processes are ISO 27001 certified



Data subjects’ rights

You may be entitled to exercise some or all of the following rights free of charge:

a.         require (i) information whether your personal data is retained and (ii) access to and/or (iii) duplicates of your personal data retained, including the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed and where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

b.         request proper rectification, removal or restriction of your personal data, e.g. because (i) of the incomplete or inaccurate nature of the personal data, (ii) it is no longer needed for the purposes for which it was collected, (iii) the consent on which the processing was based has been withdrawn, or (iv) you have taken advantage of an existing right to object to the data processing; in case your personal data is processed by third parties, we will forward your request for rectification, removal or restriction also to such third parties unless this proves impossible or involves disproportionate effort;

c.         receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller,

d.         refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;

e.         object at any time that your personal data will be used for direct marketing purposes, or – based on grounds relating to your particular situation, that your personal data shall be subject to data processing for other purposes;

f.          not to be subject to any automatic individual decisions (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or similarly significantly affect you;

g.         take legal actions in relation to any breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators.


Revision of the Privacy Statement

DNVGL may change or update the privacy statement without notice. All such changes will take effect once they have been posted on the Platform. It is your responsibility to monitor such updates. The privacy statement was last updated on the date stated at the beginning of this privacy statement.

Contact Details

If you are concerned about use of the Data or have any questions regarding this Privacy Statement, please contact our data protection officer via or by getting back to her using the same postal address as listed below. DNV GL regrets that only general queries about the privacy statement can be responded to via e-mail.

We wish you a pleasant, enhanced user experience at the Platform!

Veritasveien 1
1322 Høvik