Euronext Securities Oslo - Privacy Policy

Privacy notice

Euronext Securities Oslo (Verdipapirsentralen A/S, VPS) takes your privacy seriously. We are constantly working to ensure that your personal data is safe with us. On these pages you can find information about how we process your personal data.

Euronext Securities Oslo and account operators are both responsible for your personal data

Anyone who alone or together with others determines the purpose of processing personal data and the means to be used has the role of data controller. The data controller is responsible for the processing of personal data in accordance with the law.

Euronext Securities Oslo is the only company that has a license to operate securities registers in Norway. We offer registration of shares and other financial instruments, and provide infrastructure and services related to settlement and registration of securities rights. Euronext Securities Oslo supplies the directory services to investors and issuers through a network of securities companies (brokers), banks and management companies. These have the role of account operators and manage customer relations.

Euronext Securities Oslo and account operators are both responsible for processing your personal data in a good way and in accordance with the Personal data act. Account operators and others who register data in the securities register are responsible for ensuring that the data is correct and collected legally and that you are informed in accordance with the law. We in Euronext Securities Oslo are responsible for ensuring that your personal data registered in the securities register is safe and not stored longer than statutory storage duties and the purpose indicates. If you want access to your data or exercise another right, please contact your account operator.

What personal data do we process about you?

Personal data is information or assessments that can be linked to you as a person. This may for example be name, contact information, account number and securities / transactions. The personal data we process is mainly registered in the securities register by an account operator or generated from your securities market activity, but it also retrieves information from other sources such as the Population Register.

The following categories of personal data are processed:

Identity information: Information about your identity, such as name, social security number, citizenship and possibly tax country / tax rate relevant for deduction of withholding taxes. The information is registered by the account owner who receives the information from you or the information is retrieved from the Population Register operated by the Norwegian Tax Administration.

Contact Information: Information that enables us to have dialogue with you, such as address, phone number and email address. The information is registered by the account operator who receives the information from you or are retrieved from the Population Register, which is operated by the Norwegian Tax Administration.

Account Information: VPS account number and account type, bank account number for bank account associated with a VPS account. VPS account number is generated by establishing an account relationship. It is verified by posting in the Account and Address Book that a bank account associated with a VPS account belongs to the person who creates a VPS account.

Transaction Information: Information about transactions related to your customer relationship, such as the amount and time of purchase and sale of securities, dividends and other transactions. This is generated through your activity and use of our services or corporate actions.

Information about others: Information about other persons associated with a VPS account, such as disposals, pledges and other rights holders.

Logs: Your activity in our applications is logged and stored by us in accordance with the rules of the Central Securities Depository Act and the Personal data  act.

Web Information: Information we register for visits to, through cookies or scripts on the web pages as a location (using IP address, location data, or the like), information about the pages you visit, information about any products and services you order, and other technical information (such as user behaviour, user equipment, browser, and operating system). Unless you sign in or otherwise enter your identity on the site, we will not be able to associate this information with you.

Cookies: We use cookies on our site. You can read more about our use of cookies by referring to article 4 of the statement available here. All other provisions of this statement are not applicable to the processing of personal data performed by Euronext Securities Oslo. 

Camera surveillance: Euronext Securities Oslo premises are monitored to prevent and detect criminal offenses.

How do we use personal data?

The purpose of our use of information about you is primarily to fulfil the obligations we have attached to the operation of the securities register and the provision of registry services through account operators.

Customer Administration: Euronext Securities Oslo will use your personal data to fulfil the obligations we have undertaken for the implementation of securities registry services. We process, among other things, the name, birth number, address, bank account, citizenship, e-mail address, phone number, holdings and transactions, tax country / tax rate, and if a person is disqualified. It is regulated in section 5-3 of the Central Securities Depository Act and the Securities Depository Regulations Section 6 which information is to be included in the register, while information on tax country / tax rate is recorded in accordance with the Tax Payment Act.

Security: We conduct continuous technical and organisational security measures to ensure that your personal data is safe with us. We ensure, among other things, that your personal information is protected from loss, destruction, unauthorised change, and unauthorised access. We have a security framework that is regularly updated in line with the threat and technological development.

Logging: Your activity is logged in order to track back what changes have been made and who, for example, if there is a security breach or if there is an error in the systems.

IT Administration: Personal data is processed to provide services to you and keep the information up to date. We also have a legitimate interest in maintaining our information systems, which may involve processing personal data in operation, debugging, troubleshooting and managing our IT systems. Furthermore, the execution of deletion, correction / correction and anonymisation of personal data when required requires processing of personal data. In accordance with the guidelines of the EU Expert Group on Privacy Policy, this can be done without your consent because it is being done to fulfil our obligations to delete personal data and to ensure that we only process accurate and up to date personal  data.

For how long do we store your personal data?

We store information about you only as long as we have a statutory retention obligation or it is necessary for the purpose for which the information was collected.

As a rule, we store personal data during these periods:

  • Transaction information and other information deleted from the securities register shall be kept for at least ten years after the Central Securities Depository Act section 5-4.
  • The annual assignments we have sent to you show which information we have provided to the IRS are stored for five years after the Accounting Act and the Accounting Regulations and the Bookkeeping Act
  • Change messages we have sent you are stored for two years.
  • Technical logs from our systems and databases are stored for up to six years.

Who do we share your personal data with?

