NUPI's privacy statement

Published: 9 Apr 2018

This privacy statement details how the Norwegian Institute of International Affairs (NUPI) collects and uses personal data in general.

1. Controller

NUPI, represented by its director, is responsible for the entity’s processing of personal data.

2. Data protection officer

NUPI has a data protection officer responsible for ensuring that the management complies with privacy requirements when processing personal data on employees and users. The data protection officer has an independent role.

The Norwegian Centre for Research Data (NSD) is NUPI’s data protection official for research. The data protection officer acts as the intermediary between the Institute and the NSD and is responsible for ensuring that NUPI’s research practice complies with the General Data Protection Regulation at all times.

3. Online processing of personal data

It is voluntary for visitors to our website to enter personal data for services such as signing up for newsletters, registering for events etc. Unless otherwise specified, individual consent forms the grounds for processing. Consent may be withdrawn at any time by emailing seminar@nupi.no.

Personal data is stored for a maximum of 6 months for security purposes and for use in biannual reports to the Norwegian Ministry of Education and Research, NUPI’s owner.

3.1 Web analysis and cookies

An important part of our efforts to provide a user-friendly website consists of examining the usage patterns of our website’s visitors. To analyse this information, we use the analytical tool Google Analytics.

Google Analytics uses cookies (small text files saved on the user’s computer by the website) to register information on how each unique visitor uses our website. Examples of information provided by these statistics include how many users visit the various pages, how long their visit lasts, which websites users come from and which browser they use. None of the cookies enable us to link usage information to specific individuals.

The information collected by Google Analytics is stored on Google’s servers in the United States. The information received is subject to Google’s privacy policy.

IP addresses are defined as personal data because they can be traced back to specific hardware and therefore a specific individual. NUPI uses Google Analytics’ tracking code, which anonymises the IP address before the information is stored and processed by Google. As a result, the stored IP address cannot be used to identify individual users.

3.2 Search

NUPI stores information about the search terms entered by users on our websites in eZ Systems and Google Analytics. We store the terms in order to improve the information we offer. Search usage patterns are stored in aggregated form. Only the search term is stored, and cannot be linked to other user data, such as IP addresses.

3.3 The sharing function

The ‘Share with others’ function can be used to forward links to our website by email, or to share content on social media. We do not log data about the use of this function. However, we cannot guarantee that the social media platforms used do not log this data. Any such service should therefore be used with care. If a website visitor selects the email function, we will only use the email addresses supplied to forward the email; nothing is stored.

4. Newsletter

All who wish to do so have the option of subscribing to NUPI’s newsletter and information about our events. To ensure that we email the correct person, we need to register the subscriber’s name and email address. This data is not shared with other entities and is deleted if and when the subscriber decides that they no longer wish to receive information from us. We will also delete the information if we receive feedback indicating that the email address is no longer active.

NUPI uses external suppliers to collect and store this data

5. Events

When signing up for seminars and events, we ask for the attendee’s name, organisation, email address and sector. With the exception of an attendee’s name and organisation, which we sometimes publish on attendance lists after obtaining explicit consent, this data is not shared with others. NUPI stores the data for a maximum of 6 months for security and reporting purposes, and to provide event information.

NUPI uses external suppliers to collect and store this data.

6. Electronic recruitment tool

All job applications for positions at NUPI are made through the recruitment portal JobbNorge. Applicants are informed of NUPI’s privacy routines and which data will or may be stored about employees during their employment, as well as their right of access and right to have data corrected and supplemented. This information is supplied in the written confirmation that is sent to all applicants to confirm receipt of their application.

7. Personnel data

As an employer, NUPI stores data on employees for payroll administration purposes and to fulfil other personnel obligations. Personal data is stored for as long as required for the employment. NUPI has a supply agreement with the Norwegian Government Agency for Financial Management (DFØ) for use of the systems SAP, Agresso and Contempus.

8. Rights of the data subject

Individuals registered in NUPI’s systems are entitled to a confirmation that NUPI is processing their data and if so a copy of the data NUPI has registered on them.

The data subject has a right to object to NUPI processing their data. If the data proves incorrect or incomplete, or if NUPI comes to process personal data we do not have grounds for processing, the data subject has a right to demand that NUPI corrects, supplements or deletes the data within 30 days of being notified. The data subject has a right to demand that, during the time it takes NUPI to verify the validity of the processing, the processing of their data is restricted. The data subject has a right to receive, in a structured, readily available and machine-readable format, the personal data they have provided to NUPI, and a right to transfer said data to another controller.

In order to exercise your rights, email post@nupi.no

The data subject also has a right to complain to the Norwegian Data Protection Authority (DPA) of any processing that is in contravention of the privacy regulations in force at a given time.

NUPI does not share registered personal data with other controllers or countries outside the EU/EEA.

9. How to manage cookies in your browser

On www.nettvett.no, you can read about how to configure your browser to accept/reject cookies, and get tips on how to browse more safely.

10. Contact

Controller: the Norwegian Institute of International Affairs, post@nupi.no

Postal address:

C.J. Hambros plass 2D
PB 7024 St. Olavs Plass
0130 OSLO
NORWAY

Data Protection Officer: Unni Rørslett, Senior Adviser, unnir@nupi.no