201900458/9 Archive 005 - Short version - 1.0 - Privacy statement per. 14.02.2020
This privacy statement describes how NSD collects and processes personal information.
NSD is committed to protecting any personal data, limiting collection to what is strictly necessary by legitimate interest or by consent, and complying with the General Data Protection Regulation (GDPR) as implemented in Norwegian law.
At NSD, the CEO is responsible for the company's processing of personal data. Executive tasks are delegated to various employees / roles in NSD.
NSD is responsible for the processing of personal data (data controller) when we alone or with others have determined the purpose of the processing and what aids we use, or when we are legally obliged to process the data.
NSD has the role of data processor when we process personal data on behalf of others.
All processing of personal data in NSD must have a legal basis for processing. NSD is obliged to keep an overview of all processing, both when we are the data controller and when we are the data processor.
If you believe anything is incorrect, ambiguous or incomplete in this privacy statement, please contact us via email to the archive manager and data protection officer at firstname.lastname@example.org.
NSD processes information for these main purposes:
Alle processing activities at NSD fall under the above main purposes.
NSD mainly process information that you or others have given us for the following reasons:
We also process information indirectly for the following reasons:
NSD uses the University of Bergen for the operation of several systems. This includes firewalls, (e-mail), telephone, backup server and network server, HR portal and timekeeping.
NSD stores personal information in various databases and file servers. Access to these database and file resources requires access to NSD's internal network, as well as an ongoing employment relationship with NSD.
No one in NSD has access to all data. The accesses are demand-driven based on current work tasks and role in the organization.
Personal information is stored mainly separately from the personal identifier.
Employees of NSD are subject to a duty of confidentiality.
NSD shares personal information with our data processors, other data controllers, and government agencies. We do this based on: legal basis in law / regulation, data processor agreement or agreement on shared processing responsibility.
NSD uses the University of Bergen as a data processor for the operation of several systems. This applies, among other things
Furthermore, NSD uses Enghouse Interactive as data processor for telephone services, Puzzel AS as data processor for chat services, Mailjet SAS for message dialogue with users of NSDs Notification Form and NSDs DMP, and Slack as data processor for internal chat.
NSD discloses personal information for research
We do this in the role of treatment manager, e.g. for data on the political system.
NSD provides data in the role of data processor for research institutions and public institutions that have archived data with us, when we have a legal basis for the further use of personal data for research purposes.
NSD delivers i.a. personal information from the Database for statistics on higher education for research and study purposes, in line with the Universities and University Colleges Act § 7-8. We do this in the role of data processor for the Ministry of Education.
NSD is comitted to record keeping and archiving in accordance with the Public Access to Information Act. NSD's archiving system is DocuLive, a NOARK-approved system provided by Tieto. The obligation to keep records, and the obligation to file, follow from several pieces of legislation, including the Public Access to Information Act, the Public Administration Act and the Archives Act. The duty means that all incoming and outgoing case documents must be recorded, and in some cases archived. Access to the system is access-controlled in line with these legislation, as well as the personal data regulations.
The starting point is that personal information should not be stored longer than is necessary for the purpose. Documents containing personal information that fall outside the record-keeping and / or archiving obligation are deleted.
All case documents at NSD are basically public. This means that anyone requesting access can gain access to the documents. However, this does not apply if the documents are exempt from public access pursuant to provisions, e.g. provisions on professional secrecy. Internal documents can also be exempted from the public. This means that requests for access may be rejected. NSD shall then justify the refusal and refer to the legal basis.
Requests for access to the archives of NSD can be directed to email@example.com. Inquiries to NSD about access will also be public, whether they come in letter or electronic form.
Requests for access are processed in accordance with the Public Access to Information Act. Requests for access are processed by the archive manager.
When we process information about you, you have the right to information about the processing, access to your own information (incl. Copy), to have information that is incorrect or incomplete corrected, to have information deleted, to have the processing restricted, to protest against the processing, and for data portability. For treatments based on consent, you have the right to withdraw your consent. If you have asked us to correct, delete, or restrict the use of personal information about you, we will notify those who may have received the information (e.g. our data processors).
In certain cases, exceptions to the rights apply.
NSD processes information for these main purposes: archive purposes / legal obligation, contractual obligations, administrative purposes and research purposes. These purposes provide guidelines for your rights. If you contact us and request to exercise your rights, any refusal will be justified with reference to current legislation.
If you want to know what information NSD has about you or want to exercise your rights, send an e-mail to firstname.lastname@example.org and ask for this. If you have questions or need guidance regarding your rights, contact our data protection officer via the same email address. Remember to state that you want guidance and to reach the data protection officer. In the event of written inquiries, you are entitled to a response without undue delay, and no later than within 30 days.
We hope you will tell us if you believe that NSD does not comply with the rules in our processing of personal data. In such cases, please contact email@example.com. The inquiry is subject to record keeping and is processed by the HR and organization department.
You can also complain about our processing of personal data to the Data Protection Authority.
Statistics are a tool for improving our website, as well as assessing the impact of our marketing on other digital platforms. For each page displayed, the following information is stored on our servers.
Your IP address is deidentified by hiding the last numbers, so that the address can not be traced directly to your person. The address is only used for system troubleshooting, and the IP addresses are deleted after six days.
Google Analytics is used to analyze visits we receive to our website. This is done using the following cookies:
Read more about how to manage cookies on nettvett.no.