NSD / About NSD - Norwegian Centre for Research Data / Cookies and Privacy Policy

Cookies and Privacy Policy

201900458/9 Archive 005 - Short version - 1.0 - Privacy statement per. 14.02.2020

This privacy statement describes how NSD collects and processes personal information.

NSD is committed to protecting any personal data, limiting collection to what is strictly necessary by legitimate interest or by consent, and complying with the General Data Protection Regulation (GDPR) as implemented in Norwegian law.

At NSD, the CEO is responsible for the company's processing of personal data. Executive tasks are delegated to various employees / roles in NSD.

NSD is responsible for the processing of personal data (data controller) when we alone or with others have determined the purpose of the processing and what aids we use, or when we are legally obliged to process the data.

NSD has the role of data processor when we process personal data on behalf of others.

All processing of personal data in NSD must have a legal basis for processing. NSD is obliged to keep an overview of all processing, both when we are the data controller and when we are the data processor.

Control and revision of the privacy statement

If you believe anything is incorrect, ambiguous or incomplete in this privacy statement, please contact us via email to the archive manager and data protection officer at postmottak@nsd.no.

Why do we process personal data at NSD?

NSD processes information for these main purposes:

  • Archives and legal obligations
  • Contractual obligations
  • Administrative purposes
  • Research purposes

Alle processing activities at NSD fall under the above main purposes.

When does NSD collect information about you?

NSD mainly process information that you or others have given us for the following reasons:

  • You have a contact NSD’s archive and the postjournal via e-mail, telephone, chat, etc.
  • You have visited our website www.nsd.no.
  • You have used our services, e.g. Websurvey, you have archived or ordered data, contacted us for advice about data protection in research or other advisory services.
  • You have provided information in ERIH PLUS, NPI or the Channel Register
  • You have participated in research, e.g. surveys, ESS, Websurvey, etc.
  • You have visited us and signed the visit protocol
  • You have signed up for courses or events for which NSD is responsible
  • You subscribe to NSD's newsletter
  • You have applied for a job with or are/have been an employee
  • You have requested access to documentation / information in accordance with the Public Access to Information Act and / or the privacy legislation

We also process information indirectly for the following reasons:

  • Your information is registered in a collection of archived research data
  • Your information is registered in a research project where NSD is an advisor to an institution. Project documentation can contain information about you, e.g. because you are listed as a project employee or participant.
  • Your are / have been an employee or a student at a Norwegian university, college or vocational college, and your information is registered in the Database for Statistics on Higher Education (DBH).
  • An employee at NSD has stated you as a next of kin.

How do we ensure safety during the processing?

NSD uses the University of Bergen for the operation of several systems. This includes firewalls, (e-mail), telephone, backup server and network server, HR portal and timekeeping.

NSD stores personal information in various databases and file servers. Access to these database and file resources requires access to NSD's internal network, as well as an ongoing employment relationship with NSD.

No one in NSD has access to all data. The accesses are demand-driven based on current work tasks and role in the organization.

Personal information is stored mainly separately from the personal identifier.

Employees of NSD are subject to a duty of confidentiality.

How do we share personal information with others?

NSD shares personal information with our data processors, other data controllers, and government agencies. We do this based on: legal basis in law / regulation, data processor agreement or agreement on shared processing responsibility.

NSD uses the University of Bergen as a data processor for the operation of several systems. This applies, among other things

  • firewall
  • e-mail
  • telephone,
  • backup server
  • network server
  • HR portal and time registration.

Furthermore, NSD uses Enghouse Interactive as data processor for telephone services, Puzzel AS as data processor for chat services, Mailjet SAS for message dialogue with users of NSDs Notification Form and NSDs DMP, and Slack as data processor for internal chat.

NSD discloses personal information for research

We do this in the role of treatment manager, e.g. for data on the political system.

NSD provides data in the role of data processor for research institutions and public institutions that have archived data with us, when we have a legal basis for the further use of personal data for research purposes.

NSD delivers i.a. personal information from the Database for statistics on higher education for research and study purposes, in line with the Universities and University Colleges Act § 7-8. We do this in the role of data processor for the Ministry of Education.

