HMSREG is developed by Omega 365 and HMSREG, and is an IT-solution to promote compliant suppliers, fair competition and help to work against social dumping and work-related crime in the construction industry.

If you are engaged as a staff member on a project that uses HMSREG, your personal data will be processed in the following cases:

• You are the contact person for, or otherwise represent, a supplier to our client.
• You are employed by an employer who, as a supplier to Skanska, has notified that you will work at one of Skanska's workplaces.

The protection of your privacy and your data security is very important and we will always process your personal information:

• with confidentiality
• properly
• legally - in accordance with applicable laws and regulations regarding privacy and information security

This privacy statement describes what personal information we collect, how we treat this information, who we might share it with, and what rights you have as an individual when it comes to how we use the information we have about you.

HMSREG is linked to ID06 through an accreditation, which means that all processing of personal data in the system takes place in accordance with ID06 guidelines.

The person who is responsible as the building site coordinator on a project and who uses HMSREG to fulfill this responsibility is the person responsible for personal data for the processing of your personal data in HMSREG (Personal Data Controller).

The responsibility for building site coordination can be taken by the client in the case of shared contracts. In most cases with a turnkey contract, the responsibilities and rights that the work environment coordinator has are transferred to the main contractor.

HMSREG AS is the data processor for the processing of personal data that takes place in HMSREG on behalf of the Personal Data Controller.

The Data Controller determines the purposes for which and the means by which personal data is processed. It is the responsibility of the officer to ensure that the personal information is treated properly and in accordance with applicable regulations.

The Data Processor for the personal information collected is HMSREG AS (by the CEO), Kvassanesvegen 4, 5582 Ølensvåg, Norway, phone number +47-40696960, email: post@hmsreg.com.

The overall purpose of the processing of personal data in HMSREG is that the Personal Data Officer should be able to handle and administer the relationship and agreement with the company / organization you represent to fulfill their contractual obligations and legal obligations based on work environment legislation, tax legislation and foreign workers legislation.

The processing of personal data in HMSREG enables the Personal Data Controller to systematise control over the workplace and follow up the requirements placed on suppliers and their staff. In this way, the Personal Data Controller can minimize the risk of “social dumping” and work-related crime on the project, as well as promote public safety in the workplace.

By processing data in connection with the staff's use of ID06 cards, and in connection with performing attendance checks, the Personal Data Controller can fulfill his responsibility to ensure that only authorized persons are at the construction site and that those present at the workplace are registered correctly. Correct registration means that there is a basis for tax control.

By processing data in connection with updating personnel lists and performing seriousness checks, the Personal Data Controller can ensure that the requirements of the work environment are complied with, for example that conditions for communication do not constitute a security risk, that staff have competence for the work to be performed and that staff meet specific requirements related to projects that require special security classification.

HMSREG make use of cookies to give the content of our web pages a personal touch and to analyze our web traffic.It will also be relevant to collect, store and process personal information about you if you apply for a job or we assess your suitability for a position.

The following information is processed, on behalf of the Personal Data Controller, in connection with the registration of the ID06 card and upon entry and exit at the workplace:

• ID06 card number
• Name
• Date of birth
• Social security number (Registered to ensure a secure identification of a person, but is not made available to users of the system. Therefore, these numbers are stored in a separate database that is not available to the project.)
• Employer
• Employer's organization number
• Workplace - the place where the work is performed
• Competence registered on the ID-06 card

Data for entry and exit registration verifies the information. Time for entry and exit is not available for the project. It is only stated that the person has entered during the current day.

If the entry is made with an invalid ID06 card, if the card is misused or the person / company that the card user represents does not meet the legal requirements or contract requirements for the work on the project, an event linked to the supplier will be established upon entry. This incident can be dealt with through case management based on severity.

When updating personnel lists, the Personal Data Controller may request other information from the supplier about individual employees, depending on the specific contract requirements in the project, in order to be able to comply with the Work Environment Act's requirements for safety at the workplace. This can be information about language / nationality and any necessary permits, certifications or educations required to perform work. Information can also be requested about who is the safety representative for a supplier.

If the Data Controller uses the module for "Compliance Reviews" in HMSREG (control of pay and working conditions, request for transparency), the following data may be collected and processed on behalf of the Data Controller:

• Name
• Date of birth and social security number
• Address
• Telephone number and e-mail address
• Salary, salary supplement, posting supplement, ob supplement, travel expenses, work clothes, board and lodging, employees of contractors, subcontractors and other contractors.
• Information that appears from agreements on average calculation of working hours, employment contracts, salary specifications with documentation and time reports.

HMSREG does not process sensitive personal data.

Only employees in the company with a service need has access to your personal information.

Personal information will not be disclosed to third parties in addition to what is stated in this privacy policy.

An overview of registered staff can be transferred to the project's access system to ensure identification of persons who will have access to the project.

In the case of a turnkey contract, the responsibilities and rights that the work environment coordinator has can be transferred to the main contractor. On these occasions, the client does not have access to any personal data, except when a work is performed by a sole proprietorship and information about this supplier is shared. When this happens, an approval that allows the supplier information to be treated as personal data must be obtained.

According to the GDPR, you as an individual have a number of rights that you can in certain cases assert against the Personal Data Controller. We ask you to note here that HMSREG AS is the personal data processor for the processing of personal data in HMSREG. To enforce your rights, you must contact the Personal Data Controller.

Rights that you may have towards the Personal Data Controller include:

• A right for you to receive information about what information is processed about you.
• A right for you to have incorrect information corrected.
• A right for you to in certain cases request that personal data be deleted.
• A right for you to object to the Personal Data Controller's processing of your data.
• A right for you to have your data transferred in accordance with the conditions that exist in current personal data legislation.
• A right for you to in certain cases demand that the processing of your personal data be restricted.
• A right for you to direct complaints about how your information is processed to the Data Inspectorate, whose contact information is available at www.datainspektionen.se.

How long do we keep your information

We will not store personal information beyond what is necessary to fulfill the purpose of the agreement and the statutory duties we have.

HMSREG uses recognized standards and best practices in its work with security, and conducts continuous risk assessments and system security tests, and consults with the Data Inspectorate in any changes to the system that may affect the protection of your personal data.

HMSREG has implemented the following security measures in the system (the list shows a selection):

• Authentication using username and password
• All information exchange takes place with strong encryption (SSL)
• Everything performed by operating personnel and system administrators is logged in separate separate event registers.
• The servers that HMSREG uses are located in a secure operations center, with a supplier who has extensive experience of handling business-critical and sensitive information.

The module for Compliance Reviews has its own access structure, which means that only the responsible controller and any co-controllers have access to personal data that is processed within the framework of the control. All information that can be linked to individuals and associated documentation is automatically deleted when the check is completed.

Contact our Data Protection Officer if you have questions about how we treat your personal information. We will reply to your inquiry as soon as possible.