Go to page content

Privacy policy for TS Group's websites

Last updated: March 2, 2026

This privacy policy applies to the website https://tsgroup.com/ (including subpages).

1. Data controller

The controller for the processing of personal data via the website is:

TS Group AS
 Reg. no.: 988 251 399 VAT
Business address: Versvikvegen 6B, 3937 Porsgrunn
Contact point for privacy (inquiries about rights, etc.):
stine.setsaas@tsgroup.com / +47 984 42 006

2. What we collect and why

We process personal data only when necessary to deliver functionality you use (courses, recruitment, inquiries) and to operate the website securely.

A) When you visit the website (normal web use)

Information: Device/browser info, time, which pages you visit, technical logs.
Purpose: security, troubleshooting, stable operation, performance and statistics/improvement.
Processing basis: legitimate interest (GDPR art. 6(1)(f)).

B) Newsletter

The website has a newsletter registration where you provide your email address and confirm that you accept the privacy policy.

Information: email address (and any technical log data related to the registration).
Purpose: to send newsletters and relevant information.
Basis for processing: consent (GDPR art. 6(1)(a)). You can unsubscribe at any time via the link in the newsletter.

C) Course – registration, participants, invoice and payment

The courses have registration forms on the course pages. The form may ask for, among other things, company, organization number, invoice/EHF address, invoice address, orderer's name/telephone/email and participants (first name, last name, e-mail).

Course registration will be forwarded for registration with FrontCore .

Information: contact and billing information, participant information, course selection, and transaction data for card payments (paid via payment provider).
Purpose: administer courses, register participants, fulfill agreements, invoice, handle payments, and meet accounting requirements.
Processing basis: agreement/pre-agreement measures (GDPR art. 6(1)(b)) and legal obligation (GDPR art. 6(1)(c)) for accounting documentation.

D) Recruitment – ​​positions and open applications

Job pages can link to an external application form at ReachMee if the form cannot be loaded on the page.

Information: what you submit in your application (typically CV, contact information, experience, education, attachments), as well as technical data.
Purpose: process applications, assess qualifications, communicate in the recruitment process.
Processing basis: pre-contractual measures (GDPR art. 6(1)(b)) and/or legitimate interest (GDPR art. 6(1)(f)).
Important: When you submit to ReachMee, data is also processed according to their terms/privacy policy. ()

E) Whistleblowing

The website provides an external reporting channel via a form at PwC (trustcom.pwc.no) and a separate email address at PwC.

Information: information you provide in the notification (may be personal information and in some cases sensitive information).
Purpose: receive and handle notifications of objectionable conditions.
Basis for processing: legal obligation and/or legitimate interest (depending on the case and basis for notification).

F) AI chat on the website (CoreAI from Coretrek)

When you use the AI ​​chat on the website, personal data is processed in order to provide the chat function and answer your questions.

Information: The content of your message (what you type), any feedback you provide in the chat, as well as technical metadata related to usage (e.g. time, which page the chat is used on, IP address/device information and error logs).
Purpose: Respond to inquiries and guide you on the website, improve content/user friendliness and ensure stable and secure operation (troubleshooting, abuse prevention).
Basis of processing: Legitimate interest (GDPR art. 6(1)(f)) – to provide effective user support/guidance on the website and to operate the service securely. You can choose not to use the chat.
Important: Do not share sensitive personal information (e.g. health information, social security number, bank/card information) or other information that you do not want stored/processed. The chat is not intended for reporting or matters that require confidential treatment.

3. Recipients and sharing

We only share personal information when necessary:

  • Operational/IT providers (hosting, maintenance, security, email).
  • Payment provider for card payments (Swedbank solution). ()
  • Recruitment provider (ReachMee) when you apply via their solution. ()
  • Reporting provider (PwC/TrustCom) using external reporting channel. ()
  • Authorities where we are legally obligated (e.g. accounting).
  • AI chat provider (Coretrek/CoreAI) when you use the chat. The provider processes information on our behalf as a data processor (Coretrek/CoreAI's data processor info ). Coretrek/CoreAI may use subcontractors (e.g. operations/cloud and AI models) to provide the service. Such subcontractors shall be bound by a data processor agreement and the processing shall be in accordance with applicable privacy requirements.

Where suppliers process personal data on our behalf, they are data processors and shall be bound by a data processing agreement.

4. Storage time

  • Newsletter: until you unsubscribe, or until we end the newsletter.
  • Courses: as long as necessary for course administration, as well as further storage according to accounting/documentation requirements.
  • Recruitment: during the recruitment period, and possibly longer if you have consented to the candidate bank or we have a factual need for documentation.
  • Notification: stored in accordance with notification procedures and applicable regulations, and deleted when no longer necessary.

5. Cookies

Read about cookies here (cookie declaration)

6. Transfer outside the EU/EEA

If a supplier processes data outside the EU/EEA, the transfer must take place on a valid basis (e.g. EU Standard Contractual Clauses) and necessary supplementary measures.

7. Your rights

You have the right to access, rectification, erasure (where conditions are met), restriction, data portability (where applicable), and to object to processing based on legitimate interest. Where processing is based on consent, you may withdraw your consent at any time.

You can also complain to the Norwegian Data Protection Authority.

8. Security

We use technical and organizational measures to protect personal data against unauthorized access, alteration, loss and misuse, and limit access on a “need-to-know” basis.

9. Changes

We may update this statement as needed. In the event of significant changes, the “Last Updated” date will be updated and the change will be published on the website.

keyboard_arrow_up