Euronext Securities Oslo and account operators are subject to confidentiality in the Central Securities Depository Act when processing your personal data. Euronext Securities Oslo discloses your personal data to others only when it follows from the Central Securities Depository Act  or other legislation that we may share the information or are required to complete the agreement with you. We also use certain subcontractors that process your personal data on our behalf regulated in data processing agreements with us.

Account operator, security issuer and others: When we deliver our services and products, this may mean that we must disclose information about you. For example, it will be necessary to disclose certain information in order to transfer your securities to another person by order from you or your account owner, or if you change the account owner. A mortgagee or proprietor of another limited right registered in an account has the right to obtain all information registered in the account that may affect the right. Before we share such information, we will always ensure that we comply with the relevant provisions on confidentiality in the financial and securities sector.

Subcontractors: If Euronext Securities Oslo issues tasks that require a supplier to process personal data on behalf of Euronext Securities Oslo, Euronext Securities Oslo is responsible for our subcontractors processing your personal data in accordance with the Personal data act. To ensure that subcontractors process your personal data in a good way and in accordance with the Data processer agreement, we have entered into data processing agreements with our subcontractors.

Authorities: Euronext Securities Oslo is required as a securities register to provide information to the National Tax authorities for pre-completion of the tax report and for control purposes. Every year in February, we send you an annual assignment that shows what information we have sent to the Norwegian Tax Administration.

The Financial Supervisory Authority of Norway has the right to access information in the securities register in connection with supervisory duties and responsibilities.

The police have the right to access information in the securities register in connection with the prevention and combating of crime.

Enforcement Officer trustees, etc.: Enforcement Officer, trustees and some others are entitled to information about a person’s ownership in financial instruments when relevant to their case processing.

Euronext group companies: We may share your personal data within the Euronext Group, in order to provide our clients with our services. Access to your personal data is limited to those employees, agents and contractors of the Euronext Group who need access to it in order to provide you with our services; to communicate with you (including, with your prior consent, to send you marketing communications); and to carry out legal or regulatory obligations.

Persons with key positions in listed companies (primary insiders) shall report their transactions in these companies to Oslo Stock Exchange so that the market is informed of their transactions. Euronext Securities Oslo delivers information to Oslo Stock Exchange on transactions undertaken by primary insiders so that Oslo Stock Exchange can check that such transactions are reported in accordance with current rules. The extradition is done by law.

Others: Everyone has access to static data on a financial instrument that is not subject to confidentiality. It may also result from special legislation that other than those in front of you are entitled to confidential information in the register.

Security of your personal data

Your personal data are dealt with in confidence and Euronext Securities Oslo has taken appropriate technical and organisational security measures to protect your personal data against loss, misuse, alteration and/or destruction. These include, but are not limited to:

  • Installing a firewall to prevent unauthorised access to our systems;
  • Using secure servers;
  • Ensuring the Personal data are stored in physically secure accommodation.

Please be aware that the security measures mentioned above apply to systems under the control of Euronext Securities Oslo, but that Euronext Securities Oslo cannot ensure the security nor confidentiality of any information during its transmission when transmitted via means not under its control, notably the Internet, and that you are aware that data transmitted via such means may be intercepted by third parties.

If Euronext Securities Oslo becomes aware of any security breach which results in unauthorised access of your personal data, Euronext Securities Oslo will endeavour to inform you.

Euronext N.V. websites may provide hyperlinks to websites from other companies or persons. This policy does not apply to the use of such websites and we are not responsible or liable for any processing of your personal data via these third party websites.

In addition, if you share content from the Euronext Securities Oslo websites via social media, your personal data will be visible to those visiting your personal pages on these social media websites. Euronext Securities Oslo is not responsible or liable for any processing of your personal data via such media. This policy does not apply to the use of such social media.

Your rights and how to exercise them

The table below sets out the rights which you have to address any concerns or queries with us about our processing of your personal data. Please note that these rights are not absolute and are subject to certain exemptions under applicable data protection law.

Right to be informed: You have the right to know your personal data is being processed by us, how we use your personal data and your rights in relation to your personal data.

Right to access: You have the right to ascertain what type of personal data Euronext Securities Oslo holds about you and to a copy of this personal data.

Right to rectification: You have the right to have any inaccurate personal data which we hold about you updated or corrected.

Right to erasure: In certain circumstances you may request that we delete the personal data that we hold on you. You have also the right to give post-mortem instructions regarding your personal data.

Right to restriction of processing: You have the right to request that we stop using your personal data in certain circumstances including if you believe that the personal data we hold about you is inaccurate or that our use of your personal data is unlawful. If you validly exercise this right, we will store your personal data and will not carry out any other processing until the issue is resolved.

Right to object: Where we rely on our legitimate interests to process your personal data, you have a right to object to this use. We will desist from processing your personal information unless we can demonstrate an overriding legitimate interest in the continued processing.

Right to data portability: In case the processing is based on your consent or a contract conclude with you, you may request us to provide you with certain personal data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your personal data directly to another controller where this is technically feasible.

You can exercise any of these rights in accordance with the “Data Subject Rights Request Information Procedure

  • submitting a request through the following form.
  • sending a request to us at
  • by sending a letter to the following address:

Compliance Department
Data Protection Officer
14, place des Reflets – CS30064
92054 Paris la Défense.

Furthermore, you may also submit a complaint to the competent Data Supervisory Authority.

Changes to this statement

We may occasionally update this Privacy Statement to reflect changes in our business or to comply with applicable law and regulations. We therefore advise you to review this statement regularly to ensure that you are updated with any changes.

Questions and requests

Should you have any questions or requests about this policy, please contact us via .