Privacy Policy
Last updated: 25 May 2026
1. Who we are
Norwegian Chinese Chamber of Commerce (“NCCC”, “we”, “us”) is a membership organisation connecting Norwegian and Chinese businesses and professionals.
NCCC is the data controller for the processing of personal data described in this Privacy Policy.
Norwegian Chinese Chamber of Commerce
Organisation number: 989 538 004
Postal address: Postboks 54 Sentrum, 0101 Oslo, Norway
Managing Director: Anne F. Willoch
Email: info@nccc.no
Telephone: +47 464 10 142
This Privacy Policy explains how we collect, use, store and protect personal data when you visit nccc.no, contact us, apply for membership, register for events or otherwise interact with NCCC.
2. What personal data we process
We may process the following categories of personal data:
- Your name, email address, telephone number and company or organisation.
- Your position, line of business and business address.
- Your selected membership category and other information submitted in a membership application.
- Your event registration details, including whether you are an NCCC member.
- The contents of messages, enquiries and correspondence you send to us.
- Information required for membership administration, invoicing and delivery of member services.
- Technical information necessary to operate and protect the website, such as IP address, browser information and server logs.
Please do not submit sensitive personal data, passport information or other confidential documents through the ordinary website forms unless NCCC has specifically instructed you to do so through an appropriate secure process.
3. How we collect personal data
We collect personal data directly from you when you:
- Submit a contact form on our website.
- Apply for membership.
- Register for an event.
- Contact us by email or telephone.
- Become or act as a representative of a member organisation.
- Communicate with us in connection with events, membership services or other activities.
We may also receive professional contact information from your employer or organisation where you are designated as its representative in relation to NCCC.
4. Why we process personal data and our legal basis
| Activity | Personal data processed | Purpose | Legal basis |
|---|---|---|---|
| General enquiries and contact forms | Name, email address, company and message | To respond to your enquiry and communicate with you | Our legitimate interest in responding to enquiries and maintaining business relationships, GDPR Article 6(1)(f) |
| Membership applications | Membership category, company, contact person, position, line of business, address, telephone number, email address and message | To assess your application, communicate with you and establish membership if approved | Steps requested by you before entering into a membership arrangement, GDPR Article 6(1)(b) |
| Membership administration | Contact information, membership status, correspondence, invoicing information and service-related information | To administer membership, provide member services, manage renewals and issue invoices | Performance of the membership arrangement, GDPR Article 6(1)(b), and compliance with legal obligations, GDPR Article 6(1)(c) |
| Event registration | Name, email address, company, membership status and message | To administer attendance, provide event information and follow up on the event | Performance of the registration requested by you, GDPR Article 6(1)(b), and our legitimate interest in organising events, GDPR Article 6(1)(f) |
| Member directory and public membership references | Company name, company logo and, where applicable, individual member name | To display membership and support networking within the NCCC community | Your consent where personal information is published, GDPR Article 6(1)(a), or our legitimate interest where only organisation-level information is displayed, GDPR Article 6(1)(f) |
| Member communications and newsletters | Name, email address, company and membership status | To provide member-related information, invitations and updates relevant to your membership | Performance of the membership arrangement or our legitimate interest in communicating with members, GDPR Article 6(1)(b) or (f). Where required, marketing communications are based on consent, GDPR Article 6(1)(a) |
| Website operation and security | IP address, browser information and technical logs | To operate, secure, troubleshoot and protect the website | Our legitimate interest in maintaining a secure and functional website, GDPR Article 6(1)(f) |
| Legal obligations and disputes | Relevant contact, membership, invoice and correspondence information | To comply with applicable law and establish, exercise or defend legal claims | GDPR Article 6(1)(c) and Article 6(1)(f) |
Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect processing already carried out before the consent was withdrawn.
5. Contact forms, membership applications and event registrations
Our website contains several forms.
General enquiries
When you use a general contact form, we process the information you submit in order to review and respond to your enquiry.
Membership applications
When you apply for membership, we process the information you provide in order to evaluate your application, contact you regarding the application, establish a membership relationship if approved and administer related invoicing and services.
Certain membership categories may include a public directory listing. Where publication involves personal data, such as an individual member’s name, we will rely on consent or otherwise ensure that you have been clearly informed before publication.