What are NSD's duties?

Archive and postjournal

NSD is comitted to record keeping and archiving in accordance with the Public Access to Information Act. NSD's archiving system is DocuLive, a NOARK-approved system provided by Tieto. The obligation to keep records, and the obligation to file, follow from several pieces of legislation, including the Public Access to Information Act, the Public Administration Act and the Archives Act. The duty means that all incoming and outgoing case documents must be recorded, and in some cases archived. Access to the system is access-controlled in line with these legislation, as well as the personal data regulations.

The starting point is that personal information should not be stored longer than is necessary for the purpose. Documents containing personal information that fall outside the record-keeping and / or archiving obligation are deleted.

General information about access and disclosure

All case documents at NSD are basically public. This means that anyone requesting access can gain access to the documents. However, this does not apply if the documents are exempt from public access pursuant to provisions, e.g. provisions on professional secrecy. Internal documents can also be exempted from the public. This means that requests for access may be rejected. NSD shall then justify the refusal and refer to the legal basis.

Requests for access

Requests for access to the archives of NSD can be directed to postmottak@nsd.no. Inquiries to NSD about access will also be public, whether they come in letter or electronic form.

Requests for access are processed in accordance with the Public Access to Information Act. Requests for access are processed by the archive manager.

What are your rights?

When we process information about you, you have the right to information about the processing, access to your own information (incl. Copy), to have information that is incorrect or incomplete corrected, to have information deleted, to have the processing restricted, to protest against the processing, and for data portability. For treatments based on consent, you have the right to withdraw your consent. If you have asked us to correct, delete, or restrict the use of personal information about you, we will notify those who may have received the information (e.g. our data processors).

In certain cases, exceptions to the rights apply.

NSD processes information for these main purposes: archive purposes / legal obligation, contractual obligations, administrative purposes and research purposes. These purposes provide guidelines for your rights. If you contact us and request to exercise your rights, any refusal will be justified with reference to current legislation.

If you want to know what information NSD has about you or want to exercise your rights, send an e-mail to postmottak@nsd.no and ask for this. If you have questions or need guidance regarding your rights, contact our data protection officer via the same email address. Remember to state that you want guidance and to reach the data protection officer. In the event of written inquiries, you are entitled to a response without undue delay, and no later than within 30 days.

We hope you will tell us if you believe that NSD does not comply with the rules in our processing of personal data. In such cases, please contact postmottak@nsd.no. The inquiry is subject to record keeping and is processed by the HR and organization department.

You can also complain about our processing of personal data to the Data Protection Authority.

Information we process when you visit nsd.no

NSD hosts our own websites. NSD uses cookies to generate statistics from the use of our website.

Statistics are a tool for improving our website, as well as assessing the impact of our marketing on other digital platforms. For each page displayed, the following information is stored on our servers.

  • Which page you are looking at, which page you are coming from and which page you are going to
  • If you have visited our website before
  • Date and time
  • Which browser you use, and which device and operating system you have

Your IP address is deidentified by hiding the last numbers, so that the address can not be traced directly to your person. The address is only used for system troubleshooting, and the IP addresses are deleted after six days.

Google Analytics is used to analyze visits we receive to our website. This is done using the following cookies:

  • __utmz: Gives us information about where you come from when you land on a website at NSD, for example from a search engine (Google, Bing etc.). We use Google Analytics both internally on the website, in the banner and for images. Therefore, users can sometimes find two cookies called __utmz.
  • __utma: Is a cookie that gives us information about the number of times the user has been on our website. We use __utma to see which users are visiting us for the first time, and which users have been here several times.
  • __utmb and __utmc: Shows us how long the user stays on our website. __utmb and __utmc are deleted as soon as you leave the website.
  • __utmt: This cookie is used to delimit the data collection from the website so that performance is not affected. The cookie is deleted after ten minutes.
  • __utmv: This is a cookie that makes it possible to map the behavior of the website and the performance of the website.

Read more about how to manage cookies on nettvett.no.