Safe Control FDV

Privacy Policy – Field App

Effective date: April 12, 2026  |  Last updated: April 12, 2026

1. Introduction

This Privacy Policy describes how Safe Control FDV AS («we», «us», or «our») collects, uses, and protects personal data when you use the Safe Control FDV field application («the App»). The App is a hybrid mobile application for smartphones and tablets, designed for field workers managing municipal infrastructure through the Safe Control FDV system. The App includes case management, object registration, map-based navigation, media capture, and chat functionality.

We are committed to protecting your privacy and handling your data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Norwegian data protection legislation.

2. Data Controller

The data controller for the processing carried out through the App depends on the context:

  • Your employer or municipality (the customer) is the data controller for all business data, case data, and personal data processed within the Safe Control FDV system.
  • Safe Control FDV AS acts as the data processor on behalf of the customer, under a Data Processing Agreement based on the template provided by the Norwegian Digitalisation Agency (Digitaliseringsdirektoratet).

Safe Control FDV AS

Org. no.: 924 518 537

Østre Grenstøl 6, 4900 Tvedestrand, Norway

Email: post@safecontrol.no

Website: www.safecontrol.no

3. Data We Collect

The App may collect and process the following categories of personal data:

CategoryData TypesPurpose
Account & identityName, username, email address, organizational roleAuthentication, access control, and audit logging
Location dataGPS coordinates, reverse-geocoded street addressPositioning cases and infrastructure objects on the map; automatic address lookup
MediaPhotos, video recordings, voice messagesDocumenting field observations, damages, and inspections
Case dataTitles, descriptions, notes, status, timestamps, assigned personnelTask management, workflow execution, and reporting
Chat messagesText messages, timestamps, sender identityInternal communication between field workers and office staff
Device informationDevice identifier (for automatic login authorization)Enabling approved-device login for efficient field access

Public fault reporting portal

If you use the public fault reporting feature (Feilmeldingsportal), the following data may also be collected: your name, phone number, email address, and your reported location. This data is used to process the report and optionally send you status updates via SMS or email.

4. Legal Basis for Processing

Personal data is processed on the following legal grounds under GDPR Article 6:

  • Legitimate interest (Art. 6(1)(f)): Processing is necessary to operate and maintain municipal infrastructure management effectively.
  • Performance of a contract (Art. 6(1)(b)): Processing is necessary to provide the service under the agreement between the customer and Safe Control FDV AS.
  • Consent (Art. 6(1)(a)): Where applicable, such as receiving optional SMS or email notifications about case updates in the public portal.

5. How We Use Your Data

We use the collected data exclusively for the following purposes:

  • Operating and delivering the Safe Control FDV field service
  • Enabling case registration, tracking, and completion in the field
  • Positioning infrastructure objects and cases on maps
  • Facilitating communication between field personnel and office staff
  • Generating audit logs and activity history
  • Improving system reliability and performance

We do not use your data for advertising, profiling, or any purpose unrelated to the operation of the Safe Control FDV system.

6. Data Sharing and Third Parties

We do not sell, trade, or otherwise transfer personal data to third parties. Data may be shared with:

  • The customer organization (your employer/municipality), who is the data controller and owner of all business data.
  • NVDB (Nasjonal vegdatabank) and similar public registries, for integration purposes where configured by the customer. Such integrations occur exclusively over encrypted connections.

We do not use sub-processors that would transfer personal data outside Norway or the EU/EEA.

7. Data Storage and Security

All data is stored exclusively in Norway, in a secure data center located in Rygge, Moss municipality. The data center is operated by a Norwegian company and has no data storage, mirroring, or backup outside Norway.

Our security measures include:

  • All communication encrypted via HTTPS/TLS between the App and our servers
  • Cloudflare Web Application Firewall (WAF) for protection against DDoS, SQL injection, XSS, and other attacks
  • Geographic IP restriction allowing only traffic from Norwegian IP addresses
  • Token-based API authentication with role-based access control
  • Passwords encrypted at rest in the database
  • Daily backups retained for 90 days, monthly backups for 12 months, and offline backups retained for 30 days
  • Ransomware-protected backup copies
  • Biometric access control and fire/intrusion alarm systems at the data center

8. Data Retention

Personal data is retained for as long as the customer’s service agreement is active. The customer (data controller) determines retention periods for case data in accordance with their own data management policies and applicable regulations.

Upon termination of the service agreement, the customer receives a complete data export at no additional cost. Data is available via the web interface, Excel/CSV export, REST API, or full database extract.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access – You may request a copy of the personal data we hold about you.
  • Right to rectification – You may request correction of inaccurate personal data.
  • Right to erasure – You may request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction – You may request that processing of your data be restricted.
  • Right to data portability – You may request your data in a structured, machine-readable format.
  • Right to object – You may object to certain types of data processing.

Since your employer or municipality is the data controller, requests regarding your rights should in the first instance be directed to your organization. You may also contact us directly at the address above, and we will assist in forwarding your request.

You also have the right to file a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no.

10. Permissions Used by the App

The App may request the following device permissions:

  • Camera – To capture photos and video for case documentation
  • Microphone – To record voice messages for case registration and chat
  • Location (GPS) – To position cases and objects on the map and determine your field location
  • Storage – To save and access media files related to cases
  • Internet access – To communicate with the Safe Control FDV servers

All permissions are used solely for the purposes described in this policy. You can manage permissions through your device settings at any time.

11. Children’s Privacy

The App is designed for professional use by municipal employees and contractors. It is not intended for use by children under 16 years of age, and we do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated «Last updated» date. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our data handling practices, please contact us:

Safe Control FDV AS

Østre Grenstøl 6, 4900 Tvedestrand, Norway

Email: post@safecontrol.no

Phone: +47 37 16 07 00

Website: www.safecontrol.no

© 2026 Safe Control FDV AS. All rights reserved.