Event registrations
When you register for an event, we process the information necessary to administer your attendance, provide practical information and communicate with you about that event. Where an event is organised together with another organisation, necessary registration information may be shared with the co-organiser or venue where required for event administration.
6. Membership services involving additional documentation
Some NCCC services may involve additional information beyond ordinary website registrations, for example assistance connected with delegations or visa-related processes.
Where a service requires passports, identification documents or other confidential information, NCCC will provide appropriate instructions and information regarding the processing before such information is collected. Such information should not be submitted through ordinary contact, membership or event forms unless expressly requested through a suitable secure method.
7. Cookies and similar technologies
Our website may use cookies or similar technologies that are strictly necessary for the website to operate securely and correctly, including functionality connected with website forms or administrative security.
We will not use non-essential cookies or similar technologies, such as analytics, marketing technologies or third-party tracking tools, without obtaining valid consent where required by applicable law.
Where non-essential cookies or similar technologies are used, visitors will be provided with information about their purpose, provider and duration, and will be able to accept or reject them through an appropriate consent mechanism.
8. Locally hosted Google Fonts
The website uses Google Fonts that are hosted locally on NCCC’s own website infrastructure.
This means that the font files are loaded from our website rather than from Google’s font servers when you visit the site. No personal data is transferred to Google solely as a result of loading these locally hosted fonts.
9. Who we share personal data with
We may share personal data with the following categories of recipients where necessary:
- Providers of website hosting, website maintenance and form-handling services.
- Providers of email, document storage and other IT services used for administration and communication.
- Accounting, invoicing or professional advisory service providers where required for membership administration or legal compliance.
- Event venues, co-organisers or service providers where necessary to administer an event you have registered for.
- Public authorities where disclosure is required by law.
- The public, where you or your organisation have agreed to publication in a member directory or similar membership presentation.
Service providers that process personal data on our behalf are required to process it in accordance with our instructions and applicable data protection requirements.
10. Transfers outside the EEA
Where possible, we use service providers that process personal data within Norway or the European Economic Area (“EEA”).
If personal data is transferred outside the EEA, we will ensure that the transfer is made in accordance with applicable data protection law, for example on the basis of an adequacy decision, approved standard contractual clauses or another lawful transfer mechanism.
You may contact us for further information about applicable safeguards relating to international transfers.
11. How long we retain personal data
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Our general retention principles are:
| Category | Retention period |
|---|---|
| General enquiries and correspondence | Normally deleted when the enquiry has been resolved and there is no further need to retain it, ordinarily within 12 months after the last relevant contact |
| Membership applications that do not result in membership | Normally deleted within 12 months after the application has been concluded, unless retention is required for a specific reason |
| Membership records | Retained for the duration of membership and thereafter where necessary for administration, documentation, legal claims or legal obligations |
| Invoice and accounting information | Retained for the period required under applicable bookkeeping and accounting legislation |
| Event registration information | Normally retained for up to 12 months after the event, unless further retention is necessary for invoicing, documentation or follow-up |
| Consent records and opt-out requests | Retained for as long as necessary to document your choices and respect your preferences |
| Technical security logs | Retained only for as long as necessary for security, troubleshooting and protection of the website |
12. Your rights
Subject to the conditions in applicable data protection law, you may have the right to:
- Request access to the personal data we process about you.
- Request correction of inaccurate or incomplete personal data.
- Request deletion of your personal data.
- Request restriction of processing.
- Object to processing based on our legitimate interests.
- Object at any time to processing for direct marketing purposes.
- Request data portability where processing is based on consent or contract and carried out by automated means.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with the Norwegian Data Protection Authority, Datatilsynet.
To exercise your rights, please contact us at info@nccc.no. We may need to verify your identity before responding to a request.
13. Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss or misuse.
Nevertheless, ordinary email and website forms may not be suitable for sending highly confidential information. Please contact us before providing identification documents, passport details or other sensitive documentation.
14. Complaints
If you have questions or concerns about our processing of personal data, please contact us first:
Norwegian Chinese Chamber of Commerce
Email: info@nccc.no
Telephone: +47 464 10 142
You also have the right to lodge a complaint with Datatilsynet, the Norwegian Data Protection Authority.
15. Changes to this Privacy Policy
We may update this Privacy Policy when our activities, website functionality or legal obligations change.
The latest version will always be available on our website. The date at the top of this policy indicates when it was last updated.